Privacy and Security for the masses

Total Security and Total Privacy

While watching the "Security Now" show today, hosted by Steve Gibson and Leo Laporte, it's become clear to me that we need an organization/company that specializes in Total Security and Total Privacy.

What is Total Security and Total Privacy?

To me, Total Security (and Total Privacy) is looking at all attack vectors on an ongoing basis, and automatically providing protection against them for a wide number of customers. This way, when the Washing Post writes an article about ISPs tracking your online activity using super cookies, you can ask your Total Security provider what they're doing about it, with the expectation that they have already done something about it, and in the unlikely event that this is news to them as well, they're already working on rolling out new protections for you. For example, the Total Security provider could say they've already installed VPN software on your computer that anonymizes your online activity.

In essence, your Total Security provider is the first layer between you and any technology, ranging from desktop computers and mobile devices, to the new wave of embedded "smart" devices, which are being called the Internet Of Things. Your Total Security provider would provide a security layer around all your devices, with automatic upgrading to combat new emerging threats. Your Total Security provider would automatically alert you to vulnerabilities in any of the devices that you own, and automatically upgrade your device when possible, or provide workarounds when that isn't possible. Your Total Security provider would commission in-depth security audits on every software that they officially support. For example, if your Total Security provider claims to support the Kik messenger app, they would provide you with a security audit conducted by one or more well-known and respected security auditting firms. Your Total Security provider would automatically install browser plugins like Privacy Badger. Your Total Security provider would automatically upgrade your email to use Dark Mail when Dark Mail is well supported. Your Total Security provider would alert you to pre-installed malware before you purchase your new Lenovo laptop.

And why stop there? If you're using your phone to make purchases at the grocery store, your Total Security provider could alert you when a serious health hazard has been detected in the food you purchased. Your Total Security provider could also alert you to recalls and product defects, not only for household devices, but also your car, children toys, etc.

This might sound like what virus scanning companies like McAfee have been trying to do in recent years. However, their core strength is virus scanning. We need a new industry of companies whose original mission statement is to provide Total Security. We need these companies to spur new security and privacy advances, and use a portion of their profits to empower not-for-profit organizations like the Electronic Frontier Foundation, and sue large companies and governments when they misbehave.

The Chain of Trust Problem

One of the immediate problems is figure out who to trust. In the wake of Edward Snowden, it's become clear that telephone companies, ISPs, mobile phone manufacturers, governments, email providers, and even tech companies like Google that famously swear to do no evil, cannot be trusted. Every layer of our trust ecosystem has been shown to be vulernable to attack. A worthy Total Security provider will need to address each layer before attempting to open it's doors for business.

One attempt at addressing part of this issue is reproducible builds.


Goodbye Ubuntu, Hello FreeBSD


Having used Ubuntu for the last decade, it was time for a change. I began my journey into open source with FreeBSD and Slackware, and used FreeBSD for over 10 years as my main desktop OS before switching to Linux. High-quality distributions based on FreeBSD include pfSenseFreeNAS, and of course, Mac OS X, and Sony PlayStation.

In my time, I've played with many different open source operating systems, including OpenBSD, NetBSD, Arch Linux, Cent OS, Debian, Fedora, Gentoo, Mandriva, and Red Hat. I should take a look at PC-BSD, as they aim to be a user friendly desktop operating system based on FreeBSD.

The main reason for switching back then was that ports were often lagging behind Linux, and often didn't have any support in FreeBSD. That's all changed now. FreeBSD has an extensive collection of very up-to-date ports, and to my suprise, I've found a number of ports that are more up-to-date than Ubuntu packages! Nvidia has first-class driver support for FreeBSD. I've also switched over all my servers to FreeBSD 10.2, except one, which runs KVM virtual machines (pfSense and FreeNAS) on Cent OS 7. Because of FreeBSD's excellent virtio drivers, network and disk performance is wonderful. The only reason I use KVM is because my servers have Intel L5520 CPUs and the FreeBSD native hypervisor, bhyve, requires Westmere or newer for Intel processors.

All my sites, including this site, now run in a FreeBSD jail. As of July, 2015, FreeBSD 11-CURRENT has support for running 64-bit Linux under Docker. Running Cent OS under FreeBSD is as easy as one command: `docker run --rm -it centos`.

To be honest, there was one thing that really ticked me off about Ubuntu. Canonical, the company behind Ubuntu, published Ubuntu 12.10 with built-in Amazon advertising... and did not offer a way to disable it!  I knew immediately that I did not see eye-to-eye with the folks at Canonical on two ciritical issues:


Privacy went out the window in the interest of making money. Richard Stallman (RMS) - founder of the GNU Project, Free Software Foundation, GNU Compiler Collection, GNU Emacs, and GNU General Public License - called it spyware, saying:

One of the major advantages of free software is that the community protects users from malicious software. Now Ubuntu GNU/Linux has become a counterexample.


By making Amazon product advertising enabled by default, and not providing a way to quickly and easily disable it, the folks at Canonical sent a strong message to the world that they do not respect our freedom. This is at odds with their roots in Debian, which is reknown for being zelous about freedom. Having the gall to publish Ubuntu 12.10 with Amazon product advertising enabled, and not offering a quick off-switch is astounding to me, even 'till today. I cannot honestly recommend anyone use their products while this type of anti-privacy, anti-freedom leadership exists within Canonical.

After struggling to find a way to disable it, I knew that the countdown to tossing Ubuntu out of my life had begun. It was a great ride while it lasted. Farewell Canonical!

That said... FreeBSD isn't able to put my laptop to sleep, so I use Linux Mint on my laptop, which is based on Ubuntu but not published by Canonical :-P

Porting from Drupal 5 to Drupal 7


Having switched my desktop from Ubuntu to FreeBSD, I needed a way to make my EchoAudio soundcard work. While searching for drivers on the FFado website, I came across PHP error messages that looked like Drupal errors.

After talking with the very nice FFado project leader, Jonathan Woithe, I volunteered to upgrade their website from Drupal 5 to Drupal 7.

Benefits of Upgrading 

  • The new theme uses Bootstrap, and is very mobile friendly.
  • The admin theme is now based on Adminimal, which is very helpful for administators that need a wide page layout and a clean, mobile-friendly UI. It really should be the default admin theme in Drupal-core.
  • The anti-spam solution used is now the powerful Honeypot module, as the spam module was never ported to Drupal 7, although it seems not to be as effective as the previous spam module.

Lessons Learnt

  • Drush is your friend, especially `drush up`.
  • Don't make a move without backups at every stage, which should include your database and codebase.
    • If it were not for backups, I would have needed to repeat my work from Drupal 5 to Drupal 6 several times while working on porting from Drupal 6 to Drupal 7.
  • Always check the maintainance status of each contrib module for the next version of Drupal.
    • Some modules work very well for, say Drupal 6, but their Drupal 7 version is not well maintained. If this happens, look for an alternative module.

GitLab for FreeBSD


I created a FreeBD port that can automatically install GitLabFork it on GitHub.

Porting pkg to OpenBSD


I ported the FreeBSD pkg package management tool to OpenBSD. Check it out!

I'm also working on automatically converting OpenBSD packages to the pkg format. Fork it on Github.

Building pkg using sources from Git on OpenBSD and Bitrig

# Install packages
pkg_add autoconf automake libtool bitrig-binutils bzip2 git libarchive

# Set environment variables

# Create a download directory
mkdir ~/git

# Install pkgconf
cd ~/git
git clone
cd pkgconf
sudo make install

# Install pkg
cd ~/git
git clone
cd pkg
sudo make install

Merging changes from GitHub back into

I recently needed to merge the work of pjonckiere and geertvd from GitHub back into Here is how I did it using Git subtree merging:

# Clone the repository
git clone --branch 8.x-1.x
cd calendar

# Make sure to set your name and email address
git config "Yonas Yanfa"
git config

# Register the GitHub remote repository
git remote add -f geertvd

# Prepare for the later step to record the result as a merge
git merge -s ours --no-commit geertvd/8.x-3.x

# Read the GitHub branch into our branch
git read-tree --reset -u geertvd/8.x-3.x

# Commit the merge
git commit -m 'Merge'

# Pull in the GitHub commits
git pull -s subtree geertvd 8.x-3.x

# Verify that everything worked
git log

# Push the changes to
git push

The neat thing is, if the developers that worked on GitHub use the same email address in GitHub and, Drupal will credit them with all the commits as if they originally made their commits in!

Benchmarking Drupal 8.0 RC1

Drupal 8.0 RC1 has just been released! I've been looking forward to improved performance since Wim Leers wrote about Drupal 8's new caching system six months ago.

My quick benchmark shows that Drupal 8 is 3 times slower than Drupal 7 and Drupal 6.


Awesome React

A collection of awesome things regarding React ecosystem.

Interesting Software For Developers

  • Swagger: automatically creates server and client code, as well as documentation for your API.
  • Presto: run SQL queries on NoSQL databases.

Privacy 2.0 - Why Internet companies like Google and Facebook don't get it

Infamous Quotes

  • "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" -- Eric Schmidt, Google Founder and CEO

Why do Internet companies that swear to "Don't be evil" become the worst violators of user privacy in history?


The Impact Of Mass Surveillance On Personal Security

Background information is available on Wikipedia regarding Edward Snowden and the NSA spying scandal.

The United States National Security Agency (NSA) does not work alone. Countries and companies that participate with the United States include:

Website Development

There are many things to consider when planning to build a website. Here are some of the most important topics. I've written about large-scale scaling in another post. 2.0 - Reinventing

Here are some brief notes on my ideas on how to reinvent the experience for both contributors and users.

Profile Of An Open Source Web Development Company

Web development companies have many options when building their infrastructure using open source software.
In this series, I'll cover all aspects of building a completely open source infrastructure.

An Open Source Company - Series Premiere

  1. Website Development Lifecycle
  2. Security Lifecycle
  3. Team Communication and Collaboration
  4. Client Communication and Collaboration
  5. Project Management
  6. Resource Management
  7. Contact Management
  8. Billing and Accounting Management
  9. Website Monetization
  10. Social Media and Social Networking
  11. Office Productivity Tools


Subscribe to RSS