Prerequisites

I set everything up on two different VPSs. PeerTube was on a new domain, so I used an Ionos VPS. Ente and WriteFreely are on my main VPS (powering this website) since they were on subdomains of this domain.

All intensive storage (photos and videos) happens on Backblaze B2. I love Backblaze for its reliably cheap storage and excellent APIs (including, crucially for this use-case, S3-compatible APIs).

PeerTube

I first followed the steps here to do the basic setup. I followed all of those instructions (including setting up the reverse proxy and systemd service. Because this is a fresh VPS, I did not have any port conflicts (this was not the case with the others as will be clear) and I could use the support reverse proxy (nginx).

Then, it was time to setup the object storage according to this page. I went to Backblaze B2, created a new bucket for PeerTube, and made it public. Then, I generated an application key (restricted only to that bucket), ensuring that the key had the ability to list all buckets (necessary for an S3-compatible key). Then, all I had to do was fill in all of the information in config/production.yaml according to the documentation, restart PeerTube (systemctl restart peertube), and I was good to go!

Initially, I had disabled transcoding, opting only to keep one resolution of the video (effectively just the original file). I later enabled HLS transcoding and manually ran the HLS transcoding jobs on the uploaded videos (possible through the admin interface). Everything went smoothly and the existing videos were (slowly) transcoded. I say slowly simply because the VPS only has 2 cores, so I can't really run transcoding jobs in parallel.

I initially had tried to setup a remote runner, but it was having trouble with transcoding large files, so I disabled it for now. I will probably retry the runner with the next upload and see how it goes.

Ente

I had initially tried self-hosting Ente a few months ago when I first heard about it after asking for a self-hosted gallery with object storage support over on Mastodon. However, while I was able to get it up and running, I was running into issues completing the registration and getting the object storage backend up and running, so I gave up.

Then, about a week ago, I decided to try again and actually got it working. I followed the self-hosting directions and got it installed, but I kept running into CORS issues when I attempted to register (the same issue I ran into earlier).

I then realized that I had to set the environment block in compose.yaml to the IP address (rather than localhost), and that was enough to get it working. I then similarly set up a bucket in B2 for Ente and set up the object storage backend. I then tried a few test uploads and it worked!

When I went to configure the reverse-proxy, I had to set it up with apache instead of nginx because apache was already being used for my main web server. There are numerous guides for doing it, so I won't elaborate here, but it's pretty straightforward.

What I also hadn't realized originally was that I needed to enable all of the components on subdomains. For example, the main Ente domain is https://photos.chiraag.me, and all of the sub-components needed to be hosted on subdomains of that (e.g. https://api.photos.chiraag.me and so on —– I just used the standard subdomain names given in the documentation). Once I had configured this, added all of the subdomain reverse proxy entries, and used cerbot --apache to generate the SSL certificates (or, more accurately, expand the existing one to cover the new subdomains), everything worked great. Everything is automatically encrypted client-side, then uploaded to my B2 bucket. Then I can create public albums and share them (like at https://chiraag.me/albums).

WriteFreely

There's honestly not a lot to write about here. It's a static binary that I just downloaded and configured with the wizard. Everything just worked (I used the SQLite backend rather than MySQL) and it has everything I want and nothing that I don't.

Conclusion

This is honestly just a plug for the different services I've setup. Our PeerTube is here. Albums shared through Ente can be found here. And, of course, you're already on the blog!

All of that changed about a week ago.

I had been thinking of self-hosting stuff for a while (an image gallery, a blog, and perhaps even a site for videos). The main problem I kept running into is that storage on VPSs is quite expensive, so I needed software with object storage support (I prefer Backblaze B2). A lot of image gallery software, for example, handles local images fine but doesn't have built-in support for S3-type storage.

Ironically enough, I started with PeerTube. It's the most storage-intensive of the services I have started hosting, but it has object storage support so I set it up with a B2 bucket. Setting it up was relatively easy and things magically show up across the Fediverse (it's still amazing to me how seamlessly it happens). I still need to setup transcoding, but that's the last bit.

The next one was Ente. Interestingly, I had started configuring this a while ago, ran into problems with the object storage configuration, and gave up. I decided to give it another go and actually got everything set up this time! It's a little complicated because they have several different services that should be run on separate subdomains (the docs do a decent job of explaining it), but after a bit of fiddling I have the main interface (for authorized users to upload photos), the albums subdomain (for public albums), and the embed subdomain (for embedding public albums in other pages) and everything works.

The final bit was actually easiest: this blog (through WriteFreely. I imported my old blog posts (from my previous WordPress-powered blog) and everything pretty much worked without a hitch.

The coolest part is that uploaded videos and blog posts (like this) automatically federate with the rest of the Fediverse. I have a Mastodon account, so you can reach out to me there about my posts (WriteFreely currently does not have comments, so the easiest way to discuss it is to tag my Mastodon profile in your replies to this post).

I am more than happy to discuss how I set these services up. Everything is on VPSs (WriteFreely and Ente are on the VPS for this website, PeerTube is on a different VPS for the other domain) and most stuff is relatively minimal in terms of resource footprint (PeerTube is relatively heavy and needs... 2 GB of RAM and 2 cores!). It's way more accessible than I had thought, and I am definitely glad I bit the bullet and looked into this.

Take control of your digital life!

I started thinking about this at first when I watched Kurzgesagt's video, which argues that we should find a new year “0” that better reflects the sheer magnitude of all that we have accomplished as a species. They end up settling on 10000 BC/BCE as the appropriate year “0”, for reasons that they describe in the video. In practice, in order to use the Human Era system, we just tack on an extra “1” at the beginning of the year. So the year 2020 AD/CE becomes the year 12,020 HE (Human Era).

That got me thinking, though, that there must be a better way to distribute the days of the year. I mean, the sheer madness that is the Gregorian calendar would be hilarious if it weren't so ingrained into us. Instead of each month having a fixed number of days (possibly with some minor adjustment at the end to account for imperfections), we end up with a monstrosity where you have to memorize the number of days in each month. Of course, this happened because the calendar was iteratively refined due to increased knowledge about exactly how long one revolution around the sun takes, adding/subtracting months to please Roman emperors, and so on. But if we were to design a calendar from scratch, what might it look like?

Well, a standard year (ignoring leap years for a second) has 365 days. The prime factors of 365 are 73 and 5, so let's assign 5 days to a week, instead of the current 7. This leaves us with a year that has 73 full weeks. Now, unfortunately 73 is prime, but 72 —– 72 is a number we can work very nicely with. 72 gives us prime factors of 3,3,2,2,2. This means that we can have 18 months with 4 weeks each, 9 months with 8 weeks each, or even 36 months with 2 weeks each if we want. Let's go with 9 months of 8 weeks each for now. This leaves the last week —– the leap week, as it were —– by itself. We can call that the 10th month or leave it by itself —– either way, it just hangs out at the end of the year.

What happens in a leap year? Just tack on the leap day to the end of the leap week. This design ensures that all of the first 9 months are completely untouched every single year. The same date falls on the same day of the year, every single year. No shifting dates. No memorizing how many days a month has. It's nice and simple.

We can do a similar thing with time, too. Why exactly do we have 24 hours in a day, with 60 minutes per hour and 60 seconds per minute? Why not have nice, round, powers of 10 for each of those conversions? In this case, however, we will have to redefine the second. Let us define that 1 day has 100,000 seconds. If we set reasonable conversions of 100 seconds per minute and 100 minutes per hour, this gets us a nice, even 10 hours per day.

Unfortunately, this means that a second under this system is quite a bit shorter than a second in the current system. To be exact, one new second is 0.864 current seconds. That is, unlike the new calendar system which is day-for-day compatible with the current calendar system, this new system of measuring time has conversion factors.

In summary, here is the new system I am proposing (and have implemented on my laptop):

• 100 seconds per minute
• 100 minutes per hour
• 10 hours per day
• 5 days per week
• 8 weeks per month
• 9 months per year with a leap week to round out the year (so effectively 9.125 months or 10 months where the 10th month is highly irregular, whichever you prefer)
• On leap years, the leap week gets a leap day
• Add 10000 to the current year to utilize Human Era years

Also, days and months should be 0-indexed as our hours (in 24-hour time), minutes, seconds, and years are. So month numbers go from 0 to 8 (or 9 if you could the last week as a month) and day numbers go from 0 to 39.

This is certainly a change from our current way of measuring and dealing with time. But I tend to view this as a much more rational approach, one that better incorporates the additional knowledge we now have. Additionally, it makes the calendar as regular as humanly possible. The same holds true for the new time system —– indeed, it's far more regular than even the new calendar system. It takes adjustment, but so does any new system. That's what happens when everyone is brought up on a particular system. It's why transitioning between operating systems can be so painful, or daring to dream big about systemic change can feel scary. We find comfort in the familiar but sometimes...the familiar just really sucks.

1. Wanting to keep my emails backed up (and a local copy always at hand).
2. Wanting a simple but powerful email reader so that it gets out of the way while enabling as much customization as needed.

As the title suggests, there are two different parts to this setup: fetchmail and mutt.

Since fetchmail does not natively provide for encryption of the configuration file (and the file contains sensitive information), I wrote a wrapper around it which decrypts the file and passes it to fetchmail via stdin. That part will not be discussed here and can be set up after glancing at the fetchmail manual page (in short, do something like gpg -d -o – /path/to/encrypted/config | fetchmail -d <n> -f -).

As for the configuration file itself, this should serve as a good template:

set postmaster “<local username>“
set bouncemail
set no spambounce
set softbounce
set properties “”
poll <imap server> with proto IMAP
       user 'username' there with password 'password' is '<local username>' here
       options keep ssl sslproto “TLS1+” mda “<mda> $HOME/.local/mail/Gmail/”
  folder “<folder>“

A special note for Protonmail Bridge users: In the options section, you'll want keep no sslcertck sslfingerprint “48:63:2E:30:62:FC:23:B3:9A:42:CD:02:1E:FF:F8:52” since otherwise fetchmail will throw an error as the Bridge's certificate isn't trusted.

At this point, fetchmail should be good to go. Before you try running it, you should create the maildirs you setup in the fetchmail config. This is really easy; if the maildir is $DIR, you can just run mkdir -p $DIR/{cur,tmp,new} and you're done. Now, you can try running fetchmail -f /path/to/config/file. If all goes well and you don't have any unread emails, fetchmail should exit normally without downloading any emails. At this point, I'd run fetchmail -a -f /path/to/config/file to get a copy of all emails, read or not. Note that fetchmail uses whether an email is read to determine whether or not to download it.

The next piece of the puzzle is mutt. All of my mutt configuration goes in ~/.config/mutt/muttrc. I have a master RC file that looks something like this (along with many other variables that I won't go into here):

set folder=”~/.local/mail”


mailboxes “+Gmail” “+Brown” “+CaltechAlumni” “+ProtonMail” “+ProtonMail-Custom”

folder-hook Brown 'source ~/.config/mutt/muttrc/muttrc.localb; macro index cb '
folder-hook Gmail 'source ~/.config/mutt/muttrc/muttrc.localg; macro index cg '
folder-hook CaltechAlumni 'source ~/.config/mutt/muttrc/muttrc.localca; macro index ca '
folder-hook ProtonMail 'source ~/.config/mutt/muttrc/muttrc.localp; macro index cp '
folder-hook ProtonMail-Custom 'source ~/.config/mutt/muttrc/muttrc.localpc; macro index cq '

source ~/.config/mutt/muttrc/muttrc.macros

Additionally, when I switch mailboxes, I load a mailbox-specific config file. For example, the Gmail one looks like this:

set spoolfile=”~/.local/mail/Gmail”


set smtpurl=“smtps://chiraag.nataraj\@gmail.com@smtp.gmail.com/”
set from=“ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com>“
set realname=“ಚಿರಾಗ್ ಮಂಜುನಾಥ ನಟರಾಜ್”
set imapuser=chiraag.nataraj@gmail.com
set record=“^”

set signature=”~/.config/mutt/signatures/signature.home”
set headercache=~/.cache/mutt/muttcache.gmail

send-hook . “source 'gpg -d ~/.config/mutt/mutt_secure/gmail.password.gpg |'”

source ~/.config/mutt/muttrc/muttrc.macros
source ~/.config/mutt/muttrc/muttrc.autocrypt

You might notice this mutt.macros thing lying around. That file looks like this:

macro index ca '<sync-mailbox><enter-command>source ~/.config/mutt/muttrc/muttrc.localca<enter><change-folder>!<enter>'
macro index cb '<sync-mailbox><enter-command>source ~/.config/mutt/muttrc/muttrc.localb<enter><change-folder>!<enter>'
macro index cg '<sync-mailbox><enter-command>source ~/.config/mutt/muttrc/muttrc.localg<enter><change-folder>!<enter>'
macro index cp '<sync-mailbox><enter-command>source ~/.config/mutt/muttrc/muttrc.localp<enter><change-folder>!<enter>'

This system means that if I want to add a new mailbox to mutt, I do the following:

1. Create a new mailbox-specific config file with the necessary details.
2. Add the mailbox to my master configuration file.
3. Add a keybinding for switching to that mailbox to mutt.macros.

With some work, I could probably even automate the current system for adding a mailbox, but I am fairly satisfied with how the system currently works.

Defenders will point to Pakistan's decades-long policy of interfering in Indian-controlled parts of Jammu and Kashmir. This, in its own right, is a form of imperialism and must be opposed. However, this is no excuse for Indian imperialism.

This whole thing is complicated, right? Because there are two conflicting desires.

On the one hand, there is a sense that a country has to mean something, that states (and territories) shouldn't just be able to break away. This tendency is best exemplified by the US Civil War, where the southern, slave-holding states wanted to secede to preserve slavery and the northern states refused to let them. In my personal conversations, this is the point that comes up the most, where there's a sense of 'India First'. “National Security Concerns”™ also sort of fall under this category, since it's often used to justify holding on to territories even if there are strains of an independence movement within them (Jammu and Kashmir, Tibet, Hong Kong, the various Kurdistans, and so on).

Unfortunately, this line of thinking often ends up justifying naked imperialism, since it tends to override any decision-making based on what the people in that territory want. That is, it doesn't matter what the people of Tibet want — China's interests come first. It doesn't matter what various Kurdish populations want — the national interests of Turkey, Iran, Iraq, and Syria come first (based on whichever Kurdish population we're talking about). In the same way, I've had it explained that it doesn't matter what the people of Jammu and Kashmir want — India's national interests come first. Indeed, this line of thinking is extremely problematic coming from a former British colony, as this logic was used to hold together Britain's vast holdings and justify oppressing the peoples therein.

On the other hand, at least in India's case, there is a supposed committment to democracy. That is, there is a notion that “the people” should be able to determine for themselves the fate of their government. This often goes hand-in-hand with a supposed committment to “self-determination”.

The problem is that one cannot both be imperialist and committed to democracy. One can either be committed to honoring the will of Jammu and Kashmir or overriding it. And take note that none of this depends on whether Pakistan is itself imperialist.

If Jammu and Kashmir were to have a vote and voted to become independent countries (or one independent country) and Pakistan refused to honor it, that is problematic. It would be just as problematic if India refused to honor it. But those situations can and should be dealt with as they arise, and such hypotheticals should not prevent the expressiong of the right to self-determination.

As a postscript, I'll note that “national security concerns” can justify anything. If annexing Jammu and Kashmir can be justified under that umbrella, why not just annex and invade Pakistan? Pakistan, after all, is India's biggest national security threat. And why stop there? Why not annex and invade Afghanistan? Once India annexes Pakistan, Afghanistan will pose the same threat Pakistan currently does.

At this point, it is clear that the people pushing annexation of Jammu and Kashmir are doing so without regard for what the people of Jammu and Kashmir want. I do not claim to speak for them. All I hope is that India and Pakistan listen to what they want and honor the right to self-determination. The recent actions make clear that India, at least, most likely will not go down that path.

However, this presents an annoyance: the Raspbian repositories contain a very tiny subset of the Debian respositories. This means that your software choice is reduced by a lot and, given that I wanted this to be a “set it and forget it” type of media server, compiling and updating programs from source was mostly out of the question (especially when that software was available in Debian!). I decided to go on an adventure and convert Raspbian to Debian proper.

Note: I did this a while ago, so I may be missing some steps. Please let me know in the comments and I will update it with more details if need be!

First, I noticed that the architecture Raspbian refers to as armhf is actually an amalgamation of both armel and armhf in Debian. That is, just adding the Debian repositories and upgrading will probably break your system. This was the first issue I ran into when I naïvely just edited /etc/apt/sources.list to include deb http://ftp.us.debian.org/debian/ sid main contrib non-free. When I ran sudo apt update && sudo apt dist-upgrade, everything completely broke.

This meant I needed to switch the architecture from armhf to armel. The first step to doing this was the following: 1. Run sudo apt update && sudo apt dist-upgrade. You want a clean, fully upgraded state to start from. 2. In /etc/apt/sources.list, change deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi to deb [arch=armhf] http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi. 3. In the same file, add the line deb [arch=armel] http://ftp.us.debian.org/debian/ sid main contrib non-free. 4. In /etc/apt/sources.list.d/raspi.list, change deb http://archive.raspberrypi.org/debian/ buster main ui to deb [arch=armhf] http://archive.raspberrypi.org/debian/ buster main ui. 5. Run sudo dpkg —add-architecture armel. 6. Run sudo apt update. 7. Here's the really messy part. You need to slowly migrate every package you can from the armhf version in Raspbian to armel in Debian sid. This involves running sudo apt install :armel and manually resolving dependencies. Do not run sudo apt upgrade because, at this stage, the dependency resolver will probably just choke. My advice here is to start with core libraries and then slowly move to bigger and bigger packages. Once you've switched dpkg and apt over, it definitely gets easier, but it's still a tedious process. 8. Once you've done this, you can now use sudo apt update and stuff as normal and it should “Just Work”™.

An alternative to this horrifically messy process is to flash this image instead of the default Raspbian image. It is out of date, so you'll have a large system update to run after flashing it, but it should save you the horrifically messy transition.

But the modern web is also a privacy nightmare. Trackers, analytics, you name it, it's there. Javascript APIs to sniff location, bluetooth state, battery state — it's ludicrous. Browser fingerprinting, where the interested party uses attributes of your browser (such as screen size, color depth, operating system, and so on) to track you (possibly without cookies), is more of a concern than ever. All of this on top of the fact that browser makers themselves have access to a wealth of information about the user, something that doesn't escape the notice of e.g. Google or Microsoft.

So what can we do? What can we, the humble users of these products, do to protect ourselves from all this tracking? Well…as someone who's been trying to fight this stuff since I learned about it, I've come up with a couple of tricks, which seem to work fairly well.

Of course, standard disclaimer: Please take this with a grain of salt! There may be things I'm missing and haven't thought about. If you're in a situation where a slip-up may cost you your life, please seek out solutions built for your specific situation — this is more for the general user who cares about privacy but doesn't face dire consequences should they be unmasked.

1. Use Firefox. It's by far the most privacy-respecting browser out there of the mainstream browsers and they've been integrating some awesome stuff from Tor (via the "Tor Uplift") that we'll cover in later points. Some of the later mitigation techniques rely on Firefox (or a fork which implements those points). See my note about Chromium-based privacy browsers at the end for more information.
2. Use a VPN. I won't go into it here (maybe I'll do that in a future post), but one of the biggest identifiers you will always send is your IP address — it's how your browser is able to get any websites at all. The problem is that your IP address can easily be tied to a general vicinity (so doing things like disabling the Geolocation API as we do below won't really help, since they can just look up your IP address). Using a VPN (look for a no-logging VPN) can help by effectively disguising your location. As a bonus, using one that is fairly popular means that your IP address becomes mostly worthless, at least on its own. And since that's largely the one identifier you have to send, masking it effectively is crucial to a proper privacy routine.
3. Disable various Javascript APIs. In Firefox, you can disable the following APIs by going to about:config:
   • Beacon API (Set beacon.enabled to false)
   • Battery API (Set dom.battery.enabled to false)
   • Performance API (Set dom.enable_performance to false)
   • Resource Timing API (Set dom.enable_resource_timing to false)
   • Clipboard events API (Set dom.event.clipboardevents.enabled to false)
   • Context menu event (Set dom.event.contextmenu.enabled to false)
   • High resolution timestamp (Set dom.event.hirestimestamp.enabled to false)
   • Asynchronous Clipboard API (Set dom.event.asyncClipboard.enabled to false)
   • FileHandle API (Set dom.event.filehandle.enabled to false)
   • Gamepad API (Set dom.gamepad.enabled, dom.gamepad.extensions.enabled, and dom.gamepad.haptic_feedback.enabled to false)
   • IndexedDB API (Set dom.indexedDB.enabled to false)
   • Pointer Lock API (Set dom.pointer-lock.enabled to false)
   • Service Worker API (Set dom.serviceWorkers.enabled to false)
   • Storage API (Set dom.storage.enabled to false)Leave this one enabled! Disabling it tends to break many websites
   • Vibration API (Set dom.vibrator.enabled to false)
   • Oculus VR API (Set dom.vr.oculus.enabled and dom.vr.oculus.invisible.enabled to false)
   • WebAudio API (Set dom.webaudio.enabled to false)
   • Notifications API (Set dom.webnotifications.enabled to false)
   • Window.event API (Set dom.window.event.enabled to false)
   • Geolocation API (Set geo.enabled to false)
   • Web Speech API (Set media.webspeech.synth.enabled to false)
   • WebGL (Set webgl.disabled and webl.disable-webgl to true)
   There are more preferences for other APIs which I did not include as they are disabled by default, and some of these may break some websites or your particular workflow, so play around with enabling and disabling these APIs until you reach a state that works for you.
4. Enable Contextual Identities (Containers). In order to prevent various methods of client-side tracking (think: cookies, local storage, etc), enable and use Firefox Containers. It is basically a generalization of Private Browsing mode, where each container has its own set of cookies, local storage, and so on. Containers are built-in to more recent versions of Firefox, but to enable them and use them effectively, you should install Multi-Account Containers. Using that extension, you can create new containers, open a tab in a specific container, and so on. A great companion extension is Temporary Containers, which can be set up to automatically create and delete containers based on certain rules. For maxmium privacy, enable "Deletes History" Temporary Containers (in "Advanced") and tell the extension to isolate subdomains. Warning: This will break logins on several webpages, so either be prepared to create exceptions for certain websites or have a separate profile for logging into sites.
5. Enable First-Party Isolation. First-Party isolation automates (to some extent) the segregation provided by Containers and can act as another layer of defense, especially in the case that you don't use Temporary Containers or another extension like it to automate the segregation. Imagine that sites A and B both have a Facebook tracker embedded. When Facebook stores a cookie through site A, the cookie will be called A.facebook.com. When Facebook stores a cookie through site B, the cookie will be called B.facebook.com. This is a very simplistic explanation, but it hopefully helps get the point across of the value of First-Party Isolation — it helps ensure that common third parties (read: Facebook, Google, Amazon) cannot easily track you across sites — even if they're all loaded in the same container. To enable First-Party Isolation, go to about:config and set privacy.firstparty.isolate to true.

6. Enable fingerprinting resistance. This preference helps ensure that your computer looks "the same" as any other computer using this preference. That is, it tries to help foil the browser fingerprinting techniques discussed in the opening of this post. Keep in mind that this may cause issues with certain websites, and unfortunately there is no easy way to disable the preference on a specific site. That being said, I personally have not run into too many issues when browsing with this preference enabled. To enable fingerprinting resistance, go to about:config and set privacy.resistFingerprinting to true. If you want to be notified of websites attempting to read your canvas data (the HTML5 Canvas is yet another fingerprinting mechanism, so fingerprinting resistance obfuscates your canvas data), you should also set privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts to false — this can help if something like WhatsApp Web (which generates a QR code) silently fails.

   Note: This preference can break some things. Most notably, it may prevent you from installing certain extensions the usual way (e.g. by clicking on the "Add to Firefox" button on addons.mozilla.org. You can get around this two ways:

   • Temporarily disable the preference, install the extension, and toggle it back.
   • Right click on the "Add to Firefox" button and click "Inspect Element". Copy the href attribute and paste it — this will bypass the user agent check that addons.mozilla.org does and allow you to install the extension.

   That being said, most extensions (in my experience) install just fine even when fingerprinting resistance is enabled.

7. Enable built-in tracking protection. It's useful to have a decent content blocker enabled as a fallback to when you need to disable some of the extensions below (e.g. uBlock Origin or uMatrix) because they're too aggressive (it happens rarely, but it does happen). To enable this, go to about:preferences and select the Privacy tab. You should enable Firefox's built-in tracking protection using the strict list in all windows (select "Custom" and tick the appropriate boxes). You can also tell Firefox to reject all third-party cookies as well to at least get some additional privacy if you're not going to use Cookie AutoDelete. If you're using Cookie AutoDelete, you can go ahead and uncheck the Cookie box entirely, since having multiple places cookies are handled can get a bit confusing and hard to manage.
8. Change your search engine. All of this is useless if you're still using Google as your search engine! I recommend either Startpage or DuckDuckGo. In Firefox, you can do this by going to about:preferences and clicking on the Search tab.
9. Install privacy-enhancing extensions. While the last few tricks only worked on Firefox (now you can see why I recommend it), this tip should work on both Chromium-based and Firefox-based browsers. The list of extensions I use as well as what they do is given below:
   • Cookie AutoDelete: Automatically delete cookies once they're no longer needed. Firefox
   • Decentraleyes: Intercept and serve scripts and stylesheets from popular content delivery networks (CDNs), thereby ensuring you never connect to them. Firefox
   • firewall: Allow editing of user agent, headers, etc. Firefox
   • HTTPS Everywhere: Easily disable all unencrypted connections (prevents eavesdropping, man-in-the-middle-style attacks). Firefox
   • Privacy Possum: Obfuscates data commonly used by trackers (mainly a fallback mechanism if everything else fails). Firefox
   • Request Control: Remove tracking parameters from URLs, disable certain classes of resources from loading. Firefox
   • Skip Redirect: Automatically skip to the final request (useful when you have a tracking URL that redirects to the actual website after logging that you're visiting it — see: Google Search). Firefox
   • uBlock Origin: Flexible content blocker (blocks ads, malware, etc). Firefox
   • uMatrix: More advanced content blocker (you can block or allow certain requests from certain domains on certain domains — for example, you can allow facebook to load, but only on facebook.com (and block it everywhere else)). Firefox

There are probably things I missed — stuff I did long ago that I set once and completely forgot about. Let me know if I missed something — if there are additional APIs I should be disabling or additional extensions I should be using.

I'll also try to keep this updated as additional APIs (and methods to disable them) crop up or as additional privacy-enhancing extensions appear.

Note: Many of the mitigation techniques I describe here (for example, First-Party Isolation, fingerprinting resistance, and containers) are only available on Firefox. While you can obtain some measure of protection through the extensions listed at the end (which exist on Firefox-based and Chromium-based browsers) and while there are some fingerprinting mitigations available in e.g. ungoogled-chromium, I have come to the conclusion that if you want privacy, you need to use something Firefox-based (whether Firefox or a fork/derivative that keeps up with the latest features privacy-wise). There is simply no match for the depth and breadth of features and options available to Firefox users to lock down the browser.

It has always been clear to me that the Israeli government actively wants to kill and displace Palestinians and that they have treated them as second-class citizens. Archbishop Desmond Tutu said:

I have been to the Occupied Palestinian Territory, and I have witnessed the racially segregated roads and housing that reminded me so much of the conditions we experienced in South Africa under the racist system of Apartheid. I have witnessed the humiliation of Palestinian men, women, and children made to wait hours at Israeli military checkpoints routinely when trying to make the most basic of trips to visit relatives or attend school or college, and this humiliation is familiar to me and the many black South Africans who were corralled and regularly insulted by the security forces of the Apartheid government. It is not with rancor that we criticize the Israeli government, but with hope, a hope that a better future can be made for both Israelis and Palestinians.

The UN has criticised Israeli settlements as illegal, saying:

Israel’s establishment of settlements in Palestinian territory occupied since 1967, including East Jerusalem, had no legal validity, constituting a flagrant violation under international law and a major obstacle to the vision of two States living side-by-side in peace and security, within internationally recognized borders.

and reiterated its demand that “Israel immediately and completely cease all settlement activities in the occupied Palestinian territory, including East Jerusalem.”

When Archbishop Tutu (who has lived through South African apartheid) is calling something apartheid and the UN is saying it is a flagrant violation of international law, it seems extremely odd to me that people would spend political (and literal) capital defending that system.

Assuming these people are arguing in good faith, it's quite interesting that they spend so much political capital defending the murder of unarmed Palestinians or the building of illegal settlements. The first should be indefensible and the second should be obviously wrong, yet we have a political establishment which tries to do whatever it can to defend Israel. Why?

These people constantly provide Israel with military aid and technology, which is used in service of their apartheid regime. They run a free PR campaign for them when they launch a ground assault and murder civilians. They defend them during all of these transgressions, these morally indefensible acts.

Through all of this, what can we, as individual citizens do? Well...in the middle of all of this violence, this violent suppression of Palestinians, several well-known companies, such as HP and Motorola, enable the IDF and the rest of the Israeli state in committing their crimes against humanity.

Divesting from these companies (and calling on others to do likewise) sends a signal to these companies that, indeed, their enabling of Israeli apartheid is not unnoticed and that, moreover, there is a financial penalty they will pay should they choose to continue enabling the IDF and the rest of the Israeli state.

Until and unless the Israeli state stops its murder and displacement of Palestinians in service of its apartheid regime, we should do what we can to push the institutions we are part of to divest from the companies complicit in these heinous acts. Only by introducing a financial penalty will we see a material change in the currently deplorable state of affairs, and only then may we obtain real peace.

My existing backup routine consists of plugging in my external hard drive, mounting it, running my backup script, taking a full image of my boot drive, and unmounting it. Not entirely awful (most of it is automated and it's mostly just waiting), but there's still friction around the initial steps of plugging in the drive and mounting it. Additionally, taking a full system image means having a read/write LVM snapshot (which becomes an issue if it is completely filled), which means I need to sit and wait around for the system image to finish — if I leave it for too long, the writes to the snapshot will accumulate, the snapshot will fill up, and bad things will happen.

I have long resisted backing up to the cloud due to the inherent privacy and security issues at stake. As the saying goes, the “cloud” is just someone else's computer, and storing your files there is giving them access should they want it. You're also at their mercy regarding security practices – if they're breached, your data is at stake. At the same time, the golden rule for backups is 3-2-1: 3 total copies of your data, 2 on-site and 1 off-site. The 2 on-site copies are satisfied by my laptop and external hard drive. But the off-site version was not something I had ever seriously considered.

After this latest incident, I decided to investigate inexpensive cloud storage providers — given that my biggest usage will be storage (and I hope I never have to download the data), I don't mind some tiny charges on downloads and other transactions. I found Backblaze B2, which offers storage for $0.005/GB/month, or $5/TB/month, after the first 10 GB free. While there are other charges (for example, $0.01/GB download charges after 1 GB free per day), my main concern is storage charges.

My next concern was privacy and security. Unlike their “Personal Backup” solution (which offers client-side encryption), B2 is just a set of servers waiting to receive files. They offer extensive APIs to allow third-party software to integrate with it, and I'll come back to that later. Fundamentally, though, I realized that if I was going to have client-side encryption, I'd have to deal with it myself.

My main requirements were as follows:

• Encryption with GPG — I already use many other tools that integrate seamlessly with GPG, and managing yet another set of keys simply for retrieving my backups is impractical.
• Obfuscation of file and directory structure with a way to restore it — Just as important as the file contents is the file metadata — how large it is, what type of file it is, how many other files are like it in that directory, and so on. Even if the filenames and directory names are obfuscated, if the directory hierarchy is left intact, it leaks tons of metadata.
• Compression — This one should be obvious — I'm paying per GB, so I better compress stuff to minimize storage costs.
• The state of the backup should be recoverable — I should be able to download files from my last backup and continue my backup where I left off.

There are many different backup programs which fit some of these requirements, but none seemed to fit all. Some encrypt file and directory names, but leave the hierarchy intact. Others use GPG and tar to effectively obscure the file and directory structure, but I'd still have to manage the names of those tar archives to obfuscate them while still allowing me to determine which directory it is a backup of.

After looking for a bit, I decided to roll my own script to deal with this problem. The program is called “bkup” and can be found at https://gitlab.com/chiraag-nataraj/bkup. The design is as follows:

• When you pass a directory to bkup to back up, it first resolves the path of the directory relative to $HOME and creates that directory hierarchy under ~/.local/share/bkup/ and ~/.cache/bkup/. Let's call the first directory $datadir for short and let's call the other one $cachedir.
• It then generates a salt ($salt) and writes it to $datadir/.salt.gpg. At the same time, it writes the value of $datadir to $datadir/.name.gpg. Both of these files are also hard linked to $cachedir.
• The encrypted name of the archive is derived from the SHA1 sum of $datadir and $salt. This structure means that once the salt is written once and as long as it is not erased, the encrypted name of the archive will be stable. At the same time, one can always change the encrypted name by merely deleting $datadir/.salt.gpg.
• The program then proceeds to generate the archive. As this is the first time the program is being run on this directory, the program finds all files created after epoch and adds them to a giant tar archive. This tar archive is then passed through zstsd (a compressor) and subsequently split into 50MB chunks (configurable by setting a variable in the script). Finally, each chunk is encrypted before being written out to $cachedir/$hash-$date.tar.zst.nnnnnn.gpg, where nnnnnn are the 6 suffix digits indicating the number of the chunk.
• Once the backup finishes successfully (which can take a long time during the initial run), it writes out the date and time at which the backup started to $datadir/.date.gpg and hard links it to $cachedir/.date.gpg.
• On subsequent runs, bkup will read the salt from $datadir/.salt.gpg and the date of the last backup from $datadir/.date.gpg. It will then only look for files modified after that date and time, ensuring that backups after the first one are incremental.

The design of this program ensures that once you complete an initial backup and push it to the cloud, you never have to do a full backup again. You can merely download the .date.gpg, .salt.gpg, and .name.gpg files from your backup to determine which hash corresponds to which directory, recreate the proper hierarchy within ~/.local/share/bkup, and you're good to go. This is especially important when you pay to download large quantities of files (as is the case with B2) – being able to minimize the amount of data you need to download in order to figure out which folder is what is quite convenient.

The syntax and an example run are provided in the README of the gitlab repository, which should hopefully clear up any confusions you may have.

I have started using this program already and am in the middle of completing my initial backup to B2. Once I have done that, I will probably set up automatic incremental backups and push them to the cloud with rclone (an amazing piece of software).

Given that my taxes are generally fairly simple (I'm a graduate student...generally it's just a W-2 and 1099-INT), the biggest hurdle I faced was finding a way to (easily) fill in the PDF forms. Enter pdftk.

pdftk is a fantastic piece of software for many reasons. In this case, though, it's particularly useful because of two commands: dumpdatafields and fill_form. You might be able to see where this is going.

I wrote up the following (very simple) script to help make my life a bit easier:

#!/bin/bash


FILES=( find -iname '*.pdf' | grep -v -- '-filled' | tr ' ' '&' )

case “$1” in
    prepare)
    for i in ${FILES[@]}
    do
        FILE=${i//&/ }
        FIELDS=${FILE%.pdf}.fields
        FDF=${FILE%.pdf}.fdf
        pdftk “$FILE” dumpdatafieldsutf8 output “$FIELDS”
        if [ ! -e “$FDF” ]
        then
        echo -e '%FDF-1.2\n1 0 obj<> >>\nendobj\ntrailer\n<>\n%%EOF' > “$FDF”
        fi

    done
    ;;
    fill)
    for i in ${FILES[@]}
    do
        FILE=${i//&/ }
        FDF=${FILE%.pdf}.fdf
        FILLED=${FILE%.pdf}-filled.pdf
        pdftk “$FILE” fillform “$FDF” output “$FILLED”
    done
    ;;
    final)
    for i in ${FILES[@]}
    do
        FILE=${i//&/ }
        FDF=${FILE%.pdf}.fdf
        FILLED=${FILE%.pdf}-filled-final.pdf
        pdftk “$FILE” fill_form “$FDF” output “$FILLED” flatten
    done
    ;;
esac

The script takes one of three arguments (anything else will quietly exit).

• prepare generates a fields and fdf file for each PDF file in that directory (that doesn't have -filled in the name). Of course, it takes care not to overwrite existing FDF files, so you can drop new PDF files in (as you realize your taxes are getting more complicated) and re-run prepare without any issues.
• fill fills in all PDFs with their corresponding FDF files and outputs to -filled.pdf.
• final fills in all PDFs with their corresponding FDF files, flattens it (permanently merges PDF and FDF content together), and outputs to -filled-final.pdf.

My workflow at this point is something as follows:

1. Download the basic forms from the IRS (1040 and any schedules I think I may need). It often helps for me to look at my previous year's returns to figure out which forms I used (this year, they somewhat rearranged some of the forms, but it was still helpful). I save these in a subdirectory called Original Forms (I also save form instructions here).
2. Make another subdirectory called Filled Forms and copy the fillable forms to that directory. The rest of my work is largely done in the Filled Forms folder.
3. Run build.sh prepare.
4. Use the .fields file to fill in the FDF file (syntax is just <> - start inserting those after /Fields[). This is the annoying part, since often the form fields are given nonsensical names - the IRS is actually decent here, since they (largely) sequentially number them, and some of the form fields have meaningful names.
5. Run build.sh fill and open the -filled PDF in a new window (it will auto-reload if your PDF viewer is any good, which makes everything easier).
6. Once I'm actually done, I run build.sh final.

Of course, part of the problem is that to e-file, you will end up using some official software of some sort – I usually use one of the web-based efile providers (much as I loathe the idea of putting this sensitive stuff on their servers...) simply because other options don't really exist. I still use this method to double-check my federal returns (sometimes the website can be a bit limiting, and you don't know it until you already know which forms you'll need) and file my state returns (since for a while, my state situation was actually annoyingly complicated).

This method (of course) will work for any fillable forms – nothing here is actually limited in any way to tax forms. But this workflow tends to work particularly well for me with my taxes, since I can gradually build up my return, adding schedules and forms as I need to.