Archive for the ‘Unix’ Category

How to browse securely with SSH and a SOCKS proxy

Wednesday, September 3rd, 2008

I was in Moab this weekend with my family and our motel had free wireless Internet. I used SSH and a SOCKS proxy to create a secure tunnel to my iMac at work. This allowed me to browse Gmail and Facebook securely.

Here’s a screencast on how to create an SSH tunnel and browse securely in Safari and Firefox:

Here’s a full-size video:
How to browse securely with SSH and a SOCKS proxy (full size video)

These are the basic steps on a Mac:
1. Open Terminal. (In your Applications/Utilities folder.)
2. Type “ssh -D 9999 username@example.com”, replacing “username” and “example.com” with the actual username and address of your remote machine. The remote machine will need the SSH service, or Remote Login service, turned on.
3. Open System Preferences -> Network -> Advanced tab -> Proxies.
4. Turn on the “SOCKS Proxy” and enter “127.0.0.1″ and “9999″ in the fields. Click OK and Apply.

Now your Internet connection will be tunneled through a secure connection to your remote machine — a poor man’s VPN.

If you want to be notified the next time I write something, sign up for email alerts or subscribe to the RSS feed. Thanks for reading.

Posted in Mac, Main, Privacy, Security, Tech, Unix | 4 Comments »

The Patriot Act and Customer Service

Thursday, July 19th, 2007

I. Mac and Linux computers come with a command called “rsync” that makes backup and synchronization easy. Every morning before work I synchronize my 4 year old dying Powerbook to my iMac at work. When I get home, I synchronize back. This way, I get my same mail, documents, and music wherever I am, and if something were to happen to one computer, I’d have a backup. I synchronize over the Internet, but I know a local guy that synchronizes to his iPod so he can physically carry his updates in and out of the office.

canaries.jpg
Photo by quimby

II. At work, we’ve begun using a service called rsync.net for backup. We synchronize our files to their service and pay them $1.60 per gigabyte per month. It’s a pretty inexpensive way to do backup, and it’s nice to have the backup offsite. The rsync.net engineers with whom I’ve spoken have been top notch.

For privacy, we actually use a derivative of rsync called “duplicity”, which encrypts our data before storing them at rsync.net. Their website explains how to use duplicity and other encryption techniques, but I thought it was particularly interesting to find they publish a “warrant canary”. Because the Patriot Act allows the service of secret warrants for the search and seizure of data, and criminal penalties for failing to maintain secrecy, rsync.net publishes a weekly declaration that they haven’t been served a warrant:

rsync.net will also make available, weekly, a “warrant canary” in the form of a cryptographically signed message containing the following:

- a declaration that, up to that point, no warrants have been served, nor have any searches or seizures taken place

- a cut and paste headline from a major news source, establishing date

Special note should be taken if these messages ever cease being updated, or are removed from this page.

Source: rsync.net Warrant Canary

If the “canary” dies, you’re supposed to close shop and get out.

I don’t know the legal implications of a warrant canary, but it seems like a particularly unique example of putting the customer first!

Posted in Business, Government, Law, Main, Tech, Unix | 1 Comment »