Sarah Jamie Lewis and “The Dark Web”!

I have spent the afternoon researching the work of Sarah Jamie Lewis. A very interesting person and among other things she used to work for GCHQ! The irony is that she is now an independent security researcher who is pro anonymity and privacy advocate.

She is also the author of an interesting product called onionscan, which is a tool that can be used for mapping the dark web.

This particular talk I found rather interesting

Sarah Jamie Lewis: OnionScan: Practical Deanonymization of Hidden Services

Among other things it gives rise to the fact that if you want security you should find your self a great Sys admin! Put simply a lot of sites on the “Dark Web” are not well configured and if you use such services you could be at risk.

She covers such topics as why you should be careful if you use apache as a dark web server. Why not to use a google analytics id (don’t use the same id for all your sites) and be aware that if your using it in the real world as well as the dark web this is a rather incriminating vector!

Other things discussed are exif metadata (from photographs for instance) that give away your geolocation, phone type etc!!

Most importantly though she mentions a lot of the good things that the dark web can be used for including, that a lot of the dark web is blog sites, forums that help drug users with regards catching addiction before it happens and harm reduction. Also that the dark web is used to monitor human rights abuses, and censorship data gathering.

She sums up buy proposing that peer to peer may be the future of creating secure communications due to the fact that the client server model is rather difficult to secure and anonymise. Some very interesting, important and thought provoking work. Her twitter feed is also an interesting read and rather humorous but probably NSFW!

Related links
Source for onionscan

Recent outage and snow flake servers!

This is a Wombat not a snow flake!

My server hasn’t been working too well over the last 24 hours due to it becoming a bit of a snow flake, that and the fact the the plumber always has leaky pipes! Not to mention that I was running a rather old version of Debian.

What’s a snow flake server you may ask? It’s what all system admins should avoid! It’s a server that does all sorts of things (often rather well) and as such is a precious little snow flake! The problem with this is that the server will not, or is not, easy to manage or update or improve due to lack of documentation, configuration issues, and / or as was my issue- software and hardware conflicts.

There are a number of ways to manage machine production and developer working environments. These include approaches such as blue green servers, machine imaging with products like puppet and Ansible. As well as a VM approach with products like Vagrant or a software container product like  Docker.

Whats also interesting is that with good old fashioned tools like password less key managed ssh access, and shell scripting you can control a lot of the process that the above products like to take claim for.

I’m going to think quite a bit about this snowflake problem some more in the coming weeks. I shall probably write more about how I, as someone with a “production server” and a number of other needs keeps all the ducks on the wall.  The end result is that I hope I can create a machine from scratch in a very short space of time. Or at least learn a few things.

Stay tuned!





Ridley Scott movies, AI and humanity!

Interesting things happen at the men’s shed!

So I’ll start with a spoiler alert. If you haven’t seen the Ridley Scott  movies “Prometheus” or  “Alien: Covenant” you may like to stop reading now!

One of the things that I liked about Prometheus was that Ridley Scott starts to look at the concept of “Bad robot” and by the time we get to “Alien: Covenant” we are talking about a megalomaniacal monster who, because he has access to so much knowledge and power compared to these lesser humans, makes the decision that we are not worthy – of existence!

This of course evolves into a plot that will have you sitting on the edge of your seat right to the moment you leave the theatre. Your brain will still be doing back flicks many hours or days later. The technical ramifications of the plot twists are brilliant.

These movies got me thinking about AI and robotics and Arther C Clarke’s “Three Laws of Robotics“. I have always thought that these laws have influenced a lot of science fiction writing, in that the Robot is usually a force of good. When I think of my own existence as an IT person and someone rather fond of cables & chips… and software. The concept of an AI gone wrong upsets me. This is because we are human and we are all flawed on some level but we also have hope. But the cynic in me asks  “So how the heck could we create an AI and not get it wrong?”

As a byproduct of watching these movies, I went searching for more information about humanity and AI. Whereupon I came across this interesting interview between two of the the biggest supporters / brains in the business of the development of AI… “Marvin Minskey & Ray Kurzweil“.

The late Mr Minskey is arguably the grandaddy of AI. He’s interesting  – but also I feel he could be considered some what of  an intellectual snob. I would not want him programming an AI.

But you might say – Robots, Artificial intelligence. That could never happen! Well lets just look at the facts shall we! The common knowledge game of Jeopardy  back in 2011 yep a computer beat 2 of the best humans in the world at this game.

There is of course our diminished skill with regards the game of  Chess, and the even more complex game of Go , The Physical presence of an AI may be expressed in a robotic format such as this…

We might also take into consideration related developments in robotics (not jus the type that walk) including improvements in things like Brain surgery  . I shudder to think what the military are up to, but this is something we need to think about.

Additional issues are that the AI will presumably design the next generation of AI! It’s a very deep rabit hole.

If someone ever does get round to creating an AI we would need a management and review process. In addition to programmers who can create something with the wisdom and compassion of Buddha and  the patience of a Saint.

We need to think about this, talk about this, a lot. Not to mention act carefully!

Install howmanypeoplearearound on mac os X

howmanypeoplearearound  “calculates the number of people in the vicinity using the approximate number of smartphones as a proxy”

To do this on Mac os X first make sure that you have “brew” installed.

See the simple instructions / site hear

Your also going to need tshark the cli version of wireshark installed

brew install tshark

Also I found using python3 important as I was having dependency problems with the standard python install

Download and install python3 from hear


sudo pip3 install howmanypeoplearearound

now you can observe howmanypeoplearearound !

Typical usage

sudo howmanypeoplearearound -s 300 -o scan_big2.json -a en1

(Listens to network traffic for 5 minutes writes to the file scan_big2.json in json format using interface en1 (wireless card use ifconfig -a to check that yours is named in the same manner)