Author Archives: Loic Dachary

HOWTO Anonymous mobile in Paris

Using a mobile anonymously with encrypted messages and voice is challenging. With Signal text and voice are encrypted but it sends your contacts to Signal which makes me uncomfortable. With Orfox you can browse the web without revealing your IP … Continue reading

Posted in Anonymity, SecureDrop | Leave a comment

gnome3 / libnotify notification for org-mode appointments

Org mode appointments can be notified 12 minutes before with libnotify by adding the following to the .emacs: ; Desktop notifications (setq alert-default-style ‘libnotify) (setq appt-disp-window-function (lambda (min-to-app new-time appt-msg) (alert appt-msg))) (setq appt-delete-window-function (lambda ())) ; Rebuild the reminders … Continue reading

Posted in emacs | Leave a comment

HOWTO nginx & letsencrypt on Debian GNU/Linux stretch/9

The goal is to configure a nginx server with automatic Let’s Encrypt renewal, assuming a new dedicated virtual machine running a pristine Debian GNU/Linux stretch/9. Install docker-compose: sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates dirmngr sudo apt-key adv … Continue reading

Posted in Uncategorized | Leave a comment

HOWTO vagrant libvirt provider on Debian GNU/Linux stretch/9

vagrant is the default virtualization development environment for SecureDrop. When starting with a new Debian GNU/Linux 9, installing the dependencies to get vagrant to run with the libvirt provider instead of the default virtualbox can be done as follows: sudo … Continue reading

Posted in SecureDrop | 1 Comment

Removing potential backdoors from Tails 3.0

The default Tails 3.0 bootable ISO includes proprietary binary blobs running on network hardware. They may contain backdoors and are silently loaded when Tails boots. There is no known exploit at this date but it may take years before they … Continue reading

Posted in tails | 2 Comments

Run SecureDrop tests without Vagrant

Assuming a virgin installation of Ubuntu 14.04, the SecureDrop repository and its dependencies can be installed with the following: sudo apt-get update sudo apt-get install -y python-virtualenv git sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev virtualenv /tmp/v source /tmp/v/bin/activate … Continue reading

Posted in SecureDrop | Leave a comment

Shrink an OpenStack image

After a while openstack image create creates increasingly large files because the blocks used and freed are not trimmed and it is not uncommon for hypervisors to not support fstrim. The image can be shrinked and the virtual machine recreated … Continue reading

Posted in openstack | Leave a comment

installing tails with kvm

For test purposes it is useful to bootstrap tails using virtual machines and files. Here is how it can be done with KVM. $ wget ‘’ $ wget ‘’ $ gpg –keyserver –recv-key BA2C222F44AC00ED9899389398FEC6BC752A3DB6 $ gpg –verify tails-amd64-3.3.iso.sig tails-amd64-3.3.iso … Continue reading

Posted in tails | Leave a comment

Installing python-crush on CentOS 7 without network

To install python-crush on a CentOS 7 that does not have access to internet, the necessary files must be downloaded via an USB drive. The python34-pip package must be installed from the EPEL repository the machine uses for maintenance purposes. … Continue reading

Posted in crush | Leave a comment

A tool to rebalance uneven Ceph pools

The algorithm to fix uneven CRUSH distributions in Ceph was implemented as the crush optimize subcommand. Given the output of ceph report, crush analyze can show buckets that are over/under filled: $ ceph report > ceph_report.json $ crush analyze –crushmap … Continue reading

Posted in ceph, crush | Leave a comment