Polyphonicwinter Blog

A Blog for updates on Life, Ideas, Technology, Privacy, Problem solving and Learning

When I was younger, I didn't appreciate poetry. However, I figured that when I reached an appropriate age, I would come to understand its significance. I expected that time to come around the mid-point of 50 in my life, but now at the tender age of 25, I get it.

Like all things that are not binary, black and white, I favour certain types of poetry over others. Personally, I currently find that Haiku is my favourite. At first, I considered it a lazy person poetry but now, after dedicating some time to writing my own, I think it some of the more complex poetry one can write.

If you were like me and don't really get haiku, let me try to persuade you why I believe that everyone can enjoy and even benefit from writing it.

The task: You have to evoke an image in 3 lines, following a strict 5-7-5 syllable structure.

I have now spent more time than I'd like to admit, drumming my fingers on my leg as I try to work out if a line I've composed fits, or I have to use a different compromising word or have to throw away the line entirely. This may sound like a frankly boring and tedious task, but I invite you to think of composing haiku a taking a snapshot of time and then compressing that into 3 lines. You can then evoke that snapshot by reading the haiku. Here's an example:

A buzzing city Viewed from a mountain trail It was worth the walk

This is a snapshot I took of my holiday to Hong Kong. We had set off on a walk from Tin Hau to go on a short walk to what Google Maps considered Sir Cecil's Ride. It had advised that we take a bus to the top of the hill, and then we complete our short hike. My partner and I had different plans. Having only just arrived in Hong Kong a day before, we decided a better idea was to walk up the hill and then complete the hike before walking (or maybe catching a bus) back down again.

We set off, she had a bottle of water and I had a bottle of a drink I was trying, Pocari Sweat. I know. What a delightful name, but I had been told it was really good for the heat. There were no clouds in the sky, it was 28*C and humidity of +80%. We started our walk and quickly discovered that to get to the hike was going to consist of a lot of steep steps and a gruelling hill. It wasn't long before we had to stop to catch our breath and take on fluids. But as we climbed, off to the side of the hill, the view of Kowloon and the harbour was growing increasingly impressive. Around ¾ of the way up we stopped again and seriously considered getting a bus up the hill, but checking the time, we hadn't been walking long, and it felt like a cop out. After what felt like over an hour (but in truth was 30 minutes) we reached the start of our hike. An obvious gateway is before us but appears to be locked.

We checked Google Maps again, and it recommends that we had to go behind a College to get started. We walked over and check Google Maps again in confusion. It seems like it wants us to follow a small trail off the beaten track, down into a river bed across it and then back up in the undergrowth on the other side. We share a look of confusion and I go first. I almost twist my ankle going down, but I can see a couple of coloured ribbons on the other side and presume that “no, despite all other logic, this does appear to the route Google suggests”.

We make our way across the river and start making our way through the undergrowth looking for clues of more ribbons. We spot some more up the trail. My partner is getting increasingly concerned that we must be going the wrong way, but I wave it all aside. Then her phone signal blips and Google Maps recalculates. Now it suggests we go back the way we came and go through the very obvious gate we thought to go through in the first place. I look at the map, and it seems like if we just push on for another minute up the bank, we will reach the trail anyway (we are high in the mountain now, and I don't fancy going back the way we came). I take out my phone, open OsmAnd and I can see the trail we took on it. It confirms my suspicions. At this point, we give up on Google Maps, and puts “Sir Cecil's Ride” into my phone. OsmAnd acts confused at my request and tells us what anyone who's done the proper walk would know. Sir Cecil's Ride is the name of a trail, not a location to go too. We decide fuck it, let's continue onto the Ride and just follow it. After a bit more of a slog, our t-shirts soaked and bottles 1/3 full, we get onto the main path. It's clear and well established, and we gratefully follow it. Then we have an excellent moment, a highlight of our trip. We see the view.

The city laid out in front of us: The Harbour, Victoria park, Kowloon and the new territories in the distance. People the size of ants scurrying around. The sun sparkling off the buildings. It was the moment I fell in love with Hong Kong. That was when I sat down on a rock, gazing out, and summed up the experience in that haiku.

Now, I took some photos of the view, but if you compared them to any other photos from tourists they would look near identical. My Haiku however, brings me back to that moment in time something my photos can not.

Coming back to the present and the point. Haiku allows me to relive moments

I previously wrote about my strong disliking of Facebook but revealed the “best” way round it. However times have changed and with the audio and broadcast industry defaulting to WhatsApp for communication so must I and this time... I'm almost on board.

UPDATE: Now I must preface by saying I do still have a work Facebook account but I rarely use it. When I do use it, I use the NEW official Tor browser app (Available on: Playstore/F-Droid (Preferred)) or the good ol' desktop Tor browser using Facebook's hidden site facebookcorewwwi.onion. I still recommend using my previous post if you NEED Facebook on your phone!

Also WhatsApp is created by Facebook, so not great but it does have some tasty features...

Features

  • End-To-End Encryption (e2e) WhatsApp uses Signal's end-to-end encryption algorithm [1]. We can't technically trust Facebook has implemented it correctly but if it has... that's a major Hell Yes!!

  • Web-view One thing that WhatsApp does that I wished other private messengers did is have a web app. It always asks for permission before accessing the WhatsApp account and allows you to move files from your PC through WhatsApp with ease. It also enables us Linux users to not worry about compatibility issues.You could suggest that this broadens the attack range for malicious actors using WhatsApp.

  • Doesn't connect to any other accounts WhatApp has been sold as a private messenger and so does not ask for annoying permissions and doesn't connect to other accounts. Nice!

HOWEVER

You can be as secure as you want your end but the issue then becomes the OTHER people in your chat. WhatsApp by default saves a copy of your encrypted messages to Google/Apple/Microsoft's backup service. Ughh! This can be kinda circumvented by...

  • Disabling backups NOT WhatsApp backups but whatever main backup service you use (presuming it's not a personal server or syncthing or you are using a custom ROM without Google services). This solves the issue for you but NOT for others. You can try (mostly in vain) to get others to do the same but even if you can't it's a step in the right direction.

  • Deleting your messages Again a pretty bad solution but hey it does work. Simply delete your messages after they've been seen BUT before WhatsApp does a backup. You will be notified that to delete for everyone NOT just you. Just Agree!

  • Encrypting This doesn't solve the problem with regular messages but for sending files it does. You can use a service like Firefox Send to send files up to 1 GB (2.5 GB if you have a Firefox account) or Tresorit Send with up to 5 GB or even OnionShare with an unlimited file size limit (works over Tor). These services all use end-to-end encryption (unlocked with a password), links expire after a chosen amount of time and much more. Of course you can use regular forms of file encryption like PGP or AES256. [2] But if you are, you probably have better solutions anyway and aren't using WhatsApp. ;)

Overall

WhatsApp is one of the 'best' commonly used messaging apps out there and if you can't use an alternative like Signal or Keybase. It's just a good idea in general to treat whatever you send or post like an open letter. DON'T post anything sensitive on it. It's probably overly paranoid to suggest that Facebook reads all your WhatsApp messages but hey! Also with the recent WhatsApp hacks and exploits [3], it never hurts to be safe!

Liam

[1] https://scontent.whatsapp.net/v/t61/68135620_760356657751682_6212997528851833559_n.pdf/WhatsApp-Security-Whitepaper.pdf?_nc_sid=41cc27&_nc_ohc=NBTA-txayNsAX-xbRaX&_nc_ht=scontent.whatsapp.net&oh=3cd37dbd496d40f6dadd0dd475454681&oe=5E62B5A5 [2] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf [3] https://www.theguardian.com/technology/2019/may/14/whatsapp-hack-have-i-been-affected-and-what-should-i-do

#Facebook #WhatsApp #Privacy #encryption #OnionShare #Tresorit #Firefox #Signal #e2e #Syncthing #PGP #AES256 #TorBrowser #Tor #LineageOS


Before using Write.as I used to used GitHub for blog posts. It was fine and added customisability this service does not. However I found myself never posting as it involved a lot of unnecessary steps. This is clean and simple. Perfect for my needs.

Markdown

Write.as uses markdown for formatting, which I am already familiar (should probably update my CV) and even if I wasn't I could use this handy cheat sheet. This allows me to very quickly create articles and even show code in a pleasing way.

In comparison I have to write... <h1>This is a Main Heading</h1> in HTML

Where's in markdown it's this # This is a Main Heading

OR FOR A LINK

<a href="https://polyphonicwinter.com">URL NAME</a>

[URL NAME](https://polyphonicwinter.com)

ALSO I CAN EVEN USE HTML IF I PREFER!

Hidden Service

It also has it's own hidden service (writeas7pm7rcdqg.onion) so I can access from anywhere using Tor and not have to worry much. In the past I have hosted my own #tor hidden site (and still do for polyphonicwinter.com, here it is: test.onion but it has come with drawbacks.[^1]

Self Hosting

As Write.as is a federated site and uses open source code, it is possible to be able to self host in the future. Which is preferable.

Viewer Count

Is as it sounds, I can tell when someone has opened this article. Which is nice cause I can tell if anyone is out there or I am in my own 'little internet void'. Either or.

Anyway it's not as big a cop out as you may first think. So please enjoy your stay and I hope you enjoy yourself and maybe learn something new.

Liam

[^1]: Annoyingly all the services I've tried don't support hidden services as URLs. Sorry.


Unwanted Distortion

The SE215's from Shure are fantastic in ear monitors however like all things they break. Specifically the cable and after it broke. I ordered a replacement, however after I plugged them into my computer for testing I heard a horrible crackling. Damn dodgy cable! Well that's what I thought...

Testing

After testing a different set of headphones (Beyerdynamic DT770's) I quickly realised it was coming from the left channel but the crackling was following the same pattern as the audio file. I tested WAV files, MP3 and Vorbis OGG files. Same thing. Perhaps it's only that specific track or maybe it's the program I am running the file through? Nope! I tried VLC, Spotify and Rhythmbox. Same thing.

Hmm... Maybe it's not the cable and due to my first test I can tell it's not an issue with the left driver in my SE's. Maybe the solder is loose on the headphone jack port? Well I can test that by plugging in my external sound card/audio interface and then my phone, trying both headphones through that. The crackle has gone through the phone but I can still here it through the interface at a high volume.

Drivers

So now I know that it is coming from the laptop not just the port. It must be a software issue. Okay cool, that means I can fix it! Let's think I recently converted from Ubuntu to it's older brother Debian so it's probably whatever audio drivers are installed by default in Debian. Quick search. ALSA and PulseAudio.

ALSA

Is the backbone of the audio in Debian systems. By typing alsamixer into the terminal brings up a terminal “GUI” with a single audio meter but with a searching you are greeted with lot's of meters for: Master, Headphones, Speaker to name but a few. It also gives control of the sensitivity of the input as well (microphone). Alsamixer is very nice but missing a few features in my opinion.

PulseAudio

PulseAudio is what my laptop has defaulted to. It's basically the newer version of ALSA and is very user-friendly with a GUI and the ability to adjust individual programs volumes and routing.

After spending a little while playing with the settings it seems the problem is due to distortion rather than a “crackle”. By turning the audio down it goes away but I like listening loudly ;)

Fixed!

So what to do? By using either the PulseAudio mixer or alsamixer I can see that the headphones output is set to 100% but the main output is only 55%. Aha... So I am causing the headphone to be above 100% causing distortion. So a little more tweaking and the best setting appear to be Headphones set to 100% and Main set to 0 – 35%. These parameters provide enough room to crank it but very little to crackle.

After a little more searching this SOLVES the issue!

#Linux #Debian #Audio #AudioEngineering #ProblemSolving #ALSA #PulseAudio #Fixed


NOTE: THIS POST IS NOW OUT OF DATE! Please refer to this one: WhatsApp: the solution?

I think I joined Facebook when I was 14 years old. I posted pictures of everything. From my friends, food, travel photo's to even some images of myself as a baby. I loved it! I was obsessed. Farmville. All day. Everyday. Constant invites to other games, funny memes, I had loads of friends and (from what I could see) everything was good in the world

Then I found out about the Snowden leaks. I was horrified, scared but above all angry. How could I have been so stupid?! You get nothing for free and yet I just blindly gave Facebook all my data. After reading maybe 3 articles/study's I was convinced that I HAD to delete Facebook. But even as I filled out the deletion page I felt a lump in my chest. Would my friends think I had abandoned them? I organised everything on this site, everyone did. The more I thought about this the worse and worse I felt about deleting my account. But luckily for me my hate for unnecessary hierarchy was more than a match for my guilt. DELETE.

In the coming days I was conflicted. I had lost so many friends from such a simple act. However it opened up a opportunity... how good a friends where they? Some people immediately just asked for a email address or a phone number so we could stay in touch. However most didn't blink an eye at it. My group of friends shrunk from 60 'online friends' to 5 really good friends, friends I'm still in touch with to this day.

It was definitely worth it.

I noticed my concentration improved, my grades went up and overall I felt better. The more I researched the treachery of Facebook and other internet giants the more I felt empowered about what I had done. I felt smart. Ahead of the curve. I started trying to convince other that their cyber footprint mattered, digital hygiene was huge and not to trust anything at face value. My interest in technology grew and I realised above all that I wanted to be an engineer. I didn't feel controlled, I felt free...

Which is why I am so confused about what I am doing. I'm seriously thinking about CREATING a Facebook account.

Why?

I hate Facebook!

I like feeling free!

Answer: The convenience of others.

Let me explain...

I am involved with a lot of group work at University and almost all of that group work is organised over Facebook. Group chats, Pages, you name it are all on Facebook. Now if someone let's me into their group they can no longer use those tools. They have to text, email or God forbid... call. This is “so much” hassle that no one wants to work with me. I have Twitter, Reddit, Signal, XMPP, email, phone numbers, Hell I'll even build my own chat application but NO Facebook. No one is particularly a dick about it they just sort of accept it and move on. Normally in these circumstances I would say fuck'em. We all have email and text. Create a group in that, Setup your phone so you get Uni email. Sorted. Right?

But in this case, wrong. If I can't work in a group then I will struggle to get good grades and at this point in my life that is vital. Vital enough to sacrifice my online freedom a bit?...

Probably, Yeah. (UPDATE: NO!)

Okay if I'm gonna create a Facebook account lets do it as anonymously as possible. So question 1...

Torify

When you think of anonymity, one of the first things that comes to mind should be Tor. Nicely for us Facebook (ironically) has it's own Tor hidden service facebookcorewwwi.onion which is even certified by Digicert, so using this a must. On a PC/laptop we can access this with the brilliant Tor Browser Bundle. On a mobile device you can either use Orbot and Orfox combo for android (Available from both Google Play Store and F-droid) or either Red Onion or VPN + TOR Browser Private Web on an apple device (although the android is considerably better and has actually been verified by torproject).

UPDATE: The Tor Project has released it's own Tor Browser for Android (Available on: Playstore/F-Droid (Preferred)). Use that instead of Orbot and Orfox.

But...

What device am I going to use to access Facebook? Well I need it specifically for group pages and group chats, so it would be preferable to be on my phone. There's no point have it if I don't get notifications at decent speed. Let's look at some Android apps.

Application Choices

  • Regular Facebook app The app that most people are talking about when they say Facebook. It allows me to use Facebook messenger for group chats and also access Facebook pages. However it is a big application and I would prefer to work with the minimal amount of scripts as possible to avoid as many Facebook trackers as possible. On the subject of trackers unlike if we ran Facebook though a browser we can't use plug-ins to control what it can and can't see and do. Because of this I don't want to use this option.

  • Facebook messenger (FML) A sleek alternative to the regular Facebook app you can simply sign up with a phone number and we are golden. We CAN route it through Tor (all though not natively) and we can get the LITE version, which is only 9 MB and has less bloat. It even tests (at the time of posting) clean with Exodus!

UPDATE: It NO LONGER reads clean!

  • SlimSocial Is a Facebook wrapper, meaning it runs in it's own browser so as not to gather data from my normal browsing. Nice! It has the ability to receive messages and I can see a nice slimed down version of the timeline. Group chats work! Looks like we have a winner

Hmm...

So SlimSocial should be our winner but after testing for a few weeks. Sadly it isn't meant to be. At the time of posting it has major flaws in consistency in receiving and notifying me of messages and updates. I tried multiple wrappers and apps from F-droid (Frost, Tinfoil for Facebook, Faceslim) to no avail. So what to do but claim the winner as...

Facebook Messenger Lite!

Okay so route FML through Tor (Orbot) and access the main page/s with Tor Browser Bundle and Orfox Tor Browser for Android!

WAIT!

We are not done yet! Unlike the wrappers from Lite still collects data from our device and asks for all sorts of permissions I don't want to give. Damn! If only there was a application that isolated 'big brother' apps...

Enter SHELTER!

Isolate

Shelter is an open source version of Island by OsasisFeng and “leverages the “Work Profile” feature of Android to provide an isolated space that you can install or clone apps into.”[1] Awesome we can simply install Shelter, install FML into our Shelter profile and we are good to go.

UPDATE: It is important to install Orbot or a VPN in the Shelter profile as well. Set it to 'Connected, Always-on active'. You will be running two VPN's at once. It will eat you battery life, but the privacy is worth it!

Closing remarks

Hopefully you can replicate these steps and have at least a 'slightly' more private time using the parasite that is Facebook. Enjoy!

Liam

[1] https://f-droid.org/en/packages/net.typeblog.shelter/

#Facebook #Privacy #ProblemSolving #Tor #TorProject #Shelter