User:Mjevans

From GSLUG
Jump to: navigation, search

When I perform a service for the community (commons), I am looking to do the following:

Generally; increase happiness as a result of my efforts.

  • Improve the quality of life for my self.
  • Improve the quality of life for others that exist now, as well as others that exist in the future.

I believe that quality of life is most easily compared to improving over the state of being a fudal serf:

  • Education: Knowledge of Language: gain knowledge, participate in the creation of culture
  • Education: Critical Thinking: recognize and solve problems
  • Education: Logical Thinking: deconstruct and break down issues to manageable observations and subjective truths
  • Empathy: recognize that the truths of others are frequently not the same as your own
  • Compassion: desire for everyone to get ahead, not just the self
  • Pragmatism: you still must save your self first so that you will have the strength to help others
  • Liberty: Freedom to do what you want as long as it does not negatively impact someone else* (*failure to produce positive impacts is not a negative impact)
  • Empowerment: aligning with others that share your interests and goals

Libre software (software liberty):

  • Provides a language and commons that is centered on personal and organizational liberty for the infrastructure of computing that increasingly drive our lives
  • Ensures that there is a level playing field, withholding advantages from individuals, corporations, and organizations that might use secrecy and obscurity to disadvantage end users
  • Empowers all users with the freedom to take their data, their culture, their digital lives, and migrate to different Libre platforms.

Libre software helps to fulfill several important goals recognized as critical to freedom even 200 years ago, as seen in the US Constitution and the (US) Declaration of Independence.

  • Freedom of Speech and Assembly; the ability to communicate ideas to others both in the present and future, without censorship or reservation (though others have no obligation to listen).
  • Security of an individual's person, residence, 'papers' and property: Libre software and the communication of mathematical formulas and concepts there in allows for Strong Cryptographic locks and the communication of methods of handling secrets that promote information security.
  • Liberty and the Persuit of Happiness, in my opinion, require freedom of speach, assembly, (thought), and security to think, to write, and to be the actual owner of the devices that are their possessions.

As a citizen of a culture that supposedly values leadership of the people, it is my responsibility as a citizen to help maintain and improve the health of that culture and it's people. To educate and empower them in their freedoms and responsibilities within that culture. It is not a task that I can do alone, but one that others must cooperate with.


outdated saved for historical reference

Sign the important things.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bitcoin Address as of 2014-03-12 : 19dxhXhjEFjikEPEVAR2Q2iwSiYNUriXw2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTITqkAAoJEGyZ1DO2zQg14NYIAJfb8pbBWOdXskwGxJFGovII
5zEFZFzLFpgRr1tReno9RPKi57+B2xb9w5Wcv/uhheJf4InFsplVyN8Ayd4skAAE
6hjRRlLj1gycc/cqVlvA4uOYHIZQteQiVgqbN2SVaQ+WRu7iW6DJ8QCEgKk3Uwf1
ITV6YXIuPRGbZiOJygKHaH6LieADZmWXu1IJ9zJ5urAJiq2xTIAwL6t2y6FeN+Yt
QwfgrcRLoYdzbMH/L9RNwMMhJLta+Hk2ZA0B/A2WwztRRm6eRs2M55wQUScxzo9h
H5jnO7XgQDdyLA6X9kDDhe5Fa1TOA68/gzfmZqzoZd+ae7RnoYRchqhZJBj5XC0=
=49u5
-----END PGP SIGNATURE-----


Portable Security - Constructing your digital key-ring

   db79d463072da26b91c14e08b5a77a77bec9476ad1e5b0d2241228e4d59233f12c74477e77d427e407e1f45da4d2414c76367554352f57480fc7c00dde164028
   db79d463072da26b91c14e08b5a77a77bec9476ad1e5b0d2241228e4d59233f12c74477e77d427e407e1f45da4d2414c76367554352f57480fc7c00dde164028
   
   e7e9433973f082a297793c3c5010b2c5
   e7e9433973f082a297793c3c5010b2c5  debian-7.4.0-amd64-netinst.iso
   
   015b0eadeac8e5fb18c74f62d1cc06fb2fbe3eb5
   015b0eadeac8e5fb18c74f62d1cc06fb2fbe3eb5  debian-7.4.0-amd64-netinst.iso
   
   b712a141bc60269db217d3b3e456179bd6b181645f90e4aac9c42ed63de492e9
   b712a141bc60269db217d3b3e456179bd6b181645f90e4aac9c42ed63de492e9  debian-7.4.0-amd64-netinst.iso


The NetInstall disk is the smallest Debian disk which is signed by their packaging system

Download sums + signature files from one system Download iso on another (with differenet network provider)

Validate sums + iso + etc

Create USB 'disk' from iso; verify to sums

Cold boot target environment with Install drive.

Install on to Target drive - Since I plan on using it mostly on my laptop I'm using the Laptop + Standard system utilities profiles. I de-selected Desktop since I want to pick a custom DE.

I added tmux, htop, keychain, an ssh-askpass, gnupg2, gnupg, seahorse (I'm a little confused; I can't seem to locate /any/ frontends which depend upon gnupg2?), firmware-* (most)

See https://wiki.debian.org/caff for setting up caff, I also suggest ssmtp for connecting to your smart mail gateway.

See http://wiki.debian.org/WiFi for wireless support.

Pragmatically, I'm using the non-free repository for the firmware blobs because those /should/ have either been burned in to ?ROM for the devices OR included in a system shared bios/kernel/firmware blobs basic flash FS. /where possible/ I intend to use open source drivers and other software.

If I were handling HUGE sums of currency (big target) I would prefer fully open devices; published hardware, firmware, and drivers.

echo 'APT::Default-Release "wheezy";' >> /etc/apt/apt.conf.d/00local-default-release

nano -w /etc/apt/preferences.d/pinning
Package: *
Pin: release a=wheezy
Pin-Priority: 991

Package: bitcoin-qt
Pin: release a=unstable
Pin-Priority: 995
  • bitcoin-qt from debian - unstable
  • multibit from multibit.org


In my case, I've created both a DSA and an RSA Master Key and added both a DSA and RSA signing subkey to my RSA Master Key.

For less trusted workstations the Master Key's secret key has been removed via the above procedure prior to export from my secure environment.


Make normal keys: RSA - 4096 bit, DSA + Elgamel 3072 bit

Generate Revocation Certificate

  • gpg --list-keys
  • gpg --output ~/.gnupg/revocation-certificate.KEYID.asc --gen-revoke KEYID

Make a backup

  • cp -a ~/.gnupg ~/.gnupg-pre-subkeys

Making Subkeys

  • https://wiki.debian.org/Subkeys
  • gpg --list-keys
  • gpg --edit-key MASTERKEY
  • gpg> addkey
  • '
  • (RSA/DSA) (Sign Only)
  • etc, finish parameters to taste, the defaults are usually good here.
  • Repeat addkey as desired, I added /both/ an RSA and a DSA subkey
  • gpg> save

Exporting Public Keys

  • gpg --list-keys
  • gpg --export KEYID > /run/lock/tmpfs-temp-public-key.asc

Exporting Primary Key

  • DANGER: Normally you won't do this... just make a backup of your key-ring.
  • gpg --export-secret-keys KEYID > /run/lock/tmpfs-temp-secret.asc

Exporting Subkeys

  • gpg --list-secret-keys
  • NOTE: "When using gpg an exclamation mark (!) may be appended to force using the specified primary or secondary key and not to try and calculate which primary or secondary key to use."
  • gpg --export-secret-subkeys SUBKEYID! ... SUBKEYIDn! > /run/lock/tmpfs-temp-subkeys.asc

Remove Master Key (retain subkeys)

  • Backup your keyring. No really. Back it up.
  • umask 077 ; cp -a ~/.gnupg ~/.gnupg-$(date +%Y%m%d-%H%M%S)
  • Export Primary (public) Key (as above)
  • Export Secret Subkeys (as above)
  • gpg --delete-secret-key MAINSECRETKEY
  • gpg --import /run/lock/tmpfs-temp-public-key.asc /run/lock/tmpfs-temp-subkeys.asc
  • gpg -K
  • should now show sec# indicating the secret subkey is missing
  • The subkeyring can now be backed up and restored on less trusted devices.

Signing keys manually

  • gpg -K
  • gpg -u ID|PUB|KEY|SUBKEY --sign-key ID|PUB|KEY|SUBKEY

Secure a file

  • gpg --output secret-file.orig.asc --encrypt --recipient KEYID secret-file.orig

Open a secure file

  • gpg --output clear-file.txt --decrypt secret-file.orgi.asc


How to revoke a subkey (only)

   gpg2 --edit (keyid/ref)
   # Select the UID of the primary key container
   gpg> list
   gpg> uid (number)
   # Select the key (number) from the list of keys... NOTE THE * indicating which key(s) are selected.
   gpg> key (number)
   gpg> revkey
   gpg> list
   # You didn't quite get it right, abort the edit.
   gpg> quit
   # If you're happy, and you're really sure that this is a correct change set...
   gpg> save
Personal tools