4d shapes
9d colors
Administered by:
#4d
0 posts0 participants0 posts today
Diagonal 
section of ðe 4d cartesian product of 2 "I want to be a sea urchin and eat cabbage"(yes, really) tilings
kinda like ðis
Unfortunately we are still too dimensionally, perceptually, & probably intellectually challenged to even try to look at ðe full θing 
#4d cartesian product of 2 of ðese fancy pentagonal tilings + 
2dsections = 
Hoy es #28F, el día en las andaluzas y los andaluces conmemoramos el referéndum con el que accedimos a la autonomía. Pero para muchas personas, entre las que me incluyo, el verdadero Día Nacional de Andalucía es el 4 de Diciembre.
En aquella fecha de 1977 dos millones de personas salieron a las calles de las ocho capitales de Andalucía para reclamar nuestros derechos como pueblo. Sin #4D ni hay 28F ni se entiende el actual modelo autonómico español.
En cualquier caso ¡Viva Andalucía Libre! 
#Funfact you can tile 4d space with ðe cartesian product of any 2 2d tilings(12.6.4 x 12.6.4 here),
Each resulting duoprism shape has a unique color(even if ðey can look like 2 difrnt polygons in ðese 2dsections)
Continued thread
(26/N)
3. Actively maintain your devices
1] Package managers are no longer the only source of software for systems. Look into a one-stop upgrading tool like Topgrade that takes care of this, and also handles, e.g., updates of #Flatpak applications.
2] Use unattended / automatic upgrades on #Linux distributions that have a non-rolling release model. Restrict them to security upgrades, only: You want your devices to stay secure, but reduce the risk of things breaking while you are not available for resolving any issues. @fedora has listed the pros and cons of unattended upgrades.
You can find helpful howtos on the web for many distros:
Debian, Fedora, Linux Mint, openSUSE, Ubuntu, …
If you can’t find one, as a last resort, look up the parent distribution of yours and continue your search there.
3] Finally, collect notes how you resolved maintenance issues. Include research results, like helpful links. Copy & paste the history of terminal commands used in the process. Integrate these into your regular note-taking system. Don’t lose the knowledge you have acquired.
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
GitHubGitHub - topgrade-rs/topgrade: Upgrade all the thingsUpgrade all the things. Contribute to topgrade-rs/topgrade development by creating an account on GitHub.
Continued thread
(25/N)
2. Bootstrap your workplace
Remove all software packages that you haven't used, ever or since a long time. Whenever you (re)install #Linux on a device, pick the most minimal version of the installer (usually the smallest download for your processor architecture, sometimes still a CD .iso image).
(Re)add only what you need, and when you need it: Wait for it, don't speculate. Our #WFH / #office-centric list of recommended software:
https://tuxwise.net/recommended-software/
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
tuxwiseRecommended software - tuxwiseRecommended software - If you could recommend one, and only one software for this job, what would it be? Deliberately one option, only.
Continued thread
(24/N) There are some best practices that will make it easier to answer threat modeling question #3, "What are you going to do about it?". These will help you protect a wide range of assets by taking care of your devices, so let's look at them first:
- Encrypt data at rest
- Bootstrap your workplace
- Actively maintain your devices
- Secure your devices
- Prepare for repair
1. Encrypt data at rest
What can you achieve with intermediate knowledge, without fully descending into the rat hole?
Caveat: this is best done when setting up #Linux on a new device. Modifying an existing installation on your own IMHO isn't advisable if you're not a seasoned user. If you still decide to venture into it, make SURE you have backed up all your assets, before following "howtos on the internet". You have been warned.
Likening your device to a medieval city:
1) Full-Disk Encryption (FDE) is like locking the "city gate". Most popular Linux distributions offer FDE during the installation process. FDE is also your last line of defense when your device gets stolen, or your disk fails and cannot be safely wiped before disposing of it. Use FDE. (Yes, technically, "Full" is not absolutely accurate. We'll leave it at that.)
2) Within your "city", there will likely be at least two "houses": the home of the admin account, and your personal home. Using FDE alone, the "doors" of these homes won't have any locks of their own. Possibly not a big deal with respect to the administrative account, but admins being able to access any of your non-public assets, even when you're not logged in, is probably not what you want.
While the specific steps depend on your preferred Linux distro, a "portable" solution is to create a separate, encrypted disk partition, and have it mounted as your user home directory, when you log in. That solution is based on cryptsetup and the pam_mount module, nice tutorial examples that resemble each other are, e.g.:
- Arch / Manjaro: https://elamperti.github.io/dotfiles/encrypted-home.html
- Linux Mint: https://cobertos.com/blog/post/linux-mint-luks-encrypted-user-home-directory
3) Within your "house", you may wish to have a locked "chest", e.g. for your #FYEO assets. There's essentially two options: a) a single, encrypted container file that acts as a "#vault" for your asset files; or b) an encrypted overlay file system that maintains an openly visible directory hosting your encrypted assets, including directory structures, in the background; and allows you to mount a decrypted counterpart, for working on your assets.
a) A "vault", being a single file, is easy to copy and carry around, on arbitrary storage media, e.g. USB sticks. It doesn't reveal too much about its contents, but resizing it takes a little effort. Also, you can't "incrementally backup" content changes, just copy the whole, changed vault.
A nice tutorial for creating and using a vault using plain, standard cryptsetup is https://opensource.com/article/21/4/linux-encryption by @seth . If you must have a GUI for creating and mounting vaults, look at zuluCrypt https://mhogomchungu.github.io/zuluCrypt/ – IMHO the app is still in need of a little polish, though.
b) An encrypted overlay file system allows for incrementally backing up changed assets, but exposes considerable metadata (rough file sizes, directory structures, modification dates).
The most widely used package for this is probably gocryptfs. Its "HowTo" is literally a one-pager: https://nuetzlich.net/gocryptfs/quickstart/
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
dotfilesEncrypting your home directory on LinuxMy very own dotfiles ✨
Continued thread
(23/N) Our fifth, and last, asset classification option:
Public
Assets accessible to, or controlled by, anybody who is aware of them. The existence of such assets is usually easily detectable, or even widely known. Note: "public" refers to potential access or control by the general public, regardless whether there is a legal basis for it.
Public makes a bad default class. Pick Intimate instead.
Start classifying assets
If you haven't done so yet, add a "Classification" column to your asset spreadsheet, and assign each asset to a specific class.
Pick "Intimate" as the default class. Assume that you will act according to the respective classifications, starting today, instead of pondering whether it's "too late", for certain assets.
Some classification suggestions that may look appropriate to you (or not):
For Your Eyes Only (FYEO): Diaries and journals? Private notes?
Intimate: Family photographs? Bank accounts? ToDo lists?
None Of Your Business (NOYB): Your smartphones, tablets, desktops? Medical records? Financial assets? Documents related to legal proceedings?
Shared: Some Personally Identifiable Information #PII (birthdays; place of residence; diploma)? Insurance-related data (lists of valuables; car make and model; flat size)? Travel bookings? Streaming package subscriptions?
Public: Social media or forum posts? Published articles, zines, or books?
When you're finished, consider splitting the spreadsheet in two, and handling the part containing FYEO assets like a FYEO asset, in itself.
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(1/N) With more challenging times ahead, the #4Ds will become more important, too:
✋ **Defend** your boundaries: know what matters to you, and properly safeguard it – instead of being an alert-driven option tinkerer.
🪪 **Define** yourself: use multiple identities that focus on a single purpose each – instead of having everything you do, have and think linked back directly to you.
👑 **Decide** like a sovereign: get to know your needs, and what meets them best – instead of sacrificing them to the interests of others.
🌐 **Dwell** the space: seek community, practice solidarity and citizenship – instead of being beaten a little later than others, in a glorious bunker.
In the future, I'll post a few ideas and suggestions based on the 4Ds.
BTW, I have dropped the adjective "#digital" from my vocabulary. There is no more separate "digital sphere" or "cyberspace" that wasn't part of our everyday lives.
#privacy #security #anonymity
#genuary I tried making 4d worley noise in 42 lines
ðis is using ðe distances to ðe closest 3 points & ends up being weirdly sparse in some places because of ðe long diagonals in ðe base hypercubic grid
Continued thread
(22/N) Our fourth asset classification option:
Shared
Assets that are accessible to, or controlled by others for a specific purpose, usually under a specific agreement that may also be implicit. Preferably, these assets are kept publicly undetectable and unknown.
Typically, access is granted to persons or entities that are only selectively or partially trusted: coworkers, support groups, suppliers, providers, insurances, payment providers, or communities you belong to.
It is common to minimize sharing of critical assets by having multiple, restricted aliases or proxies stand in for the asset to be protected, e.g., email aliases, or aliased credit cards.
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(1/N) With more challenging times ahead, the #4Ds will become more important, too:
✋ **Defend** your boundaries: know what matters to you, and properly safeguard it – instead of being an alert-driven option tinkerer.
🪪 **Define** yourself: use multiple identities that focus on a single purpose each – instead of having everything you do, have and think linked back directly to you.
👑 **Decide** like a sovereign: get to know your needs, and what meets them best – instead of sacrificing them to the interests of others.
🌐 **Dwell** the space: seek community, practice solidarity and citizenship – instead of being beaten a little later than others, in a glorious bunker.
In the future, I'll post a few ideas and suggestions based on the 4Ds.
BTW, I have dropped the adjective "#digital" from my vocabulary. There is no more separate "digital sphere" or "cyberspace" that wasn't part of our everyday lives.
#privacy #security #anonymity
Continued thread
(21/N) Our third asset classification option:
None Of Your Business (NOYB)
Assets that by default aren’t shared, but can be accessed, controlled, or managed by others, with your permission. You grant such permissions mostly for practical reasons, to agents bound by formal agreements (like service or maintenance staff), and usually not reluctantly, like with assets classified as "Intimate".
Preferably, NOYB assets are still kept publicly undetectable and unknown. The #ZeroTrust principle can be fully applied here, often using available access control mechanisms, and automation.
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(1/N) With more challenging times ahead, the #4Ds will become more important, too:
✋ **Defend** your boundaries: know what matters to you, and properly safeguard it – instead of being an alert-driven option tinkerer.
🪪 **Define** yourself: use multiple identities that focus on a single purpose each – instead of having everything you do, have and think linked back directly to you.
👑 **Decide** like a sovereign: get to know your needs, and what meets them best – instead of sacrificing them to the interests of others.
🌐 **Dwell** the space: seek community, practice solidarity and citizenship – instead of being beaten a little later than others, in a glorious bunker.
In the future, I'll post a few ideas and suggestions based on the 4Ds.
BTW, I have dropped the adjective "#digital" from my vocabulary. There is no more separate "digital sphere" or "cyberspace" that wasn't part of our everyday lives.
#privacy #security #anonymity
Continued thread
(20/N) Our second asset classification option:
Intimate
Assets that unfortunately can’t stay FYEO, because under certain circumstances, they need to be accessible to, or controlled by, fully trusted persons or entities. Preferably, these assets are kept publicly undetectable and unknown.
Handling of such assets by others requires a considerable amount of #carefulness, #diligence, and #loyalty that exceeds anything that could be pinned down with enough precision in formal documents. Typically, only significant others, some family members, trustees or close friends are entrusted with handling this class of assets.
For most individuals, this class is most likely the best default. Once you have sorted out which assets are actually not Intimate, but FYEO, consider moving them to a separate spreadsheet that is, in itself, classified as FYEO.
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(1/N) With more challenging times ahead, the #4Ds will become more important, too:
✋ **Defend** your boundaries: know what matters to you, and properly safeguard it – instead of being an alert-driven option tinkerer.
🪪 **Define** yourself: use multiple identities that focus on a single purpose each – instead of having everything you do, have and think linked back directly to you.
👑 **Decide** like a sovereign: get to know your needs, and what meets them best – instead of sacrificing them to the interests of others.
🌐 **Dwell** the space: seek community, practice solidarity and citizenship – instead of being beaten a little later than others, in a glorious bunker.
In the future, I'll post a few ideas and suggestions based on the 4Ds.
BTW, I have dropped the adjective "#digital" from my vocabulary. There is no more separate "digital sphere" or "cyberspace" that wasn't part of our everyday lives.
#privacy #security #anonymity
Continued thread
(19/N) Let's now turn to the third question of the #ThreatModelingManifesto:
3. What are you going to do about it?
It pays to first establish a few contraints for what you can do, in theory, by #classifying your #assets. Again, for an individual human being, opposed to organizations or companies, it's nearly impossible to impose principles like #ZeroTrust or Need-to-know on personal relationships, the closer they get.
So, avoid recycling terms from popular, but less intuitive schemes: Fanciful intelligence labels like “top secret”, “confidential”, or “unclassified” do not tell you what goes into the respective box, and how to handle access to it.
Add another column to your assets spreadsheet, label it "Classification", and pick a more human-centered approach for its values, like:
For Your Eyes Only (FYEO)
Intimate
None Of Your Business (NOYB)
Shared
Public
Let's briefly go through these suggestions:
For Your Eyes Only (FYEO)
Assets that are only accessible to, and controlled by nobody but you, because they need to be resilient, even in the face of the closest of your close people misbehaving. Preferably, these assets are kept publicly undetectable and unknown. When you are gone, these assets will be gone, too. FYEO does not make a good default class, though.
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(1/N) With more challenging times ahead, the #4Ds will become more important, too:
✋ **Defend** your boundaries: know what matters to you, and properly safeguard it – instead of being an alert-driven option tinkerer.
🪪 **Define** yourself: use multiple identities that focus on a single purpose each – instead of having everything you do, have and think linked back directly to you.
👑 **Decide** like a sovereign: get to know your needs, and what meets them best – instead of sacrificing them to the interests of others.
🌐 **Dwell** the space: seek community, practice solidarity and citizenship – instead of being beaten a little later than others, in a glorious bunker.
In the future, I'll post a few ideas and suggestions based on the 4Ds.
BTW, I have dropped the adjective "#digital" from my vocabulary. There is no more separate "digital sphere" or "cyberspace" that wasn't part of our everyday lives.
#privacy #security #anonymity
Continued thread
(18/N) Revisit your spreadsheet of assets now, specifically the "Consequences" column we had added in (7/N).
- Expanding the simplified approach to threats from "disclosed, destroyed, deanonymized" to the full set of threat types; and
- Taking into account all categories of adversaries:
How does your assessment of potential consequences change? Walk through your list of assets, and change the values in the "Consequences" column where needed.
Categories of adversaries:
You, and people like you
Criminals
Ideologues
Intruders
Business(i)es
“They”
Threat types:
Linking
Identifiying
Undesirable non-repudiation or repudiation
Detecting
Data disclosure
Manufacturing cooperation
Non-compliance
Obstructing
Interfering
Consequences when threats by adversaries become reality (feel free to change and rename): So what?
Hmmm… Ouch.
Hurts badly.
Life-changing disaster.
Consequences (7/N):
https://mastodon.de/@tuxwise/113548439494399874
Categories of adversaries (8/N):
https://mastodon.de/@tuxwise/113560309025649046
Types of threats (14/N):
https://mastodon.de/@tuxwise/113622961370958693
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(7/N) You should now have a spreadsheet filled with a list of all of your data and device "assets" (that you were able to remember, so far).
BTW, that spreadsheet is stored on encrypted media only, isn't it?
Now, for each asset, verify again that you have set all appropriate category checkmarks in the columns described under (4/N):
https://mastodon.de/@tuxwise/113521613245140566
Then, considering not just quantifiable damage like a potential loss of money, but also the abstracts assets listed under (3/N) …
https://mastodon.de/@tuxwise/113514249877671549
… reflect a little, per specific asset, how bad the consequences would be if it were disclosed, destroyed, or deanonymized. If you wish, track the consequences in an additional column, possibly using a qualitative range like: 🤷 … 😟 … 😳 … 😭 … 😱
Unlike with traditional, or "corporate" threat modeling, I find it less helpful to try and merely quantify such an assessment of potential damages, and to separate it from recording the assets. I also find it not helpful to consider various types of bad actors already, at this stage.
Since everything in our asset list relates to us, individually and personally, measurable damage like a potential loss of money is only a part of the impact.
As humans, we can't just (more or less) gracefully disappear [*], like a business, or an organization. We also don't get much relief from claiming we've been as diligent as mandated by regulations or policies, since we won't be merely held "accountable" for damages, but will actually suffer from them, physically and psychologically, possibly for life.
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
#ThreatModeling #4D
[*] No, not even in countries with moderate tracking of the whereabouts and names of their citizens.
Continued thread
(17/N) Finally, two threat types that refer to security more than privacy:
An adversary destroys, withdraws, steals or misappropriates information, access, or resources. The obstruction can be temporary or permanent, partial or total. Obstructing can also occur unintentionally, with the “adversary” being deterioration, malfunction, or disaster.
An adversary deliberately corrupts the integrity or authenticity of information, resources, processes, or interactions. The respective information, resources, processes, or interactions aren’t necessarily controlled or owned by the persons that are affected, and may also be fabricated. Interfering can also occur unintentionally, with the “adversary” being deterioration, malfunction, or disaster.
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(1/N) With more challenging times ahead, the #4Ds will become more important, too:
✋ **Defend** your boundaries: know what matters to you, and properly safeguard it – instead of being an alert-driven option tinkerer.
🪪 **Define** yourself: use multiple identities that focus on a single purpose each – instead of having everything you do, have and think linked back directly to you.
👑 **Decide** like a sovereign: get to know your needs, and what meets them best – instead of sacrificing them to the interests of others.
🌐 **Dwell** the space: seek community, practice solidarity and citizenship – instead of being beaten a little later than others, in a glorious bunker.
In the future, I'll post a few ideas and suggestions based on the 4Ds.
BTW, I have dropped the adjective "#digital" from my vocabulary. There is no more separate "digital sphere" or "cyberspace" that wasn't part of our everyday lives.
#privacy #security #anonymity
Continued thread
(16/N) Three more threat types defined:
Data #disclosure
An adversary makes somebody’s confidential data available to unauthorized parties.
Manufacturing cooperation
An adversary hides from somebody the potentially harmful consequences of their own decisions and actions, or denies them the option of avoiding such consequences, even when they are aware of them.
Contrary to what somebody expects and trusts in, an adversary does not follow laws, documented policies or contractual obligations; or does not abide by what is perceived as conventions, or unwritten rules, in the respective context.
(to be continued)
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(1/N) With more challenging times ahead, the #4Ds will become more important, too:
✋ **Defend** your boundaries: know what matters to you, and properly safeguard it – instead of being an alert-driven option tinkerer.
🪪 **Define** yourself: use multiple identities that focus on a single purpose each – instead of having everything you do, have and think linked back directly to you.
👑 **Decide** like a sovereign: get to know your needs, and what meets them best – instead of sacrificing them to the interests of others.
🌐 **Dwell** the space: seek community, practice solidarity and citizenship – instead of being beaten a little later than others, in a glorious bunker.
In the future, I'll post a few ideas and suggestions based on the 4Ds.
BTW, I have dropped the adjective "#digital" from my vocabulary. There is no more separate "digital sphere" or "cyberspace" that wasn't part of our everyday lives.
#privacy #security #anonymity
Continued thread
(15/N) Two more threat types defined:
Undesirable non-repudiation or repudiation
#Repudiation (plausible denial) of what somebody has said / done / known / possessed becomes impossible because an adversary has managed to collect enough evidence to establish undesirable non-repudiation. In other words: the adversary can prove beyond reasonable doubt that "it" happened.
Alternatively, #NonRepudiation (proof beyond reasonable doubt) cannot be established because an adversary has managed to suppress or destroy enough evidence to gain the option of repudiation (plausible denial). In other words: the adversary can plausibly deny "it" happened.
Detecting
An adversary can check for the presence or absence of specific data items, which are tell-tale indicators for something else.
(to be continued)
Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865
MastodonDEtuxwise (@tuxwise@mastodon.de)(1/N) With more challenging times ahead, the #4Ds will become more important, too:
✋ **Defend** your boundaries: know what matters to you, and properly safeguard it – instead of being an alert-driven option tinkerer.
🪪 **Define** yourself: use multiple identities that focus on a single purpose each – instead of having everything you do, have and think linked back directly to you.
👑 **Decide** like a sovereign: get to know your needs, and what meets them best – instead of sacrificing them to the interests of others.
🌐 **Dwell** the space: seek community, practice solidarity and citizenship – instead of being beaten a little later than others, in a glorious bunker.
In the future, I'll post a few ideas and suggestions based on the 4Ds.
BTW, I have dropped the adjective "#digital" from my vocabulary. There is no more separate "digital sphere" or "cyberspace" that wasn't part of our everyday lives.
#privacy #security #anonymity