To achieve that, I gathered (scraped) all entries using my personal DRAPAC account and counted all the metadata manually myself (with the help of LLMs/AI). The organizing team did not give me the data, and I have informed them that I ran a scraper.

This year, DRAPAC26 focuses on 2 themes (Track 1: Co-creating shared resources and Track 2: Collaborative action across movements) and 8 session formats. The submission period is closed, and it gained 313 entries. So, let's unfold this further by the numbers.

Thematic tracks:

Session Formats

Track × Format Matrix

As the data above shows, we can see that the "Co-creating shared resources" track is leading by 16.3% differences compared to the "Collaborative action across movements" track. This highlights the high interest in this track, which focuses on building shared infrastructure—from platforms, systems, and databases, to skills, networks, and strategies—that can be scaled across the region.

While there is not a significant difference, Track 2 (Collaborative action across movements) focuses on bridging the gap between civil society, government, and the private sector to co-develop rights-based digital policies. It also stresses the importance of discussions pertaining to these issues.

Looking at the track-by-format matrix, we can see that each track has specific preferences toward the session formats it conducts to suit what's best for the discussions or activities. Track 1 garnered a preference for co-learning workshops and ideation workshops, while on the other hand, Track 2 focuses more on panel discussions, roundtable discussions, and social gatherings.

Furthermore, to get a better understanding of what people are proposing, I ran basic topic modeling on the submission content to get a look at the ideas people are interested in focusing on or discussing. I utilized a specific topic modeling technique called LDA (Latent Dirichlet Allocation) to uncover the central topics and their distributions across the set of content's sessions. The following table uncover which words are being frequently used.

Moreover, let's see which countries or region being mentioned the most across proposal. The Country was calculated using a rule-based keyword match over session Title and Content fields. For each country, it counts session once per country if any variant was present.

Lastly, I ran a word-matching script to see if AI-related keywords were mentioned in the content of the proposals. It turns out that almost 30% of the entries include AI-related terms, as follows:

It is fascinating to see diverse ideas being submitted. We certainly won't see most of them being presented at DRAPAC, but I'm sure the ideas are worth spreading and must be taken into account, especially for individuals and organizations within the region and beyond.

To close, most of the scripts/code that helped me to generate the data above were generated by LLMs and agentic AI platforms. I have manually observed and adjusted some for cross-checking. I attached the full analysis below, generated 100% by AI. The wording above was mostly made by me. I am planning to update this post to include the information of all the scraped sessions and the generated code, in particular for reproducibility or experimenting further.

DRAPAC 26 — Session Analysis

Source: drap.ac/26/activities/
Scraped: Wave 1 = 2026-03-29 (311 files); Wave 2 = 2026-03-30 (+82 files, total 393)
Total sessions: 393 markdown files
Vault source: D-ARCHIVES/DRAPAC 26 Sessions Submission/

Executive Summary

DRAPAC 26 (Digital Rights Asia-Pacific 2026) is the Asia Pacific Regional Internet Governance Forum. Three methods were applied to the 393 session Content fields:

1. Unsupervised LDA topic modeling (k=8, k=12) — discovers latent themes statistically
2. UMAP + HDBSCAN clustering — semantic clustering of sessions by document-topic similarity
3. Content coverage clusters (keyword-based) — comparative reference

Key findings:

• LDA identifies Regional Governance & Policy (T2, 110 sessions, 28%) as the single largest latent topic — more than governance frameworks, civil society engagement, and regulatory policy combined. This is the programme's backbone discourse.
• Semantic clustering discovers 7 distinct session communities, including: "Data & Platform Accountability", "Legal & Human Rights Evidence", "Community Infrastructure Design", "Civil Society Governance AI", "Open Space & People", and "Collective Care Movements" — each with distinct track skew.
• Track differentiation is real but nuanced: Collaborative skews toward legal/evidence (T5) and surveillance discourse (T0); Co-creating skews toward collective care movements (C5) and community infrastructure (C4). The clearest differentiator is Governance & Policy framing, which Co-creating leads on.
• AI (explicit "ai" + "algorithmic" + "genai") appears in 29.8% of sessions — making it the second-most-discussed substantive concern after governance.

Overview

DRAPAC 26 (Digital Rights Asia-Pacific 2026) is the Asia Pacific Regional Internet Governance Forum. The vault contains 393 scraped session submissions across two waves: 311 files scraped 2026-03-29 and 82 additional files from 2026-03-30.

Theme analysis design: Three complementary unsupervised methods were applied to the Content field (session description body only). The Content field was preprocessed: lowercased, stopwords removed, markdown stripped, and tokenised (min word length 3, no punctuation-only tokens). Gensim LDA was used for topic modeling; UMAP + HDBSCAN for semantic clustering; content coverage analysis (keyword clusters) as comparative reference.

All theme statistics are Content-only — Organiser and Title fields are excluded to avoid inflation from personal specialisations and session labels.

Thematic Tracks

DRAPAC 26 has two thematic tracks:

Session Formats

Track × Format Matrix

Countries & Regional Focus

Method 1: LDA Topic Modeling

Design

Latent Dirichlet Allocation (LDA) discovers latent topics as probability distributions over words — sessions are not hard-assigned to topics but have a probability distribution across all topics. k is the number of topics the model is constrained to find; you choose it before running the model. Gensim LDA was used with:

• Dictionary: tokenised Content, stopwords removed (custom stoplist + Gensim STOPWORDS), min doc frequency 5, max doc frequency 65%
• Two runs: k=8 (primary, 40 passes) and k=12 (for HDBSCAN input, 30 passes)
• Alpha/eta: auto — the model learns document-topic and topic-word sparsity from the data

LDA Topics Discovered (k=8)

Each topic is a ranked list of words. The number in parentheses is the number of sessions where this topic is the dominant topic (highest probability in the k=8 model).

Interpretation: The largest latent topic is Regional Governance & Policy (T2, 28%) — sessions on civil society's role in internet governance, regulatory frameworks, and regional policy coordination. T0 (AI Systems & Public Accountability, 16.5%) is the second major focus: AI audits, platform surveillance, and public sector accountability. T3 (Digital Rights Practice & Experience, 16.5%) is a broad catch-all for sessions focused on practice and experience across accessibility, OGBV, climate data, and community care. T4 (Community Organizing & Grassroots Capacity, 13.5%) covers collective infrastructure: queer communities, trauma-informed care, peer exchange. T7 (Youth, Media & Narrative Resistance, 9.9%) is a distinct internet-culture-and-activism cluster. T1 and T6 are smaller but substantive: CSO security infrastructure and practical digital security tools respectively.

LDA Topic × Track

Key track differentiators:

• Co-creating leads on: T2 Regional Governance & Policy (+5pp), T7 Youth, Media & Narrative Resistance (+6pp), T6 Digital Security Tools & Practical Response (+2.5pp)
• Collaborative leads on: T0 AI Systems & Public Accountability (+8pp), T3 Digital Rights Practice & Experience (+4.5pp)

Method 2: UMAP + HDBSCAN Semantic Clustering

Design

UMAP (Uniform Manifold Approximation and Projection) reduces the doc-topic matrix (12 LDA topics) to 2 dimensions using cosine distance, preserving semantic neighbourhood structure. HDBSCAN (Hierarchical Density-Based Spatial Clustering of Applications with Noise) then clusters the 2D embedding, identifying dense regions as clusters and sparse regions as noise — without requiring a fixed number of clusters.

Parameters: UMAP (n_neighbors=15, min_dist=0.1, metric=cosine) → HDBSCAN (min_cluster_size=25, metric=euclidean, eom selection).

Clusters Discovered

7 clusters + noise (60 sessions, 15.3%). Each cluster is characterised by its dominant LDA topic, top TF-IDF terms, and track composition.

Cluster Profiles

C4 — Open Space & People (86 sessions, 21.9%)

The largest cluster. Sessions focus on people, internet, online space, media access, and open tools — session design, community digital access, and open digital commons. Nearly equal track split.
Top TF-IDF: session, people, internet, online, space, rights, media, access, social, open, tools
LDA: T3 "space | human | data | people | open"

C0 — Data, AI & Platform Accountability (59 sessions, 15.0%)

Sessions discuss data governance, AI, surveillance, platform accountability, and government oversight of digital platforms. Equal track split — this is a shared concern.
Top TF-IDF: data, ai, rights, surveillance, platforms, public, governments, governance, systems, accountability
LDA: T0 "data | public | surveillance | platforms"

C3 — Civil Society Governance AI (54 sessions, 13.7%)

Sessions focus on AI governance, civil society engagement with AI systems, and governance policy frameworks. Equal track split — this is a programmatic centrepiece.
Top TF-IDF: ai, governance, rights, data, systems, civil, civil society, content, society, digital rights
LDA: T2 "civil | data | governance | policy"

C5 — Collective Care & Movement (46 sessions, 11.7%)

The clearest Co-creating-skewed cluster (80% Co-creating, only 20% Collaborative). Sessions focus on collective care, movement infrastructure, activists' wellbeing, and digital security support for movements. This is the social-justice-organising heart of the programme.
Top TF-IDF: care, collective, support, communities, digital security, movement, activists, space, movements, online
LDA: T4 "shared | collective | movements | movement"

C6 — Country-Specific Implementation (31 sessions, 7.9%)

Sessions focused on country-level digital rights implementation, accountability mechanisms in India, Nepal, Philippines, and Indonesia — regulatory frameworks, remedies, and community digital systems at country level.
Top TF-IDF: systems, communities, indonesia nepal, digital systems, nepal, philippines indonesia, india philippines, remedy, centre
LDA: T9 "systems | communities | accountability | community"

C1 — Legal Evidence & Journalism (29 sessions, 7.4%)

Sessions on human rights evidence, criminal and international law, and journalist protection — a specialist legal cluster, slightly Co-creating skew.
Top TF-IDF: evidence, human, criminal, human rights, legal, rights, journalists, platforms, ai
LDA: T5 "legal | human | evidence | platforms | criminal"

C2 — Community Infrastructure Design (28 sessions, 7.1%)

Sessions focused on designing resources, frameworks, and infrastructure for communities — practical Co-creating sessions about building shared tools and frameworks.
Top TF-IDF: resources, design, session, community, framework, data, infrastructure, regional, platform, user, shared
LDA: T8 "shared | platform | regional | infrastructure | practical"

AI Presence (Content-Only)

AI detection uses case-insensitive matching against the Content field only (not Title or Organiser). Four forms are tracked separately, each using the appropriate match type:

ai_re    = re.compile(r'\bai\b',                  re.IGNORECASE)  # word-boundary
artif_re = re.compile(r'artificial intelligence',   re.IGNORECASE)  # phrase (no word boundary)
algo_re  = re.compile(r'\balgorithmic\b',          re.IGNORECASE)  # word-boundary
algow_re = re.compile(r'\balgorithm\b',            re.IGNORECASE)  # word-boundary
genai_re = re.compile(r'genai',                    re.IGNORECASE)  # substring: GenAI, genai-based
union    = \bai\b OR \balgorithmic\b OR \balgorithm\b OR genai

Edge cases:

• Hyphenated forms ("AI-powered", "AI-driven"): 37 of 38 already caught by \bai\b (standalone token present in same sentence); 1 additional session caught by genai
• "GenAI-based tools" (#37157): genai substring catches it; \bai\b does not (no word boundary in merged token "GenAI") — this is the sole genai count
• "Geospatial Artificial Intelligence (GeoAI)" (#37432): caught by artificial intelligence row
• "journalism aids remembering" (#38744): not AI — word "aids" has no word boundary between "ai" and "ds"; correctly excluded

LDA context: T0 (AI Systems & Public Accountability) is the primary AI cluster — sessions discussing data, platforms, surveillance, and algorithmic systems. C0 (Data, AI & Platform Accountability) and C3 (Civil Society Governance AI) are where AI discourse concentrates — governance frameworks, surveillance systems, and platform accountability.

Cross-Method Synthesis

LDA and HDBSCAN both identify consistent thematic structure. The old hardcoded keyword-cluster analysis is superseded and not referenced here.

Disagreement note: The LDA proportion for AI discourse (29.5%) and HDBSCAN cluster proportions (C0 15% + C3 14%) are not additive — they measure different things. LDA measures topic probability weight; HDBSCAN measures cluster membership. The gap between 29.5% and ~29% combined reflects that not all sessions with "AI" in their content are sufficiently coherent to form a dense semantic cluster.

Top Sessions by Upvotes

Co-creating shared resources

Collaborative action across movements

Vote counts are a snapshot as of the scrape date (2026-03-29/30). DRAPAC voting is live; counts may have shifted since.

Methodology

Reproducibility

The complete pipeline is published as a standalone script:

A-PROJECTS/DRAPAC 26 Analysis/drapac_analysis.py

Run it with:

python3 drapac_analysis.py "~/Vault/D-ARCHIVES/DRAPAC 26 Sessions Submission/"

Dependencies:

pip install gensim scikit-learn umap-learn hdbscan scipy

The script produces: LDA topics (k=8 + k=12), HDBSCAN cluster labels, UMAP 2D embedding, per-cluster topic/TF-IDF profiles, and a Track × Cluster cross-tabulation.

Data Source

Vault path:  ~/Vault/D-ARCHIVES/DRAPAC 26 Sessions Submission/*.md
Source URL:  https://drap.ac/26/activities/?view=<ID>
Total files: 393 (as of 2026-03-30)

Content Preprocessing

Sessions are loaded from .md files. The Content field (session description body) is extracted via regex and tokenised:

1. Lowercase — normalises all text
2. Strip markdown — # headings, * bold, URLs, numbers, table pipes
3. Stopword removal — Gensim STOPWORDS + 50+ custom terms (conference procedures: "session", "workshop", "panel"; region names: "asia", "pacific"; generic modifiers: "also", "however", "new", "used")
4. Filter tokens < 3 chars and pure-punctuation tokens
5. Drop sessions with < 5 tokens (empty or near-empty descriptions)

Dictionary filtering: no_below=5 (must appear in ≥5 sessions), no_above=0.65 (removed if in >65% of sessions). This gives a vocabulary of ~1,894 terms for 393 sessions — sufficient for LDA without sparsity.

LDA Topic Modeling

Two runs:

Shared parameters:

alpha='auto'    # learn per-document topic sparsity from data
eta='auto'      # learn per-topic word sparsity from data
random_state=42 # reproducibility

Output: each session gets a probability distribution over all k topics. The "dominant topic" is the one with highest probability. Topic-word distributions are ranked lists used for human interpretation.

Doc-topic matrix shape: (393, k) — used as the embedding for HDBSCAN.

UMAP + HDBSCAN Clustering

UMAP reduces the lda12 doc-topic matrix (393 × 12) → (393 × 2) using cosine distance:

umap.UMAP(n_components=2, n_neighbors=15, min_dist=0.1,
          metric='cosine', random_state=42)

Cosine distance is the right metric for probability distributions (cosine similarity of doc_topic[i] between sessions).

HDBSCAN clusters the 2D embedding density:

hdbscan.HDBSCAN(min_cluster_size=25, metric='euclidean',
                 cluster_selection_method='eom')

• eom (Excess of Mass) selects clusters by density rather than enforcing a fixed threshold
• min_cluster_size=25 chosen after testing {20, 25, 30} — gives 7 clusters + 15.3% noise

Session Metadata Extraction

The Track, Format, Track×Format, Countries, and Upvotes tables are extracted from the session .md files using regex + keyword matching. Complete standalone script (no external dependencies):

A-PROJECTS/DRAPAC 26 Analysis/drapac_metadata.py

Run it with:

python3 drapac_metadata.py ~/Vault/D-ARCHIVES/DRAPAC\ 26\ Sessions\ Submission/

Field Extraction

Track Normalisation

tm = re.search(r'^\|\s*Track\s*\|\s*(.+?)\s*\|', c, re.MULTILINE)
track = 'Unknown'
if tm:
    t = tm.group(1).strip().lower()
    if 'co-creat' in t:   track = 'Co-creating'    # Co-creating shared resources
    elif 'collab' in t:   track = 'Collaborative'  # Collaborative action across movements

Format Extraction

fm = re.search(r'^\|\s*Format\s*\|\s*(.+?)\s*\|', c, re.MULTILINE)
fmt = fm.group(1).strip().title() if fm else 'Unknown'

Countries — Substring Keyword Search

Case-insensitive substring match across the entire file (Title + Organiser + Content). Sessions are counted once per matched country — duplicates within a file do not inflate counts.

COUNTRY_VARIANTS = {
    'Indonesia':    ['indonesia'],
    'Philippines':  ['philippines'],
    'India':        ['india'],
    'Nepal':        ['nepal'],
    'Myanmar':      ['myanmar', 'burma'],
    'Bangladesh':   ['bangladesh'],
    'Pakistan':     ['pakistan'],
    'Malaysia':     ['malaysia'],
    'Sri Lanka':    ['sri lanka'],
    'Thailand':     ['thailand'],
    'Taiwan':       ['taiwan'],
    'Singapore':    ['singapore'],
    'Vietnam':      ['vietnam'],
    'China':        ['china'],
    'Cambodia':     ['cambodia'],
    'Korea':        ['korea', 'south korea', 'north korea'],
    'Japan':        ['japan'],
    'Australia':    ['australia'],
    'Pacific':      ['pacific', 'asia pacific', 'asia-pacific', 'apac', 'oceania'],
    'Papua':        ['papua'],
    'Timor':        ['timor'],
    'Laos':         ['laos'],
}

def search_countries(text: str) -> list[str]:
    """Case-insensitive substring match. Returns unique countries found."""
    text_lower = text.lower()
    found = []
    for country, variants in COUNTRY_VARIANTS.items():
        for variant in variants:
            if variant in text_lower:    # substring — not word-boundary
                found.append(country)
                break
    return found

# Usage: countries = search_countries(title + ' ' + organiser + ' ' + content)

Track × Format Cross-Tabulation

from collections import Counter, defaultdict
track_fmt = defaultdict(lambda: defaultdict(int))
for s in sessions:
    track_fmt[s['track']][s['format']] += 1

Upvotes Extraction

m = re.search(r'##\s*#\d+\s*\n+\[(\d+)\]', content)
votes = int(m.group(1)) if m else 0

Aggregation

• Thematic Tracks and Session Formats tables: Counter aggregation of extracted track and format fields
• Track × Format matrix: defaultdict cross-tabulation
• Countries: Counter per country per track — sessions can appear in multiple country rows (sum of rows > total sessions)

Note: Country counts reflect unique sessions mentioning each country — a session mentioning Indonesia and Philippines counts once in each row. A session may appear in multiple country rows simultaneously (sum of country rows > total sessions).

Known Limitations

The AI agentic platform is widely talked about, and that sparked my interest in the possibilities it could give. My laptop has been lying around without much use, so I had to make it useful. Considering the extent of possibilities and making use of my available tools, I decided to turn it into my local AI agentic infrastructure.

The tools/apps I'm exploring are:

• Llama.cpp: To self-host an LLM model.
• OpenClaw: Personal Agentic AI
• Hermes Agent: Personal Agentic AI
• Firecrawl: Self-hosted browser capabilities.
• Honcho Memory: Memory layer for agentic AI.
• qmd: Search engine for my local docs.
• Obsidian: Managing my local docs/notes.

Starting from the OS, I use Arch as the base OS, and a QEMU VM running Debian 13 for the AI system. It is crucial to compartmentalize my device for security purposes, so I went that path. Given the enormous experimentation currently going on in the sector, it is necessary not to give full control to my local devices with all the AI systems running in the same place.

For the LLM model, due to limited device specification resources, I had to use a self-hosted Llama.cpp running Qwen3.5 30b a3b. I also use the third-party services of OpenRouter. Furthermore, I decided to use two different AI agentic platforms, OpenClaw and Hermes Agent, to experiment with their advantages and disadvantages.

I use OpenClaw for slightly more private and personal interactions, complemented with the local LLM of the aforementioned models running on Llama.cpp. On Hermes Agent, I use the free routing of OpenRouter.

One of the current challenges or limitations in the agentic sector is about memory and context. All conversations are practically limited by the current conversation within a session. Each platform deals with these challenges differently, and yet, AFAIK, they are still exploring the most suitable design. This is why I self-hosted Honcho Memory. So far, it is able to retain my context across all conversations.

What it does: I am still exploring more, but it currently does these main jobs:

• Managing my financial records/txs.
• Basic researching skills.
• Daily news briefing.
• Personal calendar/schedule management.

It is fascinating how it does all of those automatically, given, to some degree, how tedious and repetitive the workflows or processes are. So it slightly boosted my productivity.

I'm excited for the way ahead! Will share how I explore it further and what it does to my workflow processes.

I got the opportunity to go through the CISA course and pass ISACA's CISA certification. It was quite a long journey, and I carefully prepared before I took the exam and finally passed it in the first try. Nevertheless, I still felt a lack of knowledge and realized there is a gap between what I know theoretically and the practices in the industry.

Over the past two years, I have worked intensely as an auditor, specifically as a digital security auditor in the non-profit sector. In the non-profit sector, we mostly conduct audits for advocacy groups or local/independent media. We also have our own framework for this type of organization: Security Auditing Framework and Evaluation Template for Advocacy Groups (SAFETAG). Developed by Internews, SAFETAG adapts traditional pentest and risk assessment methodologies to be more suitable for medium or smaller organizations, especially in the non-profit space. I have also published two guidelines in Indonesia about conducting an audit for CSOs and online media. Still, I was thinking something was missing.

From that curiosity, I decided to participate in two ISACA mentorship programs simultaneously, the regular mentorship and the student mentorship program. I am still early in the process, but the amount of insight I have already gotten is tremendous. It is such a privilege and a valuable opportunity to meet my mentors. They are truly role models for audit jobs, bringing their experiences, hands-on knowledge, and practical work in the industry across sectors. Every bit of my interaction with them is filled with insight and widens my thoughts.

Before we dig deeper, I'd like to mention one thing. CISA is indeed a paper-based proof that I know something, but regarding what and how I work, that's a whole different thing. I remember my course instructor stressed not to make CISA an end goal or the sole proof of skill proficiency. Moreover, this was also highlighted by one of my mentors, who agreed and said direct and practical experiences are more essential. I took these things not to discredit ISACA's CISA certification or the competencies from the certification, and the curricula and material about the certification itself, but rather I take it as an opportunity and challenge to learn more and involve myself deeper in this field. Reflecting on how hard I worked preparing for the exam, and the awareness that there are skills I am lacking, are the sole reasons I joined the mentorship. Furthermore, learning from experienced mentors is indeed boosting my capacity and knowledge about auditing way more easier.

As a mentee, I remember shadowing audit work for the first time. I had no clue what to do or what to say, trying to figure out why the process flows were being conducted. A lot of things were unknown to me, but I could grasp them faster through direct and practical learning. Moreover, I could clearly realize on what I was still lacking in terms of skills. Both my mentors pointed out that soft skills, such as communication, are essential. I know I can learn the technical stuff by myself, I have learned that way mostly all my life. But, as a technical person, experiencing the intricacies of soft skills is challenging, and I am looking forward to closing that gap. All of that is helped by the opportunity to learn from my mentors, and their offers to let me shadow them.

I would like to thank my current organization and Pak Bonaldi Kresnanto and Mr. Asif Mumtaz for the privilege of learning from them as a mentor. Passing CISA is indeed not a final milestone, but I learned a lot. It allows me to apply my knowledge to serve communities better, giving them proper and suitable support. I also look forward to sharing my knowledge and skills with my peers and other CISA aspirants who are still aiming to get the certification. Lastly, to involve and lears more specifically in the for profit industry.

In audit jobs, different sectors in industries do indeed have specific know-how to do the job better. But by widening my general audit skills, I hope I can implement them to make non-profit organizations and communities more secure against the shrinking civic spaces and unique adversaries they face, and explore how I can expand my support to serve communities across multiple industries.

I look forward to sharpening my skills, improving my knowledge, and learning further to help organizations and communities become more secure. Onward.

The issue seems to have persisted since Jan 19, as raised in the source code repository:https://github.com/signalapp/Signal-Android/issues/14548/. Until now, people, especially from Indonesia, still cannot register on Signal because it gets stuck on the phone number verification screen. It has been three weeks and the issue seems to be receiving no attention.

As a digital security trainer, this has become a challenge because Signal is one of the few secure messaging apps that I recommend. Unfortunately, we cannot invite new users to use this important app. I'm submitting a support request so hopefully it can be addressed.

file:///usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/ui/main.qml:21:1: Cannot load library /usr/lib64/qt6/qml/org/kde/plasma/private/kicker/libkickerplugin.so: /lib64/libKF6Runner.so.6: undefined symbol: _ZN14KWaylandExtras18xdgActivationTokenEP7QWindowRK7QString

A quick workaround is to just simply downgrade the library by running sudo dnf downgrade kf6-krunner. In the meantime it does the job, but let's wait around for the fix.

One thing that caught my interest is about ArchiveTeam Warrior. It is a bundled application, where you can participate and helps the archiving initiative. The application will automatically download sites and directly upload them to archive.org. The full information about the ArchiveTeam Warrior can be seen here.

Since I still have some resources on my VPS, why not I maximize its usage by running the application. So I have been run it likes a couple of month ago, IIRC. Letting it run and pretty much I did not have to monitor nor maintain the application. It just run and archiving automatically.

If you have some leftover computing and bandwidth resources and want to put them to good use, joining and participating in the ArchiveTeam Warrior is a great thing to do.

Setelah mengirim laporan pada layanan konsumen untuk mempertanyakan alasan mengapa akun saya terblokir, balasannya sebagai berikut.

Terima kasih sudah menunggu. Kami infokan Kendala akun Kakak yang terblokir karena melanggar syarat dan ketentuan Tokopedia Tokopedia poin B No 12 :
"Pengguna dilarang untuk menciptakan dan/atau menggunakan perangkat, software, fitur dan/atau alat lainnya yang bertujuan untuk melakukan manipulasi pada sistem Tokopedia, termasuk namun tidak terbatas pada : (i) manipulasi data Toko; (ii) kegiatan perambanan (crawling/scraping); (iii) kegiatan otomatisasi dalam transaksi, jual beli, promosi, dsb; (v) penambahan produk ke etalase; dan/atau (vi) aktivitas lain yang secara wajar dapat dinilai sebagai tindakan manipulasi sistem".
Selengkapnya bisa akses di link ini ya. Kedepannya Kami imbau agar selalu mengikuti syarat dan ketentuan Tokopedia agar tidak terjadi kendala yang sama ya.

Lengkapnya mengenai poin dan nomor tersebut:

Pengguna dilarang untuk menciptakan dan/atau menggunakan perangkat keras/lunak/fitur dan/atau alat lainnya, termasuk namun tidak terbatas pada emulator, robot, macro, crawler dan/atau perangkat otomatis yang bertujuan untuk mengakses atau menggunakan layanan pada sistem Tokopedia, seperti namun tidak terbatas pada : (i) manipulasi data Toko; (ii) membuat banyak akun; (iii) memanipulasi perangkat yang bertujuan untuk merugikan Tokopedia; (iv) kegiatan perambanan (crawling/scraping) atau penyalinan konten; (v) kegiatan otomatisasi dalam transaksi, jual beli, promosi,dan lain sebagainya; (vi) penambahan produk ke etalase; (vii) mengumpulkan (harvest) atau mencuri data pengguna; (viii) melakukan spamming, mengirimkan komunikasi elektronik dalam jumlah besar, mengirimkan surat berantai; dan/atau (ix) aktivitas lain yang secara wajar dapat dinilai sebagai tindakan manipulasi layanan dan sistem.

Karena saya tidak melakukan hal-hal tersebut, saya mengajukan banding dan mendapat balasan dari mereka.

Terima kasih sudah menunggu ya Kak. Agar dapat Kami bantu analisa lebih lanjut, mohon informasikan alasan menggunakan domain email tersebut ya Kak. Kami tunggu infonya ya Kak

Sebagai catatan, saya menggunakan layanan alias email dari SimpleLogin, sebuah layanan untuk melindungi alamat email asli dengan cara meneruskan suatu email pada alamat email tersebut.

Saya membalas alasan penggunaannya dengan menjelaskan layanan email alias tersebut dan "Hal tersebut juga saya lakukan sebagai langkah preventif pribadi untuk mencegah kebocoran data, sebagaimana yang Tokopedia pernah alami. Sehingga jika hal tersebut terjadi kembali, email asli saya tidak mengalami kebocoran."

Pada balasan selanjutnya, tidak ada penjelasan lebih lanjut terkait ataupun yang berkenaan dengan penggunan layanan email tersebut, akan tetapi, pihak Tokopedia hanya memerintahkan untuk mengganti email yang menggunakan layanan yang umum, seperti "gmail dan yahoo" sebagai solusi untuk mengaktifkan kembali akun saya.

2. Email baru yang tidak terhubung dengan akun lain dengan domain yang sesuai (gmail dan yahoo)

Saya mencoba untuk melakukan permintaan penggantian email menggunakan email asli saya pada layanan ProtonMail, namun mereka tetap tidak menerima layanan tersebut.

Baik Kak, Kakak bisa menginfokan email dengan domain yang umum digunakan seperti @gmail.com ya Kak agar bisa Kami proses perubahan emailnya.

The recollection of Digital Garden reminds me of a great blog post that I, unfortunately, didn't remember nor bookmarked the link, essentialy, the article addresses about why people should start writing/blogging, about anything, even though the subject is already been mentioned/written over and over. Well, that just proves its point. So yeah, that's about it. I gonna start to adjust and affirm my web as a Digital Garden.

Furthermore, browsing around the ecosystem I was greeted by a lot of applications and tools, also the model itself varies. A lot to explore, I might say. It seems like I would start with Quivr, a project that marketed itself as a second brain and a personal assistant. That seems fun and useful. Not to mention I regularly use Logseq for note-taking and journaling, so trying to pair both applications seems like a good idea.

Pada kasus push notifications, perantara ini bertindak seperti kantor pos, untuk mengirim dan menerima pesan. Perantara pesan push notifikasi tersebut adalah masing-masing brand dari perangkat ponsel kalian, Apple ataupun Google. Hal ini menyebebabkan kedua perusahaan tersebut bertindak sebagai pengantar pesan yang mana dapat "dicegat" oleh pihak yang berkepentingan, misal; negara, untuk mengecek notifikasi tersebut. Atau dapat mereka gunakan sendiri untuk kepentingan masing-masing perusahaan.

Pesan atau paket dari setiap notifikasi push tersebut tentu saja menghasilkan data dan juga metadata. Yang perlu menjadi catatan adalah pertukaran data dari proses tersebut tidak menggunakan proses enkripsi. Sehingga, selain data dari isi notifikasi tersebut, ada metadata lainnya seperti aplikasi apa yang menerima notifikasi, beserta waktu kejadiannya, perangkat pengguna, dan informasi akun Apple atau Google penerima notifikasi.

Informasi ini berdasar dari senator Amerika Sertikat, Ron Wyden. Kemungkinan lainnya, kedua perusahaan tersebut bisa memanfaatkan data ini adalah sebagaima kutipan beliau.
"Consequently, Apple and Google are in a unique position to facilitate government surveillance of how users are using particular apps." Bahkan, hal ini bukan kemungkinan lagi, karena aktor pada suatu negara memang mendesak Apple dan Google untuk menyerahkan catatan dari data-data notifikasi pengguna ini.

Dalam sisi teknis, kelemahan ini memang inheren karena bagaimana dari keseluruhan proses push notifikasi pada perangkat ponsel bekerja. Untuk saat ini, tidak ada solusi konkret yang dapat secara mudah dilakukan, selain, dari sisi pengembang aplikasi tidak menggunakan fitur notifkasi, dan para pengguna, khususnya Android, bisa menggunakan sistem operasi alternatif yang lebih menghargai dan mementingkan privasi.

Pengerucutan domain tersebut bisa dimanfaatkan untuk mengumpulkan data spesifik dari tujuan TLD atau ccTLD domain itu tersendiri, kumpulan domain pemerintah bisa digunakan sebagai sumber data riset tentang keamanan situs-situs mereka. Bahkan, secara generik, dengan menganalisis keseluruhan domain .id bisa dimanfaatkan untuk mencari gambaran tentang kondisi teknis situs-situs dengan domain Indonesia. Sampai saat ini, 22/11/23, terdapat 816.424 domain .id ^[1]. Pada laporan tahunan 2022 PANDI terdapat informasi bahwa mereka memiliki sistem crawl untuk mengecek berapa banyak situs aktif dengan domain .id, akan tetapi, saya belum menemukan di mana informasi tersebut disosialisasikan. Sedangkan rincian dari berapa banyak jumlah per domain bisa di lihat pada tabel berikut.

Contoh lainnya tentang pemanfaatan crawling tersebut sudah pernah dilakukan oleh Scott Helme^[2], dalam proyek crawler.ninja^[3] ia menganalisa kondisi keamanan pada 1M situs teratas. Data domain yang digunakan adalah Tranco, sebuah dataset yang memang dibuat dengan orientasi riset^[4]. Ada juga contoh lain, khususnya pada Uni Eropa, proyek NoLeaks yang memakai sumber data yang sama melakukan analisa tentang status privasi pada situs-situs dengan domain EU di setiap negaranya masing-masing^[5]. Dan juga banyak contoh kasus lainnya.

Suatu hari saya juga sempat mencoba mencari tahu tentang sumber yang bisa dipakai, khususnya dalam ruang lingkup Indonesia, sayangnya, saya tidak dapat menemukan sumber tersebut. Oleh karena itu, saya coba kelola dan juga melakukan sedikit pemrosesan data dari sumber-sumber terkait seperti Tranco dan yang lainnya.

Olahan kumpulan data tersebut diproses dari berbagai sumber. Saat ini terdapat 3 sumber data, Tranco, ipsniper, dan Domains Project.

Tranco

Metodologi pengumpulan data Tranco, berasal dari sumber Chrome User Experience Report (CrUX), Cloudflare Radar, Farsight, Majestic, dan Cisco Umbrella. Lalu, mereka mengaplikasikan sistem Dowdall untuk mengkalkulasi peringkat untuk setiap domain. Sampai saat ini, Tranco telah dipakai sebagai publikasi penelitian sebanyak 550 kali^[6].

ipsniper

ipsniper, tidak banyak yang bisa dibahas mengenai metode pengumpulan dari situs ini, ada satu informasi menyebutkan pengelolaan situs memang dilakukan secara anonim, sehingga informasi berkaitan dengan komunitas maupun kontak situs terkait tidak tersedia^[7].

Domain Project

Sumber ini menggunakan metode crawling dan pengecekan DNS untuk mendapatkan domain baru^[8]. Bohdan Turkynevych, selaku maintainer dari proyek ini juga mengembangkan sendiri aplikasi untuk menunjang tujuan dari metode tersebut.

Kumpulan Domain Indonesia

Kumpulan domain dengan TLD dan ccTLD Indonesia terkandung dalam 3 sumber tersebut. Sehingga, data tersebut bisa diolah untuk mendapatkan kumpulan dataset yang hanya mengandung domain Indonesia. Caranya bisa dilakukan dengan mengunduh sumber data mereka, lalu, melakukan pengolahan data, sebagai contoh, bisa dilakukan dengan aplikasi, grep atau awk.

Tanpa berlama-lama lagi, informasi dan tempat dari tata cara pengolahan dan sumber yang sudah difilter bisa lansung mengunjungi repository yang saya kelola. Yaitu, Kumpulan Dataset Domain Indonesia.

OpenWPM

GitHub - openwpm/OpenWPM: A web privacy measurement framework

A web privacy measurement framework. Contribute to openwpm/OpenWPM development by creating an account on GitHub.

GitHubopenwpm

Research Usage: https://scholar.google.com/scholar?hl=en&as_sdt=0%2C33&q=openwpm&btnG=

DuckDuckGo Tracker Radar Collector

GitHub - duckduckgo/tracker-radar-collector: 🕸 Modular, multithreaded, puppeteer-based crawler

🕸 Modular, multithreaded, puppeteer-based crawler. Contribute to duckduckgo/tracker-radar-collector development by creating an account on GitHub.

GitHubduckduckgo

Blacklight

GitHub - the-markup/blacklight-collector

Contribute to the-markup/blacklight-collector development by creating an account on GitHub.

GitHubthe-markup

Research Usage: https://scholar.google.com/scholar?hl=en&as_sdt=0%2C33&q=themarkup.org%2Fblacklight&btnG=

Text file refers to the file format of plain text. Each operating system has its own type and it affects the line endings:

• Windows (DOS): carriage return and line feed, or CR-LF. \r\n
• Nix: LF. \n

A line in DOS text file contains an extra carriage return character at the end of line, the \r. Which makes $ regex won't be able to detect it. Or another way of saying it is that end-of-line regex sign only applies to \n characters.

So there are 2 ways to fix it:

• Convert the File
  Simply use dos2unix To convert a CR-LF to LF.

• Use the Proper Regex
  The correct way to detect DOS file format is with \r$. A literal carriage return character and the $ sign. This will match DOS format.
  Another way is to use [[:space:]]$. In which "the [[:space:]] bit will match any single "space-like character", and this includes the carriage-return."^[1]

Pustaka Taratsa merupakan aplikasi berbasis web untuk menjelajah, membaca, mengunduh berbagai buku elektronik atau e-books. Sebuah perpustakaan virtual/digital serta arsip digital, dan suatu inisiatif kolektif non-komersil.

Pustaka ini merupakan salah satu program/proyek kami atas upaya untuk menyediakan ruang dan/atau platform pendistribusian bahan bacaan. Kami mempunyai dua tujuan, yaitu, membuka akses dan preservasi.

Kami menyediakan koleksi kami dengan harapan akan mempermudah akses untuk berbagi dan mengumpulkan bahan bacaan dalam satu tempat. Lalu, kami juga berupaya untuk mempertahankan(preservasi) buah karya/pikiran/ide dari segala hal yang terkandung dalam situs tersebut.

Dalam mencapai tujuan tersebut, kami menggunakan program Calibre-Web, sebuah aplikasi bersumber terbuka, yang menawarkan fitur dan kemudahan tampilan untuk browsing, membaca, dan, mendownload. Kami merasakan, dari pengalaman yang sedikit kami, bahwa berbagai terbitan mandiri khususnya zine tersedia secara luas dan eksklusif di berbagai kanal ruang digital. Entah itu disediakan dalam situs penerbit masing-masing, disimpan dalam Google Drive, ataupun lain sebagainya. Kami mempunyai keinginan untuk mengkompilasi berbagai file bacaan digital di dalam satu tempat. Sehingga, diharapkan pembaca bisa lebih mudah menemukan dan mengakses file-file terkait.

Aplikasi ini juga mempunyai fitur yang banyak. Contoh kecil, yang akan memudahkan pembaca, adalah ramah pembaca eReader maupun terdapat fitur OPDS (Open Publication Distribution System) feed.

OPDS feed atau "katalog" merupakan sebuah standar yang biasa digunakan di berbagai aplikasi e-book reader. Format ini akan memungkinkan cara distribusi, penemuan, dan pengunduhan buku elektronik menjadi lebih mudah.

Di sisi yang sama, tujuan kedua. Kami terinspirasi dari berbagai inisiatif keterbukaan informasi, secara spesifik perihal preservasi dan khususnya, Anna’s Archive, kami mencoba untuk membuat proses duplikasi secara mudah, sehingga upaya untuk melakukan redistribusi maupun preservasi akan tercapai. Selain dari itu, kami juga akan membagikan database kami.

Adapun kami akan mengupayakan redundansi file digital, dengan demikian file akan tersedia di situs khusus pengarsipan, seperti archive.org.

Kontribusi

Apabila berminat, teman-teman bisa membantu kami dengan mengirim informasi segala bentuk sumber bacaan, seperti zine, magazine, buku, komik, atau informasi tekstual lainnya, yang berbahasa Indonesia. Khususnya apabila teman-teman mempunyai penerbit favorit atau bahkan penerbit/pencipta dari karya tersebut.

Situs Pustaka juga terdapat fitur manajemen pengguna, jadi, jika ada teman-teman mau ikut bantu mengunggah file-file terkait, hal tersebut bisa dilakukan.

Jika ada pertanyaan lainnya atau dalam hal apapun, jangan ragu berkorespondensi dengan kami ya :)

Hak cipta/milik File, Konten, Media, dsb.

Dalam halnya kami tidak menemukan informasi copyright sebuah karya, kami akan selalu mentautkan sumber di mana kami menemukan file tersebut.

Namun demikian, utamanya, kami akan selalu memprioritaskan file dengan lisensi Creative Commons, Open Access, domain publik, copyleft, ataupun segala lisensi yang memperbolehkan distribusi secara bebas. Kami juga akan mencoba semaksimal mungkin untuk mematuhi segala lisensi yang terkait, khususnya dalam segi atribusi. Apabila teman-teman sekalian menemukan kesalahan, contohnya dalam segi atribusi atau segala hal yang berkaitan copyright/lisensi, mohon informasikan kepada kami, sehingga koreksi bisa dilakukan.

Baru tahu bahwa, di tahun 2011, pemerintah Indonesia (menkominfo dan BRTI) pernah meminta akses data terenkripsi pengguna Blackberry Messenger. Alasannya? Ya tentu saja untuk memblokir pornografi dan untuk membantu memudahkan mereka mengakses isi konten komunikasi para penggunannya.

Tautnya juga, ya, untuk membantu aparat hukum untuk penyelidikan pelaku kejahatan. Termasuk mencegah terorisme, narkoba, dan korupsi.

Sayangnya, kebijakan serupa (mungkin) tidak terus berlanjut diberlakukan terhadap beberapa aplikasi perpesanan yang populer hingga sekarang, seperti WhatsApp atau yang lainnya.

Kalau masih berlaku, seharusnya menterinya sendiri, yang mana merupakan koruptor, bisa lebih cepat tertangkap, bukan?

Dan juga sayangnya, kalau hal tersebut dipaksakan, besar kemungkinan aplikasi Signal maupun WhatsApp tidak akan turut mengaidahkan kebijakan terkait. Apalah negara Indonesia dibandingkan negara Inggris.

Lebih lanjut, mungkin ketika alasan pencegahan aktivitas ilegal seperi pornografi, terorisme, dan korupsi tidak atau belum juga cukup. Langkah terakhir yang mungkin dilakukan adalah dengan beralasan untuk perlidungan anak, sebagaimana pemerintah Inggris perbincangkan dalam Online Safety Bill-nya.

Hanya demi bangsa dan negara tujuan tersebut, sebuah pikiran seseorang yang disebarkan dalam bentuk komunikasi atau konten online, harus melalui berbagai pengawasan, pemantauan, dan pengecekan. Sebelum melalui tahapan pemeriksaan dan pengamatan, diktum tak akan dikeluarkan.

Tenang saja, tujuannya untuk mencegah aktivitas ilegal dan berbahaya. Persetan dengan kedaulatan pribadi dan privasi seseorang. Selama kita tidak melakukan perbuatan berbahaya atau ilegal, ya kita tetap aman.

Our relationship with many of the Internet companies we rely on is not a traditional company–customer relationship. That’s primarily because we’re not customers. We’re products those companies sell to their real customers. The relationship is more feudal than commercial. The companies are analogous to feudal lords, and we are their vassals, peasants, and—on a bad day—serfs. We are tenant farmers for these companies, working on their land by producing data that they in turn sell for profit.

- https://www.schneier.com/books/data-and-goliath/

Upon reading that, I remember something. That passage couldn't resonate more with what the Start9 self-hosted movement:

This comes right down to the basic architecture of the internet itself.

The client/server model that we have all grown used to is better understood as the slave/master model. When you use someone else's server, they are your master.

When you depend on a server that you run, you still have a master - but that master is you.

- https://docs.start9.com/latest/support/concepts/self-hosting

Open Journal System (OJS) is the most widely used scholarly publishing software in the world. It counts more than 30,000 journals in 150 countries that use OJS to publish research in 60+ languages.

Below is the tutorial to manually install OJS with Linux, Nginx, MySQL, and PHP.

Installing Prerequisite

OJS is a web application based on PHP. it also supports databases, such as MySQL, MariaDB, or PostgreSQL. Additionally, it requires some PHP extension.

Let's install the required dependencies of PHP 8.0+ with php-mbstring, php-xml, and php-intl enabled.

sudo apt install php-fpm php-mysql php-xml php-intl php-mbstring nginx

We are going to install it with MySQL, but since the Debian repository did not naturally come up with it, we have to manually install it.

cd /tmp
wget https://dev.mysql.com/get/mysql-apt-config_0.8.26-1_all.deb
sudo dpkg -i mysql-apt-config*

#libssl
wget http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1n-0+deb11u5_amd64.deb
sudo dpkg -i libssl*

sudo apt update
sudo apt install mysql-server

Next, let's create a database.

Creating a MySQL Database and User for OJS

Make sure you already set up a basic MySQL installation or using sudo mysql_secure_installation.

The below snippet is to log in to MySQL, you will be asked for the password. After that, it will create a ojs-db database. We'll create a new user account and set the database to only able to be managed by the account.

mysql -u root -p
CREATE DATABASE ojs_db DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_520_ci;
CREATE USER 'ojs_user'@'localhost' IDENTIFIED BY 'ojs_password';
GRANT ALL ON ojs_db.* TO 'ojs_user'@'localhost';

You now have a database and user account that is made to specifically handle that particular database.

Configuring Nginx

This is pretty much a standard PHP and Nginx configuration. A few points to note is you should adjust the server_name to your intended IP/domain and the root folder of the installation path, in this case, I use /var/www/ojs.

Finally, adjust the php-fpm version with the one you installed.

sudo nano /etc/nginx/sites-available/your_domain

server {
    listen 80;
    listen [::]:80;

    root /var/www/ojs;
    index index.php;

    server_name server_domain_or_IP;

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
    location / {
    	try_files $uri $uri/ /index.php?$args;
    }

location ~ ^(.+\.php)(.*)$ {
        set $path_info $fastcgi_path_info;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param PATH_TRANSLATED $document_root$path_info;

        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }

        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    }
}

Links the file the configuration file to to sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/

Verify our configuration in case there are syntax errors with:

sudo nginx -t 

If it's all good, let's reload Nginx.

sudo systemctl reload nginx

Next, let's start with the main parts.

Installing Open Journal System

It's a good idea to check if there is a newer version or any version you intend to install from https://pkp.sfu.ca/software/ojs/download/.

We going to download the app release, extract it, and copy it to the OJS installation path.

cd /tmp
curl -LO https://pkp.sfu.ca/ojs/download/ojs-3.4.0-3.tar.gz
tar xzvf ojs-3.4.0-3.tar.gz 
sudo cp -a /tmp/ojs-3.4.0-3/. /var/www/ojs

Make sure we change the owner and group of the folder so it can be accessed by Nginx.

sudo chown -R www-data:www-data /var/www/ojs

OJS requires a file directory outside of the web root (the installation path/folder). It ensures private files, like unpublished submissions, can not be accessed by unauthorized users.

sudo mkdir /var/www/ojs-files
sudo chown -R www-data:www-data /var/www/ojs-files

Finishing up installation

After the whole server configuration is done, we can start to finish the installation via the OJS web interface.

Let's visit the following link on a browser.

http://server_domain_or_IP/

Takes note, of our database name, user, password, and also our file directory. We will input those into the installation interface.

You will be greeted with the following images.

Ensure the files and directories as listed in the pre-installation steps are writeable.
If it's all good, continue to create the admin account.

Adjust the directory file with the one we have created. Furthermore, at step 2, we have created the database with its own account. Input those credentials into the appropriate forms.

Scroll all the way down and click Install Open Journal Systems the button to finish the installation. If there is nothing wrong, you will end up with the image below. If there is indeed something wrong, continue to troubleshoot the given error.

Yep, that is it. Congratulations, you made it to install OJS. In case there is any other question, feel free to contact me.

I recently migrated my Ghost site between different VPS providers. Here is my method for my reference or in case you try to find a guide for it.

First, let's start on the initial VPS we'd like to back up. There is 2 thing we going to back up, the Ghost data (content, members, images, site setting, theme, etc.) and database.

Old VPS

Initially, we need access to the server. Then head over to the Ghost installation folder and make a backup.

Ghost Data Backup

cd /var/www/sitename
ghost backup
scp ./backup-* user@new-vps-ip:/home/user/

Database Backup

mysqldump -u root -p sitename_prod > sitename_prod.sql
scp ./sitename_prod.sql user@new-vps-ip:/home/user/

Adjust accordingly for both data and database scp transfer processes.

New VPS

Within the new VPS, just simply install Ghost just like what their installation guide provides (https://ghost.org/docs/install/ubuntu/).

On the installation process skip the SSL configuration parts since we will configure it later and don't run it yet. After it is finished, take a note at config.production.json for the auto-generated database information.

Restore Database and Ghost Data

mysql -u sitedbname -p sitename_prod < /home/user/sitename_prod.sql 

unzip /home/user/backup-* -d /var/www/sitename/content/
sudo chown -R ghost:ghost ./content

Now let's point the DNS server from the former VPS IP address into a new one. What a while for the propagation

ghost setup ssl

If the command running unsuccessfully, the DNS might have not propagated, wait a little longer then rerun the command. After it is done, start the Ghost site, now, the site should be hosted on the new VPS.


To wrap it up, recheck the new site if all the site functionality works just fine.

apt-get install sudo fail2ban-y
apt install ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow OpenSSH
ufw enable
ufw status
adduser admin
usermod -aG sudo admin

ssh-copy-id admin@x
ssh admin@x
sudo nano /etc/ssh/sshd_config
#PasswordAuthentication no
sudo systemctl restart ssh

mysql Debian 12

https://dev.mysql.com/downloads/repo/apt/

sudo apt install gnupg
wget https://dev.mysql.com/get/mysql-apt-config_0.8.26-1_all.deb
sudo dpkg -i mysql-apt-config*

#libssl
wget http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1n-0+deb11u5_amd64.deb
sudo dpkg -i libssl*

nano

delete all lines trick

echo " " > filelocation.txt

man

Critics: They smell life and they cannot stand it.

― Charles Bukowski

I have just now come from a party where I was its life and soul;
witticisms streamed from my lips, everyone laughed and admired me, but I
went away — yes, the dash should be as long as the radius of the
earth's orbit ——————————— and wanted to shoot myself.

― Søren Kierkegaard

The reader lives faster than life, the writer lives slower.

― James Richardson, “Even More Aphorisms and Ten-Second Essays from
Vectors 3.0”

BIM BIM BIM
BIM BIM BIM
BIM BIM BIM
BIM BIM BIM

― Charles Bukowski

Let me tell you some things I find productive. Positive reinforcement. Negative reinforcement. Honesty. I'll tell you some things I find unproductive. Constantly worrying about where you stand based on inscrutable social clues and then inevitably reframing it all in a reassuring way so that you can get to sleep at night. No I do not believe in that at all. If I invited you to lunch I think you're a winner, if I didn't I don't, but I just met you all. Life is long, opinions change. Winners prove me right. Losers prove me wrong.

― Robert California

Even frequent fliers eventually fly away, never to be seen again.

https://compactmag.com/article/no-cure-for-loneliness

Kau suka bicara tentang keindahan, Jean. Di mana keindahan suatu kekejaman, Jean?" "Tidak sederhana keterangannya, Minke. Gambar ini bersifat sangat pribadi, bukan untuk umum. Keindahannya ada di dalam kenang-kenangan.

― Pramoedya Ananta Toer

I remember a day in class when he leaned far forward, in his 11 characteristic pose — the pose of a man about to impart a secret — and croaked, "If you don't know how to pronounce a word, say it loud! If you don't know how to pronounce a word, say it loud!" This comical piece of advice struck me as sound at the time, and I still respect it. Why compound ignorance with inaudibility? Why run and hide?

― Nassim Nicholas Taleb

Every day must be a struggle for self-improvement in the service of improvement of the world.

― Alone

Reputation, reputation, reputation! Oh, I have lost my reputation! I have lost the immortal part of myself, and what remains is bestial.

― William Shakespeare

May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.

– SQLite

Below is an infographic/things that spark my interest. It compares things that we may encounter in everyday life. In the near future, this will be the article where I will share and update this typical comparison.

Life Calendar

‌                                                                      

Doomscrolling is devastating. One time I decided to look at the outrageous amount of time I have spent mingling on social media, I was curious to reflect on how much time I have left, generally. Surely, the graph by Tim Urban came to my mind.

Each box represents a week in your life. On one hand, it tells how finite our times are, and on the other hand, there will be always a new opportunity in each new week.

Universe Scale

‌‌Among many planets, the Earth is the fifth largest planet from the 8th planet within our solar system.

One might wonder, how many earths could fit inside the sun? Well, assuming Earth is forced and squished without any room of empty space into the sun, it would consist of roughly 1.3 million Earth. That volume of the sun could hold that myriad of earth.

Now let us just imagine if we compare Earth with VY Canis Majoris.

Bitcoin

The pictured illustration is partly incorrect. It does not depict the actual of how Bitcoin works as a whole. Nevertheless, my point is to extract the gist of how the cryptographic system works, which personally causes me amazement.‌‌‌‌

Cause of Death

Suc‌h a distinct result between Reality vs. Google vs. Media. In some cases, Google and mainstream media generally give a biased view that does not conveys reality. Hence we should carefully consider where our limited attention goes in, especially in today personalized information overload.

A self-curated about where we got a piece of information, and a wide array of sources should prevent us from just participating in an echo chamber. I do personally utilize RSS. It is such an underrated tool.

If the Moon Were Only 1 Pixel

While scrolling around Reddit, I found this site that straight away makes me an awe.

As per the creator, Josh Worth, this site is about "A tediously accurate scale map of the solar system that illustrates the mind-boggling amount of space between planets."

Like in every introduction of beginner programming educational resource, there isn't any perfect start but a Hello World. Let's pull that up!

TL;DR

$ sq login
$ sq pull
$ sq play 1
$ sq fund <Public Key>
$ make build
$ soroban deploy --wasm target/wasm32-unknown-unknown/release/soroban_hello_world_contract.wasm
$ soroban invoke --id <CONTRACT_ID> --fn hello --arg <ARGUMENT>
$ sq check1

Opening up Gitpod

In every quest the Gitpod environment is fixed, so you only need to have the main link to the quest, there you can do quest-related things directly within Gitpod.

You can find the Gitpod link at https://quest.stellar.org/live or at the code repository (https://github.com/tyvdh/soroban-quest). To make it simple, just click the below link directly to open the environment.

Dashboard — Gitpod

As a side note, the Soroban Quest repository GitHub link above is where all the environment configuration relies on. In case you want to take a peek about how it works, every Gitpod configuration that makes the environment ready to go is available right there.

Account Set Up

On the terminal window shell make sure you are on "CLI - Futurenet: bash", and then proceed by connecting the quest account with squirtle.

If this is your first start, you are required to connect your Discord account to play the quest. Just follow the step of the given command.

$ sq login 
$ sq user

Playing the quest

First of all, make sure you are running sq pull to check whether there is a new quest or not. Over quests/*  folder, you will see any available quest to play.

To start it off, use command sq play [index]

$ sq play 1

You will be greeted with a quest keypair that you will be using to finish off the quest. Make sure you fund it with sq fund [Public Key] or choose the option that will do it automatically.

Tackling The Quest

It is necessary to comprehend what the readme.md file suggests and inspects any available code like lib.rs or test.rs.  There will be complete information regarding how to complete the quest.

For example, below are the tl;dr snippet about what you need to do:

It indicates that we need to deploy and invoke the hello world contract using the the given quest account/keypair on Futurenet network. So, if we look deeper into lib.rs there aren't any further things we need to do!

To complete it, we can use soroban-cli to invoke and deploy the contract. But, we need to build the contract first.

Building the smart contract

To build the smart contract, we need to use a specific command to compile the contract in a WebAssembly format, you can specifically build the intended contract within its folder using cargo or we also can use build it with make.

A. cargo build

On the terminal, go to the current quest directory to build the current contract

$ cd quests/1-hello-world/
/workspace/soroban-quest/quests/1-hello-world $ cargo build --target wasm32-unknown-unknown --release

After it is done compiling, it will show this output

 Compiling soroban-hello-world-contract v0.0.0 (/workspace/soroban-quest/quests/1-hello-world)
    Finished release [optimized] target(s) in 22.56s

The cargo build command is used to build our smart contract, we also specify  --target wasm32-unknown-unknown to compile our program(smart contract) into WebAssembly(wasm32) for any architecture(unknown-unknown). Lastly, the --release profile parameter is used to optimize our program so that it does not exceed the maximum size amount of Soroban contract.

As of today writings, the current quest environment does not ship with makefile. To compile the contract from the main directory of /workspace/soroban-quest, use

$ cargo build --manifest-path=quests/1-hello-world/Cargo.toml --target wasm32-unknown-unknown --release

B. make build

As a reference, we also can type out the cargo build command directly at the root directory, but it will compile the whole quest that currently available on the environment. That happen because Cargo.toml already configured to include the whole quest with Cargo Workspace.

Make sure we are at the directory of /workspace/soroban-quest, since makefile already configured we can directly type it out the command instead of the full command that includes parameters.

$ make build

If we take a look at Makefile, it already specifies the intended configuration.

build:
	cargo build --target wasm32-unknown-unknown --release

After we have done building using either option, the file result available at target/wasm32-unknown-unknown/release/soroban_hello_world_contract.wasm

Deploy the Contract

And now is the part where soroban-cli comes in handy, to deploy our compiled contract into Futurenet netwok, we can use the command:

soroban deploy --wasm <WASM> --secret-key <SECRET_KEY> --network-passphrase <NETWORK_PASSPHRASE> --rpc-url <RPC_URL>

soroban deploy \
    --wasm target/wasm32-unknown-unknown/release/soroban_hello_world_contract.wasm \
    --secret-key [Secret Key] \
    --rpc-url http://localhost:8000/soroban/rpc \
    --network-passphrase 'Test SDF Future Network ; October 2022'

As you can see, we are giving 4 argument, here is the snippet of what it does.

$ soroban deploy --help
soroban-deploy 
Deploy a WASM file as a contract

USAGE:
    soroban deploy [OPTIONS] --wasm <WASM>

OPTIONS:
        --wasm <WASM>    WASM file to deploy

OPTIONS (RPC):
        --secret-key <SECRET_KEY>
            Secret 'S' key used to sign the transaction sent to the rpc server [env:
            SOROBAN_SECRET_KEY=]
        --rpc-url <RPC_URL>
            RPC server endpoint [env: SOROBAN_RPC_URL=]

        --network-passphrase <NETWORK_PASSPHRASE>
            Network passphrase to sign the transaction sent to the rpc server [env:
            SOROBAN_NETWORK_PASSPHRASE=]

Fortunately, our Gitpod environment have set up those last 3 argument on the CLI - Futurenet bash environment variables automatically.

$ echo $SOROBAN_RPC_URL
http://127.0.0.1:8000/soroban/rpc
$ echo $SOROBAN_NETWORK_PASSPHRASE
Test SDF Future Network ; October 2022
$ echo $SOROBAN_SECRET_KEY
SCVRMTT5GTXUS4DJDV4WP6IJUCFVQBMNYOI2G4GM42XR72M6MIOFIN67

So we can simply deploy it with:

$ soroban deploy --wasm target/wasm32-unknown-unknown/release/soroban_hello_world_contract.wasm

If it deployed succesfully, the output of the command will return the CONTRACT_ID.

success
8b473ec5ee974d1ddf6e19424f5610d1fed453c89e4dc66b0b457dbb8d0840c2

Invoke the contract

Similar with the deployment command approach, invoking a contract require some arguments to be passed,

soroban invoke --id <CONTRACT_ID> --fn <FUNCTION> --arg <ARGUMENT> --secret-key <SECRET_KEY> --network-passphrase <NETWORK_PASSPHRASE> --rpc-url <RPC_URL>

CONTRACT_ID is the deployed contract id that we going to invoke from the last step. FUNCTION is the function of the smart contract itself that we are going to interact, and ARGUMENT is the parameter of the FUNCTION.

With that in mind, the comand is as follow:

$ soroban invoke --id 8b473ec5ee974d1ddf6e19424f5610d1fed453c89e4dc66b0b457dbb8d0840c2 --fn hello --arg wibi
success
["Hello","wibi"]

Do in mind that,  the expected parameter is Symbol (https://docs.rs/soroban-sdk/latest/soroban_sdk/struct.Symbol.html). If you hover over the Symbol code within lib.rs you will see a snippet of documentation of the struct.

For example, if you are passing more than ten characters or an invalid parameter, the contract won't run.

$ soroban invoke --id 8b473ec5ee974d1ddf6e19424f5610d1fed453c89e4dc66b0b457dbb8d0840c2 --fn hello --arg MoreThanTenCharacter
error: parsing argument MoreThanTenCharacter: parse error: value is not parseable to type

$ soroban invoke --id 8b473ec5ee974d1ddf6e19424f5610d1fed453c89e4dc66b0b457dbb8d0840c2 --fn hello --arg %
error: transaction simulation failed: HostError
Value: Status(HostValueError(UnknownError))

Finishing up the Quest

If we are done with what we should do, it is best to check it out using squirtle to see if the answer is indeed the correct one.

$ sq check 1
🎉 Correct! 🧠

That is it. Let's continue to the next one!

Introductory

A brand new Stellar Quest Live is already up, it is now their smart contract platform, Soroban, which became the main topic of the quests.

The current series is mainly designed for beginner Soroban developers. So, those who did not have any programmer or developer background may have difficulty competing in the quest. Nevertheless, no one stops you to compete with one another.

Quest Environment

Gitpod

Gitpod is an open source developer platform automating the provisioning of ready-to-code developer environments^[1]. Toward finishing up the quest, most questers will be working within the Gitpod developer environment.

The tool is used to make the quest experience as convenient as possible. Every prerequisite tool to complete the quest is already built-in into the environment, so the participant only needs to complete the quest. It includes VS Code and quest-related shell environment. The Rust environment is also already set up within Gitpod, so you don't have to install anything since Gitpod can be opened up in a browser.

Squirtle, Soroban CLI, and Futurenet

Yep, those things are already included too! We will be following along to learn what is those tools and platform while doing the quest. As a snippet, Squirtle or sq is used for managing the Stellar Quest playground. Soroban CLI or soroban, is used to interact with our smart contract code. Lastly, Futurenet is the test network we will be used to.

Working it out

As the time of writing there are a few quests left to compete. Nevertheless, you can still dig around to learn more about Soroban based on this series. So, let's cut to the chase.

You can learn more about further reference on

• https://www.stellar.org/blog/announcing-stellar-quest-live-series-5-soroban
• https://github.com/tyvdh/soroban-quest--pioneer
• https://quest.stellar.org/rules/series-5
• https://github.com/tyvdh/soroban-quest

Secara default, kombinasi UFW dengan Docker tidak akan berjalan sebagaimana mestinya. UFW berfungsi sebagai aplikasi firewall yang memanipulasi aturan iptables, di sisi lain, Docker juga mengkonfikurasi iptables secara langsung untuk mengatur jalannya aplikasi ini tersendiri. Dengan demikian, ada dua hal yang bertabrakan sehingga Docker tidak akan mematuhi perintah dan konfigurasi UFW.

Cara Kerja UFW

UFW(Uncomplicated Firewall) merupakan sebuah front-end untuk aplikasi iptables. Aplikasi ini dibuat dengan tujuan untuk mensimplifikasi pengaturan firewall pada Linux, dikarenakan konfigurasi iptables ini cukup rumit, yang dimana berhubungan atau berinteraksi langsung dengan aturan netfilter.

Netfilter sendiri merupakan sebuah framework pada kernel Linux untuk mengatur packet filtering, network address [dan port]translation (NA[P]T), packet logging, userspace packet queueing dan other packet mangling.^[1]

Syntax UFW mempermudah pengaturan firewall dengan cara memanipulasi perintah iptables. Sebagai contoh, perintah seperti ufw allow from <IP> to any akan diterjemahkan menjadi syntax yang dimengerti oleh iptables, iptables -A INPUT -s <IP> -j ACCEPT. Dan juga berbagai perintah lainnya yang berfungsi untuk logging serta juga rate limiting.

Proses Kerja Docker

Docker mengisolasi proses networking-nya dengan cara memanipulasi langsung iptables.^[2] Oleh karena itu, Docker secara otomatis membuat dua aturan utama pada iptables sebelum aturan iptables lainnya, sehingga, segala paket apapun yang masuk akan dicek terlebih dahulu melalui dua aturan terkait yang berasal dari Docker.

Penyebab

Infomasi bagaiamana Docker memanipulasi iptables tersedia di halaman dokumentasi Docker, ada poin penting yang mengindikasi di mana letak permasalahannya ketika memakai aplikasi firewall.

Docker installs two custom iptables chains named DOCKER-USER and DOCKER, and it ensures that incoming packets are always checked by these two chains first.

All of Docker’s iptables rules are added to the DOCKER chain. Do not manipulate this chain manually. If you need to add rules which load before Docker’s rules, add them to the DOCKER-USER chain. These rules are applied before any rules Docker creates automatically.

Rules added to the FORWARD chain -- either manually, or by another iptables-based firewall -- are evaluated after these chains. This means that if you expose a port through Docker, this port gets exposed no matter what rules your firewall has configured. If you want those rules to apply even when a port gets exposed through Docker, you must add these rules to the DOCKER-USER chain.

https://docs.docker.com/network/iptables/#add-iptables-policies-before-dockers-rules

Singkatnya, pada iptables aturan DOCKER akan mendahului aturan mendatang lainnya, jadi, jika suatu port tidak terlebih dahulu dijelaskan pada aturan DOCKER, port terkait akan terekspos.

Solusi

Sebagaimana letak permasalahannya di atas, ada cara untuk menanggulangi masalah tersebut. Yaitu, dengan cara mengubah konfigurasi default atas bagaimana UFW berinteraksi dengan iptables, dengan menambahakan aturan khusus pada DOCKER-USER.

Untungnya, sudah ada developer dan para komunitas yang berkontribusi untuk memperbaiki celah keamanan ini.^[3] Cara menanggulanginya adalah sebagai berikut.

1. Buka file /etc/ufw/after.rules
2. Tambahkan aturan khusus di bawah ini pada akhir file tersebut

# BEGIN UFW AND DOCKER
*filter
:ufw-user-forward - [0:0]
:ufw-docker-logging-deny - [0:0]
:DOCKER-USER - [0:0]
-A DOCKER-USER -j ufw-user-forward

-A DOCKER-USER -j RETURN -s 10.0.0.0/8
-A DOCKER-USER -j RETURN -s 172.16.0.0/12
-A DOCKER-USER -j RETURN -s 192.168.0.0/16

-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN

-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 192.168.0.0/16
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.0.0.0/8
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.16.0.0/12

-A DOCKER-USER -j RETURN

-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
-A ufw-docker-logging-deny -j DROP

COMMIT
# END UFW AND DOCKER

3. Lalu, restart UFW. Pada kasus tertentu, aturan tersebut baru bisa berlaku ketika sudah merestart server, jadi pastikan aturan di atas sudah teraplikasi.

Ada pun penjelasan dan alasan akan konfigurasi tersebut tersedia pada link yang saya kaitkan di footnote ketiga.

Penutup

Referensi bacaan lebih mendalam yang berkaitan dengan beberapa hal pada tulisan ini sebagai berikut.'

• https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture
• https://serverfault.com/questions/1014531/ufw-and-iptables-which-is-better-and-why
• https://github.com/chaifeng/ufw-docker
• https://wiki.ubuntu.com/UncomplicatedFirewall

https://metrics.torproject.org/rs.html#search/darkheroes

Unfortunately, I can no longer maintain these instances.

Nitter

A free and open source alternative Twitter front-end focused on privacy and performance.

Clearnet: https://nitter.manasiwibi.com/Onion: http://li7snkj6oituazbkr5clmilccwwumhd2dntbhttxomy4dfakeeoar4qd.onion/

Teddit

A free and open source alternative Reddit front-end focused on privacy.

Clearnet: https://teddit.manasiwibi.com/Onion: http://24fympskbrdgbf4afuvhqwwl2tv3y2vwxg5t2ktozd4j5b3fob5ntzyd.onion/

Proxitok

Open source alternative frontend for TikTok.

Clearnet: https://proxitok.manasiwibi.com/Onion: http://vywqfflneajejuhg7o5iklqvzemu2fcdrb3gtkvnyqsho6qin5svdsad.onion/

Invidious

An open source alternative front-end to YouTube.

Clearnet: https://invidious.manasiwibi.com/Onion: http://znhhnv55asjawcfy3xjun6dlbzevkd5wv5mswq7ztlkx4zawagc3bryd.onion/

Librarian

An alternative frontend for LBRY/Odysee.

Clearnet: https://librarian.manasiwibi.com/Onion: http://jnfc354jfpp3euom2iape3lfqam3jkidztfks2zeap3sfowv6z5yy3qd.onion/

Berfungsi sama seperti Google Analytics, Matomo merupakan sebuah platform tracking untuk suatu website atau aplikasi.

Perbedaan siginifikannya adalah dalam bagaimana data-data yang dihasilkan, data-data hasil analitik sepenuhnya dapat dimiliki. Dalam hal lainnya, aplikasi ini juga memberikan kebebasan mengenai data-data seperti apa yang akan dikoleksi untuk para pengunjung website ini.

Matomo sendiri merupakan aplikasi perangkat lunak open source. Dengan fitur yang hampir serupa dengan Google analytics, Matomo memberikan kontrol penuh terhadap data yang dihasilkan. Tidak hanya itu, privasi pengguna terlindungi dan kepemilikan data sepenuhnya didapatkan, hal-hal yang tidak bisa didapatkan ketika menggunakan Google Analytics.

Proses instalasi Matomo sendiri cukup mudah. Ada image Docker official^[1] yang tersedia ataupun juga instalasi secara manual, entah itu menggunakan control panel web hosting maupun langsung via server.

GDPR, dan Consent Cookie serta Pelacakan

GDPR sendiri mewajibkan suatu aplikasi atau website yang melayani pengunjung dari Uni Eropa, diwajibkan menanyakan konfirmasi atas consent untuk penggunaan data dari setiap pengunjung ataupun penggunaan cookies.

Konfigurasi dan fitur yang tersedia dalam Matomo memberikan keluwesan pemilik website untuk memilih jenis pelacakan yang mematuhi regulasi GDPR, bahkan tanpa consent pengunjung ataupun banner cookies sekalipun.

Hal itu disebabkan karena jenis tracking yang digunakan tidak memakai tracking jenis cookies, data yang digunakan hanya sebagai data analitik tidak untuk keperluan lainnya, pengunjung tidak dilacak di berbagai website-website lain, dan informasi pengunjung tidak bisa dilacak atau dipetakan.^[2]

Mengenai apakah ruang lingkup web atau blog personal wajib mematuhi GDPR atau apa itu GDPR sendiri secala lengkap, itu mungkin bahasan lain. Yang terpenting adalah setiap situs atau aplikasi harus menjamin keamanan dan privasi para pengunjungnya dalam interaksi apapun.

Konfigurasi Tracking

• Menonaktifkan pelacakan yang menggunakan cookies

Konfigurasi dalam dashboard Matomo:

Dan pada kode tag pelacakan JavaScript

_paq.push(['disableCookies']);

• Anonimisasi alamat IP

• Preferensi Do Not Track

Dan yang terakhir, opsi opt-out tracking tersedia pada halaman GHOST_URL/privacy-policy/. Para pengguna browser yang mengaktifkan DNT, sudah secara otomatis menonaktifkan tracking dari Matomo.

As you have may notice, my blog is built over Ghost. I’m a keen supporter of the Tor network as a whole. So why wouldn’t I onionized my own website.
I’m gonna skip the ghost installation part but straight into configuring the onion service.

As a prerequisite, I configured Ghost using Ubuntu manual installation with Nginx and SSL set up. And of course, you should have installed Tor.

Assuming we have a similar configuration, we will find the SSL Nginx
configuration file at /etc/nginx/sites-available/{sitename}-ssl.conf.

We just simply need to add the Onion-Location header and Onion service address inside our Nginx config. But before we go over that part let's start with starting up the onion service

Creating onion service

On /etc/tor/torrc append below config to the bottom of the file.

HiddenServiceDir /var/lib/tor/{sitename}/
HiddenServicePort 80 127.0.0.1:80

Restart the Tor process, sudo systemctl restart tor. After that, let's see the generated Onion Service address by running sudo cat /var/lib/tor/{sitename}/hostname.

NGINX

The Onion Service address is ready. Now let's configure it so Nginx sent the information about the onion address to the client by using Onion-Location.

Upon /etc/nginx/sites-available/{sitename}-ssl.conf, add the config just before location / { line.

add_header Onion-Location http://{generated-onion-address}.onion$request_uri;

After that, add a new server block in the bottom of the file.

server {
    listen 80;

    server_name {generated-onion-address}.onion;

    location / {
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass http://127.0.0.1:2368;
    }
}

Check if the config is all good and restart Nginx.

sudo nginx -t
sudo systemctl restart nginx

The whole config should look like this.

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name manasiwibi.com www.manasiwibi.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/manasiwibi.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/manasiwibi.com/manasiwibi.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    add_header Onion-Location http://{generated-onion-address}.onion$request_uri;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 1g;
}


server {
    listen 80;

    server_name {generated-onion-address}.onion;

    location / {
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass http://127.0.0.1:2368;
    }
}

The reason why I set X-Forwarded-Proto to https is since ghost setting are making an internal http to https redirection by default, so we need to override that via the web server, by assuming/overriding the connection on the local reverse proxy is https.

Checking It Out

Run wget --server-response --spider your.domain to see whether Nginx already sent out the onion information. The output should indicate it exists.

onion-location: http://{generated-onion-address}.onion/

Or simply just open up Tor Browser and directly visit your clearnet domain. It should automatically be redirected into the configured Onion Service address.

As a caveat; if you want your onion service/server to be kept private. I suggest you follow the recommended guidelines based on Tor project websites and other consideration/guidelines recommendations.

Apa itu browser fingerprinting

Berdasar standarisasi organisasi World Wide Web Consortium(W3C), secara singkat, browser fingerprinting adalah kapabilitas situs internet atau website untuk mengidentifikasi dan mengidentifikasi ulang suatu pengunjung, user agent atau perangkat, melalui konfigurasi pengaturan atau karakteristik lainnya yang terdapat pada perangkat Anda.

Browser Fingerprinting ini digunakan website untuk menampilkan dan mengoptimasi layanan/tampilan mereka untuk perangkat atau browser tertentu. Tampilan yang diberikan website pada pengguna desktop dan handphone tentu saja berbeda, dalam hal lain, informasi zona waktu mengenai kapan dimulainya pertandingan sepak bola dapat kita dapatkan karena browser fingerprinting ini. Hal tersebut secara inheren merupakan cara kerja dari browser dan web itu sendiri. Akan tetapi, hal ini bisa dijadikan sebagai hal yang membahayakan privasi. Jika diiringi dengan identitas yang bisa dilacak seperti alamat email atau nama Anda, Informasi yang diturunkan dari fingerpint browser bisa digunakan untuk memetakan tingkah laku, perilaku, kesukaan, serta kapan dan di mana Anda mengakses website. Dalam kata lain, mengidentifikasi pengguna mengenai aktifitas digitalnya.

Pengaruh Browser Fingerprinting Terhadap Aktifitas Digital

Data digital personal, seperti perilaku, kesukaan, ketidaksukaan, dan hobi pada suatu pengujung website bisa digunakan untuk banyak hal. Seperti menargetkan iklan yang sesuai dengan preferensi kalian, mengurangi botnet atau tindakan merugikan pada suatu website, mencegah tindak penipuan pada internet banking atau penggunaan kartu debit/credit, dan juga penipuan pada website jual-beli. Di sisi negatifnya, karena browser fingerprinting ini bisa terjadi tanpa persetujuan penggunannya, proses-proses yang menginvasi hak privasi pengguna akan sangat rawan disalahgunakan. Beberapa aktifitas digital yang seharusnya berada dalam ruang privat, bisa digunakan dan dikoleksi untuk tujuan marketing atau lainnya.

Singkatnya, fingerprinting ini dapat digunakan untuk halnya keamanan, akan tetapi, tracking ini juga sangat berisiko terhadap privasi pengguna dalam aktvitas digital.

Browser fingerprinting dapat digunakan untuk:

• Mengidentifikasi pengguna
• Mengkorelasikan aktivitas browsing
• Melacak pengguna tanpa transparansi dan kontrol

Browser fingerprinting ini sangat berpotensi untuk melanggar hak privasi kalian. Proses pada browser fingeprinting tidak memerlukan persetujuan dari penggunanya seperti cookies. Hal rawan inilah yang harus menjadi perhatian khusus bagi kita semua, karena tanpa persetujuan kita, aktifitas digital kita bisa dikoleksi dan digunakan untuk memonitor perilaku kita secara online.

Bagaimana browser fingerprinting bekerja?

Praktik fingerprinting terjadi ketika setiap kali pengguna mengunjungi sebuah website. Tracker yang berasal dari situs itu tersendiri atau layanan pihak ketiga, akan termuat setiap kali kita membuat suatu situs. Oleh karena itu, tracker ini dapat digunakan untuk mengumpulkan identitas digital para penggunanya. Yang mengakibatkan, informasi spesifik seperti apa yang sedang user lakukan dan di mana mereka mengunjungi suatu situs dapat dipetakan.

Data dari browser selalu mengeluarkan informasi yang berupa, sistem operasi, jenis browser yang digunakan, hingga versi browser. Lalu, browser juga mengirim informasi tambahan berupa sistem operasi beserta versinya, tipe font yang ter-install, plugin yang digunakan, system colors, dan zona waktu pada browser.

Setiap kombinasi dari data-data tersebut dijadikan sebagai identitas/fingerprint unik dari browser yang kita gunakan saat mengunjungi suatu website. Data-data yang terkumpul oleh browser fingerprinting mungkin terlihat biasa-biasa saja, akan tetapi, informasi tersebut dapat mengidentifikasi setiap pengguna internet.

Melihat Langsung Cara Kerja Browser Fingerprinting

Kalian semua bisa secara langsung melihat bagaimana browser fingerprinting ini bekerja, ada beberapa situs yang memang dibuat khusus untuk melakukan penelitian atau memberikan informasi secara umum. Sebagai contoh, kalian bisa langsung mengunjungi situs:

• https://amiunique.org/
• https://coveryourtracks.eff.org/
• https://noscriptfingerprint.com/

Hasil dari situs tersebut, menampilkan data-data apa saja yang browser kalian keluarkan setiap kali mengunjungi suatu website. Dari informasi secara umum hingga penjelasan detail mengenai contoh dari data-data terkait.

Dari informasi itulah yang menimbulkan potensi data personal yang sangat spesifik digunakan tanpa sepengetahuan dan sepertujuan kita.

Mencegah Browser Fingerprinting Pada Aktifitas Digital

Karena fingerprint browser ini secara inheren terjadi didalam bagaimana proses berselancar di dunia maya, hal ini tidak bisa dihilangkan. Namun demikian, ada beberapa hal yang bisa kita lakukan untuk meminimalisir keunikan dari data personal/browser kita.

Cara simple-nya adalah dengan menggunakan browser yang melindungi data privasi kalian semua. Browser seperti Firefox, Tor Browser, dan Safari secara bawaan terdapat fitur yang mencegah browser fingerprinting dapat dilakukan secara efektif.

Akan tetapi, jika kalian memiliki alasan kuat dan jelas untuk menghindari browser fingerprinting, sudah sepatutnya bahwa menggunakan Tor Browser adalah pilihan yang tepat.