One of the main drivers in a dying CPU is overheating.
Many ignore signs of hardware damage via overheating components.
Let’s change that today. This tutorial could add years to our CPU.
WATCH ON PEERTUBE
EXAMPLE: LIFTING KEYBOARD REVEALS CPU / HEATSINK / FAN
Your model may vary. Photos below feature an older Thinkpad in our example.
The same thermal paste application / advice applies, no matter what model of computer you are using. If you have a question, leave a comment.
📺 VIDEO:
GUIDANCE
Before applying the thermal paste, you will need to (partially) disassemble our computer (follow guide for your exact model).
The goal here is not for complete disassembly. Instead, our goal is removing the minimal number of components giving us access to the CPU / GPU (if applicable).
In my case (Thinkpad), I removed back underside screws to hasten removal of the keyboard.
Otherwise, I left the remaining front bottom screws (they were not in our way).
TIP: Take pictures along the way to ensure you use the correct screws / parts placement on reassembly.
Keyboard Removed (Your Model May Vary)
Once we have access to remove the heatsink + fan, we can begin to clean off the old thermal paste.
Flip Heatsink Upside Down To Observe (original) Thermal Paste
Above, we note the dryness of the thermal paste. This is (obviously) very old thermal paste, and needs to be replaced.
TIP: an overheating (or higher cpu / gpu temp) computer can be a sign it’s time to replace your thermal paste.
FROM OLD -> NEW THERMAL PASTE (SEE ABOVE VIDEO APPLICATION DEMO)
Remove the computer battery (if applicable)
During this process, clean any remaining dust / dirt off PC components
Scrape off most of the dried / old thermal paste with a plastic card
Clean remainder of old thermal paste residue using a cotton swab and rubbing alcohol
Apply the new thermal paste (“pea” size” is commonly mentioned);
I prefer to use a small amount and slightly spread it (as shown on video above)
DISCLAIMER: Below I created a tutorial on ‘flashall’ method to get up and running with this firmware. I include 2 outside videos at the bottom for those who prefer GUI applications for upgrading firmware.
Modem recovery firmware available here, in case you mess up.
FLASHING MODEM FIRMWARE
Before following below, make sure to first install adb / android-tools. Required for ‘flashall’ script.
(see below screenshot to see above commands in action. Make sure to download the package.tar.gz into the ‘helpers’ directory, to allow ‘flashall’ to make use of it.)
After this, you will notice the modem going ‘down’. Then it will reappear / come back alive (reboots).
If you get an error, it can’t hurt to try ‘flashall’ again.
Just be sure you have android-tools / fastboot, and extract Biktor’s firmware into the same directory as tools/helpers (the location of the flashall script).
When all is successful, you should see a message from a dedicated number telling you about the success of your new modem firmware.
Notice problems with modem disappearing? Take a look at recommended settings here.
UPDATE: OUTSIDE VIDEO GUI RESOURCES BELOW
In this article I opted to share a quick commandline route.
For those who prefer a GUI tool (to upgrade the firmware), below I embedded 2 videos on this.
Scroll down to take this route.
RELATED: FIRMWARE UPDATER ON POSTMARKETOS
(Below offers 2 separate videos on the same tool – watch whichever you prefer.)
🔗THANKS FOR SHARING (one way to support is sharing links on Social Media, Telegram…)
(below, I share screenshots I put created, underlining key points)
WHISTLEBLOWER REPORT HIGHLIGHTS IMPORTANCE OF ANONYMITY ON SOCIAL MEDIA:
EARLIER 2022 STORIES OF CONCERN
Firehose Data Allows Real-Time Tracking (2022)
Mitto AG Abused SMS 2FA For Mobile Surveillance (2022)
TIP: Use a dedicated email for social media accounts. Don’t use the same email or phone number you have connected to a bank, or “big tech” platform accounts. Every account sharing information can be neatly linked together.
🛡️ Twitter Introduces A New Phone Number Badge
This ‘badge’ will allow users to demonstrate they have a phone number connected to their account.
I see no problem with this, as long as phone numbers stay voluntary. Although it could potentially open certain users up (with this badge) to more likely attacks (earlier bug: phone number reveal).
Given information covered in the above video, requiring a phone number / identification would create a serious safety risk to activists, journalists, lawyers, and others in a sensitive position.
Not only does a phone number tie directly to a user’s identity (more reliably so than other means), it also opens them up to a host of new targeted “spear phishing” attacks.
The whistleblower report states up to 5,000 Twitter employees have access to sensitive user data. And, a Twitter employee was arrested for using their access to spy for the Saudi gov.
A country that executes its own dissidents.
There is no “safe” way for activists to share their phone number (or other personally identifiable information).
Email would make for far more secure form of 2FA, with an added bonus of protecting user identity, personal safety.
Regardless of the whistleblower report, I do hope Twitter remains a success. As long as it remains a place allowing free flows of information.
The only way this remains possible is if anonymous accounts are allowed to stay. As long as they are, I will continue to support Twitter over other mainstream Social Media platforms (this way your data remains in your hands, depending on practices).
🧅 🔒 Twitter Now Has A Tor Hidden Service Onion Address
This one is a great move by Twitter. Nothing but good things to say about it.
We live in a world where power has become increasingly centralized…
🌎 A world where data contractors / monopolies can abuse access, power.
Simply Put: We simply can’t trust our personal data in the hands of strangers. No matter who they may work for.
When one has enough data, especially biometric data, one can use this in combination with AI, media, and various sensory applications / targeted experiences, to engineer future human behavior.
This is the very real future we are looking at. Don’t underestimate the power of data.
It’s why this page exists. Privacy (moreso anonymity) is vital to a free society, where people hold the power.
TIP: By proxying most of your internet data into mixnets, I2P / Tor (and newer options like Lokinet), you can make that data useless (instead of identifying).
Think of Tor as a haystack. Instead of the normal circuit your network packets route, Tor uses multiple layers of mixing / encryption to mix Tor browser client data into
In this world of increase, truly “free speech” cannot exist without the ability for anonymity.
💎 THANKS FOR SUPPORTING / SHARING THIS
Do You Think Twitter Really Fired Mudge For The Reasons They Stated?
There will be a followup talking over the final Argon One case setup.
This case + SSD board is an excellent option for those interested in selfhosting Nextcloud, or other personal servers.
See my Selfhosting Playlist for more ideas, including a personal tip on beginning your Nextcloud as Hidden service, a shortcut.
Added Note: The Argon One is also a recommended solution for those who get the Supporter Privacybox img. This ‘privacybox’ img includes fully automated custom setup for your brand new Nextcloud as Tor Hidden Onion Service (with added anonymous chatroom options). Including generation of a new Onion address + private key, as well as your own Privatebin “zero knowledge 256bit AES encrypted pastebin” (and more, coming soon).
Learn more about the supporter image at the Gitea onion here (open link in Tor Browser). This image is currently existing as a present to thank Supporters who buy 6 ☕☕☕☕☕☕ total coffees over any period of time (or equivalent donation in anonymous Monero and / or Cashapp).
It’s a concept to help support my demonetized tutorial / public interest work, and will continue to incorporate new original design concepts in the setup.
Thanks for watching and be sure to share this video with others interested in learning about selfhosting! 🙂 I appreciate your help sharing any of the videos you find helpful.
Looking forward to helping everyone learn more about selfhosting and running your own servers, coming up.
We will also be taking more looks at Linux and Pinephone in next few videos. Stay tuned and be sure to Follow here for the latest in tips and tutorials.
Feel free to leave questions and comments. Look forward to reading them.
You can view the Gitea Onion server in Tor browser, and optionally work on projects from TailsOS, Whonix, and other torification.
There I host various things I am working on, from open free proxy, frontend lists, free books, and code. As do others (you are welcome here).
It’s completely FREE to sign up to add / upload your own projects (public or private – they stay how you choose).
There is no forced copilot submissions for projects here.
You can also browse and download whatever you like as a guest, without ever registering.Anonymously.
I wanted to provide an anonymous git service (that respects your privacy) for users who may not want to reveal identities as seen on places like github.
You can use it from TailsOS / Whonix terminal, or add torify to your git commands on any other Linux operating system. Try it out.
I feel anonymity offers us the ability to share open ideas without users worrying about self censorship, or being ‘doxed’. And that’s what I’m trying to do here.
I feel anonymity offers us the ability to share ideas without self censorship. And that’s what I’m trying to do here.
Encouraging new users to ask questions, file issues (if you have them), and check out what I and others are working on. Feel free to contribute too!
Those who want to support the Gitea onion and other public interest works, can find details here.
For those following shortcut playlists such as Nextcloud as a Tor hidden service (see selfhost playlist example), or who support the Supporter image.
Really, I hope this post helps anyone interested in selfhosting. Whether or not you support my work I make these posts for everyone and welcome followers, shares, monthly members and ☕ coffee (if you like). End of post includes “present” idea for regular supporter incentives.
I really appreciate all my followers (thank you! 🙂) and try to make public all I can, as able. My goal here is to help.
Selfhosting
Steve Wozniak is right. He has had quite a bit to say about Cloud computing, and the mistake it is for those who care about their privacy.
It’s important to differentiate: when we say “the cloud is not your computer”, we are NOT talking about a physical server you own and can touch! We are talking about remotely hosted cloud space you RENT.
THAT is not your computer. And you have no control over who or what is accessing it beind the scenes. It’s better we act like it.
iCloud is an example of NOT your computer. Any rented virtual server / cloud space is NOT your computer.
“Never trust a computer you can’t throw out a window”. -Steve Wozniak
I love that quote. It’s really that simple.
If you, yourself setup the physical hardware (or purchased from someone you trust), THAT can become the (only) “cloud” server you trust.
Nothing less is ensured private. If you can’t control the hardware, you don’t control the outcome.
Options include something like Nextcloud on a Raspberry Pi or Pine64 / other singleboard computer. THAT can be a server you can trust (trust as long as you know what you are doing). A server you own.
Listen, rented cloud storage is NOT your computer! I’ve been stating this since the first days of this channel.
(Thought it can’t hurt to say it again)
When you rent cloud / virtual hosting, you can’t think that is truly private, right? Because it is not. There is nothing private about rented cloud storage.
The cloud is not your computer. It is rented space on a computer, but it is not your computer.
Other people can access it. Employees of the company. Potential attackers. Snoops. Misfits.
Who really knows who else?
If you are going to rent cloud space, at least encrypt that data ON YOUR PC, BEFORE sending it to said cloud. Use something strong. If you want to ensure no access to the data within.
One interesting test is attempting to upload something that has been encrypted independently (such as with zulucrypt). Certain cloud providers have been reported to outright REJECT encrypted files.
If you are going to use rented cloud storage, at least encrypt your files before uploading. Try it.
Let me know in the comments if your encrypted file is rejected. I would love to hear the story! 😁
Sponsors (No Conflicts Of Interest)
I don’t have sponsors. It’s why I don’t recommend many companies (like, ever). If you want to help with content here, I accept coffee, XMR, cashapp. All options listed on frontpage.
Not saying it’s a bad thing to have sponsors. Not at all. I enjoy channels who have sponsors! And I’m really not here to make anyone look bad.
But it’s always smart to do your own research if a channel or writer benefits from recommending a product. It’s common sense.
Take for example someone may recommend cloud / virtual hosting specifically for privacy. It’s always a good idea to find out if they are benefiting from this recommendation.
And if they are benefiting, research further to find out if there is a better option (my only aim is to provide answers, and otherwise hope to stimulate free thought).
I wish all creators the very best, and only change my own recommendations based on what I know to be true.
I’m not saying there is anything wrong with virtual hosting / cloud rentals. Not at all!
In some cases it might be the right decision for you.
But for peak privacy capability (if this matters to your threat model), alas, it is not.
You could benefit from this if you simply wanted to host a small business presence on the web, without concerns for privacy on that server.
I’m telling you all this because I’m happy to tell you the good, the bad and ugly.
Some people want to set everything up from scratch. I totally get that (it’s the best way).
One example is the common recommendation “create your own VPN” for privacy.
This isn’t a great idea.
Obviously Tor / i2p / lokinet (and other multilayer randomized meshnets) will be superior to any VPN alone.
Creating your own VPN on shared cloudspace may leave you as one of the only users to be seen.
That’s less “needle in haystack” layering blend in with a single hop of separation.
This doesn’t mean you can’t combine VPN with Tor to enhance some cases. But ensure you are doing this correctly. A VPN is tied many times to a user’s identity. And it’s best to avoid this when a user’s goal is anonymity.
I’d rather recommend proxychains as an additional option for journalists, lawyers, and others who need anonymity without over complexity.
But, for the vast majority of people, Tor Browser alone (with a bridge) is simple and secure enough.
I’m still feeling a bit rough, but glad I cranked this one out. Hopefully will get more done soon. Hope you get something out of this article, and see you in the next one! 🙂
THANKS TO: REGULAR SUPPORTERS (If you fit this reach out so I can share current img)
For those interested in a more ready to use all in one Supporter Image I am working on: offers fully automated selfhosting setup (automated new Nextcloud Tor hidden service onion + private key generation (only you have the private key / onion as it doesn’t exist until you first login) + Privatebin “zero knowledge” pastebin + onion Tor wifi router + additional menu shell and customization options + more unique ideas implemented soon).
The Supporter selfhosted pi image is something unique I’m happy to continue to improve and maintain. Carrying custom options not mentioned. Goal is to offer something unique. A matter of selfhost convenience focused at privacy options, setup automated (initial setup asks only for wifi network preferences, network cards etc and takes care of the rest, displaying your newly generated onion address).
Currently offered as a way to say “Thank You” to those who ever bought (over any period of time) total of 6 ☕ ☕ ☕ ☕ ☕ ☕ coffees (or equivalent Monero/XMR, cashapp donations), + offered to those who joined membership for 6+ months. It’s also available as an “extra” service here for those who just want to donate to download (accepting monero and cashapp donations here).
If this is you, please let me know. I’m excited to share this with you! 🙂
It’s something I came up with to incentivise supporting the unsponsored, demonetized tutorials / videos (over 182) and other works. I want to be able to continue expanding on ideas, public offerings, and improve content quality, + have the opportunity to share more servers with everyone. I can only meet all goals with some support of community. To those who have, thank you. ❤️
Today let’s talk a bit about what are commonly referred to universally as: “Stingrays” (popular model), and for Linux phone (Pinephone tested) users, sharing a small service for “4G Only” persistence (every boot): here).
Why? After noticing downgrades, wanted to see if it will affect my service over the long run (good coverage). Opted to try “4G only” for a while.
4G only restricts 2G / 3G and could cause service interruption during moments lacking 4G availability.
Includes tips for Android users. iPhone, not having as many options, does carry a “4G Only app“.
Cell Site Simulators (examples: “Stingrays”, “IMSI Catchers”): False Cell Towers appeal as “strongest signal in the area” for phones in nearby area (ex: 10,000 phones per device in some cases). Once connected, phone location can be tracked, and on lower security (ex: 2G), SMS / calls can be more easily captured)
SUMMARY:most Cell Site Simulators rely on downgrade attacks to cause your phone to connect to the less secure (encryption) 2G services (and other times 3G). We talk about how to mitigate for Linux phones (Pinephone service), Android, and iPhone (briefly).
INTRODUCTION
Video (older) introducing an Android tool for detection and mitigation of “cell site simulators”.
A basic introduction to what these devices are designed to do (mimic cell towers), and what various models may look like (including homemade), from the smallest (fitting in the palm of the hand), to the flying…
Downgrading phones to 2G service makes content easier to intercept (ie: calls and SMS txt, due to weak security in the 2G).
4G Cell Site devices run more expensive (comparing to 2G / 3G), generally offering location tracking.
Previously, price quotes (released a couple years back) marked “Hailstorm” devices for over $450,000.
Ultimately, for both criminal and official purposes, most rely on “downgrade” attacks.
Some may notice 4G blocked during certain areas of protest.
See: here, here, and here as examples where 4G was blocked during protest. Nearly all serious protests deal with this, (possibly) forcing connection to cell site simulators.
VULNERABILITY: SYMPTOMS OF ATTACK (Then Again… There Aren’t Always Signs)
Quicker than normal battery drain (push max battery usage)
High power usage forced on phones (amplification can allow farther operation distances)
Downgraded service to 2G, 3G (from stable 5G, 4G)
Service disruptions (problems sending SMS txt, calls, internet)We should ask ourselves: Why is there no tower provider authentication, to protect our phones from these devices? If providers desired so, it would be so.
Why Do Downgrade Attacks From 4G To 2G, 3G Happen?
Downgrade attacks occur to move phones to a more ‘receptive’ environment.
Since said false malicious cell spy towers utilize downgrade attacks to force all phones in the area to connect to their malicious cell site simulator…
We can attempt to mitigate downgrade attacks by forcing 4G only (keep in mind not all settings are saved after reboot – that is the idea of trying the 4g-only service for the Pinephone service: it forces 4G/LTE only, each reboot)
Set Your Preferred Network Type To LTE Only for 4G only (keep in mind this settings holds until reboot)
iPhone Users: 4G / LTE Only There is a reported 4G only app.
You can also access iPhone service options by following this page.
Pinephone / Linux Phone Users
Today I am writing today to intro a small example “4G Only” Service.
It’s something I wanted on my Pinephone (Linux phone) to prevent downgrade attacks.
Symptoms Of Malicious Intent
Phone jumps from its reliable 4G, down to 2G, or 3G
Phone has service disruption after this connection change
Internet may lose reliability, texts and calls may show issue / stalling
Apps like Android’s “Cell Spy Catcher”: take 24hr to map out all current cell towers (and locations), alerting you to towers which move or behave suspiciously, such as changing tower information, and location (ie: true cell towers are not moving around, changing location 😤)
RELATED STORY: In some areas, attacks could even be of foreign interests, even criminal networks.
Mitigation (For Most Cases / Devices): Force 4G Only.
Sure, settings in the Gnome / Phosh allow you to momentarily selecting 4G only, issue here is, it resets to allow 2g, 3g, 4g on the next boot. This service ensures 4G is the only available service to the modem (during service downgrade attempt).
Setting Up 4g-only Service
The service is simple to setup.
Simply download / clone package from Gitea onion (use torify git clone, or Tor Browser to view and download), and run the install.sh script (using sudo). This moves everything where it belongs, making a new command in our execution path, and enabling the service (by default starting 1st on your next reboot).
If you would like the service to start right away, you can run the command installed:
sudo 4g-only
Or (once running install.sh), you can start the service without reboot by issuing:
sudo systemctl start 4g-only.service
To avoid having to reboot.
What Does It Do?
First detects your current modem location (does change), setting “4G / LTE Only” for that modem, every reboot.
Running:
sudo 4g-only
forces 4g-only from the commandline.
If you need access to 3G as well, there is a single argument:
sudo 4g-only reset
Personally, I recommend 4G-only (not the reset) to prevent connection to these lower services linked to most malicious cell site simulators (note: during downgrade attack you may lose service – but at least you may know why..)
Checking Status Of 4g-only.service
Once installed (after a reboot), you can check the status of 4g-only.service.
sudo systemctl status 4g-only.service
Once you have run the install.sh, you will have 4g only every single boot 100% of the time.
If you need access to 4G + 3G (not recommended for most areas), I added the ability in the systemctl ‘stop’ command of the service.
And so:
sudo systemctl stop 4g-only
Won’t just allow 3G, it keeps 4G preferred.
But for myself, and most people, I do recommend leaving the service as is, allowing 4G Only (not including 3G), if you wish to mitigate downgrade maximally.
If you notice service disruptions on 4g Only, this could be a sign of downgrade attacks. That alone IMHO, can be useful to know.
Will share more options as tested in future (check back).
Hope you find useful. ❤️ 📱 🐧
🙂 Thanks for following this page and spreading the word!
Learning to check SSH fingerprints is a staple for using remote ssh safely. Failure to match fingerprints opens us to potential MiTM.
[ Did you miss ssh writeup Part I? We discuss how default Linux OS hostnames can sometimes give away default password, pitfalls in numerical passwords (changing default passwords should be priority #1).
First we identified the OS by default hostname, then we used a “most common numerical pin number wordlist” to crack the default SSH password in seconds, demonstrating how successful ssh cracking (using Hydra) looks, and offering solutions/advice HERE) ]
INTRODUCTION
Do you accept “new” ssh client key fingerprint prompts without checking them against the server in question’s own key fingerprint?
If you accept ssh key fingerprints (without verification), you may be setting yourself up to be an unwitting victim of a MITM (Man In The Middle Attack).
[This topic is covered in PART II (scroll down for Tutorial]
Additionally in PART II, we swap out weak default password authentication, to a much stronger (passwordless) RSA key authentication login assisted by ssh-keygen (we use to generate strong keys).
After which, we disable the password login option altogether (to prevent brute force attackers), and finally, we restart SSH for all changes to take effect.
As a Bonus, a video covers converting SSH server to a Tor Hidden .onion service, adding additional security/encryption benefits (without need for open ports).
(REFRESHER) PART I:
Part I video is below, covering weak default password examples in real Pinephone operating systems (applying to all Linux / UNIX machines / default logins).
In this scenario, we first scan machines on the LAN (as an attacker would), immediately identifying operating systems by their default hostname. After which we use Hydra (brute force cracker) to run known default username/pin number lists against the SSH server identified OS of our Pinephone.
After demonstrating how easy it can be to identify and crack SSH logins on machines sharing the same connection/LAN, we then go in to tighten up sshd_config settings to prevent future brute force attacks. As well as talk password security.
Today’s Video continues on from this SSHD Config angle.
As the introductory paragraph details, first we check key fingerprints shown by our ssh client against the server side’s ssh key fingerprint. We must ensure these fingerprints match, otherwise we risk MITM attack. Never accept new fingerprints without verifying.
ADD SSH KEY AUTHENTICATION (NO PASSWORD NEEDED)
(ssh more securely)
Have you ever accepted a fingerprint and wished to start over to be sure? (to: delete all saved keys for host / server and reconfirm fingerprint?)
REMOVE PREVIOUS KEY FINGERPRINTS (CLIENTSIDE):
ssh-keygen -R HostHere
CHECKING FINGERPRINT (SERVERSIDE):
ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
NOTE: THE ABOVE COMMAND IS ECDSA. LATEST AND GREATEST ADVICE IS FOR ED25519. CHECK THIS:
ssh-keygen -lf /etc/ssh/ssh_host_25519_key.pub
NEXT:
Connect (from clientside) to our SSH server to check the fingerprint output. Does it match the above “CHECKING FINGER (SERVERSIDE)” output?
See the screenshot below to watch this comparison in action.
SCREENSHOT CHECKING FINGERPRINT (COMMANDS ABOVE):
IMPORTANT: I felt the need to explain 01:56 — do not accept the key (unless you previously recognize it). This key fingerprint acceptance is to demonstrate the plain ‘password: ‘ prompt itself (fingerprint acceptance required to show). Follow below for fingerprint checking instruction (or follow video after 3min).
TIP #1 FINGERPRINT CHECKING: Check the server’s fingerprint from a separate network (if working remotely from it), or if you have physical access + a monitor, even better. By using a separate network to check the fingerprint upon connection, you are compartmentalizing both client checks from one another, further verifying fingerprints match from multiple networks.
Running the fingerprint checking locally (serverside) is always the best method (when possible).
TIP #2 FINGERPRINT CHECKING:
write hosts/fingerprints down , post them on your wall/corkboard/office: no risk in having a written list of your machines hostname/ip + correct ssh fingerprints. This can save you from having to check.
Why? You may one day need to login from a new machine without physical access to the server. Having record can help you check without risking the login/accepting fingerprints remotely.
After working on fingerprint checks, we add the key to our server, allowing our client machine to automatically login upon connection.
GENERATE RSA KEY PAIR
ssh-keygen -t rsa -b 4096
PASSWORD-FREE KEY AUTH: MORE SECURE SSH ACCESS
COPY KEY TO SERVER:
ssh-copy-id username@host
SEE SCREENSHOT BELOW FOR ABOVE STEPS IN ACTION
After successfully copying our key, we then connect by ssh to test it, if it lets us in without problem or password, we did it!
TESTING PASSWORD FREE KEY AUTHENTICATION
TIGHTEN UP SSHD_CONFIG (SERVERSIDE)
We add a few more lines to /etc/ssh/sshd_config, ensuring only our machine can login: (disabling password guessing by relying on our newly minted key alone)
/etc/ssh/sshd_config:
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Restarting SSH allows our configuration changes to take effect:
sudo systemctl restart ssh
[Timestamps are found inside the video description]
* BONUS: PART III: Tor SSH .Onion (Hidden Service):
This 3rd (optional) video shows how to setup SSH access as a Tor Hidden Service.
BENEFIT #1: By disabling ssh locally and allowing only the Tor ssh we prevent unknown machines from attempting brute force attacks (if we failed to follow previous videos). The only ssh attempts will be from those you give the onion address to.
BENEFIT #2: Additional layer of end to end encryption between the tor clients on ssh client and server side. Add to this the ssh encryption keys/fingerprints themselves on your client/software side, and you have a much more secure ssh setup.
Comments/Questions Welcome below:
Like content/videos like this? Share it with Linux users (Reddit, Telegram, Discord, IRC).
❤️ If you appreciate content like this and want to ☕ Buy Me a Coffee hit ‘support’ button on: Home Page
Thoughts, comments and any questions welcome below.
Logging a real-world failing drive experience, carrying important data (not in earlier backup). Followers asked for content including behind the scenes, ‘daily activities’. Here we are. Thank you for the suggestions.
(Unfortunately, rendering gigabytes of video + imgs (regularly) became tough on our Harddrive. )
Tools You Should Know About
smartmontools (command: smartctl)
ddrescue (GNU ddrescue) (copy important files before attempting to avoid ‘finishing off drive’!)
photorec (copy important files before attempting to avoid ‘finishing off drive’!)
💾 ⚰️ FAILING HARDDRIVE: WHAT TO DO
This video offers advice, putting you in a more optimal position to recover your most important data, BEFORE a given disk ultimately fails (completely dead).
Recommending pre-failure testing tools like smartmontools (detect a possible failing drive), before it completely dies.
(let me know in comments if monitoring disk health is something you would like to see more of)
Of course it goes without saying, backing up your important, personal files and keys (ahead of any issues), is highly recommended (and probably the most important step).
TIP: Create an encrypted volume, prior to adding backup files. Next move that newly created encrypted volume to your outside media (for storage).
Create Hidden Encrypted Backup Inside Video File (Steganography + Crypto)
(the following video displays a Linux Pinephone – but, you can use Zulu-crypt on ANY Linux machine, in the exact same way!)
You don’t have to create a “hidden” volume if you prefer not to. It is just as easy to create a normal LUKS volume, on the same Zulu-crypt menu.https://www.youtube.com/embed/87yg8peq3kw
Watch Today’s Video
BEFORE ATTEMPTING TO COPY DRIVE
Attempt to mount partition carrying your /home directory (carrying your most personal, important and sensitive files).
If you can successfully mount this partition in question, copy your MOST IMPORTANT files first. (ie: .ssh directory (keys), /home/user/cryptowallets, /home/user/Pictures, /home/user/Documents)
Do this priority copying FIRST.
At some point the drive will fail, COMPLETELY. And by then it will be too late (unless you have identical drives laying around with which you can swap working parts to attempt to reanimate the drive… save yourself the trouble.).
When faced with a failing harddrive, FIRST priority should always be recovering our most important / personal / sensitive files, BEFORE complete failure of the drive.
RESTORATION
AFTER SAVING YOUR MOST IMPORTANT FILES TO ANOTHER DISK…
You can restore them to a new installation by copying them (and their directories) into the identical location of your user $HOME directory (ie: /home/user).
Moving the copied files (from failing drive) into a new installation home directory (or existing), restores the original ssh keys (in case you use key authentication), accounts for messengers, and browser / program customization and bookmarks.
Backup Using dd Video
Here I covered backing up your disk with dd command:
List Your Detected Partitions:
lsblk
Example dd Backup Command
The dd command uses various options (leave a comment if you need help!)
The above example command would backup the entire /dev/sda harddrive (if= is the ‘input file’ or drive). Making if=/dev/sda backup the entire /dev/sda drive. As another example: if=/dev/sda1 would backup only the /dev/sda1 partition.
The of=/mnt/disk/backup_06-11-2022.img part is where you would like to send your backup image. You can create any name you would like for your backup, ending the filename in .img to represent an ‘image’ of your partition, or entire drive (depending what you choose for if=)
Example Screenshot (Backing Up)
The above command sends our image backup of /dev/sda to /tmp/backup_06-11-2022.img.
From here it’s important to move it to your newly created zulucrypt volume (/tmp directory is just that, temporary: we are taking advantage of the temporary nature – but remember, never send a backup to a potentially failing drive (defeats the entire purpose of backup).
Regular multi-gigabyte rendering (ie: current count is 181 videos rendered on channel) is hard on our hardware. If interested in helping the channel: various Support options exist on frontpage.
(either way, planning to continue guides)
Sharing the link, post, or video, is another a great way to Support this!
💽 Are you interested in learning more about harddrive failure monitoring, or recovery software? Let me know in the comments. If I feel there is enough interest, I will make a tutorial.
Thanks for watching! Any questions on this video? Ask below!
HowTo: Privacy & Infosec 