gpgpipe, an alternative for people who want to curlpipe

The term curlpipe comes from using the program curl to download a file and immediately executing the file via a pipe in the command line (this is bad and you should feel bad for doing this)

curlpipe found in the wild

Regardless of the obvious security concerns, many projects feel the need to tell users to execute arbitrary scripts transmitted over plaintext. Is there a workarround for these people? I believe there is now: just pipe it through gpg.

But wait, that won't actually work.

Consider the following:

curl $url | gpg | bash

This command SHOULD fail if the signature is invalid but it doesn't.

curl | gpg | bash
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                        Dload  Upload   Total   Spent    Left  Speed
100   293  100   293    0     0   7274      0 --:--:-- --:--:-- --:--:--  7325
it works
gpg: Signature made Sat 22 Oct 2016 08:18:57 AM EDT using …

Read more ...

i2pd 2.10 released

i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.

I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses.

I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers).

I2P allows people from all around the world to communicate and share information without restrictions.

i2pd is licensed under the 3-clause BSD license, binary packages are available for Debian, Ubuntu, OS X, FreeBSD, Android and Windows.

View release on GitHub

Changelog for i2pd version 2.10:

  • Added support of datagram I2P tunnels
  • Reduced file descriptors usage
  • Unique local addresses for server tunnels
  • Added configuration options for list of reseed servers and initial addressbook
  • Added configuration option for netid
  • Added ability to …

Read more ...

Anonymous instant messaging with end-to-end encryption

Centralized commercial IM providers are a real threat to our privacy. They often require users to run proprietary software, confirm their identity with SMS and give away control over their data.

We always have a freedom to take control back over our private communications.

In this tutorial, we will use XMPP as decentralized and open-source instant messaging system, OTR for end-to-end encryption and I2P network to anonymize our network activities.

Install i2pd

I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses.

If you don't have I2P client already, go to, install and run it.

Install XMPP client

Make sure your client supports OTR encryption. In this tutorial we will use psi+.

Windows users can find downloads here.

In Debian/Ubuntu, run following commands:

sudo apt-get install psi-plus psi-plus-plugins

Psi+ will ask …

Read more ... xmpp

Quick update: For those who don't know, has a federated jabber server with open registration (for now) and is available on i2p, via ynkz7ebfkllljitiodcq52pa7fgqziomz4wa7tv4qiqldghpx4uq.b32.i2p:5222 (the port is important).

This blog is now also reachable via i2p here

Meet i2lua -- I2P router with "smart" configuration

With i2lua you can add custom logic to your Invisible Internet router by writing scripts in Lua.

Lua is a full-featured programming language, which means you can resolve complex issues with it.

Some basic tasks you can accomplish with i2lua:

  • make all tunnels to have only trusted nodes as first hop (restricted routes, similar to Tor's guard nodes)
  • make I2P router to only use high-speed nodes for building tunnels
  • create tunnels with first hop in specific countries (e.g. make connections only to Russia and Germany)
  • implement custom node profiling mechanism

and so on.

Example script for i2lua

self hosted git inside i2p

This is a quick howto guide on setting up a very minimal git repo for sharing code inside i2p using any modern linux distro. (What is git?)

Please note this is not a general git tutorial, you will need to know a little git.

Simple setup

Git proxy settings are easy, it's deep in the man pages but usually there's no need to set them it seems daunting.

For all this you'll need ssh, git, connect-proxy and i2pd (see here for i2pd)

For ubuntu xenial (root needed)

wget -O i2pd.deb
dpkg -i i2pd.deb
apt install ssh git connect-proxy

Client side

(The following should be run as your regular user)

Create a shell script for proxying over i2p, is i2pd's socks proxy, it's enabled by default.

1 …

Read more ... in proxy down for rewrite inproxy will be done again until I get a chance to rewrite the in proxy app server in full, the nginx configuration I was using stopped working as of nginx 1.10.

The source code is on github here, feel free to help out.

This project is not a very high priority and will be back up once this rewrite is done.

Cross-Compile static I2PD for Raspberry Pi

(this guide is probably out of date)

I have recently successfully built i2pd for the raspberry pi using a cross compiler on Ubuntu 16.04 LTS for amd64. So far i2pd has an uptime of over a week with no crashes or memory leaks running a small irc server. There are still a few things i2pd could do better, specifically more documentation but I digress.


First off if you don't have git install it along with the basic compiler stuffs.

$ sudo apt install git build-essential

To build a static i2pd for raspberry pi you'll need to build an environment with all the i2pd dependencies. We'll use ubuntu's gcc arm cross compiler for this.

$ sudo apt install g++-arm-linux-gnueabihf gcc-arm-linux-gnueabihf

We don't want to mix the libraries we are going to build with our system libraries as they are for ARM not x86 so we'll make a separate …

Read more ... is back up in proxy is now back and powered by i2pd, a pure C++ i2p router implementation.

In time I may also provide an i2pbote gateway as well.

contact me if there is any trouble with the in proxy on jabber via

donate bitcoin to keep the in proxy alive: 15yuMzuueV8y5vPQQ39ZqQVz5Ey98DNrjE

Fed up with SystemD

This morning I woke up with no network connection on my desktop. After checking the ports and doing systemctl restart networking a few times I finally got online. Don't get me wrong, I want a 'one golden standard' for the Linux userland, I just don't want SystemD. With SystemD it's the little things that make the experience painful, you know, fucky network connectivity, no keyboard access before you can unlock your disks when you use FDE, loosing both X and tty when X crashes. The supporters of SystemD say it's going to get better, I know they are right, but given the direction SystemD is going it's going to get a LOT worse before it gets any better (cough systemd merging su cough).

SystemD has been a regression in the Power User experience at least for me. GNU has lost its edge, perhaps it's too late for redemption. I'm done …

Read more ...