updated

2025-05-16 08:37:02 +00:00 · 2025-05-07 09:12:05 +02:00 · 2025-05-07 09:12:05 +02:00 · 341c24852e
commit 341c24852e
parent 9c49c6bef5
9 changed files with 17 additions and 107 deletions
--- a/contribute/index.md
+++ b/contribute/index.md
@ -70,7 +70,7 @@ _Disclaimer:_ if you're not used to writing technical stuff, please aim for the

 Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):

-1) _General security and hacking:_ (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the [Hacking section](../../HTB/index.md). Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially contain a vulnerability. **Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.** You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. **TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.** We will consider some FOSS software as suitable for opsec use _until proven otherwise (so don't bring up the 0day excuse)_ , not the other way around.
+1) _General security and hacking:_ (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the [Hacking section](../../hacking/index.md). Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially contain a vulnerability. **Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.** You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. **TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.** We will consider some FOSS software as suitable for opsec use _until proven otherwise (so don't bring up the 0day excuse)_ , not the other way around.

 ![](65.png)

--- a/mailprivate/index.md
+++ b/mailprivate/index.md
@ -146,7 +146,7 @@ But as you can see it checks it by pinging 10.8.0.1, the OpenVPN server IP, mean
    	
    

-Then we get the .ovpn file and modify it (if you want to see how to make a openvpn server, see it [here](../../selfhosting/ovpn/index.md)) the only requirement here is that you will need to setup the openvpn server to work on TCP, and not UDP as it is set by default. Why? because it will need to go through tor:
+Then we get the .ovpn file and modify it. the only requirement here is that you will need to setup the openvpn server to work on TCP, and not UDP as it is set by default. Why? because it will need to go through tor:
    
    
    root@mail:~# vim mail.ovpn
@ -336,8 +336,16 @@ And now our mail server uses the remote server as a VPN server, but only through
 Then we setup the mail itself on the local mail VM which is now connected to the VPN:
    
    
-    root@mail:~# apt update -y ; apt upgrade -y ; apt install vim tmux curl certbot python3-certbot-nginx nginx  -y
+    root@mail:~# apt update -y ; apt upgrade -y ; apt install vim tmux curl certbot python3-certbot-nginx nginx -y
    	
+
+Then install openvpn on the remote server using angristan's openvpn install script (make sure that it is running on a TCP port, otherwise you wont be able to force the openvpn connection through Tor, since it's a TCP-only protocol:
+
+```
+curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
+chmod +x openvpn-install.sh
+./openvpn-install.sh
+```
    

 Then we make sure that the ports are forwarded through the vpn connection:
@ -400,7 +408,7 @@ Dont forget to allow ip forwarding on the vpn server:
    → sysctl net.ipv4.ip_forward=1
    net.ipv4.ip_forward = 1
    
-    
+

 Then you make sure that your DNS records are set properly:

--- a/maintainers/index.md
+++ b/maintainers/index.md
@ -73,7 +73,7 @@ If you are not sure about if a particular todolist/criticism is valid or not, yo

 Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):

-1) _General security and hacking:_ (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the [Hacking section](../../HTB/index.md). Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially contain a vulnerability. **Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.** You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. **TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.** We will consider some FOSS software as suitable for opsec use _until proven otherwise (so don't bring up the 0day excuse)_ , not the other way around.
+1) _General security and hacking:_ (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the [Hacking section](../../hacking/index.md). Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially contain a vulnerability. **Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.** You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. **TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.** We will consider some FOSS software as suitable for opsec use _until proven otherwise (so don't bring up the 0day excuse)_ , not the other way around.

 ![](../contribute/65.png)

--- a/mysqlmastermaster/index.md
+++ b/mysqlmastermaster/index.md
@ -534,9 +534,6 @@ In the next tutorial of this series, we will configure [Onionbalance](https://on

 **Additional resources**

-  * [MySQL master-master replication in local network](../../selfhosting/db/msql_mm.html) (written by Nihilist) 
-  
-
  * [MySQL master-slave replication over SSH tunnel](https://andrewhofmans.com/blog/how-to/mysql-master-slave-replication-over-ssh-tunnel/)


--- a/openhardware/index.md
+++ b/openhardware/index.md
@ -22,7 +22,7 @@ When we're talking Computers, we have these 5 basic layers:

  2. _Layer 3: Kernel_ (ex: [the Linux Kernel](https://github.com/torvalds/linux) (written in C))

-  3. _Layer 2: Assembler_ (ex: [Direct CPU instructions](../../HTB/asm/7.html) derived from the C compilation)
+  3. _Layer 2: Assembler_ (ex: [Direct CPU instructions](../../hacking/asm/7.html) derived from the C compilation)

  4. **_Layer 1: Firmware_** (ex: low-level software to provide control over CPU, motherboard, GPU, etc)

--- a/passwordmanagement/index.md
+++ b/passwordmanagement/index.md
@ -12,7 +12,7 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU

 ## **What is password management, and Why use Keepass?**

-If you have seen my [Offensive Security](../../HTB/index.md) blog section, or the numerous news regarding massive companies being hacked, you should be aware that no matter where you choose to put your data out there, nowhere is truly safe.
+If you have seen my [Offensive Security](../../hacking/index.md) blog section, or the numerous news regarding massive companies being hacked, you should be aware that no matter where you choose to put your data out there, nowhere is truly safe.

 Now let's take the following example, Bob is being lazy (again), and he uses the same password for his laptop, all of his accounts online, and at some point he creates an account on "Spotify":

--- a/physicalsecurity/index.md
+++ b/physicalsecurity/index.md
@ -1200,7 +1200,7 @@ Now like this, the trap ssh service on port 22 is going to force the execution o
    
    

-Next, to make sure that failed ssh login attempts get banned with fail2ban, we make sure that sshd outputs to auth.log, that way we ward off any potential ssh bruteforce attack, you can check out how to setup fail2ban with [this tutorial](../fail2banssh/index.md) to know how to do it.
+Next, to make sure that failed ssh login attempts get banned with fail2ban, we make sure that sshd outputs to auth.log, that way we ward off any potential ssh bruteforce attack, you can check out how to setup fail2ban to know how to do it.

 ## **Clientside precautions**

--- a/torbrowsing/MobileTor/index.md
+++ b/torbrowsing/MobileTor/index.md
@ -1,95 +0,0 @@
---
-author: Will Jager
-date: 2024-08-19
-gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/0"
-xmr: 8A96qyqg1t1EFtbSspTQpmiaUnyFAJZRQ9wFNTSJa11MWJLUcVVP1roQ3wQqqAPFxsMvZ1TX2oCHrX725rXA1X2MP46ckxg
---
-# How to use the Tor Browser on Mobile 
-
-Sometimes you are not always in front of your computer but need to browse the web anonymously while being away from your home. In this tutorial we're going to cover how to browse the web anonymously while on your mobile device. 
-
-## _OPSEC Recommendations:_
-
-  * Hardware: Google Pixel
-
-  * Host OS: [Graphene OS](../graphene/index.md)
-
-  * Configuration: Can be set in the Private or Anonymous Profile
-
-
-  
-
-
-## **Initial Download and Setup**
-
-You can download Tor Browser for Android from F-Droid (as we want to maintain the open source requirement), using the Guardian Repository, or the apk directly from the official Tor website. Please do not download it from any other source. There have been malicious versions passed around on social media in the past.
-
-![](11.png) ![](12.png) ![](13.png) ![](14.png) ![](15.png) ![](16.png) ![](17.png) ![](18.png) ![](19.png) ![](20.png) ![](21.png)
-
-Note: To download from F-Droid you will have to enable Guardian Project Repositories under settings → My Apps → Guardian Project (guardianproject.info/fdroid/repo)
-
-When you open the Tor app for the first time you will be greeted with this screen:
-
-  
-![](1.png)   
-
-
-We'll do some slight configuration changes, starting with the automatic connection and then open settings: _toggle auto → settings_   
-![](2.png)   
-
-
-In settings, scroll down to Privacy and security. Open Security Level:
-
-  
-![](3.png)   
-
-
-Choose Safest for maximum security
-
-![](4.png)   
-
-
-Additionally in settings you can choose the Default search engine and to use (.onion) sites if you prefer.
-
-![](5.png)   
-
-
-And you are done, you should now be at the start page:
-
-  
-![](6.png)   
-
-
-If your connection is being censored or you are unable to connect to the Tor network then you may have to configure a bridge. Choose “Config Bridge” on the opening screen or under settings:
-
-  
-![](7.png)   
-
-
-Toggle “Use a Bridge” to open up three options: "obfs4", "meek-azure", and "snowflake".
-
-  1. Obfs4 is a pluggable transport that makes Tor traffic look random and also prevents censors from finding bridges by Internet scanning. 
-
-  2. Meek-Azure is a pluggable transport that makes it look like you are browsing a Microsoft web site instead of using Tor.
-
-  3. Snowflake involves a large number of volunteer proxies, which also makes them hard to pin point and prevents the blocking of proxy IP addresses.
-
-
-
-
-Additionally you can provide a trusted bridge to use if you know one.
-
-  
-
-
-## _Closing:_
-
-  1. Orfox is a sunsetted privacy focused web browser based on Tor. It is no longer maintained and is not recommended.
-
-  2. Orbot is a proxy app that allows other apps on your device to encrypt your internet traffic through Tor. After installing Orbot go to Choose apps under settings in order to route the apps of your choice through Tor.
-
-  3. Currently there is no official Tor browser available for iOS on iPhone. Using Orbot with the open source Onion Browser is better than nothing but does not have the same privacy protections as Tor Browser. Use at your own risk.
-
-
-
-
--- a/torthroughvpn/index.md
+++ b/torthroughvpn/index.md
@ -8,7 +8,7 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU

 ## **Tor and VPNs comparison Recap**

-As we went over this comparison in the previous blogpost [here](torvsvpn) i will briefly recap it here:
+As we went over this comparison in the previous blogpost [here](../torvsvpns/index.html) i will briefly recap it here:

 **VPNS:**