Pavol Rusnak #cypherpunk #hacker #openhw #privacy #bitcoin #newmediaart

Temporal space-time anchors

I guess I was around 15 when I came up with an idea. I thought it was quite ordinary and didn’t bother to think about it more. Recently, it came to me again out of the blue. With much better access to the net, I tried to find someone else who came up and documented this idea, but I failed. So here it goes:

Suppose, you are out with your friends and you want to mark a particular point in time (and space). Maybe something interesting happened and you don’t want to discuss it immediately or you just want to make some space-time reference point for past and future events. All you need to do is just say: “I’m creating an anchor” or just “anchor” later on (when your friends are aware of the concept).

When you are with your friends later again, you can use this anchor in your conversations. Some examples:

  • “We went to sleep 5 hours after the anchor.”
  • “What was the song that played 15 minutes before the anchor?”
  • “Let’s tell Peter, we’ll meet him at the anchor in 30 minutes.”
  • “There is a nice church 500 meters south from the anchor.”
  • “Do you remember the nice clouds that appeared when I created the anchor?”

More people can create an anchor and one person can create more anchors during one day, but I generally don’t recommend it as it gets messy easily. :-)

Running SSH on a Raspberry Pi as a Hidden Service with Tor

Have you ever tried to solve the following problem? I did. Many times.

You have just finished installing a brand new Internet node, but you need to connect to it (usually using SSH) to perform some tasks. The issue is that this node usually lies behind NAT, does not have a public IP, its local IP keeps changing or even worse even the public IP is changed by ISP from time to time.

This problem is usually solved by port forwarding on a router that has the public IP, but this is not very usable in more complex network environments.

Another option is to create a VPN where you connect your node, but this requires quite a big effort to get it working (both server and client side).

There is another way, which I find quite easy and elegant at the same time. Let’s use a Hidden Service created via Tor network! We don’t really need anonymity in this case, but it comes as a nice bonus.

I will use Raspberry Pi and Raspbian Jessie in this example, but this should work almost anywhere with small changes.

  • Login to Raspberry Pi and enable SSH daemon if it was not enabled (it is on by default in Raspbian).

  • All commands below should be run as root, so either spawn a root shell using sudo -i or prepend each line with sudo.

  • Update the system and install Tor package:

apt-get update
apt-get install tor
  • Edit the Tor configuration file /etc/tor/torrc and add the following lines:
HiddenServiceDir /var/lib/tor/sshd/
HiddenServicePort 22
  • Create the directory you specified above for the SSH hidden service:
export SERVICE_DIR=/var/lib/tor/sshd/
chmod 700 $SERVICE_DIR
chown debian-tor.debian-tor $SERVICE_DIR
  • Enable and start the Tor service:
systemctl enable tor
systemctl start tor
  • If everything went OK, you are able to print the hidden service hostname using:
cat $SERVICE_DIR/hostname
  • Which should print something like this:
  • Your node is now available from anywhere in the world using this onion address! But how do we connect to it?

  • You need to install and start Tor on your local computer in a similar fashion you got it running on Pi, but don’t create a hidden service there.

  • Once Tor is running locally, open your SSH config (~/.ssh/config) and add the following:

Host *.onion
  ProxyCommand /usr/bin/nc -xlocalhost:9050 -X5 %h %p
  • If you are having problem with nc/netcat above (various distributions ship different variants), you can use socat instead:
Host *.onion
  ProxyCommand /usr/bin/socat STDIO SOCKS4A:localhost:%h:%p,socksport=9050
  • Finally, you can now connect to your node using SSH and the hostname from above:
ssh pi@vxbdqtv2ber7js5y.onion
  • Congratulations!

The Internet of Things is so 2015. Let’s give a big welcome to the “Darknet of Things” or #DoT. :-)

If you want to make your connections even more secure using HiddenServiceAuthorizeClient option, see this Nurdletech post.

Trick using host wildcard in SSH config is inspired from rtyler’s post.

For further reading I recommend Hidden Service Configuration Instructions from Tor project website.

NFC Tags in Prague Metro

Prague Metro is full of advertisements, which are posters put in frames like this:


Have you noticed something interesting in the picture?

How about now?


Don’t worry, I haven’t notice it either at first, until my friend Sargon pointed that out.

So this white circle looks like a NFC tag (and yes, it is there even when there is a poster over it).

Let’s try it out!

I am using Nexus 5 phone with NFC TagInfo by NXP application installed.

This is how it looks when you approach the tag with this app running:





The most important thing on the last screen are dots that appear between the sector number and its contents. This means that the area is unlocked and writable (x means locked, . unlocked). Yay!

Why is the tag not locked and anyone can write to it? I can only speculate, but I think that’s because the advertisement company uses the tags to track which frame has which ad and they care only about the tag ID, which cannot be overwrittern.

Let’s try another application called NFC TagWriter by NXP.


Select Write tags button.


Select New dataset


I will be creating a link so I choose Link.


After filling in the details I click Save.


Now I can select data from my list.


Let’s write it by clicking on Write!


Now we can touch the tag.



Now when we approach the tag with the phone, Android will read the tag, interpret the URL and open browser with this address.

The information on the tag can be used to trigger lots of other events too. Call a number, send an email, launch an application, show plain text or send or receive bitcoins (when bitcoin:address URI scheme or Bitcoin private key is used).

When we use the TagInfo application now, it will look like this:






When I was experimented with the tags, I haven’t found any which had any data stored in it.

I hope next time I try this, there will be some nice poems (106 chars maximum) or links to some nice pictures. Heck, someone could even create an interesting augmented reality game, capture the flag, check-in (who wants to be a mayor of this train?) or …

The only limit is your imagination. And slow (or none) internet in the metro. :-(

Netflix Content by Country

Beginning of January Netflix expanded to most of the countries all around the world. The domination map looks quite impressive:


Unfortunately, the reality is not as bright as it looks. When I read the announcement, I did not hesitate and subscribed the service. I was very disappointed to see that most of my favorite shows were not available in my country and I cancelled the renewal of my subscription.

Later, I stumbled upon a website that maintains the list of Netflix content per country called uNoGS (unofficial Netflix online Global Search). I was very interested to see how my country stands when compared to the others. Sadly there was no visualization of uNoGS data on their site, so I came up with my own using the interactive Google Charts API:

(open map in full screen)

Let's build a Freedom Node

Recently, I decided to support some of the open-source distributed projects such as Tor, IPFS and Bitcoin.

One way of supporting them would be to send some money as a donation, but because I am a hacker with a good Internet connection I decided to build a computer node that will directly contribute to their networks and make them bigger and more robust.

I call it a “Freedom Node”.


I evaluated lot of options and ended up buying the following components from my local computer hardware supplier:

item model price
Barebone PC by Gigabyte GB-BXBT-1900 $139.99
8 GB RAM by Kingston KVR16LS11/8 $35.38
240 GB SSD by Crucial CT240BX200SSD1 $64.99

I have decided to go for a solid-state drive option, but you can replace the suggested hard drive with a cheaper rotating disk (option A) or even bigger more expensive solid-state disk (option B):

item model price
A) 750 GB HDD by Western Digital WD7500BPKX $58.99
B) 480 GB SSD by Crucial CT480BX200SSD1 $129.99

The cheapest option is around $235, while the most expensive is around $305.

And this is how it looks! Nice, isn’t it?


It is really small and quiet and it fits anywhere in your appartment or office, so you will completely forget about it.


Now for the software part. I am going to use CentOS, because I am used to RPM distributions, but the process should be similar if you use Debian or Ubuntu.

  • Let’s download CentOS from and copy the ISO to a USB flash drive.

  • Follow the installation instructions and install the system.

  • Add EPEL (Extra Packages) repository by running:

yum install epel-release
  • Add Ringing Liberty Bitcoin repository by running:
yum install
  • Install Tor, Bitcoin and Go language:
yum install tor bitcoin-server golang

(If you want to use Bitcoin XT instead of Bitcoin Core just use bitcoinxt-server package instead of bitcoin-server in the line above.)

  • Edit the Tor configuration file /etc/tor/torrc and uncomment the following lines (the first line opens the relay port, the second one enables the directory service, the third one disables the exit node):
ORPort 9001
DirPort 9030
ExitPolicy reject *:*

Also fill in the details on lines with Nickname and ContactInfo.

If you are more adventurous you might skip uncommenting the ExitPolicy reject line, but I recommend reading something about running an Exit Node first.

  • Edit the Bitcoin configuration file /etc/bitcoin/bitcoin.conf and change RPC password to something random:
  • Add the following files to your ~/.bashrc file and relogin:
export GOPATH=$HOME/.go
  • Install IPFS and make a symlink to /usr/bin:
go get -u
ln -s /root/.go/bin/ipfs /usr/bin/ipfs
  • Initialize IPFS node:
ipfs init
  • Create IPFS systemd service file /usr/lib/systemd/system/ipfs.service and put the following contents in it:
Description=IPFS daemon

ExecStart=/usr/bin/ipfs daemon

  • Run and enable start at boot for all three services using the following commands:
systemctl enable bitcoin
systemctl start bitcoin

systemctl enable tor
systemctl start tor

systemctl enable ipfs
systemctl start ipfs
  • Enjoy and big THANK YOU for your important contribution to these networks!