On Wetware and Cybersmut — A Future Sex Retrospective

This article was originally written for and published at Neon Dystopia on January 9th, 2018 It has been posted here for safe keeping.

Of all the cyberpunk magazines I’ve ever come across, Future Sex is definitely the strangest. From the cover of the first issue, you know immediately that you haven’t seen anything quite like this before. A naked brunette with headlines screaming “Electronic Masturbation,” and “3D Digital Orgasms: Virtual Reality Sex,” all imposed over a candy-colored gradient background. Make no mistake, when you peel open the pages of this magazine, you’re going to get porn. Lot’s of porn— with several photo spreads and articles featuring not-so-modest coeds in each issue. But in the sea of smut, phone sex hotline advertisements, and good old-fashioned sex on CD-ROM lies a stockpile of futurist, sex-positive cyberpunk journalism. With articles on teledildonics and smart aphrodisiacs, Future Sex was covering subjects formerly delegated to the dark corners of the ‘net. Now, you could buy it all for $4.95 off of the newsstand.

Cover for the first issue of Future Sex. Read the whole issue here.

I bought my first issue of Future Sex in 2013 or 2014, decades after the magazine folded. It was most likely on eBay, though I have no idea how I was originally made aware of its existence. Shortly after receiving the issue in the mail, I made a quick scan of it and uploaded it to the Internet Archive before sharing a link online. At this point, I only had the fifth issue of the magazine but found the premise of it utterly fascinating. I couldn’t believe that something like this existed, and part of me still can’t.

Over the next few years, I collected a few more issues piece by piece but never thought much of it until I was contacted by Kyle Machulis, aka qDot, in 2016. For those who don’t know (much like me at the time), Kyle Machulis is something of a celebrity in the world of DIY sex toys and sex technology, running projects like Metafetish (formerly Slashdong) and buttplug.io. We became friendly over the topic of Future Sex and embarked on a project where we would track down every issue of the magazine to then scan and upload to the Internet Archive for everyone to read. With both of us getting magazine shipments and rapidly performing scans, we quickly completed the project after a few months and received coverage from VICE Media’s MOTHERBOARD and SexTechGuide. Speaking with Machulis about how he first found out about Future Sex, he revealed a much longer relationship with the publication:

I remembered seeing ads for it in the back of magazines (like Mondo 2000 and others) I was reading around the time it was published. I was at the horribly impressionable age of 13-14, so of course it stuck.

Some of the images from it, especially the Virtual Sex hardware layout, kept coming up over and over again, in articles about the future of tech, memes, things like that. That’s what got me thinking about it again 20-some years later. Since I’d gone from being confused-and-online teen to confused-and-online-and-sex-tech-website-running adult, it seemed relevant to dig it up again.

As great as it was to achieve a complete archive of Future Sex, there is still a lot unknown about it. The magazine was relegated to the dustbin of history, and many stories of its short life went with it. At the beginning of the 1990s, San Francisco was a hotspot for technology, as well as sex. It was where you went if you were weird and had off-beat interests— or kinks. “The early ’90s were a formative time for the Internet we know today, and I wanted to help in making sure that history was archived properly,” Machulis reflects, “While Future Sex would look fairly mild compared to the range of content available today, there was certainly some groundbreaking stuff in it at the time.”

R U into cybersex? Image from Future Sex issue 2.

Future Sex was started in 1992 and driven by Lisa Palac, a former film student, and senior editor at On Our Backs (1985) lesbian magazine, helmed by Susie Bright. Palac wasn’t always into such suggestive work. She was originally an anti-porn activist, though she ultimately changed her views as she began to question her Catholic upbringing and investigate the various taboos around sex and sexuality. While in school, Palac would go on to create erotic films, and even publish her own sex-themed pornographic zine before entering the literary world. As the cyber ethos spread through the Bay Area, it eventually hit Palac in a world-changing way.

Clip from the Virtual Reality episode of Futurequest, featuring Palac discussing “telesex” in 1994 (No, that’s not her in the thumbnail).

Journalist Jack Boulware, founder of satirical magazine The Nose (1988), shared an office with Future Sex in the early ’90s. Boulware claims that Future Sex was originally helmed by novelist, and godfather of cyberpunk, John Shirley before he was replaced with Palac by Kundalini Publishing after the first issue. While the masthead of the premier issue lists Shirley as a contributing editor, Palac receives top billing as Editor, and her words are the first you read as you are introduced to the publication. The staff of this issue reads like a list of guests you might find milling about a Mondo 2000 party at 3AM: Gracie, Richard Kadrey, St. Jude Milhon, and Bart Nagel to name a few. The familiar names make for a comfortable first issue of any publication— as long as your level of comfort was smart drugs and anarcho-leaning techno-counterculture.

Between the high-tech sex talk and multiple photo spreads, the sex-positive, feminist ideals of Palac are at the forefront. This isn’t your normal porno rag aimed at men, nor is it entirely aimed at women; it hits a more general group of sexual beings, poised to look towards the future of sexuality and new ways to get off. Palac is blunt, sarcastic, and snarky, but she’s honest about what she wants and where she sees things going in the world of sex. The next few issues showed refinements in layout and design as the magazine hit its stride. Content boomed with articles on cybersex, teledildonics, high-tech sex toys, and everything in between. Interviews with cyberculture personalities like William Gibson and R.U. Sirius lined the pages, along with discussions of the latest BBS or Usenet group to check out and meet like-minded individuals.

William Gibson gets in on the fun in Future Sex issue 4. Read the whole issue here.

In a lot of Future Sex articles, the technology seems alien. We bounce back and forth between industrial-looking equipment that would feel familiar in a 1970’s wood-paneled den, as well as more Cronenberg-esque devices like the CyberSM, which, well… you just sort of have to see for yourself. The virtual sex and teledildonic wet dreams of Ted Nelson and Howard Rhinegold never seemed more real. With models clad in leather, latex, steel, and chrome, we received a salty taste of what the next frontier in sex could offer us in the not-so-distant future.

Photos like this are some of those most memorable from Future Sex. Originally from Future Sex issue 2, this scan was actually taken from a 1993 issue of Australian games magazine named Hyper where the images were reused.

With page upon page of advertisements for sex software, expensive bulletin board access, and phone hotlines, you never forgot you were reading a pornographic magazine. Even Future Sex itself advertised all of the different credit cards it could accept for subscription via a full-color banner in the first issue. Though Future Sex had seemed to target all genders and sexual orientations, the advertisements felt old-fashioned and predictable, almost exclusively aimed at heterosexual males.

Future Sex wasn’t seen as a success by everyone. Carla Sinclair, then-editor of bOING bOING, critiqued the first issue, wishing that the publication would do a better job of melding sex and future tech together. While we do get a dose of sex technology in many articles, there are still articles that are clearly about sex or future tech, but not with one another. Sinclair further pondered if there was enough material to squeeze out of high technology being infused with the primitive, basic act of sex, something she saw as two opposites. While issues regularly featured high-tech sex articles, they came out in less and less of a trickle, eventually getting more flaccid over the life of the publication.

Lisa Palac once interviewed Mike Saenz, author of the first erotic software title for the Macintosh, MacPlaymate. Image of the software in action from wowbobwow of reddit.com/r/retrobattlestations.

By the end of the magazine’s run, articles seemed to focus less on our cyber-future and more on the general, alternative-sex scene. Future Sex ended its run in 1994 with a mere seven issues. Issue 7 makes no mention of being the last, which undoubtedly left readers wondering what had happened when nothing arrived in their mailboxes. Internally, Palac was cutting her ties from the magazine, being replaced by writer Lily Burana. While Burana began work on an eighth issue, it was ultimately never released before the magazine shuddered.

Though Future Sex was no more, Palac’s career was still on its way up. While at Future Sex, Palac was constantly bombarded for interviews or photoshoots about the hot new topic of cybersex. Between 1991 and 1993, she worked with Ron Gompertz to produce two Cyborgasm albums that used binaural audio technology in conjunction with erotic stories (Palac actually met Gompertz at Mondo 2000 party, and the two would later become briefly engaged). After Future Sex, Palac continued a career in journalism, and ultimately published a memoir The Edge of the Bed: How Dirty Pictures Changed My Life in 1997. Later, she would go into television, producing episodes of HBO’s Taxicab Confessions from 1999 – 2001. She currently works as a therapist in Los Angeles, California. Other Future Sex alumni such as Richard Kadrey and Jack Boulware have continued to write for various publications, and also release their own books.

While Future Sex has long been out of print, it certainly hasn’t aged gracefully. “I feel like the magazine is very much of its time, so a lot of the topics covered would really be seen as anachronistic today,” Machulis suggests when asked if Future Sex is still relevant. “That said, a lot of internet users these days are stuck in between extremely dated views of sexuality and an online society constantly shoving the newest, latest thing at them. The best I hope for with the archive work done is to establish maybe a history that can be referenced for trying to bring people up to date.”

As technology has grown and changed over the years, we see advancements in how it can impact and augment sex. Sex toys and related technologies like virtual reality have only become more sophisticated, and future of sex tech is continuing strongly. With pioneers like Machulis out there, it will likely continue to do so. When asked about the future of sex tech, Machulis has thoughts on that as well: “People are now getting so used to connected technology that the idea of remotely connected toys is becoming feasible to the mainstream, versus being the fever dream of tech nerds . . . we’ll start seeing some really interesting things happen. The thing I’ve learned is that I can’t predict what those things are, though. I was around through the Future Sex days and wouldn’t really have considered the rise of social media and the sociological trends it has kicked off. The future of the early ’90s underground tech magazines is the future I wanted and believed in, but certainly not the one we got wholesale.”

 

Generate A Vanity .onion Address For Your Tor Hidden Service Using Scallion

Ever wonder how Tor sites get those custom vanity .onion addresses such as silkroada7bc3kld.onion? These addresses can be generated by hidden service operators for production use, and are just as secure as the automatically generated (and often more cryptic) addresses.

Hidden service .onion addresses are really just the public part of a key pair. Utilizing asymmetric encryption, a hidden service uses the public key (a 16 character string that functions as the actual address prefix) and a private key (a much longer string that is known only to the hidden service) to verify the identity of the service. Anyone connecting to the public key can only do so if the hidden service has access to the private key. Under normal circumstances, only the service operator has access to that private key, so you could trust that the address has not been hijacked.

Keep in mind, while it takes a long time, it is possible for someone to generate the same keypair as another hidden service. While computationally expensive, entities able to throw enough resources at generating an identical address would be able to do so much more quickly than someone acting alone on a sole machine.

 

Generation with Scallion

Scallion is one tool that can be used for generation. Unlike previous tools for generation addresses, Scallion focuses on GPUs, meaning it works much faster than CPU-targeting utilities in most cases. In my experience, Scallion does not work on ARM devices (Use Shallot or Eschalot instead), but if you have an x86_64 processor and some sort of video graphics (integrated or otherwise), you should be good to go.

Let’s get started generating custom .onion addresses. I will assume that you have access to a Linux machine and are familiar with the terminal. I will be using Debian, but this guide should be easy to modify for most distributions.

First, install some dependencies and then clone Scallion onto your machine:

$ sudo apt install clinfo mono-complete mono-devel nvidia-opencl-common nvidia-opencl-dev nvidia-opencl-icd libssl1.0-dev beignet beignet-dev ocl-icd-opencl-dev ocl-icd-libopencl1
$ git clone https://github.com/lachesis/scallion.git

Now, we will move to the scallion directory, and build the scallion executable:

$ cd scallion
$ xbuild scallion.sln /p:TargetFrameworkVersion="v4.5"

Next, we will get a list of all of the devices that can be used for generating addresses:

$ mono scallion/bin/Debug/scallion.exe -l
Id:0 Name:Intel(R) HD Graphics Skylake Desktop GT2
    PreferredGroupSizeMultiple:16 ComputeUnits:24 ClockFrequency:1000
    MaxConstantBufferSize:134217728 MaxConstantArgs:8 MaxMemAllocSize:3221225472

We can see I have one device with an identifier 0 that I can target. You may have more than one device.

Now we can use Scallion to find an address that starts with a word or phrase of our choice. Let’s start Scallion with 8 threads, and have it use device 0. We will look for addresses that start with “apple”. After a little waiting, you should get some similar output with the .onion address (public key) and the private key:

$ mono scallion/bin/Debug/scallion.exe -t8 -d 0 apple
Cooking up some delicious scallions...
Using kernel optimized from file kernel.cl (Optimized4)
Using work group size 16
Compiling kernel... done.
Testing SHA1 hash...
CPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
GPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
Looks good!
LoopIteration:1  HashCount:16.78MH  Speed:98.7MH/s  Runtime:00:00:00  Predicted:00:00:00  Found new key! Found 1 unique keys.

  2018-01-03T00:24:24.645322Z
  applencoaipu4tqj.onion
  -----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCcDTg3+pON2oUclpStVlFVhtcpleNwtmdO3ZVuN2cPe9tyATjH
fye++edUSTwVm6EZZABrK3iSBdGAITXxRpc5dBM+SHPals6DEECRffa+d2QazJq2
xjhU7sfocXMzly+lALtE3T/I8yhFwcDlv/LGsWn6P9Hh2A2otDz3SCeGCQIEXGYD
DwKBgBkW9kDgDFafPvLhA0YIaDei5tBR5gJXt2vqabJfbi8P7RKF3GJ6vlHXu7xS
XikDmN5lJ+dAeFH5mH4mx0TAyfpjHvwrvCcVFPuXnt8ufDHYnRc5B8hYg/bpe0eS
9iZpSFKvq1Io49Wlt04KKAW86Nk0EJRPlkU6ewfOvs5AHI9vAkEAz+N847csHbcx
79RlBhvoT+GUYoSdKvtB+0pyv4mRYEV3SHFATVwXlTksOcPkI1dFVftkoXaEEld2
RTmsVlaLNQJBAMAqnKx+s4LAj2NxzBTpbcpeVY+DauWBoNMUo5Qdqm3SSV4hPsbd
Bf99XvCWS+7tD+jhks4mffOcKQZNK4JHVgUCQQDH6n4Uf2QWhZHvnY0niHE0ydiu
f2KIBc2spzWzcCWiyBqmtAbjhT3/HajJHB3zYdzHPrI0uVFHVqrjBnhRKSVjAkEA
vWUSQ9u4jPBH/z3ahdD6kbvQA90Jxo/JQgrwaHAUrli/SvmOC3xx/kSWLVPSlSk4
p96zeIgMolOS4Tfiff+newJAUaCQumLZori7RCT+2XOXFCoV03TLlujS8L+2sNH1
LPR8Brc3CBv+ZlleYnJCR4J88py8dFGYSYM95qmpCek1SA==
-----END RSA PRIVATE KEY-----

After generating a private key and address, you will want to use them with your Tor hidden service. The private key and address usually sit in files within the /var/lib/tor/hidden_service/ directory and are named hostname and private_key respectively.

 

For a full list of options and flags, we can run the scallion executable with the --help flag:

$ mono scallion/bin/Debug/scallion.exe --help
Usage: scallion [OPTIONS]+ regex [regex]+
Searches for a tor hidden service address that matches one of the provided regexes.

Options:
  -k, --keysize=VALUE        Specifies keysize for the RSA key
  -n, --nonoptimized         Runs non-optimized kernel
  -l, --listdevices          Lists the devices that can be used.
  -h, -?, --help             Displays command line usage help.
      --gpg                  GPG vanitygen mode.
  -d, --device=VALUE         Specifies the opencl device that should be used.
  -g, --groupsize=VALUE      Specifies the number of threads in a workgroup.
  -w, --worksize=VALUE       Specifies the number of hashes preformed at one
                               time.
  -t, --cputhreads=VALUE     Specifies the number of CPU threads to use when
                               creating work. (EXPERIMENTAL - OpenSSL not
                               thread-safe)
  -p, --save-kernel=VALUE    Saves the generated kernel to this path.
  -o, --output=VALUE         Saves the generated key(s) and address(es) to this
                               path.
      --skip-sha-test        Skip the SHA-1 test at startup.
      --quit-after=VALUE     Quit after this many keys have been found.
      --timestamp=VALUE      Use this value as a timestamp for the RSA key.
  -c, --continue             Continue to search for keys rather than exiting
                               when a key is found.
      --command=VALUE        When a match is found specified external program
                               is called with key passed to stdin.
                               Example: "--command 'tee example.txt'" would
                               save the key to example.txt
                               If the command returns with a non-zero exit code,
                                the program will return the same code.
 

Generate A Vanity .onion Address For Your Tor Hidden Service Using Eschalot

Ever wonder how Tor sites get those custom vanity .onion addresses such as silkroada7bc3kld.onion? These addresses can be generated by hidden service operators for production use, and are just as secure as the automatically generated (and often more cryptic) addresses.

Hidden service .onion addresses are really just the public part of a key pair. Utilizing asymmetric encryption, a hidden service uses the public key (a 16 character string that functions as the actual address prefix) and a private key (a much longer string that is known only to the hidden service) to verify the identity of the service. Anyone connecting to the public key can only do so if the hidden service has access to the private key. Under normal circumstances, only the service operator has access to that private key, so you could trust that the address has not been hijacked.

Keep in mind, while it takes a long time, it is possible for someone to generate the same keypair as another hidden service. While computationally expensive, entities able to throw enough resources at generating an identical address would be able to do so much more quickly than someone acting alone on a sole machine.

 

Generation with Eschalot

Eschalot is one tool that can be used for generation. Eschalot is based off of another tool I previously covered called Shallot. While Shallot only allowed for some basic matching with regular expressions, Eschalot gives the user a bit more control and even supports word lists. Eschalot will not be as fast as a tool like Scallion, but it is (in my opinion) more portable as Scallion seems to have issues running on ARM-based SOCs.

Let’s get started generating custom .onion addresses. I will assume that you have access to a Linux machine and are familiar with the terminal. I will be using Debian, but this guide should be easy to modify for most distributions.

First, install OpenSSL if we don’t have it, then clone Eschalot onto your machine:

$ sudo apt-get install openssl
$ git clone https://github.com/ReclaimYourPrivacy/eschalot.git

Now, we will move to the eschalot directory, and build the eschalot executable:

$ cd eschalot
$ make

We can now make sure everything is working using the builtin testing option:

$ make test
./worgen 8-16 top150adjectives.txt 3-16 top400nouns.txt 3-16 top1000.txt 3-16 > wordlist.txt
Will be producing 8-16 character long word combinations.
Reading 3-16 characters words from top150adjectives.txt.
Reading 3-16 characters words from top400nouns.txt.
Reading 3-16 characters words from top1000.txt.
Loading words from top150adjectives.txt.
Loaded 150 words from top150adjectives.txt.
Loading words from top400nouns.txt.
Loaded 400 words from top400nouns.txt.
Loading words from top1000.txt.
Loaded 974 words from top1000.txt.
Working. 100% complete, 31122412 words (approximately 377Mb) produced.
Final count: 31366539 word combinations.
./eschalot -vct4 -f wordlist.txt >> results.txt
Verbose, continuous, no digits, 4 threads, prefixes 8-16 characters long.
Reading words from wordlist.txt, please wait...
Loaded 31366539 words.
Sorting the word hashes and removing duplicates.
Final word count: 31363570.
Thread #1 started.
Thread #2 started.
Thread #3 started.
Thread #4 started.
Running, collecting performance data...
Found a key for kindland (8) - kindlandudsw7nga.onion
Found a key for loudhour (8) - loudhourvype7cyn.onion
Found a key for cutwaxwin (9) - cutwaxwinstsf6mk.onion
Total hashes: 177519717, running time: 10 seconds, hashes per second: 17751971

When done, simply clean up the test results:

$ make cleantest

 

Now is a good time to use Eschalot to find an address that starts with a word or phrase of our choice. Let’s start Eschalot in verbose mode, with 4 threads, and have it continue to look for addresses even after it has found one. We will look for addresses that start with “apple”. After a little waiting, you should get some similar output with the .onion address (public key) and the private key:

$ ./eschalot -t4 -v -c -p apple
Verbose, continuous, no digits, 4 threads, prefixes 5-5 characters long.
Thread #1 started.
Thread #2 started.
Thread #3 started.
Thread #4 started.
Running, collecting performance data...
Found a key for apple (5) - appleiujtls4awea.onion
----------------------------------------------------------------
appleiujtls3awea.onion
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDQo/ArZ/Em1/1wvTlpVSjV5eTnYelelzJ670kBsO8/Yjvq5GGu
M7LdAUVUBdrF9qO2I24eKNul0sam+jmvov8WvFAk2eSk2p5VefVabxvUvSiOVNwA
cw3XmHlbWPpriOmyFiTOQtzYXHqG4YNPna9VQMR5S+86hy4AEiJoJNEdpQIEAT1u
AwKBgF8uYVx00lZPzAUxAFmrw85H78001d767m+7OLWmj5dDSgC0nbNWHbICwP8y
fczIoQ/DLHGOHK1WtPiUXNw7E/EX3f4DQ3E0zssIRZOBhmy6D3umLUHBILI/6n/F
hzD8U/Zy3W6rgZ35Ib34Mv35Kq/d6DFUD7u6qWv8CrD0gt7zAkEA6ASM6cI/EaT+
iTh+OSt+Pdh6N3Kofe2QGbqb8Y99tsX07nHOzl8EH0kkIxO26RDuWdT5J3wRUCkA
UGyqVrefNwJBAOY0y7qkSTtLE1S/TwhMWc8mEWqewj4FVT+H/sY0hlfZ5VW7xMjf
usKD99eTDLgJ0joqpIOlmmUHAFHKCkdHwAMCQQDVBCQWZJ/qzFqmFvs20erbTzrk
4VNgV6QmOJDidMAxqyjyocUnA1/vASHJcJnunEsdXvpADVKsV3hwO4jSIxqPAkAs
yCr9mXF5c+wWErdlNdYmOTthqIeCxZssr0fRYVadbtfQ9rEHV0UFEdUp50JWAX3s
oy7t+b7kPoTpTteKshyTAkAPzLpDXQPEWKIJL5uqTR1G/iR7FlQ/jaFd44OCNtmz
azXGB3asSbLcmc3z9KnOb5xzeApPW7hIPy/yxYCgEdrE
-----END RSA PRIVATE KEY-----

Additionally, you can use the included worgen utility to generate word lists that can be fed into Eschalot. Below is an example series of commands that will generate 10-character strings by mixing nouns that are 3-10 characters long each, and then run the list through Eschalot. Eschalot comes with several different word lists included what can be used by the worgen utility.

$ ./worgen 10-10 nouns.txt 3-10 nouns.txt 3-10 > wordlist.txt
$ ./eschalot -vct4 -l 10-10 -f wordlist.txt > results.txt

After generating a private key and address, you will want to use them with your Tor hidden service. The private key and address usually sit in files within the /var/lib/tor/hidden_service/ directory and are named hostname and private_key respectively.

 

For a full list of options and flags, we can run the eshalot executable with no arguments:

$ ./eschalot
Version: 1.2.0

usage:
eschalot [-c] [-v] [-t count] ([-n] [-l min-max] -f filename) | (-r regex) | (-p prefix)
-v : verbose mode - print extra information to STDERR
-c : continue searching after the hash is found
-t count : number of threads to spawn default is one)
-l min-max : look for prefixes that are from 'min' to 'max' characters long
-n : Allow digits to be part of the prefix (affects wordlist mode only)
-f filename: name of the text file with a list of prefixes
-p prefix : single prefix to look for (1-16 characters long)
-r regex : search for a POSIX-style regular expression

Examples:
eschalot -cvt4 -l8-12 -f wordlist.txt >> results.txt
eschalot -v -r '^test|^exam'
eschalot -ct5 -p test

base32 alphabet allows letters [a-z] and digits [2-7]
Regex pattern examples:
xxx must contain 'xxx'
^foo must begin with 'foo'
bar$ must end with 'bar'
b[aoeiu]r must have a vowel between 'b' and 'r'
'^ab|^cd' must begin with 'ab' or 'cd'
[a-z]{16} must contain letters only, no digits
^dusk.*dawn$ must begin with 'dusk' and end with 'dawn'
[a-z2-7]{16} any name - will succeed after one iteration

You can also run the worgenexecutable with no arguments for a complete list of options:

$ ./worgen
Version: 1.2.0

usage: worgen min-max filename1 min1-max1 [filename2 min2-max2 [filename3 min3-max3]]
  min-max   : length limits for the output strings
  filename1 : name of the first word list file (required)
  min1-max1 : length limits for the words from the first file
  filename2 : name of the second word list file (optional)
  min2-max2 : length limits for the words from the first file
  filename3 : name of the third word list file (optional)
  min3-max3 : length limits for the words from the first file

  Example: worgen 8-12 wordlist1.txt 5-10 wordlist2.txt 3-5 > results.txt

              Generates word combinations from 8 to 12 characters long
              using 5-10 character long words from 'wordlist1.txt'
              followed by 3-5 character long words from 'wordlist2.txt'.
              Saves the results to 'results.txt'.

 

Generate A Vanity .onion Address For Your Tor Hidden Service Using Shallot

Ever wonder how Tor sites get those custom vanity .onion addresses such as silkroada7bc3kld.onion? These addresses can be generated by hidden service operators for production use, and are just as secure as the automatically generated (and often more cryptic) addresses.

Hidden service .onion addresses are really just the public part of a key pair. Utilizing asymmetric encryption, a hidden service uses the public key (a 16 character string that functions as the actual address prefix) and a private key (a much longer string that is known only to the hidden service) to verify the identity of the service. Anyone connecting to the public key can only do so if the hidden service has access to the private key. Under normal circumstances, only the service operator has access to that private key, so you could trust that the address has not been hijacked.

Keep in mind, while it takes a long time, it is possible for someone to generate the same keypair as another hidden service. While computationally expensive, entities able to throw enough resources at generating an identical address would be able to do so much more quickly than someone acting alone on a sole machine.

 

Generation with Shallot

Shallot is one tool that can be used for generation. Under the name onionhash, Shallot was first created and maintained by an anonymous developer named Bebop. After Bebop disappeared, development continued with the help of a programmer named `Orum who renamed it Shallot before disappearing himself. Eventually, katmagic moved the code to github where it lives today, but without active development. Over the years, other developers have made fixes, but none of them have been moved into the master branch of the application. Shallot will not be as fast as a tool like Scallion, but it is (in my opinion) more portable as Scallion seems to have issues running on ARM-based SOCs.

Let’s get started generating custom .onion addresses. I will assume that you have access to a Linux machine and are familiar with the terminal.

First, clone Shallot onto your machine:

$ git clone https://github.com/katmagic/Shallot.git

Now, we will move to the Shallot directory, and download and apply some patches:

$ cd Shallot
$ wget https://patch-diff.githubusercontent.com/raw/katmagic/Shallot/pull/9.patch
$ git apply 9.patch
$ wget https://patch-diff.githubusercontent.com/raw/katmagic/Shallot/pull/16.patch
$ git apply 16.patch
$ wget https://patch-diff.githubusercontent.com/raw/katmagic/Shallot/pull/25.patch
$ git apply 25.patch

Wait, what are these for?

  • Patch #9 fixes an off-by-one error that caused generation of incorrect keys.
  • Patch #16 adds an optimization for computing powers of 2 using a bitshift.
  • Patch #25 adds use of memcmp to speed up regular expression use.

Next, we will configure and make to build the shallot executable:

$ ./configure && make

We can now test it by generating an address that starts with “apple” utilizing regular expressions:

$ ./shallot ^apple

After a little waiting, you should get some similar output with the .onion address (public key) and the private key:

$ ./shallot ^apple
-----------------------------------------------------------------
Found matching domain after 9231616 tries: applelmehzgcx37v.onion
-----------------------------------------------------------------
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC1szzknIej9Cn32XEarL1TFJXGOWpllK8NDSLKsJfwBIW3kyFb
F996LeIX7wKomRuudZ8TfyCQsdL4XT27MvZTX/HTjYc1TErpw6s+0n1WXm/+sbgD
/8X1vpt/m4OLZS+JOgDSFNM9zi1Qy2GOAMGlyBA5nXKxo5h60vOA87RVowIEARq5
/wKBgBGN/v/RFriNmAd572mI8SiMK5NBO6yu33wz1kf15Xqh/K6QE9Tsr/htYNjr
/RBb7JgIDCXFl0Bsjfnqtsp/WPe5eWUJkzePpzrIyrgAgFneHYYPeKbhUuEwB20i
mFBKXgZmX2yK6BtJDMAjorq/E/hoe9ecKzGaTrv04LTquiIvAkEA43+W3lXBgUIE
EO9ckIHrQ94DvhCtwQGg1vQFLovbvgBL1rqDgmmrWrUrqjqAJXZj8Iou+k+Z9xkK
fn6O4WfMsQJBAMx2ymXmNI8mldwGcl18LvnYGeTCEy0pD6j2yM5LsBNj9G0ZKcFV
n9gAkG5VumCW3yNvGVao7s9B0cjw63n5jJMCQF1ETnd7YOZb20e6GPWxJ1jlXAG7
CapYtn42LBPD9JgNNw8RqKz+zOPu61kWFXMOQnlruLh127218FVsfbvilt8CQFi7
dTZ0DwIPQRwB5QaGe2ymXFSj1yMbDMh9Z/7TXcmdSnigfDfGykQN27qYPwB8CcTM
MfZszZukdmgYFYx+H8cCQDrGHNbtSePX53ATAf2nP6Wqzi438d4Aegev5qOaTLk6
ol+H4euHzOO7R/YmWcXRWSZAwFfmboNb5xMfR54SK+k=
-----END RSA PRIVATE KEY-----

The private key and address usually sit in files within the /var/lib/tor/hidden_service/ directory and are named hostname and private_key respectively.

 

For a full list of options and flags, we can run the shallot executable with no arguments:

$ ./shallot
Usage: shallot [-dmopv] [-f ] [-t count] [-x time] [-e limit] pattern
  -d        : Daemonize (requires -f)
  -m        : Monitor mode (incompatible with -f)
  -o        : Optimize RSA key size to improve SHA-1 hashing speed
  -p        : Print 'pattern' help and exit
  -f  : Write output to 
  -t count  : Forces exactly count threads to be spawned
  -x secs   : Sets a limit on the maximum execution time. Has no effect without -m
  -e limit  : Manually define the limit for e

The repository on Github also has a handy chart to estimate how long it will take to generate an address matching a certain number of characters on a 1.5GHz processor:

characters | time to generate (approx.)
-------------------------------------------------------------------    
1          | less than 1 second    
2          | less than 1 second    
3          | less than 1 second   
4          | 2 seconds    
5          | 1 minute    
6          | 30 minutes    
7          | 1 day    
8          | 25 days  
9          | 2.5 years  
10         | 40 years  
11         | 640 years  
12         | 10 millenia  
13         | 160 millenia  
14         | 2.6 million years
 

Configuring a Tor Hidden Service

Tor hidden services allow various types of services (web server, telnet server, chat server, etc) to be operated within the Tor network. This allows both users and service operators to conceal their identities and locations. Just about anything that can be run on the clearnet can be run within the Tor darknet.

Setting up a hidden service on Tor is a simple process and depending on the level of detail, an operator can keep their service completely anonymous. Depending on your use-case, you may or may not choose to anonymize your service at all. For anonymous operation, it is recommended to bind services being offered to localhost and make sure that they do not leak information such as an IP address or hostname in any situation (such as with error messages).

For this guide, we assume a Debian Stretch (or similar) Linux system with a non-root, sudo user. It is also assumed that the target machine has been set up with some standard security practices such as disallowing root logins over SSH, and basic firewall rules. This Tor hidden service will be masked on the darknet, but if the hosting server is deanonymized, a malicious party could uncover the machine’s actual clearnet IP address and attempt to penetrate it or otherwise disrupt service. Depending on the software running the services you are hiding, you may wish to install into a virtual machine to limit damage to the system by code vulnerabilities.

Installing Tor

Before configuring a relay, the Tor package must be set up on the system. While Debian does have a Tor package in the standard repositories, we will want to add the official Tor repositories and install from there to get the latest software and be able to verify its authenticity.

First, we will edit the sources list so that Debian will know about the official Tor repositories.

$ sudo nano /etc/apt/sources.list

At the bottom of the file, paste the following two lines and save/exit.

deb http://deb.torproject.org/torproject.org stretch main
deb-src http://deb.torproject.org/torproject.org stretch main

Now back in the console, we will add the Tor Project’s GPG key used to sign the Tor packages. This will allow verification that the software we are installing has not been tampered with.

$ gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
$ gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Lastly, run an update and install Tor from the repositories we just added.

$ apt-get update
$ apt-get install tor deb.torproject.org-keyring

 

Configuring the Hidden Service

We will be editing the torrc file, so let’s bring it up in our text editor:

$ sudo nano /etc/tor/torrc

Going line by line in this file is tedious, so to minimize confusion, we will ultimately rewrite the whole file. We will implement logging into a file located at /var/log/tor/notices.log and assume the local machine has a web server running on port 80. Paste the following over the existing contents in your torrc file:

Log notice file /var/log/tor/notices.log

############### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

HiddenServiceDir /var/lib/tor/hs_name_of_my_service/
HiddenServicePort 80 127.0.0.1:80

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

After saving the file, make and permission a log file, then we are ready to restart Tor:

$ sudo touch /var/log/tor/notices.log
$ chown debian-tor:debian-tor /var/log/tor/notices.log
$ sudo service tor restart

If the restart was successful, the Tor hidden service is active. If not, be sure to check the log file for hints as to the failure:

$ sudo nano /var/log/tor/notices.log

Now that the hidden service is working, Tor has created the hidden service directory we defined in the torrc, /var/lib/tor/hs_name_of_my_service/. There are two files of importance within this directory.

There is a hostname file at /var/lib/tor/hs_name_of_my_service/hostname that contains the hidden service’s public key. This public key acts as a .onion address which users on the Tor network can use to access your service. Make a note of this address after reading it from the file with cat:

$ sudo cat /var/lib/tor/hs_name_of_my_service/hostname
nb2tidpl4j4jnoxr.onion

There is also a private_key file that contains the hidden service’s private key. This private key pairs with the service’s public key. It should not be known or read by anyone or anything except Tor, otherwise someone else will be able to impersonate the hidden service. If you need to move your Tor hidden service for any reason, make sure to backup the hostname and private_key files before restoring them on a new machine.

After restarting the hidden service, it may not be available right away. It can take a few minutes before the .onion address resolves on a client machine.

 

Example – Configure A Web Server with Nginx

Let’s use this hidden service to host a website with Nginx.

First, we will install Nginx and create a directory for our HTML files

$ sudo apt-get install nginx
$ sudo mkdir -p /var/www/hidden_service/

Now, we will create an HTML file to serve, so we need to bring one up in our editor:

$ sudo nano /var/www/hidden_service/index.html

Paste the following basic HTML and save it:

<html><head><title>Hidden Service</title></head><body><h1>It works!</h1></body></html>

Next, we will set the owner of the files we created to www-data for the web server and change the permissions on the /var/www directory.

$ sudo chown -R www-data:www-data /var/www/hidden_service/
$ sudo chmod -R 755 /var/www

We want to make some configuration changes for anonymity. First, let’s edit the default server block:

$ sudo nano /etc/nginx/sites-available/default

Find the block that starts with server { and you should see a line below that reads #listen 80;. Replace this line with to explicitly listen on localhost:

listen localhost:80 default_server;

Now find the line in the block for server_name  set the server name explicitly:

server_name _;

Next we need to edit the Nginx configuration file:

$ sudo nano /etc/nginx/nginx.conf

Find the block that starts with http { and set the following options:

server_name_in_redirect off;
server_tokens off;
port_in_redirect off;

The first option will make sure the server name isn’t used in any redirects. The second option removes server information in error pages and headers. The third option will make sure the port number Nginx listens on will not be included when generating a redirect.

Now we need to create a server block so Nginx knows which directory to serve content from when our hidden service is accessed. Using our text editor, we will create a new server block file:

$ sudo nano /etc/nginx/sites-available/hidden_service

In the empty file, paste the following configuration block. Make sure that the server_name field contains your onion address which you read from the hostname file earlier and not my address, nb2ticpl4j4hnoxq.onion.

server {
listen   127.0.0.1:80;
server_name nb2tidpl4j4jnoxr.onion;

error_log   /var/log/nginx/hidden_service.error.log;
access_log  off;

location / {
        root /var/www/hidden_service/;
        index index.html;
    }
}

After saving the file, we need to symlink it to the sites-enabled directory and then restart Nginx:

$ sudo ln -s /etc/nginx/sites-available/hidden_service /etc/nginx/sites-enabled/hidden_service
$ sudo service nginx restart

To test the hidden service, download and install the Tor Browser on any machine and load up your .onion address.

 

Example – Configure A Web Server with Apache

Let’s use this hidden service to host a website with Apache. Note: Many criticize Apache for leaking server information by default. Apache takes more effort to secure.

First, we will install Apache and create a directory for our HTML files

$ sudo apt-get install apache2
$ sudo mkdir -p /var/www/hidden_service/

Now, we will create an HTML file to serve, so we need to bring one up in our editor:

$ sudo nano /var/www/hidden_service/index.html

Paste the following basic HTML and save it:

<html><head><title>Hidden Service</title></head><body><h1>It works!</h1></body></html>

Next, we will set the owner of the files we created to www-data for the web server and change the permissions on the /var/www directory.

$ sudo chown -R www-data:www-data /var/www/hidden_service/
$ sudo chmod -R 755 /var/www

Now, we need to make a few changes to the Apache configuration. Let’s start by setting Apache up to only listen to port 80 on 127.0.1.1:

$ sudo nano /etc/apache2/ports.conf

Change the line Listen 80 to Listen 127.0.0.1:80 and save the file.

Now we will access the security configuration file:

$ sudo nano /etc/apache2/conf-enabled/security.conf

Change the line for ServerSignature to ServerSignature Off and the line for ServerTokens to ServerTokens Prod to restrict information the httpd reports about the server.

Then, we will make an edit to the main Apache configuration file to override the server name Apache uses:

$ sudo nano /etc/apache2/apache2.conf

At the very bottom of the file, paste the following. Make sure that the ServerName field contains your onion address which you read from the hostname file earlier and not my address, nb2tidpl4j4jnoxr.onion.

ServerName nb2tidpl4j4jnoxr.onion

Next, we will disable Apache’s mod_status module to turn off status information:

$ sudo a2dismod status

Now we need to create a virtual host so Nginx knows which directory to serve content from when our hidden service is accessed. Using our text editor, we will create a new server block file:

$ sudo nano /etc/apache2/sites-available/hidden_service

In the empty file, paste the following configuration block. Make sure that the server_name field contains your onion address which you read from the hostname file earlier and not my address, nb2tidpl4j4jnoxr.onion.

<VirtualHost *:80>

 ServerName  nb2ticpl4j4hnoxq.onion

 DirectoryIndex index.html
 DocumentRoot /var/www/hidden_service/

  CustomLog /dev/null common

</VirtualHost>

After saving the file, we need to symlink it to the sites-enabled directory and then restart Nginx:

$ sudo ln -s /etc/apache2/sites-available/hidden_service /etc/apache2/sites-enabled/hidden_service
$ sudo service apache2 restart

To test the hidden service, download and install the Tor Browser on any machine and load up your .onion address.

 

Conclusion

Your hidden service should be up and running, ready to server Tor users. Now that your relay is functioning, it may be a good idea to back up your hostname and private_key files mentioned earlier in the /var/lib/tor/hs_name_of_my_service/ directory.

I would strongly recommend taking a look at riseup.net’s Tor Hidden Services Best Practices guide to learn more about proper setup of your hidden service.

Additionally, subscribe to the tor-onions mailing list for operator news and support!

Sources

 

Configuring and Monitoring a Tor Middle Relay

The Tor network relies upon individuals and organizations to donate relays for user traffic. The more relays within network, the stronger and faster the network is. Below, we will create a middle relay which receives traffic and sends it off to another relay. Middle relays will never serve as exit points for traffic back out to the clear Internet (a job for an exit relay). Because of this, many see running a middle relay as a safer way of contributing to the Tor network as opposed to running an exit relay which could find an operator at fault if illegal activity or content exits his node.

For this guide, we assume a Debian Stretch (or similar) Linux system with a non-root, sudo user. It is also assumed that the target machine has been set up with some standard security practices such as disallowing root logins over SSH, and basic firewall rules. This Tor relay will be public, and should be secured like any public-facing server.

 

Installing Tor

Before configuring a relay, the Tor package must be set up on the system. While Debian does have a Tor package in the standard repositories, we will want to add the official Tor repositories and install from there to get the latest software and be able to verify its authenticity.

First, we will edit the sources list so that Debian will know about the official Tor repositories.

$ sudo nano /etc/apt/sources.list

At the bottom of the file, paste the following two lines and save/exit.

deb http://deb.torproject.org/torproject.org stretch main
deb-src http://deb.torproject.org/torproject.org stretch main

Now back in the console, we will add the Tor Project’s GPG key used to sign the Tor packages. This will allow verification that the software we are installing has not been tampered with.

$ gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
$ gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Lastly, run an update and install Tor from the repositories we just added.

$ apt-get update
$ apt-get install tor deb.torproject.org-keyring

 

Keeping Time

It is important that a Tor relay keeps accurate time, so we will change the timezone and set up the ntp client.

First, list timezones to and find which one corresponds to the location of the machine:

$ timedatectl list-timezones

Next, we set the timezone to the one for the machine’s location. Amsterdam is used below as an example.

$ sudo timedatectl set-timezone Europe/Amsterdam

Finally, install ntp:

$sudo apt-get install ntp

You can check your changes using the timedatectl command with no options:

$ timedatectl
      Local time: Sat 2017-12-30 21:49:25 CET
  Universal time: Sat 2017-12-30 20:49:25 UTC
        RTC time: Sat 2017-12-30 20:49:25
       Time zone: Europe/Amsterdam (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2017-10-29 02:59:59 CEST
                  Sun 2017-10-29 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2018-03-25 01:59:59 CET
                  Sun 2018-03-25 03:00:00 CEST

 

Configuring the Relay

By default, all new relays are set up to be exit nodes. Since we want to create a middle relay, there is some configuration that needs to be done.

We will be editing the torrc file, so let’s bring it up in our text editor:

$ sudo nano /etc/tor/torrc

Going line by line in this file is tedious, and to minimize confusion, I will outline some configuration outlines and paste a sample torrc file below that you can use with minimal changes.

  • We don’t need a SOCKS proxy, so uncomment the line SOCKSPolicy reject *
  • We want to keep a separate log file, so uncomment the line Log notice file /var/log/tor/notices.log
  • We will be running as a daemon, so uncomment the line RunAsDaemon 1
  • We will be running monitoring via ARM, so uncomment the line ControlPort 9051
  • Relays need an ORPort for incoming connections, so uncomment the line ORPort 9001
  • It is recommended that a relay has an FQDN or at least a subdomain of one. If not, the machine’s IP address can be used. We will unncomment the line Address noname.example.com and use our address in place of noname.example.com
  • The relay should also have a nickname, so uncomment the line Nickname ididnteditheconfig and use our own nickname in place of ididnteditheconfig
  • Contact information should also be provided, so uncomment the line #ContactInfo Random Person and use our own info in place of Random Person
  • We will be running a directory port, so uncomment the line DirPort 9030
  • The most important option, we don’t want to allow any exits, so uncomment the line ExitPolicy reject *:*
  • Optionally, we may want to limit the bandwidth that Tor uses. To do so, uncomment the lines RelayBandwidthRate 100 KBytes and RelayBandwidthBurst 200 KBytes. These values are defined for one way transport, so note that the actual bandwidth rate above could be 200KB/s total (100KB/s for each input and output). Burst defines a maximum rate, so a burst of 200 KBytes means bandwidth could reach 400KB/s total (combined input and output). Many will likely want their relay to be considered Fast by the network, meaning that the relay’s bandwidth is in the top 7/8ths of all relays. At the time of writing, a rate of 500 KBytes/s seems to be on the low end of achieving this according to a Tor team member.
  • Optionally, we may want to limit the total traffic Tor uses over a period. To do so, uncomment the lines AccountingMax 40 GBytes and AccountingStart month 3 15:00. The AccountingMax value is defined for one way transport, so note that setting 40 GBytes could use 80 GBytes total (40 GBytes for each input and output). If the machine is on a provider that limits monthly bandwidth, it is a good idea to adjust this value to align with the provider’s data cap and adjust the AccountingStart values to reset to reset when the data cap does. NOTE: If you do set accounting, the relay will not advertise a directory port and you will not get directory connections. Relays with directories are expected to have a lot of bandwidth and limiting it will result in other nodes not making directory connections.

Now, here is a full sample torrc file for the tor middle relay:

## Configuration file for a typical Tor user

## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
## as a relay, and not make any local application connections yourself.
#SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.
#SOCKSPort 192.168.0.1:9100 # Bind to this address:port too.

## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SOCKSPolicy is set, we accept
## all (and only) requests that reach a SOCKSPort. Untrusted users who
## can access your SOCKSPort may be able to learn about the connections
## you make.
#SOCKSPolicy accept 192.168.0.0/16
#SOCKSPolicy accept6 FC00::/7
SOCKSPolicy reject *

## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
##
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
##
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr

## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line. This is ignored on Windows;
## see the FAQ entry if you want Tor to run as an NT service.
RunAsDaemon 1

## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
#DataDirectory /var/lib/tor

## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
#CookieAuthentication 1

############### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

################ This section is just for relays #####################
#
## See https://www.torproject.org/docs/tor-doc-relay for details.

## Required: what port to advertise for incoming Tor connections.
ORPort 9001
## If you want to listen on a port other than the one advertised in
## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
## follows.  You'll need to do ipchains or other port forwarding
## yourself to make this work.
#ORPort 443 NoListen
#ORPort 127.0.0.1:9090 NoAdvertise

## The IP address or full DNS name for incoming connections to your
## relay. Leave commented out and Tor will guess.
Address tor.peer3.famicoman.com

## If you have multiple network interfaces, you can specify one for
## outgoing traffic to use.
# OutboundBindAddress 10.0.0.5

## A handle for your relay, so people don't have to refer to it by key.
Nickname peer3famicoman

## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 kilobytes per second.
## Note that units for these config options are bytes (per second), not
## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,
## 2^20, etc.
RelayBandwidthRate 2048 KBytes  # Throttle traffic to 2048KB/s (16384Kbps)
RelayBandwidthBurst 3072 KBytes # But allow bursts up to 3072KB/s (24576Kbps)

## Use these to restrict the maximum traffic per day, week, or month.
## Note that this threshold applies separately to sent and received bytes,
## not to their sum: setting "40 GB" may allow up to 80 GB total before
## hibernating.
##
## Set a maximum of 40 gigabytes each way per period.
#AccountingMax 400 GBytes
## Each period starts daily at midnight (AccountingMax is per day)
#AccountingStart day 00:00
## Each period starts on the 3rd of the month at 15:00 (AccountingMax
## is per month)
AccountingStart month 24 15:00

## Administrative contact information for this relay or bridge. This line
## can be used to contact you if your relay or bridge is misconfigured or
## something else goes wrong. Note that we archive and publish all
## descriptors containing these lines and that Google indexes them, so
## spammers might also collect them. You may want to obscure the fact that
## it's an email address and/or generate a new address for this purpose.
#ContactInfo Random Person 
## You might also include your PGP or GPG fingerprint if you have one:
#ContactInfo 0xFFFFFFFF Random Person 
ContactInfo famicoman[at]gmail[dot]com - 1DVLNHpcoAso6rvisCnVQbCFN8dRir1GVQ

## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.
DirPort 9030 # what port to advertise for directory connections
## If you want to listen on a port other than the one advertised in
## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
## follows.  below too. You'll need to do ipchains or other port
## forwarding yourself to make this work.
#DirPort 80 NoListen
#DirPort 127.0.0.1:9091 NoAdvertise
## Uncomment to return an arbitrary blob of html on your DirPort. Now you
## can explain what Tor is if anybody wonders why your IP address is
## contacting them. See contrib/tor-exit-notice.html in Tor's source
## distribution for a sample.
#DirPortFrontPage /etc/tor/tor-exit-notice.html

## Uncomment this if you run more than one Tor relay, and add the identity
## key fingerprint of each Tor relay you control, even if they're on
## different networks. You declare it here so Tor clients can avoid
## using more than one of your relays in a single circuit. See
## https://www.torproject.org/docs/faq#MultipleRelays
## However, you should never include a bridge's fingerprint here, as it would
## break its concealability and potentially reveal its IP/TCP address.
#MyFamily $keyid,$keyid,...

## A comma-separated list of exit policies. They're considered first
## to last, and the first match wins.
##
## If you want to allow the same ports on IPv4 and IPv6, write your rules
## using accept/reject *. If you want to allow different ports on IPv4 and
## IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules
## using accept/reject *4.
##
## If you want to _replace_ the default exit policy, end this with either a
## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to)
## the default exit policy. Leave commented to just use the default, which is
## described in the man page or at
## https://www.torproject.org/documentation.html
##
## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
## for issues you might encounter if you use the default exit policy.
##
## If certain IPs and ports are blocked externally, e.g. by your firewall,
## you should update your exit policy to reflect this -- otherwise Tor
## users will be told that those destinations are down.
##
## For security, by default Tor rejects connections to private (local)
## networks, including to the configured primary public IPv4 and IPv6 addresses,
## and any public IPv4 and IPv6 addresses on any interface on the relay.
## See the man page entry for ExitPolicyRejectPrivate if you want to allow
## "exit enclaving".
##
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
ExitPolicy reject *:* # no exits allowed

## Bridge relays (or "bridges") are Tor relays that aren't listed in the
## main directory. Since there is no complete public list of them, even an
## ISP that filters connections to all the known Tor relays probably
## won't be able to block all the bridges. Also, websites won't treat you
## differently because they won't know you're running Tor. If you can
## be a real relay, please do; but if not, be a bridge!
#BridgeRelay 1
## By default, Tor will advertise your bridge to users through various
## mechanisms like https://bridges.torproject.org/. If you want to run
## a private bridge, for example because you'll give out your bridge
## address manually to your friends, uncomment this line:
#PublishServerDescriptor 0

After saving the file, we are ready to restart Tor:

$ sudo service tor restart

Now, we need to make sure everything worked properly and that the relay is functioning as expected. To do so, we will check the logs:

$ sudo nano /var/log/tor/log

If everything worked as expected, the following lines should appear near the bottom of the log file:

[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent.
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
[notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Publishing server descriptor.

If you see anything different, make sure your torrc file is configured properly and that your firewall is set to allow connections to the ports you set for the ORPort and DirPort (by default, 9001 and 9030 respectively).

 

Monitoring Your Relay with Nyx

To monitor Tor relays, many people use a popular tool called Nyx which provides graphical information about activity and status of the node. Nyx utilizes the ControlPort we set earlier to connect into our relay. This port shot not need to be accepted by a firewall if Nyx will be running on the same machine and should be password-protected otherwise.

First, Nyx needs to be installed:

$ sudo apt-get install python-setuptools
$ sudo easy_install pip
$ sudo pip install nyx

Then,Nyx can be run:

$ nyx

The result is a nice representation of the relay’s traffic, utilization, flags, and general information.

 

Monitoring Your Relay with ARM (Deprecated)

While ARM is no longer maintained, it does still function.

To monitor Tor relays, many people use a popular tool called ARM which provides graphical information about activity and status of the node. ARM utilizes the ControlPort we set earlier to connect into our relay. This port shot not need to be accepted by a firewall if ARM will be running on the same machine and should be password-protected otherwise.

First, ARM needs to be installed:

sudo apt-get install tor-arm

Then, ARM can be run:

arm

The result is a nice representation of the relay’s traffic, utilization, flags, and general information.

 

Conclusion

While my relay picked up traffic quickly, it took a long time to be able to fully utilize the bandwidth rates that I gave it. A new Tor middle relay goes through many stages before it can be deemed stable and reliable by the network. I highly recommend reading The lifecycle of a new relay to understand the whole process and know why you may not see traffic right away.

You may notice in my screenshots of Nyx and ARM above, my relay has procured several flags. If you are trying to obtain certain flags for your relay (which sort of act like markers of the relay’s capabilities), I recommend reading this StackExchange post on the subject.

If you want to see some statistics for your relay or share them with others, consider checking out the Atlas and Globe projects. This provides information on a relay by fingerprint of that relay, though you can perform searches with the relay’s nickname. Check out my relay on Atlas and my relay on Globe for examples.

Now that your relay is functioning, you may wish to backup your torrc, backup your relay’s private key (/var/lib/tor/keys/secret_id_key), read and implement operational security practices, and join the tor-relays mailing list.

 

Sources

 

The Best of 2017

Here is my third installment of the best things I’ve found, learned, read, etc. over the past year. These things are listed in no particular order, and may not necessarily be new.

See the 2016 post here!
See the 2015 post here!

This annual “Best Of” series is inspired by @fogus and his blog, Send More Paramedics.

Favorite Blog Posts Read

I end up reading a lot of articles over the course of the year, and cannot possibly remember all of them. Here is a good selection of that ones that I can recall:

Articles I’ve Written for Other Publications

I’ve continued to write for a few different places outside of my own site. Here is a complete list for 2017:

Favorite Technical Books Read

Favorite Non-Technical Books Read

  • Daemon (2006) – Awesome techno-thriller about an autonomous piece of software that slowly starts taking over the world. The book follows those who are trying to stop the daemon program, and those the daemon employs.

Number of Books Read

This year was noticeably disappointing when it came to number of books read. This is likely due to an increase in the amount of podcasts I now listen to.

3

Still Need to Read

Dream Machines, Literary Machines, Design Patterns, 10 PRINT CHR$(205.5+RND(1)); : GOTO 10

Favorite Music Discovered

Favorite Television Shows

Black Mirror (2011), Game of Thrones (2011) , Mr. Robot (2015), Halt & Catch Fire (2014), Twin Peaks (2017)

Favorite Podcasts

Reply All, TLDR, 99% Invisible, Jason Scott Talks His Way Out of It

Programming Languages Used for Work/Personal

Java, JavaScript, Python,Objective-C.

Programming Languages I Want To Use Next Year

  • Common Lisp – A “generalized” Lisp dialect.
  • Go – Sounds like fun for network-oriented programming.

Life Events of 2017

  • Visited NYC, New York.
  • Visited Nashville, Tennessee.

Life Changing Technologies Discovered

  • PC Engines – I recently got an apu2c4 and am impressed by this single-board computer. While I am just experimenting with it right now, the gigabit NICs should prove to help make a great pfSense router.
  • Orange Pi Zero – Not as fast as a Raspberry Pi, but for $9USD, this little board can be used for many, many small and inexpensive projects.
  • Mastodon – A really nifty federated social networking software package similar to Twitter that I don’t use as much as I should.

Favorite Subreddits

/r/darknetplan, /r/cyberpunk, /r/homelab

Completed in 2017

Plans for 2017

  • Write for stuff I’ve written for already (NODE, Lunchmeat, Exolymph, Neon Dystopia,  2600).
  • Write for new stuff (Do you have a publication that needs writers?).
  • Publish article backlog. I have around 10 articles I have written or partially written that are not online yet.
  • Read more books.
  • Participate in more public server projects (ntp pool, etc.).
  • Continue work for Philly Mesh.
  • Do some FPGA projects to get more in-depth with hardware.
  • Organization, organization, organization!
  • Documentation.
  • Continue rebooting Raunchy Taco IRC (Have one server and a certificate authority configured).
  • Create a new SKS keyserver.
  • Assemble an RC2014.

See you in 2018!

 

On Music, Mondo, & Mayhem: An Interview With R.U. Sirius

This article was originally written for and published at Neon Dystopia on September 1st, 2017. It has been posted here for safe keeping.

I recently wrote an article for Neon Dystopia on Mondo 2000, a cyberculture magazine that helped shape the cyberpunk sub-genre. When thinking of Mondo, the first person that comes to mind for most people is Ken Goffman, better known as R.U. Sirius. While he may be best known for his time at Mondo 2000, Sirius has no shortage of interesting accomplishments. Aside from Mondo, Sirius has had articles published in Artforum International, Rolling Stone, Time, Wired, and Esquire. He has been editor-in-chief at Axcess Magazine, GettingIt.com, and H+ Magazine. He’s hosted two podcasts, started multiple websites, and even had a run for the presidency in 2000 under the Revolution Party. Did I mention he has also authored or co-authored 10 books and appeared in two movies?

R.U. Sirius (Photo by Bart Nagel).

Aside from his accolades, Sirius is known as a knowledgeable, iconic, and somewhat eccentric guy. An acquaintance of his once stated, “[Sirius] once told me he had trouble reading anything written before 1990-it was 1980 at the time.” While Sirius has constantly been seen as being ahead-of-the-curve in a lot of ways, it was never something that hindered him — it only helped him excel. Without R.U. Sirius, we may have had a completely different experience traversing the digital revolution. At a minimum, it wouldn’t have been nearly as fun.

I had the pleasure of interviewing R.U. Sirius for Neon Dystopia over the course of the last few weeks while working on the Mondo 2000 retrospective. Being able to pick his brain was an experience, and after he answered my long series of questions, he started to tell me about his music — something I wasn’t at all familiar with. I had known R.U. Sirius the editor-in-chief of Mondo 2000, but not R.U. Sirius the musician. With a little research, I discovered he was the lead singer and songwriter for the band Party Dogs, which performed in New York in the 1980’s. Later in the 90’s, he would perform in the band Mondo Vanilli, which even signed a record deal with Trent Reznor’s Nothing Records (though there was never an official album release). Sirius recommended two albums to me, and I queued them up as I sat at my keyboard and pulled at the seams of Mondo.

The first album he recommended to me was MONDOtoxicated, a work-in-progress collaboration with psychedelic jamtronica band Phriendz. Sirius does the lyrics and has vocals on all but one song in the collection, “I Hope You Didn’t Dose the Pudding,” which instead features Phriendz’s own Daddy Phriday. The first track on the album, “Speed and Weed” is a great entry point into the unique sound put out by the collaboration. You can feel the funk and electronica elements, and they blend together seamlessly to create something otherworldly. Later in the album are two remixes from Sirius’s Party Dogs days: “On The Beam,” and “President Mussolini Makes The Planes Run On Time.” These songs are very punk-fueled, beckoning back to their original 1982 compositions, but blend well with the new electronic elements in the remix.

The second album, a much longer compilation spanning from 1982-2010+ titled That Which Does Not Kill Me Makes Me Hipper, features songs from Party Dogs, Mondo Vanilli, collaborations with Phriendz, and also songs by band SLT which Sirius supplied lyrics for. Aside from the Phriendz collaborations (which were also featured on the other album) the Party Dogs songs have a great punk rock sound that I could listen to all day. The real standouts on the album are the the techno-rock Mondo Vanilli tracks. “Love is the Product” in particular is a playful, satirical song that will get stuck in your head with its catchy chorus. While the album spans a number of decades and a few different genres, Sirius’ style shines through on each track. You are able to see how his music has evolved over the years, and never loses its power or passion.

While listening to these albums, I got the sense that music was and is an important part of Sirius’ life. I had to rethink my interview and go beyond the Mondo topics I was so focused on. I wrote back to pester Sirius with some additional questions, this time about his musical career.

Below is the full interview, with all of the questions on Mondo 2000, music, and everything else mingled together. Take a ride, and try not to fall off!

Neon Dystopia: Before you started working on High Frontiers, you were in a band called Party Dogs. Was this your first foray into music? How did you get involved in the band?

R.U. Sirius: Party Dogs was my first real foray. I recorded 3 songs before that with a band we called The Spoons as vocalist and lyricist in an analog electronic music room at a State University in Binghamton NY in 1976 – two of them got some local airplay. The song “Reggae Ripoff” caused a minor stir when a DJ who liked to play it realized I was a local white boy and freaked.  The lyrics are here. But there were no live appearances.

I had a few onstage moments after that… I’d go onstage for one song basically… “Jumpin’ Jack Flash” (or “Raw Power“, once).  But Party Dogs was the first sustained band that actually performed often. Actually the only band that performed often.

I was in Brockport New York, a small college town. I’d gained confidence in my voice by learning the entire Stones catalogue with a friend who thought he was Keith Richards (RIP, it goes without saying) … and when the neighbors came by saying they thought it was the Stones record and then realized we were doing it … I think that was my breakthrough in terms of confidence. I was already 25.

So I started putting together a band in Brockport. The first one we called Skippy and the Nice Guys. It was raw and confrontational. Everybody hated it.

When Party Dogs started, almost everybody hated that too… but we got good with practice. It was more punk-inflected rock than punk. Among our copy songs we played the Dead Boys, Sex Pistols and Iggy. But on the other hand, we played some Rolling Stones and Bowie. And mostly our own songs, of course. We ended up being kind of popular both in town and in Rochester, New York nearby. The other guys continued being in great bands in Rochester, including SLT, who I wrote some lyrics for a few years ago.

At our last Party Dogs appearance in Brockport, we closed as usual with a noise rock version of “Strangers In The Night.” Some jocks who were tripping on acid decided I was the devil and plotted to kill me. A girl who knew them and knew me talked them out of it!

ND: Music seems to be a big part of your life. Do you see yourself as a musician at heart despite all of the other work you’ve accomplished?

RU: There’s a great line in the TV show Dear White People… “Trust me. Find your label.” I guess I’m kind of too cosmic when it comes to considering myself anything. I’m amused by the way many millennials have this really expansive panoply of labels (particularly for sexuality) but such a constricting need to be codified.

Having said that, to the extent that I made a livelihood, it was mainly as an editor-in-chief and a writer.

I’d love to be known for my lyrics…  like maybe Van Dyke Parks or Bernie Taupin or Pete Brown (Cream)… except I guess mine are much weirder.  I don’t know. Who writes lyrics for avant-garde operas? I’d like to be him or her!

Mondo Vanilli album cover for i.o.u. babe.

ND: Have your influences changed dramatically between Party Dogs, Mondo Vanilli, and your most recent music?

RU: In terms of vocals, I’ve looked to people who work with rhythm and attitude but don’t have a vast range — Lou Reed, Jagger… for some examples.  And just before I embarked on my latest work, I had a cough that lasted for 2 months. I had kind of a recent-Bob Dylan growl befitting of an old man whose done a few naughty things…  but it disappeared. I don’t know if I will ever regain my voice the way I want it.

In terms of lyrics, it’s just whatever comes. I think maybe Frank Zappa is an influence although I’d maybe rather write like Leonard Cohen or Nick Cave. But I think my stuff is mainly unique and as good as almost anyones…  can I say that? I mean, for permission to go off the map of the usual rhyme schemes… I’d look to Don Van Vliet, Patti Smith and Bowie.

ND: In Mondo 2000, and earlier with Reality Hackers and High Frontiers, I see hippie/yippie influences, such as the work Stewart Brand was doing with the Whole Earth Catalog. I also see some parallels with Ted Nelson’s work, and the sort of general DIY attitude that the punk subculture perpetuated. What would you say were some of the biggest influences that Mondo 2000 drew from?

RU: I view the influences in terms of periodicals more than in terms of hippies or yippies etcetera, although a kind of counterculturalness is intrinsic. For myself, and I think for many others involved in the publication, there was a love of magazines.

Mad Magazine was as much an influence as Whole Earth.

Creem magazine with its irreverence… it’s disrespect for journalistic conventions and lack of rock star worship.

Some Dadaist publications like File (which became Vile after punk rock hit) for its use of allusion and not having to make sense.

The original underground papers of the late ‘60s/early ‘70s for their aliveness – trying to transcend their containment within a printed thing that you can buy and hold in your hand and have expectations towards. Can we make this object explode or dance or shoot off psychedelic sparks?

Interview… because it used interviews without the intrusion of the all-knowing authorial voice.

Omni for the pop science and technology and for recognizing that was the next cool thing.

Evergreen for counterculture in an urbane package with top tier writers like Terry Southern, Susan Sontag, Tom Wolfe, Eldridge Cleaver.

Wet for looking cool and feeling futuristic

ReSearch/Search and Destroy for exploring the connection between punk counterculture and various historical/anthropological memes like Situationism, body modification and so on.

That’s off the top of my head.

ND: What was the typical content of an issue, was anything too far out to be included?

RU: There was some relatively straightforward reporting on tech and science developments towards the front, usually … right after the very colorful and strange letters to the editors. Lots of interviews and conversations with people making up the hipper edges of the emerging tech culture but also musicians and just eclectic off-center stuff like an art forger/money counterfeiter. I mean, I can’t really do any issue justice in terms of how ultra-strangeness rubbed up against techie relative-normalcy.

I can’t remember a feeling that anything was too far out to be included. They were different times. The extremes hadn’t been fully weaponized yet, so to speak.

Mondo 2000 issue 2 contents.

ND: The 1980’s saw a big push into science fiction and the development of cyberpunk with Neuromancer and the growing popularity of publications like OMNI. Were you aware of the content in this space?

RU: Yeah we were friendly with Dick Teresi and other editors at Omni. We were excited with SF Eye and some other publications I’ve forgotten since. The excitement over the so-called cyberpunk writers was hitting us when we were still High Frontiers (the magazine we published from 1984-1988, preceding Mondo). Timothy Leary was very excited about Neuromancer, so he kind of led us towards that, but we had people around like St. Jude Milhon who were already trying to call our attention to that.  There were some cool periodicals doing something sort of vaguely similar that came and went. And Boing Boing preceded Mondo technically, although we had already done High Frontiers and Reality Hackers and they were influenced by those.

ND: Mondo 2000 is often cited as a large influence in the development of the cyberpunk subculture. How do you think it has been able to influence cyberpunk over the years?

RU: I think Mondo was more its own thing. Anybody who took cyberpunk too seriously as a movement or a memeplex might have been alienated by our eclecticism, our fancy design, our not-giving-a-fuck about cyberpunk or much of anything mien.  The hardcore nerds and cyberpunk sorts, for instance, hated that we did fashion spreads and girls with circuit boards around their nipples (as did some feminists). Mondo was an art project, really, specific to the people engaged in it, with the idea of cyberpunk or cyberculture in the nose cone but so much else going on behind it. And yet we hit a sweet spot for other eclectic sorts… I guess I’d say hipsters, in a positive sense (that label wasn’t a curse back then.) But also, the sort of person that loved Robert Anton Wilson and Church of the Subgenius.

ND: Tell me about the culture of the Mondo 2000 house. What was a normal day like? How would you describe the parties?

RU: It was a largish house in the Berkeley hills…  looked like a Blue Oyster Cult cover… thus called a “technogothic citadel” in various reports. There was a dead red 1956 MG out front.

The upstairs front room was used as the main office. Three people would roll in and start answering phones at around 9:30 am. Andrew Hultrkans our managing editor tended to come in early too. I slept in a room downstairs with my girlfriend at that time… we made some noise in the morning hours that would “frighten the horses” upstairs. I came upstairs in a silk bathrobe and nothing else usually around 11 am and went into the kitchen to make coffee.  Bart Nagel, Heide Foley and the art department was in a large downstairs room. I don’t know when they started but they often worked far into the night. The place was pretty dedicated to working on the magazine and dealing with the business and publicity on weekdays. Sometimes people would show up…  Jesus Jones (a “rock star” of the ‘90s); Buffy Saint-Marie! She’s awesome by the way. Some kids looking for me… the main dude said his dad was head of the CIA or something like that.

I don’t know that I want to describe the parties.  Some of them were large… lots of people.  I don’t remember any outright orgies – despite hearing rumors about them. Massive psychedelic drug taking was more common during the High Frontiers period in the mid-‘80s.  There was tech being shown off… brain toys, definitely some drugs, sex in private places…   I have this memory from around 1991 of these ravers being really contemptuous that the old folks were “dancing to Bryan Ferry.” But it wasn’t Bryan Ferry. It was Roxy Music and they were way fucking better than anything EDM ever produced!

Editors Rudy, Queen Mu, Ken Goffman, with Bart Nagel, the graphic designer. (Photo by Bart Nagel.)

ND: I often think that Mondo 2000 benefitted from hitting at just the right time, as computers and technology were riding this sociopolitical wave in the late ‘80s and early ‘90s. Do you think that Mondo 2000 was just as influential at the time as it was reactive? What was the feedback loop like?

RU: I think Wired hit at just the right time to be commercially successful (they were, of course, more accessible to the “normies”). We intentionally teased out the countercultural influences in the early Silicon Valley digital culture and helped make the connections between alternativeness and technoculture. A fellow named Michael Gosney – who had a digital arts magazine called Verbum – sponsored something called the Digital Be-In, timed to the annual Mac gathering in San Francisco, independent of us… so there were other people doing this as well. (We attended those splendid events, of course.)

San Francisco counterculture’s embrace of the celebrations of technology, virtual reality etcetera at that time in the early ’90s is kind of an extraordinary thing that requires a whole other essay.  It was a culture where the people who throw rocks at the Google bus would have been at the same party as Larry and Serge… our party!  Anticipating the future brought people together more than the actual thing.

Cover for Verbum issue 5.2. Click here to read the whole issue.

ND: Why do you think Mondo 2000 was so successful at the time? What did it have that nothing else did?

RU: We had a lot of hype from the mainstream media … an excitement about the superficial stuff like VR and smart drinks… that helped to let people know we existed. But I think the magazine itself was something extraordinary. It was the message from some other planet… some other future… that Wired later claimed to be. And there was an audience that wanted that.  People used to haunt magazine stores, Tower Records, in various towns…  “When will we see another issue of MONDO 2000.”

I mean, it wasn’t that successful. We hit our peak just shy of 100,000 circulation.

ND:  Timothy Leary once said that Mondo 2000 was “a beautiful merger of the psychedelic, the cybernetic, the cultural, the literary, and artistic. It shouldn’t last a long time.” Do you think that Mondo could have gone on for many more years, or was it by nature much more fleeting?

RU: 2000 would appear to be an expiration date. It could have continued. There were some internal problems that I don’t want to air here. Wait for the book, still in progress. We could have charted a new course of outrage. We had a lot of opportunities in terms of advertising that weren’t used… but I’ll leave it at that

ND:  I often look back at the comic “The Guy I Always Was” by Patrick S. Farley and consider how Mondo 2000 was more of a publication that invented the future (in both a dreaming sense, or simply making things up) instead of simply reporting on it. Do you think that would be an accurate way to put things?

RU: Yeah it was saying this thing was happening and then helping it to actually happen. Except for the things that didn’t happen, like universal virtual reality and “sharpies mutants and superbrights” taking over the planet…  I mean, it was a fantasy of the total transmutation of everything… and it’s turned out to be more the total fragmentation of everything, although we always made sure to predict that too (just in case.) I mean, it wasn’t really all that message-driven … there were lots of pages and lots of varying views and visions and just plain fun.

By the way, I love that comic.

H.M. Ludens, from “The Guy I Almost Was.”

ND: A lot of people attack Wired magazine though accusations that they copied Mondo’s style and watered it down for a broader audience. Do you think Wired was ever able to bottle the Mondo 2000 spirit? Was their success just a matter of timing based on when they started?

RU: They used a lot of the same writers and covered some of the same stories at first, but the appeal was more towards the ordinary…  They were genre specific. They didn’t have interviews with Daniel Johnston or Diamanda Galas or gonzo anthropological theorizing about secret cultic uses of tarantula venom as an intoxicant… stuff totally outside the supposed techno genre. They had a conventional approach that hit a bigger audience and was comfortable for advertisers.

They weren’t trying to bottle the Mondo spirit. The writers were told explicitly to steer clear of counterculturalness… Alternativeness was just the colored sprinkles on the corporate frozen yogurt.  Negativland pranks were cute items where for us they were subversive blows against the empire … and the main article. I mean, they were probably right. The empire survived our culture jamming … and now the alt-right establishment is doing a form of it themselves.  None of this is meant to be all negative about Wired. They did what they did well and I enjoyed many of their issues… and even wrote a few bits.

ND: Are there any people from the Mondo 2000 days that you still keep in touch with?

RU: I’m in touch with many of them.  St. Jude Milhon, who I worked closely with, died in 2003. Our business manager, Linda Murman, died of cancer maybe a decade ago. Kathy Acker, who was a friend to all of us, also died of cancer. There have been losses like that. A lot of people have been interviewed for the Mondo history project. I’ve been in touch with many of them.

ND: One person from the M2K staff that has always intrigued me is Michael Synergy, especially with his quick-fire claims of government-toppling knowledge in the Cyberpunk (1990) documentary. Do you know anything about his activities after Mondo 2000? Did he indeed mutate and take over the world?

RU: That’s a complicated and difficult subject. He disappeared after failing to appear at his wedding, more or less. Howard Rheingold swears that he’s Michael Wilson, who was involved in the development of the TV show Burn Notice and that the main character was based on him or at least on his braggadocio.  There are some strange, disturbing scenes with Synergy in the book (yes, still in progress.)

Cyberpunk (1990) documentary cover.

ND: There are a lot of different reasons posed for Mondo 2000’s eventual halt in publication. Is there any one reason that you think was the root cause?

RU: Insanity.

ND: In Synthetic Pleasures (1995) you said that “the way to eroticize the brain is to explore sexuality with new media.” With the popularity of the Oculus Rift and virtual reality in general right now, how do you think the ideas of sex and eroticism will mingle with these technologies going forward?

RU: Did I say that? :–)  Many knew mediums gain their financial foothold via porn. What will virtualized eroticism bring to the party, not just in terms of porn but in terms of real sexual connection? It seems to me that a lot of relationships take place mainly online now. Gender, genital sex, smells…  are these things becoming obsolete?  I don’t know. I can’t get no satisfaction from any sort-of totalist approach, myself…

ND: What’s the current status of the Mondo 2000 History Project?

RU: Negotiating a book deal. Otherwise, close…  Not knowing the format has complicated its completion.

ND: I noticed recently that Mondo 2000 has a new twitter account and an announcement of a website coming soon. What are your future plans for Mondo 2000? Can we expect a Mondo 3000 to come soon?

RU: Mondo2000.com  … it should be operational by the time people are reading this…

ND: While I’m of the belief that Mondo 2000 was something truly unique, is there any organization or publication these days that carries the same spirit?

RU: Dangerous Minds covers some of the territory. Boing Boing covers some of it. Coilhouse was awesome but has apparently disappeared. I don’t think anyone would do Mondo 2000 now in the way we did it. It was – dare I say – radical but politically incorrect in a way that is much more difficult to approach in a playful manner now. I’m still not sure how I’m going to navigate that aspect of our change in the culture with mondo2000.com.

Mondo 2000 hypercard via Boing Boing.

ND:  I’ve noticed in the past that you keep an eye out for articles online that mention Mondo 2000. Are there any websites or other publications that you read regularly?

RU: My morning online commute runs as follows… recent facebook posts, recent Google+ posts, Boing Boing, Vice, RAW Story, Reason, Huffington Post, io9, The Intercept, Washington Post, Dangerous Minds, ego search for R.U. Sirius, Mondo 2000, Timothy Leary, Ken Goffman. My Steal This Singularity twitter. (Now) Mondo 2000’s twitter.

ND: Are there any big things you are working on these days that should be on our radar?

RU: I like doing lyrics and music more than anything else. I have lyrical song cycles – some that have actual songs and some that have just lyrics — that I like as much as anything I’ve ever done. I’ll probably post them on Mondo2000.com. I think some of the new stuff that I will be working on with R.U. Sirius & Phriendz and some other folks will be stunning… It’s hard to get people to check it when they don’t know you for music though. People are real twats about that.  (My bandcamp…)

ND: Do you currently have any plans for more music coming up?

RU: Working on a bunch of songs… some may have my voice others not. R.U. Sirius & Phriendz may see the most production. Another artist who is known in the jazz world but who will be working under a pseud is working with me on some stuff. We’ll see.

I posted this sort of lyrical conceptual thing just recently. I’d love to get that done as a thing. Some of the songs exist already

ND: Many theoretical topics or downright crazy ideas from Mondo 2000 are becoming reality. How do you view the future these days? Where do you believe we are headed?

RU: The blurring of reality – the disbelief in even functional truth —  has entered too deeply into the realm of the political… People grasp for certainties, ideologies, authority… even anarchist authority if that’s their leaning. More chaos. Existential threats like the weather; increases in nationalism and racism and hostility; the spread of nukes…  There’s this sort of quasi-Leninist notion that bad material conditions lead to revolutionary progress.  Not true. They lead towards authoritarianism and reaction.

 

Hallucinations For Accelerated Mutants — A Mondo 2000 Retrospective

This article was originally written for and published at Neon Dystopia on August 28th, 2017. It has been posted here for safe keeping.

It’s difficult to explain Mondo 2000 to someone who hasn’t experienced it before. That’s really what I would call it at the end of the day: an experience. Like a hallucinogenic trip, or a roller coaster ride, or that tingle that you get after a first kiss — it’s something you just don’t really get by having it described to you.

I first became aware of Mondo 2000, the glossy cyberculture magazine which ran from 1989 to 1998, in the much more recent year of 2012. Late to the party, I admit, but sometimes you just can’t get there on time. In 2012, I began to research hacking magazines as I was getting worried that some of them would soon disappear from the world without a trace. Somewhere out there sat old, possibly moldy magazines full of articles and stories that once appealed to the hacking subculture. Nobody was saving them, so I decided to start. I began patrolling. Amazon, eBay, and basic HTML sites that haven’t been updated since the early days of the web became my usual haunts. Between monitoring auctions and mailing old email addresses,  I was able to begin buying these publications. The ones I could find, I would wrap in archival-grade plastic and scan into my computer when I had the time; a slight pit stop before pushing them to the Internet Archive. Now, five years later, I agonize over the magazines that I haven’t even heard of yet. I learned a lot about the technological landscape of the ‘70s, ‘80s, and ‘90s, but I didn’t have anything really resonate with my until I came across Mondo 2000. Sitting right on the border between the then-bleeding-edge and the surrealistic not-so-distant future, Mondo fostered a generation of tuned-in misfits who were making their way through hyperculture. This could have been me in a different time, but all I can do now is read the back-issues while wearing a bootleg Mondo t-shirt. Looking back, it feels like some sort of technophilic fever dream for kids with psychedelics and a ‘net connection. Drugs, sex, and the digital revolution dripped from the warm, colorful pages. Would you want to wake up?

Mondo 2000 issue 15 cover.

For many, Mondo 2000 was seen as just the thing a sharp-tongued, budding cyberculture needed. Others saw it as pseudo-intellectual nonsense, fabricated garbage that didn’t really mean anything. To the Mondoids, the dedicated followers, it didn’t matter if the normies didn’t understand. Mondo 2000 was playful, eccentric, irreverent, and brash — it worked on its own terms and it worked well. Yet, Mondo 2000 did always have a built-in expiration date. With a name like that, it could never go on forever. After 14 issues, Mondo ceased publication. The print was dead, but the ideas would live on — the infection would keep spreading. While Mondo hit the scene at an interesting time in the advancement of technology, it has a much more ludicrous origin story. Author Jack Boulware once reported in a famous 1995 postmortem, “Mondo’s history reads as if fabricated on another planet, spewed forth by a sweaty cyberpunk novelist tripping on nasal-ingested DMT.”

He isn’t wrong.

The Edge Of A High Frontier

Mondo 2000 didn’t just pop up one morning out of nowhere. The roots of Mondo go all the way back to 1984. Ken Goffman published the first issue of High Frontiers, your source for “Psychedelics, Science, Human Potential, Irreverence & Modern Art,” in a small run of 1,500 copies. The first issue embraced mind expansion with interviews featuring Terrence Mckenna, Bruce Eisner, Timothy Leary, and even Albert Hoffman, the father of LSD. Goffman, an ex-yippie, former New York musician who had since moved to California, had already adopted his dadaist R . U. Sirius persona when he decided to embark on a publication that combined psychedelic exploration, science, and high technology. The premier issue, published in a newspaper format, featured his moniker on the cover alongside co-conspirator “Somerset MauMau.” The innards were packed with walls of text and tongue-in-cheek photographs that looked like cut-outs from Life magazine. The next issue would need to keep up the energy, and the fun.

R. U. Sirius.

Sirius’ life would change one night as he was distributing the first issue of High Frontiers at a birthday party: he would meet Alison Kennedy. Kennedy, the wife of a UC Berkeley professor and daughter of a wealthy California family, captivated Goffman. Soon, Kennedy would come to join the band of “Marin Mutants” (named for High Frontier’s Marin, California headquarters) that worked on the publication, sporting names like “Lord Nose” or “Amalgum X.” Meeting in a local pizza parlor with oddly-abysmal foot traffic, the High Frontiers staff would plot out their next articles. The second issue of High Frontiers, published a year after the first, would go on to include interviews with physicists, research on hallucinogens, and reviews of art and literature. By issue three, science and technology had become more of a main focus with articles on memory enhancement, psychoactive software, and quantum physics. Of course, drugs were still held in high regard with articles like “MDMA: Safe As Ice Cream,” and Kennedy’s own gonzo-anthropological “Tarantella And The Modern Day Rock Musician,” about hallucinogenic tarantula venom. Kennedy would soon go on to adopt a new persona of her own: Queen Mu, Domineditrix. After issue four of High Frontiers, Sirius and Mu would change the name of the magazine to Reality Hackers, which better represented the mix of articles on mind-expanding drugs and computer-based technology. As the magazine mutated, so did the staff. New additions included anarchist hacker Jude Milhon (who would become known as St. Jude) and the in-your-face Michael Synergy (real name unknown), a cyberpunk keen on toppling all of the powers that be.

High Frontiers issue 1. Read through all of the issues here!

With operations now moved to a large wooden house in the Berkeley Hills, Reality Hackers became a lightning rod for new, more diverse happenings of the psycho-technical fringe. There were articles on smart drugs, virtual reality, chaos theory, and isolation tanks, some featuring leading experts in these new and/or obscure fields.

Distributors, however, had no idea what to do with Reality Hackers and thought it was a magazine about literally hacking people to bits. Sirius would eventually be approached by Kevin Kelly of Whole Earth Review, the magazine spawning from Stewart Brand’s seminal Whole Earth Catalog, to work on a new digital culture magazine called Signal. Sirius ultimately declined in order to pursue a new mutation of Reality Hackers, honing-in on the young cyberpunk movement. Sirius and Mu would soon change the name of the magazine again to Mondo 2000 after publishing only two issues under the Reality Hackers name.

Reality Hackers. Issue numbering takes place where High Frontiers leaves off. Read all of the issues here!

At first, Mondo 2000 still resembled Reality Hackers between the cover art and black-and-white interior. After Bart Nagel was brought on as Mondo’s art director, things took a turn as he completely reworked the design of the magazine. Featuring colorful layouts, expert photography, full-page illustrations, and surreal covers, the new magazine was as stylish and beautiful as it was informative. New content went hand-in-hand with the new design; there were articles on cyberspace, computer viruses, and conspiracy theories. Authors that would grace the first issue include Bruce Sterling, William Gibson, and John Shirley, each notable for their work in the cyberpunk sub-genre. Gibson, an ex-hippie who had published the ground-breaking Neuromancer in 1984 (the same year the first issue of High Frontiers premiered), particularly resonated with the Mondo style. While Gibson would write about fictional high-tech outsiders who took smart drugs and jacked into cyberspace, the Mondoids were living it.

Mondo 2000 issue 6, featuring cover art by Bart Nagel. Read a selection of Mondo 2000 issues here!

Mondo 2000 embodied the cyberpunk subculture, and often served as the premier source for trends and news within the space. It wasn’t long before the rest of the world was trying to catch up. Sirius was starting to get quoted by mainstream sources like the Boston Globe or the Chicago Tribune who were dipping a toe into the bizarre cyberpunk waters for the first time. If John Shirley is known as being the “godfather of cyberpunk,” Sirius may have entered public eye as the crazy uncle. The Mondo 2000 house was regularly a who’s who of the eclectic Bay Area characters. Aside from Sirius, Queen Mu, St. Jude, and Synergy, regulars included contributors like subscriber-turned-music-editor Jas. Morgan, psychotropic-explorer Morgan Russell, and the drug-loving bankers Gracie and Zarkov.

Much of the content development for new Mondo articles stemmed from outrageous parties thrown at the Mondo house. It wasn’t uncommon for different rooms to be filled with active interviews, parlour games, or conversation between unlikely guests. A virtual reality expert might discuss politics with a smart drug theorist. Timothy Leary could discuss virtual sex with a computer hacker. Someone might suddenly get up to dance or go to the kitchen to try a 2CB analogue mixed with piracetem. As Mondo helped those on the fringe meet the like-minded, the culture only grew and evolved with each new issue. More and more reporters from publications like Newsweek or The New York Times were flocking to Mondo for a controversial opinion or unconventional view of the future. Before long, zine writers and editors like Gareth Branwyn and Mark Frauenfelder of bOING bOING, and Jon Lebkowsky and Paco Nathan of FringeWare Review started contributing to Mondo. Authors like Rudy Rucker, Robert Anton Wilson, and Douglas Rushkoff began submitting work as well. While the Mondo 2000 parties could only exist locally, articles came in from every corner of cyberspace or alternative plane of existence. Mondo had become a hub of interaction for those beneath the underground.

A Little ReWiring

As Mondo 2000 hit its stride, a new publication was just starting to take shape. Years earlier in 1987, Electric Word (originally launched as Language Technology) became a prominent linguistic technology and computer culture magazine in Amsterdam. White it generally focused on linguistic technology, and computer culture, Electric Word featured such pioneers as Xerox PARC’s Alan Kay, AI expert Marvin Minsky, MIT Media Lab founder Nicholas Negroponte, and even Mondo-regular Timothy Leary. After three years the magazine shuttered, leaving editor Louis Rossetto and ad sales director Jane Metcalfe without jobs. Partners in business as well as life, the pair decided to return to the United States and embark on a new magazine about cyberculture and technology. They wanted to call the publication “Millennium” to highlight the new technical revolution, but the name was already taken by a film magazine. John Plunkett, then the creative director, wanted to name it “Digit” (a play on “dig it” and “digital”).Eventually, they settled on Wired and started developing a prototype with a mission to decipher the new digital revolution.

Cover for Language Technology issue 3. Read select issues here!

When Rossetto and Metcalfe arrived in California after shopping the publication around New York, they were soon introduced to the Mondo 2000 team. Things appeared to be friendly enough, and Queen Mu would often visit Wired’s offices and engage Rossetto and Metcalfe in conversation while handing out fresh issues of Mondo. Just starting out, the Wired team did its best to differentiate itself from the madcap, already-successful Mondo 2000. Both the Wired and Mondo groups were well aware of what one another was up to, and there was care taken to not step on any toes. The Wired team didn’t want to compete or be compared, they wanted to come into their own.

Louis Rossetto and Jane Metcalfe, via wired.com.

Not all was well within Mondo 2000 at the time. As Mondo grew, celebrities were vying to get into the magazine in an attempt to appeal to a more underground audience. When The Edge, guitarist for rock band U2, wanted to be examined for an article, Sirius recruited his friends from the band Negativland to conduct the interview. Negativland, who U2’s management had recently sued for copyright infringement, was a logical choice for Sirius. During the interview, The Edge didn’t know who he was speaking with and mentioned his views on intellectual property. At that point, Sirius revealed the band and trapped The Edge in his own hypocrisy. This resulted in one of the most well-known Mondo 2000 articles, but at the time it was strongly opposed by editor Queen Mu. After she refused the piece, Sirius had reached a tipping point and left Mondo, stepping down from his position as editor-in-chief. While Queen Mu eventually relented and published the article, Sirius never returned to his previous position. While he did eventually come back as a contributor, he also divested his share of ownership in the magazine.

Photograph of the band Negativland.

Too Weird to Live, Too Rare to Die

Though Mondo 2000 may have still been holding on to its popularity, there were increasing struggles to draw in advertisers. Mondo’s strong drug-friendly stance didn’t mix well with button-up businesses that had money to spend on product promotion, and the magazine suffered because of it. There was less cash on the table when writers looked to Mondo as a potential place to submit their articles, and many opted to go with other publications. While some continued to contribute to Mondo out of passion, outfits like the new Wired could afford to pay more per word. Looking back, Mondo was never truly run as a business looking to make as much profit as it could. Instead, it resembled an art project assembled by a hodgepodge of culture jammers and social engineers.

Still riding high in 1992, Mondo published Mondo 2000: A User’s Guide to the New Edge, a book containing 317 pages of compiled articles and artwork from past issues with new content mixed in. In February of 1993, Time magazine featured a “Cyberpunk” cover story, complete with art from Bart Nagel and numerous mentions of Mondo 2000. Cyberpunk had gone mainstream with Time’s article reaching households all throughout the USA. Much like Ron Rosenbaum’s “Secrets of the Little Blue Box” article published in Esquire in 1971, the Time article inspired hordes of new people to invade a subversive subculture. While Mondo received a boost from the story, it might have been a little too much attention.

Time Magazine’s February 1993 issue. Read the story here!

When Wired’s first issue came out in March of 1993, it was largely dismissed by the Mondo crew. In the eyes of many, it watered down the content Mondo was known for and passed itself off as a sub-par imitator. At the end of the day, Wired was appealing to a largely different audience. They didn’t need the hardcore console cowboys or smart drug pioneers to like them, they could get by with weirdo weekend warriors and flirt with the “normal people.” Mondo may have been a bellwether for the digital revolution, but it was on the decline. Many thought it was circling the drain.

Wired Magazine issue 1, March 1993.

Mondo 2000 was able to survive for another five years under the leadership of Queen Mu and her assistant-turned-editor Wes Thomas, ending with issue 14 in 1998. It may not ever be known if Mondo finally closed down due to infighting, failure to rouse advertisers, dilution of cyberpunk culture, or some perfect storm of those factors. Its legacy and influence, however, cannot be questioned.

Mondo 3000

In 2010, R.U. Sirius announced “MONDO 2000: An Open Source History”, a multimedia-driven Kickstarter project that attempts to capture the history and lore of Mondo 2000 — and all of its previous incarnations. Between a web document, a printed book, and video footage (that may ultimately become a documentary), Sirius hopes to save all of the stories, viewpoints, and ephemera that made Mondo what it was. He is currently in contact with past contributors, and continues to work on the project. In line with Mondo 2000’s whimsical nature, Sirius created a project reward that allowed one backer to be written into Mondo 2000’s history. Some of the events surrounding Mondo may not have happened, but all of them are true.

While we may not see a new issue of Mondo 2000 ever again, Sirius is hard at work. Within the last month, he has re-established Mondo’s Twitter presence and created a brand new website at mondo2000.com featuring reprinted and expanded articles from Mondo’s past, as well as new content.

For those who remember it, Mondo 2000 is something equal parts special and weird. For many, it changed everything, and then it faded into the ether organically as the world changed around it. Browsing the new site, my mind starts to wander. Maybe there is a void left in the world that could only be filled by Mondo 2000 coming back. Maybe the world needs a “Mondo 3000.”

Somewhere out there, hackers and cyber-mystics are typing away furiously on computers in coffee shops and bus stations, creating new virtual worlds and building communities.

Maybe someone else has already created a Mondo 3000.

Maybe this time I’ll be around to catch it.


Keep your eyes bulged and your cybernetic implants on alert for a follow-up article featuring an interview with R.U. Sirius.

 

Bypass Your ISP’s DNS & Run A Private OpenNIC Server (2600 Article)

Now that the article has been printed in 2600 magazine, Volume 34, Issue 3 (2017-10-02), I’m able to republish it on the web. The article below is my submission to 2600 with some slight formatting changes and minor edits.

Bypass Your ISP’s DNS & Run A Private OpenNIC Server
By Mike Dank
Famicoman@gmail.com

Introduction

With recent U.S. legislation regarding Internet privacy, we see another example of control moving away from consumers and towards service providers. Following the news of this change, many have taken a renewed interest in methods that can take back some of the control and privacy that ISPs and other organizations have slowly been chipping away.

One such service that consumers can liberate (and run) for themselves is DNS. The Domain Name System is responsible for retrieving IP addresses (like 123.45.67.89) from domain names (like 2600.com). For a simplified explanation, when you go to visit a website your machine hasn’t seen before, your machine will query a caching server that is usually owned by your ISP or a company like Google or OpenDNS. This server will return the proper IP address, if they have it cached, or query its way along a chain of DNS servers to the authoritative one controlling that domain. Once found, the IP address for the domain entered will trickle back to you and complete the initial request, allowing your machine to resolve it.

Companies that control these services have a direct look into the sites you are trying to visit. You can bet that more than just a few of them are logging queries and using them for marketing purposes or creating profiles based on who is sitting behind the keyboard at the address of origin. However, there are alternative DNS providers out there who can offer more privacy than others are willing to supply.

One such project, OpenNIC, has been operating a network of DNS servers for many years. Unlike traditional DNS providers, OpenNIC provides an alternate root to the ICANN system (which resolves traditional TLDs, top level domains like .com, .net, etc.) while maintaining backwards compatibility with them. Using OpenNIC, you can still resolve all of the same sites, but also get access to those run by OpenNIC operators, with TLDs such as .geek, .pirate, and .bbs. OpenNIC is made up of hobbyists, engineers, and tinkerers who not only want to explore the ins and outs of DNS, but also offer enhanced privacy and free domain registration for TLDs within their root! You may see OpenNIC as just-another-organization to query, but many operators are privacy-oriented, running their own servers devoid of logging and/or in countries that don’t poke around in your network traffic.

Aside from using an official OpenNIC DNS server to query your home traffic against directly, you can also set one up yourself. Using a modest VPS (512MB of RAM, 4GB of disk) hosted somewhere outside of the US (or the 14-eyes jurisdiction, if you prefer), you can subvert organizations who may be nefariously gathering information from your queries. While your server will still ultimately connect upstream to an OpenNIC server, any clients at home or on the go never will — they will only directly query your new DNS server directly.

Installation & Configuration

Setting up a DNS server is relatively easy to do with just a basic understanding of the shell. I’m running a Debian system, so some of the configuration may be different depending on the distribution you are running. Additionally, the steps below are for configuring a BIND server. There are many different DNS server packages out there to choose from, though BIND is arguably the most widespread on GNU/Linux hosts.

After logging into our server we will first want to switch to the root account to configure BIND.

$ su -

Next, we will install bind9 and DNS utilities using the package manager. This will automatically configure a (non-publicly accessible) DNS server for us to work with and various DNS tools that will aid in setting up the server (specifically, dig).

$ apt-get install bind9 dnsutils -y

Now, we will pull down the OpenNIC root hints file for BIND to use. The root hints file simply contains information about OpenNIC’s root DNS servers that control the alternative TLDs OpenNIC has to offer (as well as provide backwards compatibility to ICANN domains). On Debian, we save this information to ‘/etc/bind/db.root’ for BIND to access.

$ dig . NS @75.127.96.89 > /etc/bind/db.root

While the root hints information does not change often, new TLDs can be added to OpenNIC periodically. We will set up a cron job that updates this file once a month (you can specify this to be more frequent is you wish) at 12:00AM on the first of the month. Let’s edit the crontab to add this recurring job.

$ crontab -e

At the bottom of the file, paste the following and save, activating our job.

0 0 1 * * /usr/bin/dig . NS @75.127.96.89 > /etc/bind/db.root

Next, we will want to make some changes to the BIND configuration files. Specifically, we will allow recursive queries (so our BIND installation can query the OpenNIC root servers), enable DNSSEC validation (to verify integrity of DNS data on query to OpenNIC servers), and whitelist our client’s IP address. Edit ‘/etc/bind/named.conf.options’ and replace the contents with the following options block, making any edits as needed to specify a client’s IP address.

options {        
    directory "/var/cache/bind";

    //Allow localhost and a client IP of 1.2.3.4        
    allow-query { localhost; 1.2.3.4; };        
    recursion yes;

    dnssec-enable yes;        
    dnssec-validation yes;        
    dnssec-lookaside auto;

    auth-nxdomain no;    # conform to RFC1035        
    listen-on-v6 { any; };  //Only use if your server has an ipv6 iface! 
};

Now, we will also change the logging configuration so that no logs are kept for any queries to our server. This is beneficial in that we know our own queries will never be logged on our server (as well as queries from anyone else we might authorize to use our server at a later date) for any reason. To make this change, edit ‘/etc/bind/named.conf’ and add the following logging block to the bottom of the file.

logging {
    category default { null; };
};

Finally, restart BIND so it can use our new configuration.

$ /etc/init.d/bind9 restart

Now, make sure that our server is using itself for DNS by checking the ‘/etc/resolv.conf’ file. If it doesn’t exist already, place the following line above any other lines starting with “nameserver”.

nameserver 127.0.0.1

Testing resolution of both OpenNIC and ICANN TLDs can be done with a few simple ping commands.

$ ping -c4 2600.com 
$ ping -c4 opennic.glue

Conclusion & Next Steps

Now that the server is in place, you are free to configure your client machine(s), home router, etc. to make use of the new DNS server. Provided you have port 53 open for both UDP and TCP on the server’s firewall, you should be able to add a similar ‘nameserver’ line to the ‘/etc/resolv.conf’ file (as seen in the previous section) on any authorized client machine, using the server’s external IP address instead of the loopback ‘127.0.0.1’ address.
Instructions for DNS configuration on many different operating systems and devices are readily available from a myriad of sources online if you aren’t using a Linux-based client machine. Upon successful configuration, your client should be able to execute the two ping commands in the previous section, verifying a proper setup!

As always, be sure to take precautions and secure your server if you have not done so already. With a functioning DNS server now configured, this project could be expanded upon (as a follow-up exercise/article) by implementing a tool such as DNSCrypt to authenticate and secure your DNS traffic.

Sources