September 28, 2022
This site is one of a couple static sites I’ve been maintaining. I’ve been deploying them locally on filesystem with rsync, then hosting a webserver to present the content. I’ve been using Cloudflare for a couple years for DNS specifically.
Over time they have released a portfolio of interesting products, providing source for many of their implementations. They have also been outspoken in the public about the uncomfortable role they play in censorship.
...
April 11, 2018
WireGuard aims to be as easy to configure and deploy as SSH. You establish a VPN connection by simply exchanging public keys, and the rest is transparently handled by WireGuard.
There are many other technologies, however wireguard is uniquley interesting for:
cryptokey routing: the first principles simply mapping public keys and sets of allowed addreses, making wireguard easier to grok for deployments. endpoints and roaming: also initial principles that facilitate NAT traversal and utilization of dynamic addressing through keepalives.
...
October 29, 2017
If you want to be truly paranoid about authentication to services, you can implement your own Public Key Infrastructure (PKI). Many large organizations that are privacy focused have developed a digital/physical PKI strategy, for example the DoD’s Common Access Card. OpenSSL is a software that can be used to setup a “simple” PKI, however it’s command complexity is easy to get lost within. In this guide we’ll set up a “simple” PKI that we’ll use to authenticate users with, while still using the legitimately issued Let’s Encrypt Domain Validation certificates.
...
May 19, 2017
With all of the nasties we are seeing about snarfing up data, there has been a concerted effort for people to get encryption in place. For the web, it has never been easier to get these things sorted because there have been significant efforts recently to reduce the barrier. Firstly the letsencrypt project broke up the cabal of certificate authorities by providing a recognized authority that could issue certificates to verified domain operators without a transaction cost.
...