keepassxc and typst

content/contact/_index.md

@@ -8,6 +8,10 @@ paginate_by = 5
 <div class="has-text-centered">
 <p>
 
+**Cwtch**: Coming soon 
+
+[What is Cwtch?](/posts/e2ee/#cwtch)
+
 **Matrix**: @anarsec:riot.anarchyplanet.org 
 
 [What is Matrix?](/posts/e2ee/#element-matrix)

content/posts/nophones/index.md

@@ -14,7 +14,7 @@ a4="nophones-a4.pdf"
 letter="nophones-letter.pdf"
 +++
 
-With effective [security culture and OPSEC](https://www.csrc.link/read/csrc-bulletin-1-en.html#header-a-base-to-stand-on-distinguishing-opsec-and-security-culture), the forces of repression wouldn't  know about our specific criminal activities, but they also wouldn't know about our lives, [relationships](https://www.csrc.link/threat-library/techniques/network-mapping.html), movement patterns, etc. This knowledge is a huge asset to help them narrow down suspects and execute targeted surveillance. The location of your phone is [tracked at all times](https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon), and this data is harvested by private companies, enabling police to bypass laws requiring them to obtain a warrant. [Hardware identifiers and the subscription information](https://anonymousplanet.org/guide.html#your-imei-and-imsi-and-by-extension-your-phone-number) of the phone are logged by cell towers with every connection. Hacking services like [Pegasus](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/) bring total phone compromise within the reach of even local law enforcement agencies, and are 'zero-click', meaning that success doesn't rely on you clicking a link or opening a file. 
+With effective [security culture and operational security](https://www.csrc.link/read/csrc-bulletin-1-en.html#header-a-base-to-stand-on-distinguishing-opsec-and-security-culture), the forces of repression wouldn't  know about our specific criminal activities, but they also wouldn't know about our lives, [relationships](https://www.csrc.link/threat-library/techniques/network-mapping.html), movement patterns, etc. This knowledge is a huge asset to help them narrow down suspects and execute targeted surveillance. The location of your phone is [tracked at all times](https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon), and this data is harvested by private companies, enabling police to bypass laws requiring them to obtain a warrant. [Hardware identifiers and the subscription information](https://anonymousplanet.org/guide.html#your-imei-and-imsi-and-by-extension-your-phone-number) of the phone are logged by cell towers with every connection. Hacking services like [Pegasus](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/) bring total phone compromise within the reach of even local law enforcement agencies, and are 'zero-click', meaning that success doesn't rely on you clicking a link or opening a file. 
 
 <!-- more -->
 

content/posts/tails-best/index.md

@@ -16,7 +16,7 @@ letter="tails-best-letter.pdf"
 
 As mentioned in our [recommendations](/recommendations/#computers), Tails is an [operating system](/glossary#operating-system-os) that is unparalleled for sensitive computer use that requires leaving no forensic trace (writing and sending communiques, research for actions, etc.). Tails runs from a USB drive and is [designed](https://tails.boum.org/about/index.en.html) to leave no trace of your activity on your computer, and to force all Internet connections through the [Tor network](/glossary#tor-network). If you are new to Tails, start with [Tails for Anarchists](/posts/tails/). 
 
-This text describes some additional precautions you can take that are relevant to an anarchist [threat model](/glossary#threat-model). Not all anarchist threat models are the same, and only you can decide which mitigations are worth putting into practice for your activities, but we aim to provide advice that is appropriate for high-risk activities. The [CSRC Threat Library](https://www.csrc.link/threat-library/) is another great resource for thinking through your threat model and appropriate mitigations. 
+This text describes some additional precautions you can take that are relevant to an anarchist [threat model](/glossary#threat-model) - operational security for Tails. Not all anarchist threat models are the same, and only you can decide which mitigations are worth putting into practice for your activities, but we aim to provide advice that is appropriate for high-risk activities. The [CSRC Threat Library](https://www.csrc.link/threat-library/) is another great resource for thinking through your threat model and appropriate mitigations. 
 
 <!-- more -->
 
@@ -73,7 +73,7 @@ You can mitigate the techniques available to powerful adversaries by **not using
 
 "Mobile Wi-Fi" devices exist which give you Internet access through the mobile network (via SIM cards) - these are a bad idea. The unique identification number of your SIM card (IMSI) and the unique serial number of your adapter (IMEI) are also transmitted to the mobile operator every time you connect, allowing identification and geographic localization. The adapter works like a mobile phone! If you do not want different research sessions to be associated with each other, do not use the same device or SIM card more than once!
 
-Use an Internet connection that isn't connected to you, such as in a cafe without CCTV cameras. There are several opsec considerations to keep in mind when using Wi-Fi in a public space like this. 
+Use an Internet connection that isn't connected to you, such as in a cafe without CCTV cameras. There are several operational security considerations to keep in mind when using Wi-Fi in a public space like this. 
 * See [below](#appendix-2-location-location-location) for more information on choosing a location.  
 * Do not get into a routine of using the same cafes repeatedly if you can avoid it. 
 * If you have to buy a coffee to get the Wi-Fi password, pay in cash! 

content/posts/tails/index.md

@@ -304,20 +304,17 @@ We recommend that you compartmentalize your passwords - have a different KeePass
 
 ![](seconds.png)
 
-When you [create a new KeePassXC database](https://tails.boum.org/doc/encryption_and_privacy/manage_passwords/index.en.html#index1h1), increase the decryption time in the **Encryption settings** window from the default to the maximum (5 seconds). Then choose a [strong passphrase](/posts/tails-best/#passwords) and save your KeePassXC file. This file will contain all your passwords/passphrases and must persist between sessions on your Persistent Storage or on a separate LUKS-encrypted USB as described in [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch). The decryption time setting of an existing KeePassXC file can be updated: **Database → Database Security → Encryption Settings**. 
+When you [create a new KeePassXC database](https://tails.boum.org/doc/encryption_and_privacy/manage_passwords/index.en.html#index1h1), increase the decryption time in the **Encryption settings** window from the default to the maximum (5 seconds). Then choose a [strong passphrase](/posts/tails-best/#passwords) and save your KeePassXC file. We recommend that you click the small dice icon (🎲) in the password field to generate a random passphrase of 7-10 words.
 
-As soon as you close KeePassXC or don't use it for a few minutes, it will lock. Make sure you do not forget your main passphrase.  
+This KeePassXC database file will contain all your passwords/passphrases and must persist between sessions on your Persistent Storage or on a separate LUKS-encrypted USB as described in [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch). As soon as you close KeePassXC or don't use it for a few minutes, it will lock. Make sure you do not forget your main passphrase.  
 
-![](database.png) 
+After creating the database itself, you should see an empty “Root” folder. If you'd like to organize your passwords into different groups, right-click this folder and select "New Group...". 
 
-1) Right-click on a folder to add sub-groups
+You can now add your first entry. Click **Entries → New Entry**, or click the “plus” icon. Enter the title of the account, your username for the account, and your password. Click the “dice” icon to generate a random password or passphrase for the entry.
-2) Create a new entry
-3) Copy the username
-4) Copy the password 
 
 ![](entry.png)
 
-5) Use the Password Generator when editing an entry
+To copy a password from the database, select the entry and press CTRL + C. To copy a username, select the entry and press CTRL + B.  
 
 ## Really delete data from a USB 
 

content/posts/tamper/index.md

@@ -142,5 +142,5 @@ Laptop screws can be verified on a monthly basis, or if anything suspect happens
 * [Spiking](https://en.wikipedia.org/wiki/Safe-cracking#Spiking_the_lock) is when the wires on a cheap safe leading to the reset button, solenoid, or motor can be exposed, and spiked with a battery. This should be possible to make tamper-evident, as it requires getting access to the wires.
 * [Brute force](/glossary#brute-force-attack) attacks - trying all possible combinations - are possible if the adversary has time. Dial mechanisms can be brute-forced with a [computerized autodialer](https://learn.sparkfun.com/tutorials/building-a-safe-cracking-robot) which [doesn't need supervision](https://www.youtube.com/watch?v=vkk-2QEUvuk). Electronic keypads are less susceptible to brute-forcing if they have a well-designed incremental lockout feature; for example, if you get it wrong 10 times, you're locked out for a few minutes, 5 more incorrect codes and you're locked out for an hour, etc. 
 * Several tools exist that can automatically retrieve or reset the combination of an electronic lock; notably, the Little Black Box and Phoenix. Tools like these are often connected to wires in the lock that can be accessed without causing damage to the lock or container. This should be possible to make tamper-evident, as it requires getting access to the wires.
-* Several [keypad-based attacks](https://en.wikipedia.org/wiki/Safe-cracking#Keypad-based_attacks) exist, but some can be mitigated with proper OPSEC. 
+* Several [keypad-based attacks](https://en.wikipedia.org/wiki/Safe-cracking#Keypad-based_attacks) exist, but some can be mitigated with proper operational security. 
 

layout/anarsec_article.typ

@@ -69,7 +69,12 @@
     #v(10pt)
   ]
   show heading.where(level: 3): it => block(width: 100%)[
-    #set text(size: 14pt, font: "Jost", weight: "bold")
+    #set text(size: 12pt, font: "Jost", weight: "bold")
+    #text(it.body)
+    #v(10pt)
+  ]
+  show heading.where(level: 4): it => block(width: 100%)[
+    #set text(size: 11pt, font: "Jost", style: "italic")
     #text(it.body)
     #v(10pt)
   ]

layout/python/anarsec_article_to_pdf.py

@@ -112,6 +112,8 @@ class Converter:
                 # Copy the header font
                 header_font = pathlib.Path(workingDirectory) / "Jost-Medium.ttf"
                 shutil.copy(self.anarsec_root / "static" / "fonts" / "Jost-Medium.ttf", header_font)
+                header_font_italic = pathlib.Path(workingDirectory) / "Jost-MediumItalic.ttf"
+                shutil.copy(self.anarsec_root / "static" / "fonts" / "Jost-MediumItalic.ttf", header_font_italic)
                 
                 # Add recommendations to the Markdown content
                 recommendations = re.search(r'\+{3}.*?\+{3}(.*)', recommendations_file.open().read(), re.MULTILINE | re.DOTALL).group(1)