Jekyll2021-07-27T17:46:16+00:00https://prajjwal.com/feed.xmlPrajjwal SinghPersonal home page of Prajjwal Singh.
Prajjwal SinghFixing Broken Image Previews in Ranger on Urxvt2017-06-17T00:00:00+00:002017-06-17T00:00:00+00:00https://prajjwal.com/2017/06/17/howto-fix-w3imgdisplay-image-previews-in-ranger<p>Die hard <code class="language-plaintext highlighter-rouge">Vim</code> users naturally gravitate towards programs that try to bring the
same keyboard-focused experience to other areas. You’re probably here because
you use the(most excellent) <code class="language-plaintext highlighter-rouge">ranger</code> file manager on <code class="language-plaintext highlighter-rouge">rxvt-unicode</code>, but your
image previews are broken - there’s flickering and thick black lines in them.
For a while I simply resorted to firing up an instance of <code class="language-plaintext highlighter-rouge">xterm</code> when I needed
to browse images, but recently fixed it as follows:</p>
<p>Get a <code class="language-plaintext highlighter-rouge">urxvt</code> with support for custom icons and backgrounds. You might have to
download a patched version. For Arch Linux users, the <code class="language-plaintext highlighter-rouge">rxvt-unicode-pixbuf</code>
package in the AUR is what you need. Install it with <code class="language-plaintext highlighter-rouge">yaourt</code> as follows:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>_$ yaourt -S rxvt-unicode-pixbuf
</code></pre></div></div>
<p>This conflicts with, and will replace your existing install.</p>
<p>Next, put the following in your <code class="language-plaintext highlighter-rouge">~/.config/ranger/rc.conf</code>:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>set preview_images true
set preview_images_method urxvt
</code></pre></div></div>
<p>Optionally, you can have large previews that fill the entire terminal with the
<code class="language-plaintext highlighter-rouge">urxvt_full</code> method.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>set preview_images_method urxvt_full
</code></pre></div></div>
<p>And we’re done. Restart <code class="language-plaintext highlighter-rouge">urxvt</code>, browse to an image file, and revel in the
knowlegde that you have one less reason to leave your terminal.</p>Prajjwal SinghDie hard Vim users naturally gravitate towards programs that try to bring the same keyboard-focused experience to other areas. You’re probably here because you use the(most excellent) ranger file manager on rxvt-unicode, but your image previews are broken - there’s flickering and thick black lines in them. For a while I simply resorted to firing up an instance of xterm when I needed to browse images, but recently fixed it as follows:A List of Privacy Measures2017-01-10T00:00:00+00:002017-01-10T00:00:00+00:00https://prajjwal.com/2017/01/10/list-privacy-measures<p>… that you can take without being labeled ‘crackpot’.</p>
<p>This aims to document everything I use to maintain a degree of privacy in <strong>my</strong>
digital life, along with a few comments. It is targeted at intermediate Linux
users who can get everything setup without any hand holding. I had wanted to
write tutorials on what follows, but that would make the post unbearably long.
Instead, I shall try to link to pages that are good starting points.</p>
<p>I intend to constantly update this, so it might be a good page to bookmark.</p>
<h2 id="goals">Goals</h2>
<ul>
<li>Achieve as much privacy as possible, without sacrificing(too much)
convenience. The threshold varies from person to person. Personally, I’m not
going to give up on GMail and do something crazy like run my own private email
server, but I do bother encrypting my chats. The balance I have struck may
seem excessive to some, and most deficient to others. Use this document as a
reference to find your sweet spot.</li>
<li>Understand that privacy / <a href="https://systemoverlord.com/2014/09/05/security-not-a-binary-state/">security is not
binary</a>.
A lot of people who dismiss efforts to make your digital life more private view
it that way. The point is <em>not</em> to be completely immune to the NSA, your
friendly neighborhood ad company, or whoever else is spying on you. Your CPU
<a href="https://libreboot.org/faq/#intelme">has complete control over your PC</a>, and
maybe the <a href="https://freedom-to-tinker.com/2015/10/14/how-is-nsa-breaking-so-much-crypto/">NSA can factor a certain prime that allows them to decrypt a large
portion of encrypted internet
traffic</a>.
We’re way past the point of being able to completely secure ourselves. The point
is to:
<ul>
<li>Make it harder for them to spy on you.</li>
<li>Limit the number of entities spying on you at any given point.</li>
</ul>
</li>
</ul>
<hr />
<h2 id="desktop">Desktop</h2>
<h3 id="operating-system">Operating System</h3>
<p>The obvious choice is Linux. Here’s a list of distributions you should try out
if you don’t already use it, in decreasing order of n00b friendliness. I
personally use Arch Linux.</p>
<ul>
<li><a href="http://linuxmint.com/">Linux Mint</a></li>
<li><a href="http://elementary.io/">Elementary OS</a></li>
<li><a href="http://ubuntu.com/">Ubuntu</a></li>
<li><a href="https://www.archlinux.org/">Arch Linux</a></li>
<li>Reddit user
<a href="https://www.reddit.com/r/linux/comments/5n6o0z/a_list_of_privacy_measures_you_can_take_without/dc97hrt/">boarhog</a>
likes <a href="https://getfedora.org/">Fedora</a></li>
</ul>
<p>You could also choose a flavor of BSD, and most of what follows would apply to
you.</p>
<h3 id="firejail">Firejail</h3>
<p>Most applications on your system often have access to your entire file system.
That includes <code class="language-plaintext highlighter-rouge">~/.ssh</code>. Let that sink in for a minute. Proprietary code that you
run on your system could be uploading your ssh keys, your browser profile, and
your unencrypted chat history to who knows where. There is also precedent for
the free and open source Firefox being <a href="http://arstechnica.com/security/2015/08/0-day-attack-on-firefox-users-stole-password-and-key-data-patch-now/">exploited to steal sensitive
data</a>.</p>
<p>To mitigate this, I lock applications down with
<a href="https://firejail.wordpress.com/">Firejail</a>.</p>
<blockquote>
<p>Firejail is a SUID program that reduces the risk of security breaches by
restricting the running environment of untrusted applications using Linux
namespaces and <code class="language-plaintext highlighter-rouge">seccomp-bpf</code>. It allows a process and all its descendants to
have their own private view of the globally shared kernel resources, such as
the network stack, process table, mount table.</p>
</blockquote>
<p>What he said.</p>
<p><strong>Here’s what I’ve got sandboxed on my PC:</strong></p>
<ul>
<li>Firefox</li>
<li><a href="http://dropbox.com/">Dropbox</a>. This doesn’t need to access anything but
<code class="language-plaintext highlighter-rouge">~/Dropbox</code>, and <code class="language-plaintext highlighter-rouge">~/.dropbox-dist</code>. There’s some compulsive update behavior,
where it repeatedly downloads an update, but is unable to actually update
itself in this profile. I haven’t figured out a solution to it yet.</li>
<li><a href="https://gajim.org/">Gajim</a> - my primary XMPP client.</li>
<li>Chromium</li>
<li><a href="http://spideroak.com/">SpiderOakONE</a> - a backup program.</li>
<li>qBittorrent</li>
<li>LibreOffice</li>
</ul>
<h3 id="qbittorrent">qBittorrent</h3>
<ul>
<li>Enable <a href="https://github.com/qbittorrent/qBittorrent/wiki/Anonymous-Mode">Anonymous
Mode</a>.</li>
<li>Set a strong password for the Web UI, if enabled.</li>
</ul>
<h3 id="firefox">Firefox</h3>
<p>The declining market share of this browser compels me to include a ‘Why Use
Firefox’ section before we go any further.</p>
<ul>
<li>Performance is good enough, on both Deskop & Android. Those of you who were
driven into the comforting, yet evil embrace of Google because Firefox felt
slow, do give it another try now with
<a href="https://wiki.mozilla.org/Electrolysis">Electrolysis</a> enabled. Feels like
butter.</li>
<li>Mozilla is slowly replacing the rendering engine with
<a href="https://github.com/servo/servo">Servo</a> - a lightning fast engine that leverages
your GPU for performance.</li>
<li>Because Mozilla is committed to the open web.</li>
<li>Because later, you <a href="http://robert.ocallahan.org/2014/08/choose-firefox-now-or-later-you-wont.html">might not get a
choice</a>.</li>
</ul>
<p><strong>Use the following addons:</strong></p>
<ul>
<li><a href="https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/">uBlock
Origin</a>: Lean ad
blocker that does its job without making your browser <a href="https://github.com/gorhill/uBlock#performance">dog
slow</a>, or <a href="https://www.wired.com/2016/03/heres-how-that-adblocker-youre-using-makes-money/">selling your browsing
history</a>.</li>
<li><a href="https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/">Self Destructing
Cookies</a>:
Removes cookies once you close a particular tab, thus greatly reducing the
number of ad cookies plotting murder on your system.</li>
<li><a href="https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/">Decentraleyes</a></li>
<li><a href="https://addons.mozilla.org/en-US/firefox/addon/remove-cookies-for-site/">Remove Cookies for
Site</a>:
For when you want to take cookie murdering into your own hands.</li>
<li><a href="https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/">HTTPS
Everywhere</a></li>
<li><a href="https://addons.mozilla.org/en-US/firefox/addon/umatrix/">uMatrix</a></li>
</ul>
<p>Also, follow <a href="https://www.privacytools.io/#about_config">this excellent guide</a>
to tweaking Firefox settings for maximum privacy. I don’t personally have all of
this disabled, notably WebGL.</p>
<p>Disable WebRTC by setting <code class="language-plaintext highlighter-rouge">media.peerconnection.enabled</code> to false. Don’t do it
if you use communication apps that use WebRTC.</p>
<h2 id="file-sharing--backup">File Sharing / Backup</h2>
<h3 id="encfs">EncFs</h3>
<p><a href="http://www.arg0.net/encfs">EncFs</a> transparently encrypts a folder on your
system. You get a folder with encrypted data that you can back up on Dropbox,
which you can mount over FUSE and access files as you would normally.</p>
<p>The killer feature you should look at is reverse mounting, ie, EncFs can mount a
regular unencrypted directory on your system as an encrypted mount, which you
can subsequently backup using your favorite backup program.</p>
<p>Consider using <code class="language-plaintext highlighter-rouge">AES-CBC</code> mode, and also obfuscate file names.</p>
<h3 id="dropbox">Dropbox</h3>
<p>I don’t leave it running 24x7, but manually do so when I need to sync something.
It’s heavily sandboxed using <code class="language-plaintext highlighter-rouge">Firejail</code>.</p>
<h3 id="spideroakone">SpiderOakONE</h3>
<p>My one and only gripe with this program is that it isn’t open source, which
negates every claim of “zero knowledge” and “privacy” that they’ve made since
its conception. Fortunately, the three directories that I do need constantly
backed up in the cloud are actually <code class="language-plaintext highlighter-rouge">EncFs</code> mounts. I’ve got a cron job to run
<code class="language-plaintext highlighter-rouge">SpiderOakONE --batchmode</code> every three hours.</p>
<h3 id="fileio">file.io</h3>
<p><a href="http://file.io/">file.io</a> deletes your file after it is downloaded once,
eliminating the possibility that you’ll leave something lying around on a remote
server. I’ve got a small <a href="https://github.com/Prajjwal/dotfiles/blob/master/bin/fileio">shell script that uploads to
file.io</a> which I
use all the time. Consider encrypting manually with openssl before you upload
here.</p>
<h3 id="also-check-out">Also Check Out</h3>
<ul>
<li><a href="rclone.org">RClone</a>. This is good for two things:
<ul>
<li>Keeping a directory in sync with cloud services that do not have FOSS
clients, such as Dropbox.</li>
<li>Encrypting that sync.</li>
</ul>
</li>
<li><a href="https://github.com/borgbackup/borg">Borg Backup</a> - deduplicating backup that
also supports encryption.</li>
<li><a href="http://syncthing.net/">Syncthing</a> - Decentralized, P2P, completely encrypted,
and open source. Best alternative to Dropbox, provided you can talk your friends
into installing it.</li>
<li>My <a href="https://gist.github.com/Prajjwal/2226c6a96d1d72abc713e889160a9f81">list of ephemeral file sharing
sites</a>.</li>
</ul>
<h2 id="android">Android</h2>
<p>Here’s the thing about Android - if you really care about privacy, don’t run it.
It’s probably logging everything from your keystrokes to contacts. If you aren’t
that hardcore, then there are steps you can take to limit the amount of data
Google gets.</p>
<ul>
<li>Use <a href="https://play.google.com/store/apps/details?id=org.mozilla.firefox">Firefox for
Android</a>.
Performs as well as Chrome(if not better) on a <a href="http://www.gsmarena.com/xiaomi_redmi_2_prime-7480.php">budget
phone</a>. Addons:
<ul>
<li><a href="https://addons.mozilla.org/EN-US/android/addon/ublock-origin/">uBlock Origin</a></li>
<li><a href="https://addons.mozilla.org/en-US/android/addon/https-everywhere/">HTTPS Everywhere</a></li>
<li><a href="https://addons.mozilla.org/en-US/android/addon/self-destructing-cookies/">Self Destructing Cookies</a></li>
<li><a href="https://addons.mozilla.org/en-us/android/addon/decentraleyes/">Decentraleyes</a></li>
</ul>
</li>
<li>Limit the number of applications you install, prefer using their mobile web
app. Using <a href="https://m.facebook.com">m.facebook.com</a> in your browser is much
better than using their <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/facebook-can-work-out-what-youre-watching-by-listening-through-your-smartphone-9444353.html">security nightmare of an
app</a>.
Firefox also allows you to pin certain pages to your home screen, so you can
launch them as you would an app.</li>
<li>Consider using a third party keyboard app, such as
<a href="https://play.google.com/store/apps/details?id=com.touchtype.swiftkey">SwiftKey</a>
or <a href="https://play.google.com/store/apps/details?id=org.pocketworkstation.pckeyboard">Hacker’s
Keyboard</a>,
and completely block its access to the internet.</li>
<li>Carefully go through app permissions on your device, and block anything that
the app doesn’t need. Most apps don’t need to access your contacts, read your
messages, or have full internet access.</li>
<li>Turn off <em>Share usage statistics</em> and <em>share snippets</em> options in GBoard.</li>
<li>Consider using <a href="http://f-droid.org/">F-Droid</a> instead of Google Play.</li>
</ul>
<h2 id="im">IM</h2>
<p>Most of my conversation happens with a tiny group(< 5) of friends. I’ve
therefore moved them to public XMPP servers, and we now use open source clients
with end to end encryption to chat. Outside this group, I use whatever the other
person is using. I might do a future post detailing my setup.</p>
<h3 id="clients">Clients</h3>
<ul>
<li><a href="http://gajim.org/">Gajim</a> on the desktop.</li>
<li><a href="http://conversations.im/">Conversations</a> on the phone.</li>
</ul>
<h3 id="encryption">Encryption</h3>
<p>I use the <a href="https://en.wikipedia.org/wiki/OMEMO">OMEMO</a> protocol, that supports
group chats, file transfers, and offline messaging. If you’re still on
<a href="https://otr.cypherpunks.ca/">OTR</a>, you need to upgrade.</p>
<ul>
<li>Here’s the <a href="">Gajim OMEMO Plugin</a>.</li>
<li>Conversations supports it out of the box.</li>
<li>I’ve heard the <a href="http://swift.im/">Swift XMPP Client</a> plans on supporting it in
the near future.</li>
<li><a href="https://chatsecure.org/blog/chatsecure-conversations-zom/">This</a> may be your
best bet if you want OMEMO on iOS.</li>
</ul>
<h3 id="other-apps">Other Apps</h3>
<p>If you can’t coax your friends to run XMPP, try getting them on one of the
following apps.</p>
<ul>
<li><a href="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms">Signal</a></li>
<li><a href="https://threema.ch/en/">Threema</a></li>
<li><a href="https://wire.com/">Wire</a></li>
<li><a href="https://tox.chat/">Tox</a> - a decentralized secure messenger, and arguably
better from a privacy standpoint than the aforementioned apps. Not as
straightforward to use for non-tech people, though. (via
<a href="https://www.reddit.com/user/otakugrey">u/otakugrey</a>)</li>
</ul>
<h2 id="email">Email</h2>
<p>I’m dependent on GMail’s web UI + keyboard shortcuts too much to move away from
it. Maybe someday.</p>
<h2 id="miscellaneous">Miscellaneous</h2>
<ul>
<li>Use <a href="https://duckduckgo.com/">DuckDuckGo</a> as your search engine. You need to
be more specific with your searches, but it’s worth it. Their <a href="https://duckduckgo.com/bang">bang
syntax</a> will save you a lot of time.</li>
<li>Consider enabling <a href="https://en.wikipedia.org/wiki/Do_Not_Track">Do Not Track</a>.
As a few people have rightly pointed out, DNT is next to useless - very few
websites respect it. Nevertheless, doesn’t hurt to turn it on.</li>
<li>Use <a href="https://en.wikipedia.org/wiki/OpenNIC">OpenNIC DNS servers</a> instead of
Google DNS.</li>
<li>Purchase WHOIS protection for your domain names(thanks
<a href="https://www.reddit.com/user/rowty1">rowty1</a>).</li>
<li>Use <a href="http://keepass.info/">KeePass</a> for password management.</li>
</ul>
<hr />
<h2 id="reading--important-links">Reading & Important Links</h2>
<ul>
<li><a href="https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html">Why We
Encrypt</a></li>
<li><a href="https://www.wired.com/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/">I have nothing to
hide</a></li>
<li><a href="https://systemoverlord.com/2014/09/05/security-not-a-binary-state/">Security: Not a Binary
State</a></li>
<li><a href="https://www.eff.org/node/82654">EFF Secure Messaging Score Card</a></li>
<li><a href="https://www.privacytools.io/">PrivacyTools</a></li>
<li><a href="https://prism-break.org/en/">Prism Break</a></li>
</ul>
<hr />
<h2 id="contributing">Contributing</h2>
<p>Since this outlines <strong>my</strong> personal privacy setup, I won’t be accepting any
direct modifications. If, however, I end up using something you suggest, I’ll be
sure to put it in here. I’ll give credit where credit is due, of course.</p>
<p>Hit up <a href="http://prajjwal.com/@">@prajjwalsin</a> on Twitter for any feedback.</p>Prajjwal Singh… that you can take without being labeled ‘crackpot’.