All posts by SunSaturn

FreeBSD certbot wildcard automatic renewals with bind

certbot, freebsd

As many have experienced, wildcard automatic renewals are not working. Where we used to have “certbot renew” to just take care of everything, that no longer works.

My goal then is to have it work again without touching our current cronjobs so let’s get started.

lets encrypt wildcard instructions

pkg install py37-certbot-dns-rfc2136
tsig-keygen -a HMAC-SHA512 acme-update

add contents to named.conf from above command

EXAMPLE: named.conf

key “acme-update” {
algorithm hmac-sha512;
secret “my long ass secret with double quotes”;
};

//test.com
zone “test.com” {
type master;
file “master/test.com”;
update-policy {
grant “acme-update” name _acme-challenge.test.com TXT;
};
};

pico /usr/local/etc/letsencrypt/rfc2136.ini (add the following for certbot)

dns_rfc2136_server = 5.5.5.5 (PUT YOUR IP ADDRESS)
dns_rfc2136_name = acme-update
dns_rfc2136_secret = mylongasssecret
dns_rfc2136_algorithm = HMAC-SHA512

chmod 600 /usr/local/etc/letsencrypt/rfc2136.ini

certbot certonly –dns-rfc2136 –dns-rfc2136-credentials /usr/local/etc/letsencrypt/rfc2136.ini –server https://acme-v02.api.letsencrypt.org/directory –email admin@test.com –agree-tos –no-eff-email –domain ‘test.com’ –domain ‘*.test.com’

Congratulations, for now on your normal “certbot renew” command in your cronjob will work like it did before.

2021 biggest upgrade year in decades, 5G, HDMI 2.1, PCIE 4.x. Where do I start?

updates

2021 will put everything we currently own in the antique shops! Upgrading our PC’s…

Let us start with HDMI 2.1. This technology is promising 48 gbps! What does this mean? Get ready to throw out all your existing monitors for the new 4k 120fps monitors ASUS currently is releasing. Of course we will need new graphics cards to match our typical 3 27 inch monitor setups on our desk.

What does this all mean? We will need new PCIE 4.x motherboards, CPU, ddr6 memory, Nvme SSD’s and everything else to match! There are currently not enough motherboards out yet, so I would estimate everyone should start their builds fall 2021 or early 2022. An ultimate setup for new build would be CPU with overclocking ability past 5ghz with many cores. Fastest DDR6 memory you can get, high end graphics card to support 3 HDMI 2.1 outs for the 3 27 inch monitors 4k at 120fps+. There is no reason to have a 1080p monitor on your desk anymore, they belong in antique shops as of 2021, especially with ps5 supporting 8k!

What has been the most depressing part about CPU technology is that it has stalled for nearly 2 decades. We should be way beyond 5ghz processors by now at base clock speeds, but industry chose to add more cores/threads instead. If you remember back in 90’s on with our blue screens of death from windows 3.1/windows XP, a lot of that was solved with adding cores to CPU’s. So if you had some process running out of control maxing your CPU out to 100%, then your PC would not freeze anymore.

So why did they only continue with cores only? Well then internet developed into using virtual hosting, things like KVM on redhat/centos, that allowed you to add more operating systems to existing systems without requiring a whole new PC/server. If you had a lot of memory in your system(32 or 64+gig) you could run many different operating systems like Linux, FreeBSD, Windows, Solaris, Irix and many other unix flavors.

But isn’t increasing core speed a good thing? Of course it is, better the core speed, faster the CPU can run return to us to do other things. Transcoding for example requires a high clock speed, IE converting a video stream from one format to another on the fly. The reason we have stalled so much is adding transistors to CPU chips is not an easy task, they can only get so small. GPU’s( graphic card processors) actually are faster, because this CPU industry has stalled so much on increasing clock speeds. Reality is with only INTEL and AMD for competition, there just wasn’t enough competition, we should be at 10ghz base clock speeds by now. We are more likely to see quantum computer chips now before we can expect INTEL or AMD to actually produce a 10ghz chip. Then with invention of smart phones it stalled it even more as we went back in time once again using old school ARM CPU chips to increase battery life in phones instead of developing better battery technology.

5g smart phones

All our pixel 4XL’s down or anyone with a phone not made fall of 2020 on belong in antique shops as of 2021! What is a 5G phone? It’s the next version of cell phone tower technology. We had 3g, 4g, LTE and now 5g. Why would you want to have a phone that is stuck back on 3g technology!

The good thing about 5g, is it will empower self-driving cars, AI, and faster and more reliable internet with our phones. The only case I can make about not upgrading is if you live in a rural area, then don’t bother till 2022 when your phone contract runs out, every phone that year will support it, so the google pixel 6XL should be your first upgrade!

Why do I prefer google Pixels? Longer support, quicker updates, more secure(google makes android, so you really want 2 companies running around your phone, or just google) and if you ever plan on making an android app in your life, that is the phone you need. Have fun learning java! Ohh god back to 90s again! Why don’t we just program them in assembly language already instead of using perl or python lol. Don’t worry, when quantum chips arrive, we will have updated programming languages finally. Programmers can just go to sleep for next 5 years till physicists release a chip with 2000 qubits. Look on bright side, at least you’ll have a ps5 to tide you over along with an 8k TV before that happens.

Laptops with PCIE 4.x, HDMI 2.1 support

These will command a premium price tag, your better off building a desktop off newegg.com/ca with prices they will charge. I would not waste my money on a laptop period without HDMI 2.1 out support to a 4k TV or you would be stuck watching a movie in 1080p in your hotel room, what a disgrace that would be.

These days laptops are fast enough for all your daily needs, to buy new I would wait for graphic cards that support HDMI 2.1 out to 4k TVs so you can watch a good quality movie. They have them right now, but I would wait till they have PCIE 4.x motherboards in them so your future proof for awhile and your SSD’s run blazing fast in them.

Home Living Room Setup

NOTE: I am using ps5 and new xbox releasing late 2020 as minimum test scenarios we need to stay compatible with for upgrading old technology.

This is tricky, the first thing we need before we do any upgrades to our existing living rooms is a receiver capable of HDMI 2.1 that is compatible with latest ps5/xbox etc and supports 6+ HDMI ports. Currently there are only a couple available, costing thousands. I would wait till Black Friday 2021 and look if you can snap one for $350 from bestbuy. Then the upgrades can begin. After buying receiver finally, you should head over to monoprice.com and pickup as many HDMI 2.1 cables as you need. Then we upgrade the TV finally to support latest ps5/xbox specs. As of today’s date there are only 2 models available.

For our television upgrade this is personal choice on size etc. One thing you absolutely need to make sure is that it is ps5 etc compatible. I would say 4k TV would be better choice right now, as the new consoles have lower frame rate on 8k, that is not very good for gaming. Another thing you need to consider is gamer input lag. The lower the gamer input lag, the better the TV will be. This does not mean if you have the money don’t get a 8k TV, I certainly would, I would just play games at 4k on the 8k TV, then I’d still be able to watch movies at 8k whenever they come out plentiful like 4k movies are now.

My recommendation for price/performance/cost factor is largest TV you can get 65+ inches at 4k with ps5 support and 3D support because new avatar movies will be releasing in next few years and 3D only looks good on 65 inch+ TV’s. I prefer 73 inch range. If on a really tight budget just snag a 55 inch 4k TV when you can, but who likes sitting that close!

For non-gamers you won’t have to worry about gamer input lag as much as someone raiding online say in Final Fantasy 14 on ps5, but my advice on getting a large enough TV for new console support with 3D as large as you can stands. For non-gamers the fastest possible Netflix experience you will get will be running netflix etc on ps5/xbox new consoles when they come out late 2020, no other device will match it’s speed, not even your brand new smart TV.

Technology Updates in retrospective

Gamer is a funny term to begin with. In reality all humans are gamers. Your just an extension of your smart phone these days till maybe one day your able to use Elon Musk’s neural link to even come close to be as smart as AI. As much as you may not think you are a gamer, reality is on consoles you get many lives, in real life you only get 1, and one day you will be walking around with virtual reality glasses before you die whether you like it or not, resistance is futile.

If you choose to resist new technologies, you will never be apart of the real resistance team against AI and quantum computers one day, knowledge of underlying technologies in #1 in 2020. Even Bill Gates predicted one day we will all work from home one day in virtual reality, the only resistance currently is governments not wanting to give everyone a universal income, so there will be a sars version 3 4 5 who knows till this happens. With new technologies like CRISPR anyone could release a virus on world anytime they want now. Over next few years we will see governments adopt crypto currencies, currently central banks have it, and a couple countries, and we know central banks control US/CANADA anyways so just a matter of time. I predict USA will adopt it first, they always behind Europe lately, then Canada is so passive they only do things after USA does them, so they will follow suit, just like legalization of marijuana.

What if you are young in your 20s or 30s?

If you are just coming into all this new technology, follow Elon Musk, see where the world is going. Understand physics, understand his projects of Starlink, Neural Link, and what is involved in inhabiting Mars. Project Mars that has been worked on for a very long time, just launched this year and should hit mars by February.

What should you study in school? Physics right now is #1. To put it simply my parents came from industrial age, in this age the baby boomers grew up in an age where they could have worked same job all their life in some store or factory where only 1 income was required to support a family. Industrial age meant women stayed home, men worked, women took care of the kids and a family could survive just off one income, unlike today.

The next stage after industrial age was computer age. This is my age, currently 44 years old. I like this number a lot it was the number of Stephane Richer when the Montreal Canadians won the Stanley Cup πŸ™‚ Anyways since the 90s computers have evolved so much, my generation improved the computer technology greatly, so much in fact that is where you have your smart phones you can’t get off these days.

The age we are currently coming into is called the space age. Your age group. Physics and engineering are #1 right now. As more and more missions go to Mars, quantum computers become a thing, and artificial intelligence will mean everyone works from home one day, as much as governments resist to give people a universal income, rest assured it will happen one day as AI replaces 80% of jobs in next 10 years.

This is a great time to become an engineer. Engineers will always have a job. While my background was computer science from the 90s, if I was currently your age, I would instead be studying physics and getting an engineering degree. You can still pursue computers but do it from the engineering side. Besides their side is much funner you can build robots, all computer scientists can do is build cryptography, I would pick the robot side πŸ™‚ Will give you the base foundation for understanding more about the space age as it becomes relevant to you. I hear Elon Musk even setup a school, explore that idea as well.

But what if I like to help people? One word, “CRISPR”. Study biochemistry and learn CRISPR as soon as you can. Hell even get petri dishes at home and learn from online kits available. This is the future of medicine, if you want to help people, use it for good like curing cancer and not releasing viruses on the world. Word of warning we do not know enough about human body right now to be playing god with CRISPR. For example the inventor of it ended up in jail for 2 years in China for modifying embryos with it so they could never get HIV for example. Here is the problem, we do NOT understand enough about DNA to just randomly snip at DNA. For example if you take CRISPR and modify the DNA strand so you cannot get HIV, you make the person more susceptible to things like diabetes. It’s like you shut one thing off, you accidentally turn another thing on. I don’t think till quantum computers arrive and analyze DNA that we will have a better understanding of it, so be prudent and don’t play God, learn from your teachers and classmates and join mailing lists for researchers.

But you want to do nothing, maybe be a pornstar? Remember no matter how attractive you think you or someone else is, everyone gets old! Relationships are built on trust and having things in common. This should be the basis for everything you do in life. Find a passion and explore it, it takes 10k hours to master anything in life, this is why you need to find it and put the time in. Go game on twitch if you need to, just find that passion, 10k is a lot of hours and you need to put it in somewhere. Trust me time goes by quickly if you find people who share your interest.

Before you leave this world you want to leave something behind that future generations can carry on your work, if you do not do this your life will feel empty all the time. You always want to be accomplishing something that betters humanity, physics/science will give you the basis to do this.

Develop the mentality, “Nothing is impossible, just hasn’t been done yet”. Throughout my programming years, that is all I heard from developers, “That’s impossible”. And the more they thought it was impossible, the more it challenged me to make it possible. I did a lot of late night coding sessions, even slept on some possible algorithms in my head for it before I went to bed and woke up with the answer, then implemented it and proved everyone wrong. Nothing is impossible, its terminology for lazy people unwilling to do any research or testing. The key is to know every possible human available tool for it and try them in different ways. Don’t be afraid to fail, I needed to fail 100 times at everything I tried at first to finally have something that worked, never give up! Sure give up on bad partners or people from non-science fields, but never give up on science! There is always a way!

Remember to always be nice to non-science people, by transitive property people fear what they do not understand. Don’t spend a lot of your time hanging around non-science people because you’ll waste so much time on their fears and conspiracy theories, let someone do it who is bored πŸ™‚ Get on IRC, mailing lists, and talk to people smarter than you always or you will never learn anything. If your having creativity issues, go teach at the university for awhile then return to your field later, students can teach you a lot and give you your passion for field back. I think the saying, “Those who can, do; those who can’t, teach” only applies to Arts people anyways, cause you can get research grants and further research when you get your creative itch back.

If you ever get a chance to run a business, the right business partner is key. I must have ran 5 different companies in my life, the right partner is the hardest thing to find. You need to find someone who has all your weaknesses as their strengths, maybe that’s marketing, sales, accounting, programming, taking a company public on stock market or whatever, you can’t do it all! My average was I found one good partner every 3 tries. Treat your partner with utmost trust, have mentality you want to have exact same money as them and be sipping martinis with them in Caribbean one day. Never do anything without integrity when running a company or skim off the top, your only hurting your partner and you sharing that martini! You will never find him/her first try, you have to understand your weaknesses and personalities well first.

Treat your sales team like gold, they pay your programmers their wages, take their families out on trips, make it fun, that is your blood line! You will suffer mental collapse many times and feel like throwing in the towel, that is the time to push harder to succeed. The difference between people who succeed and fail is the ones that pushed through it when it happens. I do not wish a startup on anyone, its mentally exhausting, I suffered programmer burnout many times doing this, remember balance is key. Have a whiteboard and draw out ideas, it helps to keep things in perspective.

My goal is not to dis-encourage you to running a company. There are many positives. You will learn so much about how valuable inter personal relationships are, you will become very wise on how to deal with people, merchant accounts, marketing, sales, programming, or whatever your strengths are. Just have a marketing plan upfront, no product is worth anything if no one knows about it, so if one of your strengths is not internet marketing, find a partner.

When I started out first time in my 20s, I was weak at sales, lacked people skills, weak at marketing. I was strong at programming, and technical side of things, but it wasn’t enough skillset. So I then became stronger at marketing, and people skills. Now with a strong tech background, people skills and marketing abilities, I was able to get a partner with good people skills and strong sales skills. That partnership worked really well, I focused more time programming for marketing purposes, and my partner would close the deals as sales just wasn’t my thing. It was a beautiful partner ship and we complemented each others strengths and weaknesses perfectly. I developed enough people skills I could talk tech in terms people understood, I was contributing on marketing, and that helped my partner close sales. That’s how you do it, the motivation from each other is what keeps things going, and that my friend is why finding right partner is important.

The coolest part about it is it’s the only job in the world where you want to make yourself dispensable, so you can run off and open other companies down the road πŸ™‚ Put the programming time in , build it and they will come πŸ™‚ Or if your on other end, find a programmer and support them contributing ideas.

On a funny note: when I was in university, science students would run over to Arts faculties wearing shirts that said, “Friends don’t let friends take Arts”. I hope this make sense to you one day…(Would you rather marry a doctor or lawyer? Would you like to have a BA and work at a gas station?)

Always remember, intelligent people talk about ideas, others talk about other people constantly. Use this knowledge to help you pick a good partner one day, don’t stress yourself out with people where you feel you need to defend yourself all the time. Stress will kill you faster than anything on this planet.

Good Luck,

Dan@SunSaturn

FreeBSD 12.1 + Alpine with GPG

alpine, email, encryption, freebsd, gpg

Intro:
I decided to install GPG on FreeBSD with alpine. What does this do? It’s the old days, using pgp to encrypt your email before sending. This is a howto so everyone can start encrypting their emails. Why do it? Back in the 90s when I was sitting in computer science class it was common courtesy and etiquette to always provide people with your PGP key when sending emails. So by not providing people with your PGP key, it’s considered disrespectful among the computer professionals. This is a tribute to my old classmates Isaac Eaglestone and Jason Barlow, I wish I could find them again. Especially Isaac who would bitch me out every other day for not using it πŸ™‚ To be fair it was a headache to get anything working back then with an email client, considering all we had to work with was Slackware Linux back then, so I decided let’s go through FreeBSD, pull our hair out fixing any errors that pop up and let’s get a reliable Alpine + GPG setup going!

Can this stop quantum computers?

By now we all know Shor’s algorithm is set to break all asymmetric encryption. So what we will do is use best encryption we can with GPG using symmetric encryption, GPG supports AES256, so we will use that along with using RSA for compatibility. For all said purposes we will use the strongest that makes sense and stay compatible with other people’s keys as well.

Why use alpine?

If you ssh into systems on a regular basis, it makes no sense to download your email to an insecure device at home. If your using openvpn to download over VPN to a client such as Kmail to your Google Pixel Phone, it should be ok. What makes a phone insecure is trusting to many app developers. FaceBook for instance has been known to go behind people’s backs and upload your contacts to their servers. FaceBook also owns whatsapp. If you want to keep your phone secure, don’t put these on your phone.

FreeBSD Prerequisites: PART 1

Firstly I prefer using alpine with Postfix and Maildir support, since the Maildir patch is not available with standard pkg system. Off to the ports we go:

Let’s install alpine from ports, lock it from package manager updating it, install alpine gpg addon from pkg system, and see what directories it used for installing it.

cd /usr/ports/mail/alpine
make config #(Select Maildir patch)
make
make install
pkg lock alpine
pkg install ez-pine-gpg 
pkg list ez-pine-gpg

(Assuming your using bash for your shell and nano for your editor)
Next we want to get rid of any “pinentry” errors that may come up, the first problem I ran into, the following will solve it next login:

alias pico='nano -w'
pico ~/.bash_profile #(add the following next line,save and exit)
export GPG_TTY=$(tty)

At this point at least run alpine once to get your .pinerc created if its not already, then let’s open .pinerc and REPLACE display-filters and sending-filters with the following:

# This variable takes a list of programs that message text is piped into
# after MIME decoding, prior to display.
display-filters=_BEGINNING("-----BEGIN PGP")_ /usr/local/bin/ez-pine-gpg-incoming

# This defines a program that message text is piped into before MIME
# encoding, prior to sending
sending-filters=/usr/local/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_,
        /usr/local/bin/ez-pine-gpg-encrypt _RECIPIENTS_,
        /usr/local/bin/ez-pine-gpg-symmetric _RECIPIENTS_,
        /usr/local/bin/ez-pine-gpg-sign _INCLUDEALLHDRS_

Alright we are getting closer, now we want to actually create our gpg key if you don’t have one already, now we run into the ssh X11 forwarding headache if you have it enabled when you su to another user, so to make sure we have no issues ssh to localhost as that user without X manually so we don’t get any end of file errors creating our brand new key. This generally happens because when you su to another user, the tty is still owned by user who logged in on tty device and permissions are generally 600 on it. You can get around it by chowning the tty device or using tmux, but honestly why go through the trouble, just ssh as user you want to create the key with:

ssh -x localhost #(disable X forwarding for this user)
gpg --full-generate-key

Enable encrypted swap space if you have newer hardware and your CPU supports AES-NI, here is a quick test:

swapoff -a
kldload -n aesni
swapon -a
dmesg #this should show if CPU supports it or not

If above is supported, put aesni_load=”YES” in /boot/loader.conf and append the “.eli” suffix to all swap devices. Enjoy your encrypted swap space.

Ok now let’s create our gpg.conf file, so we can remove unsecure memory errors if you don’t have secure memory space and set some defaults for encryption. You remembered to run gpg at least once so ~/.gnupg directory got created right? Just type in random crap and hit CTRL-D.

pico ~/.gnupg/gpg.conf #add following to the file, save and exit:
no-secmem-warning
cipher-algo AES256
personal-cipher-preferences AES256 AES192 AES CAST5
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
cert-digest-algo SHA512
s2k-digest-algo SHA512
s2k-cipher-algo AES256
keyid-format 0xlong
with-fingerprint
use-agent
charset utf-8

Now let’s edit our keyserver daemon’s config file, this always goes through tor, so unless you want to be waiting 30 seconds for it to timeout all the time, just install tor! Yes, you could just set option for it not to use tor, but only thing that is going to do is make it start faster, after process forks it will try tor anyways, so trust me save yourself the hours of headache and just install tor so your not always waiting on dirmngr to timeout using tor, unless of course you enjoy sitting there waiting 30+ seconds for a simple command like gpg –search-key <KEYID>. This dirmngr.conf file and daemon is only used when dealing with public internet keyservers.

There is nothing wrong with using Tor, just as long as you aren’t an exit node, if you can run one awesome! Is Tor secure? Absolutely not, NSA pulled 2 people out of DefCon conference when 2 researchers from university found a way to exploit TLS in there, then they have been in talks with source code developers of Tor as well. If that is not enough they are known to run honeypots all over the system. If you want secure, your best to run a VPN, then run that through Tor. Personally I think of having Tor on my system just like enabling IPV6 on it, just another network I can talk to. For our purposes we are going to use it just so dirmngr doesn’t piss us off πŸ™‚ Besides we can just do “service tor stop” anytime we not talking to a keyserver if we like.

pico ~/.gnupg/dirmngr.conf #add following to the file, save and exit:
keyserver hkps://keys.openpgp.org

#now setup Tor if you haven't already
pkg install tor
pico /etc/rc.conf  #add the following, save and exit
tor_enable="YES"

#I am not going through configuring tor in this article, at least go into
#/usr/local/etc/tor and configure torrc and torsocks.conf so port 9050 is #working, just make sure your not running an exit node!

service start tor  #start tor

Now you may be asking why I am using keys.openpgp.org instead of sks key servers. The reason is simple, there is a DOS attack that has been known for decades that still works on all internet key servers. The DOS is quite simple, sign someone’s key 150k+ times and upload it to keyserver effectively destroying their gpg installation once they refresh their keys. The key server I have picked for us today, is only one on internet as of this date that at least attempts to mitigate this attack. So do yourself a favor and use it! As of recent versions of gpg all keyserver lines go in this file now,  not gpg.conf anymore.  As of this date I am using version 2.2.21.

Great now let’s get on with the real stuff, playing with gpg itself. First we want to generate our key. I suggest leaving things at defaults, but you can set RSA key to 4096, there really not much security between 2048, maybe 40 bits, according to gpg website, trade off in performance not really worth it.

I am saying use defaults just to be compatible with other people, in future what we really want to do is just replace RSA with elliptical curve bitcoin uses by selecting secp256k1 in expert mode down the road. (ie: selecting 10 and 9 with next command) Let’s not do that now. We still using AES256, even with quantum computers with 4096 qubits would only knock that down to AES128, by time they have that 1 million qubit computer hopefully the quantum algorithm is out. Pick a good password! With today’s technology they can brute force 2.8 billion tries a day, that is enough to try every lower case character a-z of a 10 character password in one day! Mix it up with upper case, numbers, special characters and use 4 words if you can!

Back in 90s, I used sentences with pgp, then I always forgot what it was cause I wasn’t using it that frequently like a password you would use to login with email or ssh, so keep it to something you can remember!

gpg --full-generate-key --expert #generate our key!

You will notice it put a revocation certificate in: ~/.gnupg/openpgp-revocs.d/
You will need this to revoke your key down the road if you loose it.

Ok at this point go test it, go into alpine, send an email to yourself, hit CTRL-x like usual to send, but before typing “Y” to send, hit CTRL-p instead to scroll through sending filters, select something like sign and encrypt, then hit “Y” to send.

If all goes well, you should get prompted for your password, gpg-agent will then store this password in shared memory for a set amount of time, which you can actually specify for how long in config file, or until server is rebooted or gpg-agent is killed and restarted. You’ll notice in “ps aux” every time you deal with gpg in anyway, that gpg-agent is running.

This is how gpg works. Try thinking gpg as a key-ring management tool. Everytime we use gpg we are mostly just a client talking to that gpg-agent server process running. We can list keys in there, tell it to remember our password in shared memory for X amount of time, sign things, encrypt and de-crypt files and much more. So now just sending email to our self is not very useful.

At this point I want you to add another user to your system, I want you to repeat all these steps and do it for this second user. Send email to itself, and when you got that working and ready to send to each other, let’s continue… Remember when using su – $USER you cannot create a key if he does not have his own tty, make sure to ssh -x $USER@localhost so he get his own tty so you have no issues!

PART 2 – Actually working with GPG (our key manager)

OK if you made it this far, congratulations! The hard part is done! You completed the setup! Give yourself a pat on the back. Only things we are going to do now is play with gpg command itself, that’s about it and learn what cool things we can do with it.

Let’s start off by continuing where we left off, I told you to create another user on system and setup his .gnupg directory. So at this point let’s send our practice emails to that user back and forth.

First Step: Let’s export our public keys for each of these accounts:

cd /tmp
gpg --armor --output user1@example.com.public-key.gpg --export user1@example.com
#now for other user:
cd /tmp
gpg --armor --output user2@example.com.public-key.gpg --export user2@example.com
#I like to keep copies of these in my .gnupg directory so let's do that
#for each user do following:
cd ~/.gnupg
cp /tmp/user1@example.com.public-key.gpg .
cp /tmp/user2@example.com.public-key.gpg .
#now for user1:
gpg --import user2@example.com.public-key.gpg
gpg --sign-key user2@example.com
#now for user2:
gpg --import user1@example.com.public-key.gpg
gpg --sign-key user1@example.com

Ok great, what we did was import the key, then signed the keys for each user because we trust them. Great now jump in alpine on each user and send emails back and forth with the CTRL-p filters. Play with it for a bit, you will notice gpg-agent daemon starts asking you for your password. Pinentry program runs here to ask for it, which is

sunsaturn:~/.gnupg # ls -al /usr/local/bin/pinentry
lrwxr-xr-x 1 root wheel 12 Oct 11  2019 /usr/local/bin/pinentry -> pinentry-tty
sunsaturn:~/.gnupg #

gpg-agent keeps your password in shared memory approx 2 hours, unless you change that in config file or you restart gpg-agent. You can kill gpg-agent and dirmngr daemons anytime you want with “gpgconf –kill all”. Or the old school reliable way of “ps aux” “kill -9 <pid1> <pid2>”

Wonderful you have done it! But wait we probably want to submit our key for at least ourselves to the internet keyservers! We don’t have to but it would be nice if we could link our email address to a PGP key on internet so people could find us easily.

Ok what we will do is submit our key to SKS keyservers as well as our default openpgp key server. Then we will add our key to our .signature file in alpine so whole world now knows we have a PGP key. We will even put a copy of our public PGP in our .signature file so people can grab it anytime through a website, sound cool? Great let’s do it…

 

gpg --list-keys #let's start by listing the keys and find our 

pub   rsa2048/0xFF6F49977311C386 2020-07-17 [SC]
      Key fingerprint = A1A7 6E84 FB0B 8994 C3B5  A1BA FF6F 4997 7311 C386
uid                   [ultimate] Dan The Man (Dan @ SunSaturn)

For example above here is my key, my <KEYID> is the numbers/letters after the pub rsa2048/0x string. So here my <KEYID> is FF6F49977311C386. The reason we have 0x in front of it is because in our gpg.conf file we have “keyid-format 0xlong”. It’s just to prevent problems really, had I done just “keyid-format long” then it would not have the “0x” in front of it. Also you can see the fingerprint of my public key. So since we are using 0xlong I can use 0xFF6F49977311C386 as my <KEYID> here.

Alright let’s submit our key to keys.openpgp.org, since that is in our dirmngr.conf file as the keyserver that is what we will default to.

gpg --send-key 0xFF6F49977311C386     #use your KEYID!
gpg --search-key 0xFF6F49977311C386   #use your KEYID!

Great if all went well we submitted our key to keys.opengpg.org and then searched it and got it back. Now wouldn’t it be cool to search by our email address instead? Go in your browser now to : https://keys.openpgp.org follow instructions in your email and this site to verify your email address so people can search for your key by your email address. Once you are done that awesome let’s see if it worked: 

gpg --search-key user@domain.com #use your email now!
gpg: data source: https://keys.openpgp.org:443
(1) Dan The Man (Dan @ SunSaturn) 
2048 bit RSA key 0xFF6F49977311C386, created: 2020-07-17

Good job, now let’s submit our key to SKS servers as well:

gpg --send-key --keyserver pool.sks-keyservers.net 0xFF6F49977311C386
gpg --search-key 0xFF6F49977311C386 #use your KEYID for both!
gpg --search-key user@domain.com    #use email to if you like

Now you have to realize pool.sks-keyservers.net is a pool of addresses, it may take time for them all to sync, if you ran command “host -t A pool.sks-keyservers.net”, you can see IP address is going to rotate each time, but if you ran those 2 commands above quickly you may have gotten same IP address twice and it successfully searched the key. Don’t worry about this, check back in in 24 hours. One good thing is we don’t have to do any email verification checks to list our key on SKS servers, so we are done. For a list of pools visit : https://sks-keyservers.net/overview-of-pools.php

Almost there, last thing we want to do is tell the world in our .signature file on alpine we are able to use PGP/GPG if people wish to add our public key to their keyring to encrypt emails/files to us. For that we want our public key on our website somewhere, and we want our fingerprint for the file so we can include that for people so they know it was not tampered with.

gpg --armor --output /path/to/website/root/pgp.txt --export user@example.com
gpg --list-keys

In first command above we exported our public key to directory of our website, or just copy pgp.txt to your website on another server if needed. In the second command we looking for “Key fingerprint” line so in my case:

gpg --list-keys
pub rsa2048/0xFF6F49977311C386 2020-07-17 [SC]
Key fingerprint = A1A7 6E84 FB0B 8994 C3B5 A1BA FF6F 4997 7311 C386

My fingerprint is “A1A7 6E84 FB0B 8994 C3B5 A1BA FF6F 4997 7311 C386”. By putting a link to pgp.txt file and giving them this fingerprint in .signature file this gives people 3 ways now they can find us. Through openpgp keyserver, through SKS keyservers, and also our emails. So let’s edit our .signature:

pico ~/.signature #add something as follows:
PGP Key: https://SunSaturn.com/pgp.txt
A1A7 6E84 FB0B 8994 C3B5 A1BA FF6F 4997 7311 C386

For reference here is my .signature with my email address/phone number removed for this blog, obviously put your pgp.txt and fingerprint ID in it’s place πŸ™‚


Dan The Man
CEO & Founder
Websites, Domains and Everything else
PGP Key: https://SunSaturn.com/pgp.txt
A1A7 6E84 FB0B 8994 C3B5 A1BA FF6F 4997 7311 C386

That’s it we are done! Congratulations for doing the entire setup! For now on all you will ever have to do is remember to hit CTRL-p to send with PGP/GPG and your password. I hope to god you can remember your password. Place a file somewhere giving you hints what it is if needed.

Closing Thoughts:

Keep your private key secure. We all know by now intelligence agencies store encrypted data to save at a later date when technology gets better to decrypt. That being said your emails should be fine until they have quantum computers with millions of qubits. If your really paranoid, create an advanced key with elliptic curves from this setup, it just won’t be compatible with most people at this point for anyone running older versions of gpg. For any important files you need to encrypt, always use the best you can. When quantum algorithms come out, unencrypt your files, then encrypt them again with newest standard. If your key ever becomes compromised revoke the keys on both keyservers we submitted to and go through creating new key again. You can also do a shared password between the both of you using one of the sending filters, cool right?

If you have really sensitive information to send someone, both of you agree to access the file over a vpn/ssh connection to download the PGP file. Gives you a double later of protection. Even better yet, ssh over a VPN connection for a third layer πŸ™‚ Someone storing encrypted data would have to break your VPN key, your SSH key and then your PGP key, you’ll most likely be dead by then, should be good πŸ™‚ For advanced users: create a cronjob that switches your vpn key and ssh secret/public keys at regular intervals, ultimate protection. Store your encrypted files in an encrypted filesystem preferably on an SSD with many layers of 4 or more like QLC with trim support, more layers there are, harder it is for forensics teams to grab deleted data, they will give up. Personally I don’t have any sensitive data, but if I did those are avenues I would use. For me I use VPN’s for what they were made for, accessing internal machines on remote servers like I was there.

Encrypt files: (create files with .gpg ending)

#have a friends public key imported? 
#this method you cannot decrypt .gpg file after
#only his secret key can
gpg --encrypt --recipient myfriend@gmail.com myfile.txt
ls -al myfile.txt* #decide what to do with myfile.txt
#even better way, encrypt with yours and your friends secret keys
#this way you can both decrypt myfile.txt.gpg
gpg --encrypt --recipient myemail@domain.com --recipient myfriend@gmail.com myfile.txt
rm -f myfile.txt #send him myfile.txt.gpg
#or share same password between you both
gpg --symmetric myfile.txt
rm -f myfile.txt #send him myfile.txt.gpg

Decrypt file:

gpg -d myfile.txt.gpg > myfile.txt

Enjoy your new setup!

Dan.

Updates 2020- PART 1

quantum computing, Social Media, updates

Introduction

I think I’m about due for an update as it is SunSaturn’s 15 year anniversary since it was first created. HAPPY BIRTHDAY SUNSATURN! I personally took a lot of time last 5 years soul searching, but in end I’ve decided SunSaturn is way to go. I think SunSaturn will be now taking a new approach in 2020 offering hosting, VPN service as well as a few new services by the end of 2022. I have a lot of catching up to do! World has changed a lot now, 2020 marks the era of 5G networks, artificial intelligence, smart homes, robots, drones, flying cars(300k for one! Time to get pilots license to fly to my brothers place!), virtual reality, star link internet from Elon Musk, and every country in world will soon be implementing their own digital currencies like Bitcoin! Ok that is a very long list, so lets break down each one shall we and see where people should be focusing on for 2021 and 2022!

Quantum computers and new encryption

In previous article I talked a lot about Shor’s Algorithm being able to break all current encryption. So what has been done about it? Only thing they could of course, increased the bits in encryption keys. Will it help? Not if someone builds a 1 million qubit computer like a company is currently promising by 2022 for US Government. They are coming up with a quantum resistant algorithm now, so in mean time best bet is still to use symmetric encryption. Algorithms like AES512 should be fine, backed up with elliptical curve instead of RSA/DSA routines.

What about email? World has now moved to open source project GNUPG, so if you haven’t already, setup gpg for your email client and submit your public key to internet servers. This will be first step in order to do anything for 2021/2022, so I will write a separate article on this alone how I implement it as it is way to in-depth to setup something like that for first time. But rest assured once it is setup, people will finally take you seriously on the internet if you can sign your own emails.It’s important! Plus as an added bonus, GPG finally supports elliptic curves, so you may actually learn a thing or two about how Bitcoin works in the process!

5G networks and virtual reality

Here we go, what everyone truly wants to know about. All the 5G propaganda during the COVID-19 where people thought it caused it and started burning town 5G towers over it even, completely hilarious. 5G does NOT hurt you in any way or cause COVID lol. The old saying is people fear what they do not understand, rest assured, it was complete nonsense.

Think of 5G like when we went from 3G then to 4G then to LTE. What they are doing is just paying for another spectrum to use so they can offer faster internet in BIG CITIES. Yes, generally it will only be offered in BIG CITIES, because this new spectrum has limited range. Think of how your router at home was once A,B or N then went to AC. We sure get good range on 2.4ghz routers at home, but when we close to the 5ghz connection it is way faster(ie transferring a 8 gig movie to your phone from computer on your home network).

What about people not in big cities? This is where Elon Musk comes in with Star Link. If you have looked up in sky at all in last year you might have seen them. Satellites 500km above the earth that promise to offer high speed internet to rural people. Star Link cannot provide to big cities, because it would flood the bandwidth available. So if your in an urban setting, look for fiber or 5G networks.

The PROS of 5G: virtual reality will become a thing! Google has acquired a new google glass company, perhaps glasses won’t be $1500, how they flopped last time, other companies have them for $1000, but that price tag will eventually come down. Google needs to take a hit on glasses for developers worldwide, because if developers all over the world don’t own a pair, there is no point in offering them to public with nothing built for them, google can’t do this alone, needs worldwide developer support. So google, offer them to developers world wide for $300, then sell to general public for 1k down the road!

Self-driving cars will become a thing, as well as drones flying around cities. These are 2 things that would absolutely need 5G to be effective. Another PRO is cell phone companies may compete for your home internet business, giving you more options for internet in the city. Yes, this means all our phones should be placed in antique shop currently. Yes, even my Google Pixel 4XL belongs there within 2 years as they only making phones with 5G chips now. If you live in rural area, no big rush.

The CONS of 5G: Government control of course. Before the pandemic happened protesters in the UK were already upset with facial recognition and painting their faces. I will say this again and again, stop putting your pictures on FACEBOOK and STOP USING IT! Everyone knows by now NSA has backdoor access to all your pictures on there, they will use them to facial ID you. Has Edward Snowden still not gotten through to everyone? He had to become a fugitive of the USA because he cared enough about you to let you know what was happening and your still not listening to him?

Artificial intelligence is here, if you need to post your picture/data publicly all the time, use SnapChat or Signal. For love of god just put them anywhere where company won’t share your data to be thrown in an AI database! They should be paying you to share your data, your just giving them free data to feed their artificial intelligence programs and not giving you a cent! If you absolutely need to use Facebook, run your pictures through an image manipulation program first to throw off their AI. If they give you money, then maybe consider submitting your unedited pictures. Click like on things you hate, dislike on things you love, screw them right up. Post messages encrypted if you can, and give your friends the keys to unlock your messages, this is how internet was meant to be! If google started sharing your data, we wouldn’t buy android anymore. We shouldn’t even be using our real names on the internet, internet was made for freedom of speech and that is why anonymity was needed in first place, people will fight with their last dying breath to protect that. In the future governments will be crying otherwise, as artificial intelligence programs begin talking with each other, and they have no way to stop it after. Programmers control the internet, not governments, always remember that.

Social Media Internet Draft Proposal

I propose an internet draft for social media, where everyone has 2 copies of their own blockchain they created, one for public keys and storage of media, and the other for private keys to decrypt each message on public chain. I propose every post be encrypted with a new key.I propose a new algorithm where on unix servers we have permissions such as :

-rwxrwxrwx   1 dan  dan    380 Jul 16 04:05 file.conf

That at any time a given owner can allow Owner Group or Others to have access to a given post. Service providers such as FaceBook, Google if forced to remove a post can set the “Other” “rwx”(read,write,execute) flags off and only be able to see the message if owner does in fact set the “Other” bit flags. The “Group” flag can be set to everyone in their circle of friends to be viewed by encrypting post with each of their friends public keys. If “Group” flag was removed from said post, then owner with their secret key could remove friends public keys from post, but also a mechanism to add keys back if “Group” flag was set again.

The idea here, is social media providers may not view posts if only group and owner flags set, as we have seen how destructive internet becomes when that happens and the many privacy breeches of normal users. Governments back-doors into these systems as well as companies profiting putting users data in their artificial intelligence programs. The providers may continue profiting on ads beside each post, but may no longer retain data on/of normal users. I also propose mechanism in place where any photos posted online, users have option of tossing them through a program to mangle the bits in the image enough to take AI facial recognition capabilities away.

The Social Media companies MUST use a decentralized blockchain to pull in data, normal users would be able to feed data into providers decentralized blockchain with users public blockchain with appropriate bits set. This is important otherwise providers could read and steal the said data. Terms of Service must be in place where they do not store the data when the “Other” bit is set. Social media companies could compete to mine blocks with other miners or join a mining pool. I propose mining should be done on IP addresses connected for longest amount of time, mine a block, then they get thrown to bottom of list, so everyone in the world can have a part of the mining process. This ensures if said provider abandons the chain, another one could start up in its place with all data in tact. We would say encrypt next block in chain with next X amount of IP addresses that have been there the longest hosting the chain. I propose the block chain itself be split into A-Z, a-z, 0-9(8 char usernames) for anonymous usernames. This allows miners to only host a part of the data for rewards, as storage may become expensive to hold to big of a blockchain.

As world currently stands, block-chains are worthless unless they contain data that people feel is valuable, allowing investors to invest in them. The exception being Bitcoin itself, the grandfather of digital currency set to be the new Gold if any government digital currencies fail. IF a social media company did a nice interface to a social media block-chain, investors have a digital currency to invest in that is worthwhile. It is then not just a bunch of useless numbers, but actual data that they could download to mine blocks or day trade. It then has a purpose, not just a bunch of numbers and a promise for a company to do well. Prices on crypto currency then would reflect size of blockchain, current price of storage medium, and cost of hardware to pull queries from that storage. This is a long-term solution to this problem in the world.

What will make people switch to government digital currencies in the long-term will be exactly that, more people they have in their country, bigger blockchain(s) will be, making them more valuable to investors. So think USD and China. If someone was actually able to crack an address on the said blockchain, everything from social security numbers to passports could be exposed, thus why it would have so much value in the future. This of course could be protected by governments by forcing end users to do a password change every month by giving them a new one and re-encrypting that block on chain keeping chain brute force proof from its own employees.

What is discerning about governments having centralized block-chains, is let’s say you have a million dollars, they could essentially just break the chain like it never existed. That is why regulations must be in place through central banks. IF they are able to simply reverse transactions on blockchain, the blockchain will have less value to investors on the exchanges, as was the case with Ethereum. Currently central banks are using digital currency, as well as Russia and a few other countries, so it’s just a matter of time before mastercard and visa are on the chain making this a reality. They are already hiring block-chain developers as we speak.

Profit: Social media companies after establishing a block-chain could in fact profit more with this model. Users are not afraid to use their systems, providers are no longer afraid of governments. Providers have more user retention instead of running to every competitor every time their is a security breach. Providers could apply for ICO with cryptocurrency exchanges, have shares in the digital currency, and offer users that cryptocurrency in exchange for another digital currency through current exchange rates at crypto currency providers such as Binance.

This is enough for Part 1, until next time….

Dan.

Quantum technology, artificial intelligence and privacy

artificial intelligence, quantum computing

Today I would like to talk to you about what is going to happen in next few years and direction world is going to go. To start off with quantum computers will arrive. With INTEL submitting their first 16 qubit chip to research lab in Europe a few weeks ago from time of this writing, technology is near. Quantum chips won’t replace traditional chips think of them more like an add-on like a graphics card. Example: people use graphics card for artificial intelligence as they are faster than normal CPU’s so instead people use GPU’s and when quantum computers arrive they will use quantum instead. There are still difficulties in technology with it requiring a set temperature to operate efficiently when they can overcome that, then perhaps we can have a 50 qubit chip, at 50 qubits it could finally challenge traditional chips. Although places like D-Wave etc have 2000 qubit implementations, they are WAY to big for a normal user!

 

Quantum computers when they arrive will pose a lot of new challenges with technology today. First of lets talk about the pros: encryption will be better, medical research will be way better, artificial intelligence will be able to take on tasks they could not before, number crunching and data prediction in general will be faster and more feasible, your toilet will speak to you letting you know how to change your diet before you get a disease! The cons: where there is power it is always abused: while we submit our DNA to health agencies, governments will steal that for their own purposes, stock markets will collapse till code on exchanges are rewritten to delay buying and selling of stocks to create fair market advantage again, big companies like Facebook and Google will control AI for the most part and that will starve off competition. To create fair competition for AI, all researchers need all the data google and Facebook have to train programs.

 

Protecting yourself in a quantum world. When browsing the internet whenever possible use the Tor Browser. This will protect you against Google etc being able to record everything you search for. Artificial intelligence exists for image recognition, speech recognition, tone recognition, and a lot of difference technologies. In the future to protect yourself against them using AI against you, never put a picture of yourself on any of these sites. After all we have no problems in them detecting images of cats and what not, but having a camera on street one day be able to recognize you because you uploaded your picture to Facebook or Google is not a good idea. Currently image recognition is only good at detecting for about 10 years because of the aging process, this is why drivers license wants a new photo before that, typically every 5 years. Technology with GPS has advanced to pinpoint you very accurately with smart phones. Companies like Google etc can trace you by everywhere you bring your smartphone, in fact they have made it so you cannot pull battery out anymore on all recent phones, just shutting the phone off is not enough. One solution is to install Fake GPS app so you can always appear from Christmas Island and only disable it when you need it. Another issue is credit card companies showing all your purchases, embrace crypto-currencies for their anonymity. After all the purpose in crypto-currencies is to put these credit card companies out of business in first place as they having been ripping off businesses for years with transaction fees and passing on the cost to you, its time you fought back against them as well to keep more money in your pocket. While its not possible to remain completely anonymous, ie: your drivers license and passport pictures, doing your best to protect your privacy beyond that is left as an exercise to the reader.

 

Enhancing AI the safe way is easier said than done. One solution would be for example to create a free dating website for people where they can remain anonymous with their real names, however researchers could pull all characteristic data into their AI programs for training. Social media site the same thing, allow people to remain anonymous. Facebook unfortunately if not knowing your real name will go behind your back and ask friends on your list for real identifiable information, so your not safe period associating your pictures with this company, also history has shown them in bed with the NSA. Essentially what Facebook is is a FBI database for the public and your just adding to it for them. So keep posts away from things like what you go to everyday, or to much of your likes or dislikes, remain neutral on everything by not clicking like on anything. Another solution could be opening an account where noone knows you originally under your real identity and keep family and friends to other apps that don’t invade your privacy and use encryption with a respected trustable company. Facebook info on you is viewable on you by anyone in position of authority with or without your consent, they have backdoors to the system to view anyone, keep this in mind especially when crossing borders.

 

AI research after all is about things like taking someones foot size and matching it with another characteristic to say determine if person is male or female. Never should it reach a point of knowing real names and addresses of people, this is a safety concern and a privacy concern everyone should be fighting against. When people say they don’t fear surveillance because they have nothing to hide, Edward Snowden says he tells them: “Arguing that you don’t care about privacy because you have nothing to hide is like arguing that you don’t care about free speech because you have nothing to say.” Words of wisdom.

 

Also the legal system is flawed in general, all it takes is hearsay to put anybody away without any scientific evidence. All it takes is a few people to collaborate their stories on a lie about someone at a trial to put innocent people away. You can see why you should fight for your privacy, less info people have on you, less believable people will be.

 

Until next time,

SunSaturn

SSL certificates + yoga quote of the day

updates

SSL certificates where installed Friday, all is working perfectly now.
Like to leave everyone with a wonderful quote:

What if our religion was each other
If our practice was our life
If prayer, our words
What if the temple was the Earth
If forests were our church
If holy waterβ€”the rivers, lakes, and ocean
What if meditation was our relationships
If the teacher was life
If wisdom was self-knowledge
If love was the center of our being.” ~ Ganga White

Dan.

SSL certificate

updates

Looks like another 2 years has passed and time to renew SSL certificate for SunSaturn. I expect to have expired SSL certificate replaced within 2 weeks, for now just use something like Firefox where it is easy to add exception to site to access billing and CPANEL easily.

Dan.

Quantum Computers and Encryption

encryption, quantum computing

I should make a note on quantum mechanics and encryption to people having come from a computer science background. You really believe encrypting your data is safe? Read on…All numbers stored in a computer are 0’s and 1’s. This has traditionally meant on and off in electronics. In assembly language or binary, here is what a byte really looks like 0000 1111. It is 8 bits, so there are in essence 2 to the power of 8= 256 possible combinations in a byte, each of those bits can be 1 or 0. Encryption for today is based on an old math concept you may remember from school. A prime number has exactly two factors, 1 and itself. Any number can be written as a product of prime numbers. If you multiply two large prime numbers, you get a huge non-prime number with only two (large) prime factors. So concept of today’s encryption is it will be REALLY hard for a computer to figure out the 2 prime numbers when a large number is involved. Here is problem with this encryption: with quantum computing, there are 2 concepts called superposition and entanglement. Entanglement you can think of as 2 objects in space and time can be in same place at same time and do 2 completely different things. Einstein use to call this “spooky”. A mathematician named Peter Shor came up with a quantum algorithm that if a quantum computer exists, then all today’s encryption could be broken easily. The university of waterloo in canada already has a quantum computer prototype. All they really need to do to complete it is come up with enough “qubits”(these are particles we have that currently can do entanglement), so 2 objects can be in 2 places at same time, and all encryption is broken. Current record is 12 qubits. When quantum computers exist we will need a new algorithm that superimposes bits to make encryption sound again, but nothing you have right now cannot be broken, and when quantum hits, all your SSL, and non-symmetric encryption keys will be rendered useless, unless your already on board with an algorithm such as lattice for example. So this a quick note on where science is, fact we can make particles be in 2 places at one time now, and making sure you don’t believe your encyption is safe. As soon as scientists figure out how to make more qubits by studying decoherence, quantum computers are officially here.

Here is a reference for formula that will break all encryption when quantum computers have enough qubits: Shor’s Algorithm

And here is waterloo’s status where they are at with there current quantum computers: Waterloo University …. go CANADA!

Till Next Time,

Dan.

Adding webdisk to CPANEL

cpanel

At times people are asking me is it better to use filezilla, ssh etc for building their websites with CPANEL. Wouldn’t it be nicer if your working on windows to just be able to open up “My Computer” or “This PC” icon and just access your files like a drive letter like C:\. You can do this, and it will be so much easier. It won’t be a drive letter, but it will be under “Network Locations” just like a regular drive.

First of all under windows 8.1 if you do not have “My Computer(This PC)” icon on your desktop, this is how to add it. On your desktop screen right click on empty spot and select “Personalize” -> “Change desktop icons” -> now check “Computer” and anything else you want then click “Apply”.

Now let’s map the network drive.
In Windows 8.1 just right click “This PC” on your desktop and click “Map Network Drive”. In previous windows versions,
To connect a drive from My Computer, click Start, right-click My Computer, and then click Explore.
To connect a drive from Windows Explorer, right-click Start, and then click Explore.
On the Tools menu, click Map Network Drive.

In the Drive box, click a drive letter.
In the Folder box type the following:
\\cpanel.sunsaturn.com@SSL@2078
Next click on “Connect using different credentials”, click “Finish”

Enter your username and password for CPANEL, click box to remember your credentials, and now you can access all your files from just a drive letter.
(ps. Make sure your reconnect at startup box is checked, should be default on windows 8.1)

Till Next time,

Dan.