--- /dev/null
+Title: Installing TorBrowser for Easy Update on GNU/Linux
+Date: 2020-03-30
+Category: Security
+Tags: linux, security, linux, tor, privacy
+Status: draft
+
+
+This issue has come to my attention a couple of times now: users new to Linux
+and Tor have installed the TorBrowser package, but come update time find they
+have to reinstall.
+
+## Create and Join the `tor` Group
+
+The first thing I want to do is create a group to own the Tor application files.
+I could certainly give ownership of the application to my own user account, but
+this allows for a little bit more flexibility, should I decide to add users to
+my system.
+
+```shell
+$ sudo groupadd tor
+```
+
+Then I want to add my user account to the `tor` group I just created.
+
+```shell
+$ usermod -aG tor signal9
+```
+
+These steps will become more important in a few minutes once we've downloaded
+and extracted the Tor Browser. You need to log out and back into your session
+in order for joining the group to fully take effect.
+
+## Download & Verify Tor Browser
+
+Navigate to the [Tor Project](https://www.torproject.org/download/) website and
+click on the Download link. These instructions are for Linux, so click the
+"Download for Linux" link. You will also need to download the Signature file.
+
+On my laptop, this has downloaded to my Downloads directory. I have chosen the
+64-bit version, which at the time of this writing is at version
+[9.0.7](https://www.torproject.org/dist/torbrowser/9.0.7/tor-browser-linux64-9.0.7_en-US.tar.xz).
+
+I have also downloaded the [signature
+file](https://dist.torproject.org/torbrowser/9.0.7/tor-browser-linux64-9.0.7_en-US.tar.xz.asc)
+which I require to verify the downloaded files.
+
+Rather than document the process of verifying your download here, I'll direct
+you to the [really excellent documentation](https://support.torproject.org/tbb/how-to-verify-signature/) at the Tor website.
+
+**Do not skip the verification step!** Tor Browser is a controversial piece of
+software globally, and as such is a high-value target for criminal and state
+actors alike. Verifying against a signature is one step towards ensuring a safer
+Tor experince.
+
+## Install TorBrowser
+
+To install the Tor Browser, we will extract the downloaded archive to the `/opt`
+directory. You will need sudo access to your machine for this step.
+
+```shell
+$ sudo tar -xvf ~/Downloads/tor-browser-linux64-9.0.7_en-US.tar.xz -C /opt
+```
+
+This will have created a new folder at `/opt/tor-browser_en-US`. If you've
+chosen a different language, you may have a slightly different folder name.
+
+Now that we've extracted the application, we'll want to give ownership of the
+directory to the `tor` group we created earlier.
+
+```shell
+$ sudo chgrp -R tor /opt/tor-browser_en-US/
+```
+
+We also want to change the permissions of the directory so that members of the
+`tor` group will have read, write and execute privileges.
+
+```shell
+$ sudo chmod -R 770 /opt/tor-browser_en-US/
+```
+
+Now only `root` and members of the `tor` group may read, execute or modify the
+Tor application, but other users may not read the directory at all.
+
+## Update
--- /dev/null
+Title: Weekend Update, July 23, 2020
+Date: 2020-07-23
+Category: misc
+Tags: hacking, defcon, pandemic
+
+
+## So, um, yeah...
+
+I'm not sure there would be much point to a full recap of the last nine months.
+In many ways, my life during that time has been the same as everyone else's:
+lock-down since March, though we can get out a bit since summer. I wear a mask,
+I haven't been to a bar in months, my social life is primarily online. In some
+places the streets are on fire and for others things have been pretty bad. Life
+is scary, but life goes on.
+
+After my last update, I attended the third annual [Wild West Hackin'
+Fest](https://wildwesthackinfest.com), which as usual was a fantastic event.
+While I was there I met a hiring manager from BSI, the British Standards
+Institute. They had recently bought a state-side penetration firm called AppSec,
+and they were hiring. After I got home from the con, and a few phone calls with
+BSI AppSec, I accepted my first penetration tester role. So, for me, working
+from home full time started in January, for which I am thankful. I had a few
+months to adjust before lock-down.
+
+I only worked at BSI for less than six months. While I feel I was successful
+there, and I was treated well, I had a difficult time fitting in with a group
+that was more of a bench than a team. Our work was in almost all cases solo,
+which is _not_ my bag. In May I was approached by a former colleague who
+had recently joined a company going into growth mode, and he asked if I
+would come aboard as Staff Engineer at Large, doing work much like I'd done
+in the past, working with Kubernetes, DevSecOps, and developer advocacy,
+while bringing my application security chops with me. After a week of phone
+calls, I agreed to make the move, which is where I am today. Fully remote
+forever, I'm about seven weeks in and I'm having a great time. I may write more
+about this soon.
+
+## Bees, gardens, hacking, hobbies...
+
+### Bees
+
+My last bee journal was optimistic, but shortly after my post the hive was
+robbed by surrounding colonies. After two days of carnage for which I had no
+solution, the hive was silent. This was very sad for us for about a day, but
+this is also the way of things. We shook it off, took the event as a learning
+experience and moved on. This year we revived the old hive and added a second.
+They seem to be doing well, honey production is under way, and both colonies
+seem quite lively. More to come.
+
+### Gardens
+
+As per usual we planted two gardens in the front yard and one in the back. My
+wife put a ton of effort into soil building since we'd had a couple of pretty
+rotten years recently. We planted the usual tomatoes and peppers, but this year
+we rotated other crops, planting squash and tomatoes further up the hill and
+adding several rows of onions and beans. We've planted perennial herbs, garlic
+(which I still can't seem to get the hang of) and our first tomatillo plant
+which is _enormous_ and absolutely beautiful. We've already harvested several
+pounds of green beans and a grip of squash and zucchinni. Tomatoes are coming in
+well, as are the tomatillos. I've also got several plants of a more recreational
+variety growing in pots in the back yard that I'm hopeful will yield. There are
+also six sunflowers that have grown taller than me, though they haven't flowered
+yet.
+
+### Hacking
+
+During the first part of the shut-down, work got pretty slow. My employer
+decided to have me enroll in [Offensive Security's
+AWAE](https://www.offensive-security.com/awae-oswe/) program to get my OSWE
+certification. Oh! I haven't mentioned that in addition to pursuing penetration
+testing as a profession, after WWHF I signed up to take my CISSP! I studied for
+a number of weeks, less so during the holidays, and ultimately took and passed
+my test at the end of January. For the first time, dig me, I'm certified.
+
+So, anyway, I spent about a month studying for the OSWE, but this got put on
+hold with the job change. While I don't see myself necessarily going back into
+testing, I do value my skills in application security, so I decided to resume my
+studies after DEFCON SafeMode the second week of August. Just this week I
+renewed my lab time and maintained my testing date of October 1. With my wife
+and youngest starting back to university about that time, I'll have plenty of
+time to focus on my own studies and to try to nail that test. Try harder!
+
+By now, everyone who cares knows that [DEFCON is cancelled](https://defcon.org)!
+While this is a tremendous bummer, the show must go on remotely! A huge number
+of people are working very hard to give us a free, online version of DEFCON to
+enjoy, and for this I am grateful. I've purchased my badge, which this year is
+a magnetic audio cassette, and I intend to dedicate the weekend to participating
+as much as I can. I'm way excited, I think it's going to be a great time.
+
+### Hobbies
+
+Our weekly game night decided right away to go virtual. We all bought and
+downloaded TableTop Simulator on Steam and I subscribed to as many of our
+favorite games as I could. Since going virtual we've only missed two weeks'
+play! I've continued to buy paper games during this hiatus from physical
+contact, one because I love them and want them to feel normal, and two so that I
+can contribute to keeping my favorite local game store open. My LGS is once
+again open to the public, with masks, so I have gone down to visit a couple of
+times since.
+
+Many of my other hobbies have really fallen by the wayside, despite what my
+other updates suggest. The pandemic has at times been pretty hard on me, as it
+has for all of us, and for a few months now I've had difficulty getting
+motivated to do much beyond what was needful, and watching TV. I bought a 3D
+printer this past winter which, though getting a lot of use at first (and
+printing many mask strap extenders for local nurses) and prompting me to start
+learning CAD, has sat dormant for weeks now. I have RasperryPis, new and
+exciting wifi hacking gear, and many other toys gathering dust.
+
+This is starting to pass, however, as some fog within me has started to lift and
+I find myself interested in things again. I've been lucky that thus far I've
+been free to choose how I react to the state of the world. Many have not had
+that luxury. I've got a list of fun things that I can do from the safety of my
+own home. I have friends and loved ones who keep in touch with me every day. I
+have a lot to be grateful for. Best keep moving.
projects / letters.git / commitdiff