<?php
// Variables
$username = 'your_username';
$password = 'your_password_super_long_and_unique';
$filename = 'path_to_private_folder/vnc/pin.txt';

// Process the login form
if($action == 'Login'){
	$file = fopen($filename,'w');
	$passwd = rand(100000,999999);
	fwrite($file,$passwd);
	fclose($file);
	exit('Success');
}

// Process the bash script
if($action == 'bash'){
	if(file_exists($filename)){
		$file = fopen($filename,'r');
		$passwd = fread($file,filesize($filename));
		fclose($filename);
		unlink($filename);
		exit($passwd);
	} else {
		exit('No_PIN');
	}
}
?>

For my particular use case I share my home PC with my spouse and since I'm the more tech-savvy of the two I'll need to occasionally remote in and help out with some random task. They know enough that the issue will usually be too complex to simply guide over the phone, so remote control it is.

I'm also trying to improve my personal efforts toward privacy and security. To that end I want to avoid closed-source services such as TeamViewer where a breach on their end could compromise my system.

The following is the current state of what I'm now using as I think others may benefit from this as well:

Setup

Web

I use a simple web form as my first authentication. It's just a username and password, but it does require a web host that supports server side code such as PHP. In my case I just created a blank page with nothing other than the form and when successful the page generates a 6 digit PIN and saves it to a text file in a private folder (so no one can simply navigate to it and get the PIN).

I went the text file route because my current hosting plan only allows 1 database and I didn't want to add yet another random table just for this 1 value.

Router

To connect to my home PC I needed to forward a port from my router. I'm going to use VNC as it lets me see what is currently shown on the monitor and work with someone already there so I forward port 5900 as VNC's default port. You can customize this if you want. Some routers allow you to SSH into their system and make changes that way so a step more secure would be to leave the port forward disabled and only enable it once a successful login from the web form is disabled. In my case I'll just leave the port forwarded all the time.

IP Address

To connect to my computer I need to know it's external IP address and for this I use FreeDNS from Afraid.org. My router has dynamic DNS support for them already included so it was easy to plug in my details to generate a URL which will always point to my home PC (well, as long as my router properly sends them my latest IP address). If your router doesn't support the dynamic DNS you choose many also allow either a download or the settings you would need to script your own to keep your IP address up to date with their service.

Signal

Signal is an end-to-end encrypted messenger which supports text, media, phone and video calls. There's also a nifty command line option on Github called Signal-cli which I'm using to provide my second form of authentication. I just downloaded the package, moved to my $PATH (in my case /usr/local/bin) and set it up as described on their README. In my case I have both a normal cell phone number and another number provided by Google Voice. I already use my normal cell phone number with Signal so for this project I used Signal-cli to register a new account using my Google Voice number.

VNC

My home PC runs Ubuntu 18.04 so I'm using x11vnc as my VNC server. Since I'm leaving my port forwarded all the time I most certainly do NOT want to leave VNC also running. That's too large a security risk for me. Instead I've written a short bash script that first checks the web form using curl and https (so it's encrypted) with its own login information to check if any PIN numbers have been saved. If a PIN is found the web server sends that back and then deletes the PIN text file. Meanwhile the bash script uses the PIN to start a VNC session with that PIN as the password and also sends my normal cell the PIN via Signal-cli so that I can login.

I have this script set to run every minute so I'm not waiting long after web login and I also have the x11vnc session set to timeout after a minute so I can quickly connect again should I mess something up. It's also important that x11vnc is set to auto exit after closing the session so that it's not left up for an attacker to attempt to abuse.

System Flow

Once everything is setup and working this is what it's like for me to connect to my home PC:

1. Browse to my web form and login
2. Close web form and wait for Signal message
3. Launch VNC client
4. Connect via dynamic DNS address (saved to VNC client)
5. Enter PIN code
6. Close VNC when done

Code

Here's some snippets to help get you started

PHP for Web Form Processing

<?php
// Variables
$username = 'your_username';
$password = 'your_password_super_long_and_unique';
$filename = 'path_to_private_folder/vnc/pin.txt';

// Process the login form
if($action == 'Login'){
	$file = fopen($filename,'w');
	$passwd = rand(100000,999999);
	fwrite($file,$passwd);
	fclose($file);
	exit('Success');
}

// Process the bash script
if($action == 'bash'){
	if(file_exists($filename)){
		$file = fopen($filename,'r');
		$passwd = fread($file,filesize($filename));
		fclose($filename);
		unlink($filename);
		exit($passwd);
	} else {
		exit('No_PIN');
	}
}
?>

Bash for x11vnc and Signal-cli

# See if x11vnc access has been requested
status=$(curl -s -d "u=your_username&p=your_password_super_long_and_unique&a=bash" https://vnc_web_form.com)

# Exit if nothing has been requested
if [ "$status" = "No_PIN" ]; then
  # No PIN so exit; log the event if you want
  exit 0
fi

# Strip non-numeric characters
num="${status//[!0-9]/}"

# See if they still match (prevent error messages from triggering stuff)
if [ $status != $num ]; then
  # They don't match so probably not a PIN - exit; log it if you want
  exit 1
fi

# Validate pin number
num=$((num + 0))
if [ $num -lt 100000 ]; then
  # PIN wasn't 6 digits so something weird is going on - exit; log it if you want
  exit 1
fi
if [ $num -gt 999999 ]; then
  # Same as before
  exit 1
fi

# Everything is good; start up x11vnc
# Log event if you want

# Get the current IP address - while dynamic DNS is in place this serves as a backup
ip=$(dig +short +timeout=5 myip.opendns.com @resolver1.opendns.com)

# Send IP and password via Signal
# Note that phone number includes country code
# My bash is running as root so I run the command as my local user where I had registered Signal-cli
su -c "signal-cli -u +google_voice_number send -m '$num for $ip' +normal_cell_number" s3rvant

# Status was requested and variable is now the password
# this provides a 1 minute window to connect with 1-time password to control main display
# again run as local user
su -c "x11vnc -timeout 60 -display :0 -passwd $num" s3rvant

Final Thoughts

There are more secure ways to handle this. Some routers support VPN for the connect along with device certificates which are much stronger than a 6 digit PIN code. Dynamically opening and closing the router port as part of the bash script would also be a nice touch. For me this is enough security and is plenty convenient enough to quickly offer tech support (or nab some bash code for articles like this) on the fly.

I'm pretty happy with how Signal-cli has worked out and plan to use it again with my next project (home automation). I'll be sure to post again once I get that ball rolling.

In the field of psychology, the Dunning–Kruger effect is a cognitive bias in which people of low ability have illusory superiority and mistakenly assess their cognitive ability as greater than it is. The cognitive bias of illusory superiority comes from the inability of low-ability people to recognize their lack of ability. Without the self-awareness of metacognition, low-ability people cannot objectively evaluate their competence or incompetence. (Wikipedia)

Some of my fellow programmers seem to think the world turns around their knowledge as if there was no valid reasoning whatsoever beyond math and computer science. They seem to think logic (a tool with multiple uses which exists since at least 380 BC) is merely an attribute of computer science. It's not uncommon for them to think they can understand the intricacies of every phenomenon under the sun.

I have to control myself to avoid countering each of their flawed arguments. To my own detriment, I'm not always able to do so. I feel surrounded by arrogance and cognitive bias, and have to silence my better judgment in order to avoid constant conflict.

To be clear, I'm not looking for advice, as I already know the "solution", which is no solution. You can't use reason to fight something that is not motivated by reason. I'm posting to know your stories and maybe find some solace in the knowledge that I'm not alone.

Have you ever had to deal directly with people who grossly inflate their own competence, possibly stretching it to an unrelated field? if so, what's your story?

Hey fellow tilderinos,

I thought it'd be interesting to have a semi-regular discussion where we get into those songs, whether a new find or old standby, where we relate them to specific emotions.

I'd like to keep it pretty general for now and not put too many rules or regulations on how the discussion unfolds (it is a discussion after all) so we start with something more ambiguous: anxious.

So tilderinos what songs do you gravitate towards when you feel anxious or what songs do you feel capture the emotion of anxiousness properly to you?

For instance: Ful Stop by Radiohead really captures what anxiety feels like for me. From the underlying base to the manic cries of Thom Yorke is really is an experience. One or two times I've been on my way home from work and this song pops on and it's almost too much for a drive home after a long shift.

On the flip side, Lion's Mane by Iron and Wine has the ability to calm me down even at my most anxious. It gives me the idea that it isn't always easy but its relatable and everything will calm down and be okay. It's mostly just really soothing to me for whatever reason.

Your turn Tilde. What songs do you associate with the word "anxious?"

I really enjoyed his character in the movie and found his story arc to be way more interesting than the actual movie itself. I think they should remake League of Extraordinary Gentlemen with his Hyde/Jekyll.

Even a follow up film about his character and maybe he tracks down “the mummy” again.

This will probably be controversial, but I disagree with the current password policy. Checking against a list of known broken passwords sounds like a good idea, but that list is only ever going to get bigger. The human factor has to be taken into account. People are going to reuse passwords. So whenever their reused password gets hacked from a less secure site, it's going to add to that list.

Ideally, a password would be unique. Ideally, users should maybe ever use a password manager that generates garbage as a password that no one could hack. An ideal world is different from reality. Specific requirements are going to lead to people needing to write things down. In the past, that was on paper, like Wargames. Now, it's going to lead to people pasting their username and login into text documents for easy reference. That's probably what i'm going to have to do. Was my previous method of reusing passwords safe? No. Will my new method of remembering passwords be safe? Probably not either.

I'm not entirely sure what all the account security is about, either. For my bank, sure, a complex password. I have a lot to lose there. For an account on a glorified message board? There's better ways to establish legitimacy. 4chan, of all places, dealt with this (nod to 2chan), by having users enter a password after their username that got encoded and displayed as part of their username to verify that they were, in fact, the same user.

So the topic for discussion would be, what's the endgame here? Where is the line drawn between usability and security? I may well be on the wrong side of this, but I think it's worth discussing.

Edit: I think there may be some good reasons, evidenced in this reply. I think it was a good discussion none the less, since it wasn't obvious to me and perhaps not to other people.

Edit 2: I'm going to hop off, but I think there's been some good discussion about the matter. As I said in the original post "I may well be on the wrong side of this". I may well be, but I hope I have addressed people well in the comments. Some of my comments may be "worst case" or "devil's advocate" though. I understand the reason for security, as evidenced above, but i'm unsure about the means.

I have a slight struggle that I wonder if anyone else can relate to. I'm a creative "type" in that both my job (scientist) and hobbies (many, over the years) require constant innovation, in addition to the usual labor, to keep them going.

I have a note/journal app where I store my ideas. Sometimes these are ideas with acute utility e.g. an experiment design that I can test out the next day at work or maybe an idea for a paper. Other ideas are what I would consider "highdeas" - insights or thoughts that seem amazing when you're stoned but after you sober up they're kind of nonsense. The former are productive and the latter are non-productive forms of creativity (barring any offshoots of the latter that prove useful later on).

But then sometimes I get idea in-between. Say, an insight into how certain human behaviors are a certain way or maybe a rant on a topic/issue in my lab work that is interesting but not valuable enough to publish or bring up in a formal meeting. My question / discussion topic for you, is, what do you do with these sort of self-ascribed interesting ideas that have no immediate value? One option is to write them out on a forum, as I am currently doing, but I would end up writing all day. Does anyone else keep track of these? Do you schedule a follow-up with these intermediate ideas for future inspiration? I currently use Joplin which is great but I don't think there are any features to stimulate creativity in this manner.

Basically, I'm struggling to arrive to a conclusion on this matter on my own. And in these situations I like discussing the topic with other people so I can see other sides that I have not considered and can submit my arguments for review and see if my logic follows or is faulty.

I apologize in advance for the disorganized ramble format, it's just a very messy subject for me. I guess I could tidy it up better and present it like a mini essay, but it would be somewhat dishonest or misleading to pretend that I have a hold of this horse when I absolutely don't. So, I think the stream of consciousness is a more honest and appropriate –even if messy– approach.

With that said, here it goes:

The way I understand it, the main reason for supporting antinatalism is that there's always pain in life.

There are varying amounts of it, of course, but you have no way of knowing what kind of pain your child will be exposed to. Thus, you're sort of taking a gamble with someone's life. And that, antinatalists say, is immoral.

I used to deeply agree with that sentiment. Now I don't agree with it so much, but I still cannot debunk it. I feel emotionally and irrationally, that it isn't quite right. But, I cannot defend these feelings rationally.

I think, if you're serious about antinatalism, that you are against creating life. Since life always comes with the possibility of pain. And, you cannot just end all the life forms that can feel pain and call it a day; on the contrary: you'd also have to end all the forms of life that cannot feel pain too, since, even though they cannot feel pain, they can create other life forms that can feel pain.

I guess a point could be made to only apply the antinatalist values to humans. Since only we have concepts of morally right and wrong, and animals don't know what they're donig. But we do know what they're doing, and why would you try to prevent other humans from creating life that can suffer but leave other animals able to do it? It's all suffering for innocent creatures, is it not?

I guess we could also imagine a form of life without pain. For example, a future with very advanced technology and medicine, artificial meat, etc. But getting there would mean subjecting a lot of people to a lot of pain. And even in that future, the possibility of pain is still there, which is what makes creating life immoral. It's not just the certainty of pain, but also the possibility of it alone.

So, in the end, the way I see it, being antinatalist means being anti-life. Sure, you can just be an antinatalist to yourself and not impose your values on other people. But if you're consistent with the antinatalist argument, then if it's wrong for you to have kids because they can suffer, it's also wrong for other people and even for animals.

And this doesn't seem right to me. Because, I mean, it's life. And I think ridding the world of life woud be a very sad thing, would it not?

But, again, this is just feelings. If I think about it rationally, the world and the universe are completely indifferent to the existence of life. A world without life, what does it matter? Specially if there's no one there to see it. Nothing makes life inherently better than no life. Since ethics doesn't really exist in the physical world.

It's neither right nor wrong for life to exist. But bringing life into a world of pain does certainly feel wrong from a morality standpoint.

But why is it wrong? We didn't create life. We didn't create pain. The injustice of it all exists not because of us.

But, we do have the power to end that suffering. And if we have the power to end suffering, shouldn't we end suffering? Isn't that what the moral values taught to us say (except for religious communities, I guess)?

You could always say, “well, it's not my fault that life is unfair, and it's not my responsibility to tackle that issue” or “the joy compensates for the pain”. Which might be valid points, but they don't take away the selfishness of having kids, do they? You're just ignoring the issue.

On the other hand, however, there are a lot of people who were born (which is an unfair act), but they aren't mad about it, they don't resent their parents, and they're happy and they wouldn't choose not to have been born. But does this make it okay? I think that it makes it not so bad, but at the end of the day it's still wrong, just “forgivable wrong” if that's even a thing.

Also, isn't it going too far? Applying morality to something so primitive, so abstract, so before morality, something that isn't even human?

But we also say murder, torture and rape are wrong, yet murder, torture and rape have been happening forever since they were first possible, for far longer than we humans have existed. So, how are they any different? If they can be wrong, so can life.

Furthermore, don't we have a right to follow our primitive instincts and reproduce? Allowing someone to “bring a life into a world of pain” is wrong, but so is taking away their right to fulfill their “naturally unjust” life.

I guess, if I was forced to give a conclusion, it would be something along the lines of: Creating life is wrong and selfish, yes. But it's okay because most people don't mind it and it's not really our fault that it exists nor our responsibility to end it. So, tough luck and YOLO?

I'm not too happy about that conclusion but it's the best I can come up with.

And as a corollary: to diminish the unfairness of birth, we should facilitate euthanasia and accept self-check-outs as a fair decision.

So, what do you think?

Is antinatalism right? Is my antinatalism right? Is it wrong? Is mine wrong? Why?

Is creating life fair? Is it not? Is it not but still okay? Why?

A few years ago I got into improving my knowledgebase of personal security - theory and tools - but it didn't go much farther than reinforcing everything with 2FA and setting up a password manager, plus setting up a VPN and full disk encryption.

It seems like we're amidst a rising tide of data breaches due to, IMHO, laziness and cheapness on the part of many companies storing personal data.

So, recently I've embarked on my second journey to improve my own security via habits and software and teaching myself. Privacytools has been a super helpful resource. My main lesson this time is to take ownership/responsibility for my own data. To that end, I have switched to KeyPass with yubikey 2FA (still trying to figure out how to get 2FA with yubi on my android without NFC), moved over to Joplin for my note taking (away from Google and Evernote) and also switched to NextCloud for all of my data storage and synchronization. I'm also de-Googling myself, current due-date is end of March when Inbox is shut down.

So my question / discussion topic here, is, what are everyone's thoughts on the future of practical personal security and privacy? More decentralization and self-hosting? That's what it looks like to me. Blockchain tech would be cool for public objects like news articles, images etc. but from what I understand that has zero implication for anything personal. The other newish tech is PGP signatures, which I'm still having trouble implementing/finding use for, but surely that will change.

There is this topic but that ended up just being about encryption which I think is a no-brainer at this point. I'm more so looking for the leading edge trends.