Improving COMSEC With ProtonMail


, , , ,


  • Introduction
  • Some Tips on Registering an Account
  • Encryption for Non-ProtonMail Users
  • ProtonVPN

ProtonMail is an email service that provides a level of security surpassing that of most the alternatives. Pretty much the entirety of its security model is based on well-implemented encryption – to be more specific, AES 128, RSA with 4,086-bit key and OpenPGP. All messages are encrypted on ProtonMail’s servers, and are only ever decrypted in the user’s browser or client application – certain features extend this to communication between ProtonMail users and recipients using another service. This means the service provider cannot turn over the messages to a third-party, and the information is protected even if the mail servers are compromised. The servers, by the way, physically exist in the company’s data centre in Switzerland – they’re not virtual machines provisioned by a third party.

Additional security features include a ProtonVPN service, availability through TOR, and the option to register accounts without supplying personal information such as cellphone number. This is very useful if we’re using publicly accessible (but, of course, not well advertised) list servers to communicate, or we’re concerned about the security of our organisation’s extranet/portal. Many of us have already taken that security measure with other services.

So, what’s the catch? In comparison to Outlook and Gmail, ProtonMail’s free service accounts are limited in storage capacity, features and the number of messages that can be sent, though it’s still very usable. The company’s business model is reliant on subscriptions to the paid services, which are comprehensive for an annual subscription of 48 Euros.
Also, while it provides decent end-to-end encryption, ProtonMail by itself is not suitable for communicating highly sensitive information – additional layers of security would be required.

Some Tips on Registering an Account

A prerequisite for communicating securely, of course, is to use a computer that’s reasonably secure. This means having the latest updates installed for your operating system and anti-virus software. Also, you need a browser that’s regularly updated. And avoid using a public access computer. In short, take the same precautions you would as when doing online banking.

Only three things are required for registering a ProtonMail account: a chosen email address, a password, and your usual email address for validation/recovery. The latter can be deleted from your account settings after, if you choose. After registering my account, I deleted the email containing the verification code, so my ProtonMail address wouldn’t be revealed and its account reset in the unlikely event my usual account is compromised.

Choose a strong password, as ProtonMail’s encryption is only as good as this. Here I’ve chosen a long string of random letters, numbers and special characters. Instead of writing this password on paper, I’ve used an offline password manager, which stores login details in an encrypted container file – there are several that are freely available, including Password Safe, KeePass and F-Secure Key. It’s a good idea to make a backup of the encrypted password manager file.

Regarding your email address, you might wish to keep that private among a few associates for PERSEC reasons. Don’t re-use it across third-party Web sites, if you don’t want others to associate it with you or your social media profile. Since registration and access of your account is over an HTTPS connection, nobody on the outside should be able to determine your full email address. ProtonMail’s VPN service enables access to the extranet/portal without others knowing, if you’re away from the home network.

In the settings there are several security-related configurations that relate to access and recoverability of the account: It is possible to remove the email address used for resetting your password – removing it protects your ProtonMail account if the recovery account is compromised, but it renders the ProtonMail account permanently inaccessible if the password for that is forgotten.
Slightly related, there is the option to configure two-factor authentication (commonly referred to as ‘2FA’). Enabled, this protects the account if the password is compromised, as an authenticator application would be required to complete the login. If the device running the authenticator application is lost, that might also be an issue.

Encryption for Non-ProtonMail Users

Message security is very strong between ProtonMail addresses, but what if either the sender or recipient is using another email service provider? There are two ways of encrypting emails in this case.

The first method involves a password that’s shared beforehand with associates. When sending an email to a recipient who’s not using ProtonMail, compose the message in the normal way, but click the ‘Encryption‘ button at the foot of the window. All the recipient would need to do is open the email, follow the link to a Web application and enter the password to decrypt the message within the browser.

ProtonMail allows the recipient to send a protected reply, which is again encrypted in the browser, and independently of other email service providers.

Sending from a non-ProtonMail address is a little more awkward, as it requires installing an application for managing OpenPGP encryption. Essentially it’s the same procedure we’re all familiar with for using PGP encryption, but ProtonMail automatically decrypts the messages.
In the Settings, in the ‘Keys‘ page under the ‘Email encryption keys‘ heading, there are links for downloading your public key as a .asc file. This can be opened in a text editor, and the contents pasted as your email signature. Recipients could use this to encrypt emails to your address, using an OpenPGP application, such as Mailvelope (a Firefox/Chrome browser extension) or gpg4win. Only the intended recipient with the correct private key could decrypt and read the email.


Some of us already use VPNs and Tor to access the extranet/portal, so ProtonMail’s VPN service, which is just as easy to use as the Tor Browser, is another welcome addition. This is more to add another layer of protection to your login details and the fact you’re accessing the portal, especially if you’re using free WiFi services ‘in the field’ or otherwise are away from the home network – DNS Leak Protection is always enabled here, by the way.

Using the ProtonVPN service this is simply a matter of downloading the client, entering the ProtonMail account details and clicking the ‘Connect‘ button.

There are a couple of settings to look at here. You can create profiles, to save the trouble of reconfiguring the connection for a given use case.

Here we have the option to use Tor or P2P or a conventional VPN service, at least for the duration of the trial period. ProtonVPN client can be configured to automatically start and connect when the local machine is switched on.


My First Arduino Device


, , , ,

When I last did anything with microcontrollers, it was programming, in assembler language, Motorola M68000 development boards. The Arduino Uno, in comparison to the M68K, is much more accessible, cheaper and easier to work with. It’s also extremely well documented. Though there’s not much one could do with an Arduino board without additional I/O hardware (because it’s a controller), it’s still a better resource than the Raspberry Pi for learning how a microprocessor system works at a low level. If we look at the hardware, we can see why:

Don’t feel daunted by the apparent complexity of the schematics and what’s on the board – most the components are for voltage regulation. What we’re interested in here is a microcontroller, 14 GPIO pins, 6 analogue input pins and a few ancilliary features.
The core component on the Arduino board is the large chip to the right of the schematic. This is the ATmega328 microcontroller, which is essentially a microprocessor. The following diagram shows how each element of that chip maps to its pins:

Most the labels are self-explanatory, showing the I/O, system clock, memory for op code and runtime data, and a data bus. In the main schematic, you’ll notice that every pin to the right of the ATmega IC is connected directly to one of three GPIO rails, and the ATmega IC itself isn’t soldered to the board, so it can be transferred to a custom-made PCB after being programmed.
A diagram is also available for the AVR CPU core:

The processor reads a bootloader and application bytecode from the integrated Flash memory, which I believe has a capacity of 32KB – more than sufficient for a moderately complex program. In practice, there’s a lot more space to play with than I initially thought.
And just like any computer system, the ATmega328 has RAM, which is actually Static RAM, or ‘SRAM’. This has a 2KB region allocated to general data, 32 general purpose data registers and 64 I/O registers. Separate to these are the stack pointer program counter and status registers. Unlike the memory typically used in computing devices, the data structure wouldn’t be dynamic, since there’s a single program with static buffers and data types.

Also on the board, by the way, is an ATmega16U2 IC, which is another, smaller, microcontroller. This appears to be the USB controller, though, functioning as the USB-to-Serial converter.

Developer Environment, Language and API

Available from the official site (linked here), the Arduino IDE is a simple editor, compiler and library of header files. Programs are coded in a variant of C++, with includes for libraries relating to various hardware modules that might be connected to the board. For example, if to use the Ethernet hardware module, we’d import Ethernet.h. The include statements are auto-completed by the Arduino IDE when selecting the hardware from the ‘Include Library,‘ list under the ‘Tools‘ tab.

The following is the typical program structure:

This is what the IDE presents us with whenever a new file is opened. Each program starts with a setup() function, which executes whenever the reset button is pressed or there’s a reset signal to the processor. This function appears to poll the serial interface at 9,600 times per second.

void setup()
// initialize serial communication at 9600 bits per second:

The difference between this and a conventional C++ program is we use ‘void loop()‘ instead of ‘void main()‘ for our main code. This is because we’re doing event-driven programming, where we want the microcontroller to continue looping through the same routine until there is a hardware interrupt. If we wanted a program to execute just once, the main section can be placed in setup() instead.

Let’s look at the setup function for the Ethernet programming example:

void setup()
Ethernet.begin(mac, ip, myDns, gateway, subnet);
while (!Serial) {;}

We can read from a GPIO pin and manipulate the input as a value. e.g.

int sensorValue = analogRead(A0);

So, in the above function, five variables are passed to Ethernet.begin(), which must be another function somewhere in the header file. The server.begin() and Serial.begin() also are imported from header files.

After coding we use the Verify/Compile operation to create a binary. This will be a bytecode image containing the machine code for our program and bootloader. This bytecode image is loaded into the microcontroller’s memory.

A Couple of My Own Lame Examples

Just to try it out, I added a program that adds, subtracts, multiplies and divides two integers. The main code is in the setup() function.

void setup() {
// put your setup code here, to run once:

int firstNum = 124;
int secondNum = 1334;
int summed = firstNum + secondNum;
int multiplied = firstNum * secondNum;
int divided = secondNum / firstNum;
int subtracted = secondNum - firstNum;

Serial.println("Summed: ");
Serial.println("Multiplied: ");
Serial.println("Divided: ");
Serial.println("Subtracted: ");

void loop()

All I needed to do was click the ‘Verify/Compile‘ option, wait about 20 seconds and get a compiler message giving some info about the created image:
Sketch uses 1934 bytes (5%) of program storage space. Maximum is 32256 bytes.
Global variables use 232 bytes (11%) of dynamic memory, leaving 1816 bytes for local variables. Maximum is 2048 bytes.

The program is then ready to be uploaded – that is, the image is copied to the controller’s Flash memory. Notice there are two LEDs marked ‘TX’ and ‘RX’. The first will flash when data is being written, and the latter flashes when data is being read. The program starts to execute immediately after it’s been uploaded. Under the ‘Tools‘ tab there’s a ‘Serial Monitor‘ option for viewing the output.

Another simple example uses the integrated LED to signal my name in Morse code. An abbreviated version of the code:

void setup() {
// initialize the integrated LED

void loop() {
// This is a dash
digitalWrite(LED_BUILTIN, HIGH);
digitalWrite(LED_BUILTIN, LOW);

// This is also a dash
digitalWrite(LED_BUILTIN, HIGH);
digitalWrite(LED_BUILTIN, LOW);

// This is a space
Serial.print(" ");

Setting Up a WordPress Site on IIS


, , , ,

I decided to experiment with a local installation of WordPress the other night, since I had a few hours spare, and IIS running on a fairly capable laptop. Getting started was much easier than I expected.

Installing the Dependencies
WordPress requires a few things to run:

  • A Web server, such as Apache or IIS
  • PHP
  • MySQL Server (several alternative DB engines can be used, though)

IIS Express might already be installed on your machine if you have Visual Studio with Web development features. There wasn’t much required in terms of configuring the server itself, but to see whether the IIS Welcome page appears in the browser at http://localhost.

WordPress can use several different database engines, but I’ve chosen MySQL in particular because it plays well with .NET, Python and Java. I recommend installing and configuring MySQL prior to downloading WordPress itself, and getting the release that includes MySQL Workbench and ODBC.

When configuring the database server, I selected the ‘Development Machine’ option, with the port number ‘3308’ (the default was already in use). The server is also configured here as a Windows service that launches during startup. Also, very important:: Do not forget the MySQL root password!

When using the Web Platform Installer, WordPress and PHP can be installed together. Install the latest stable version of PHP, which in his case appears to be PHP 7.2.2.
During the WordPress installation I encountered a configuration error, something about access control list incompatibility, but that can be ignored if the WordPress files are present in the inetpub directory. If the files are accidentally downloaded to the Documents directory instead, and WebMatrix launches, simply copy/move the wordpress directory to inetpub.
If there’s a 502 error when trying to access WordPress, launch the Windows Features utility and check that CGI is enabled under Internet Information Services / Application Development Features.

Now it’s a matter of navigating a browser to http://localhost/wordpress. This will, if PHP is working correctly, display the initial configuration page.

Once past this stage, there should now be an almost fully working dashboard. There are three highly customisable themes included with this release.

Fixing the Content Upload Error and Reactivating the Links Manager
You might get the following error message when trying to upload an image to the Media Library:

Is the parent directory writeable by the server? Give the following users permissions to write/modify the wp-content directory:

  • Users

And insert the following line in wp-config.php:
define('UPLOADS', 'wp-content/uploads');
Before the line:
require_once(ABSPATH, 'wp-settings.php');

You might need to restart the IIS server and reload the browser page for the media upload to work.

Another feature that’s disabled by default is the Links Manager. To reactivate this, add the following line in the current WordPress theme’s functions.php file:
add_filter( 'pre_option_link_manager_enabled', '__return_true' );

The Meechan Case


, , ,

Sometimes, if we genuinely care about the freedom of expression, we’re called upon to defend the right to say things we find distasteful, wrong, strongly disagreeable unreasonable, etc. For example, I find Stephen Fry and Richard Dawkins’ comments on Christianity, often directed at Catholicism, often ill-informed, plain wrong and insulting, but their right to openly voice those comments is paramount and critical to a liberal society.
I’m sure most would agree that the freedom of expression couldn’t realistically be an absolute, that the the absolute freedom of expression, without consequence, is an extreme and untenable position. We’re collectively pretty vague about how that freedom should be limited. However, this freedom has gradually become more limited to what The Powers That Be deem acceptable, and our society, which we like to imagine is ‘liberal’ and ‘tolerant’ has been drifting towards an insidious kind of puritanism. Things that we used to criticise authoritarian regimes for are now coming to pass in 21st century Britain – this really isn’t an understatement when the minor details of how a Mark Meechan, also known as ‘Count Dankula’, was recently convicted become apparent.

In 2016, Meechan had trained his dog to perform a ‘Nazi salute’ whenever he said ‘sieg heil’ and ‘gas the Jews’, and published a video of this on YouTube. Yes, we could reasonably opine it was in bad taste, that it would inevitably cause offence to some, and that there might have been consequences for posting it. The video was intended to be humourous, and that was the self-evident context. It cannot be rationally interpreted as ‘far right propaganda’ or an incitement to anything.

Compare what Meechan published with the fact he was dragged through the court system for two years, convicted of a criminal offence and will very likely receive a jail sentence on 23rd April. Perhaps you’re still thinking that’s not a big deal, right? Surely there are checks and balances against the ideologically-driven misuse of the law, right? Like an actual judge upholding British values, and a jury of 12 peers who must to be convinced of Meechan’s guilt beyond reasonable doubt?
Well, no. Another very disturbing facet of Meechan’s trial was the absence of a jury. The conviction, as far as I could tell, rested on the subjective, and frankly questionable, judgement of one official, obviously interpreting the 2003 Communications Act way outside its intended scope:

[…] Sheriff Derek O’Carroll said the video was “threatening and grossly offensive. […] He found Meechan guilty of sending by “means of a public electronic communications network a message or other matter that is grossly offensive or of an indecent, obscene or menacing character”.

The problems with this are obvious. I cannot imagine how a reasonable person would deem the video threatening or grossly offensive, but a jury of 12 men and women of sound mind should have decided that. The second problem is the law itself, as quoted here (section 127 of the Communications Act), was clearly intended for extreme cases. The CPS has an advisory page confirming this.

In Chambers v DPP [2012] EWHC 2157 (Admin), the Lord Chief Justice made it clear that:

“Satirical, or iconoclastic, or rude comment, the expression of unpopular or unfashionable opinion about serious or trivial matters, banter or humour, even if distasteful to some or painful to those subjected to it should and no doubt will continue at their customary level, quite undiminished by [section 127 of the Communications Act 2003].”

Better Off With Map and Nokia


, , , , , ,

Normally Microsoft’s Map application on a Lumia device is perfect for travelling, but it turns out there isn’t an offline map available for Japan. After trying several alternatives, I figured that I could maybe create something better as a feature to my side project. I needed this to be compatible with the Edge browser, and for it to function effectively without a WiFi connection. Is this achievable using just HTML5, CSS and JavaScript? Yes, it is. Here are the results:

Creating the Offline Map Files
The first thing we need is data, in the form of map tiles, and the easiest way of getting this is by generating them using the Mobile Atlas Creator. This is straightforward to use – simply select the region to map and the zoom levels the application would display (e.g. all of them), and create the atlas .zip archive. The archive contains sets of numbered directories and files – I’ll explain why they’re structured that way and how they’re read by the application. For the data source, ‘OpenStreetMap Public Transport‘ gave the clearest tile images.

Leaflet.js API
There are multiple JavaScript APIs for rendering maps in the browser and showing the current GPS position. I went with Leaflet.js, as it’s lightweight, functional and reasonably well-documented.
This is roughly how Leaflet.js does the rendering: Leaflet.js will select the images to display according to the co-ordinates set in the code. The API will translate the co-ordinates into two five-digit numbers to select the file paths of the tiles to display. There is a third variable, which is the zoom level and layer – this determines the root directory that Leaflet.js will fetch the tiles from.

The three aforementioned factors are variables, z, x and y in the code. These correspond to the zoom level, latitude and longitude. All three are initially determined by the setview() parameters – the default zoom level and initial map frame displayed, but they’re changed by the JavaScript controls as the user scrolls and zooms in and out.

Leaflet.js includes a feature that makes use of the browser’s geolocation API. We include a button with this event trigger:

Which calls this function:

function getLocationLeaflet()
map.on('locationfound', onLocationFound);
map.on('locationerror', onLocationError);
map.locate({setView: true, maxZoom: 16});

Which, in turn, calls this function if the current location can be read from the device:

function onLocationFound(e)
var radius = e.accuracy / 2;
var location = e.latlng
L.marker(location).addTo(map), radius).addTo(map);

Of course, there’s no map in the screenshot here, as there aren’t any tiles for that location.

Location Markers
Another feature essential to my application is the ability to mark important locations on the map and display information about them. In this example, the placemark locations and popup messages are hard-coded into the JavaScript, though it should be possible to load that information from a GeoJSON file without having to use something like Node.js (I’m still working on this).

With the markers, the init() function should look something like this:

function init() {
map = new L.Map('map');
L.tileLayer('maps/kyoto-atlas/kyoto/{z}/{x}/{y}.png', { maxZoom: 15 })
map.setView(new L.LatLng(34.98852, 135.764982), 16);

L.marker([34.967169, 135.772437]).addTo(map)
.bindPopup('Fushimi Inari Shrine')

L.marker([35.016917, 135.782388]).addTo(map)
.bindPopup('Heian Shrine')

L.marker([35.008699, 135.767091]).addTo(map)
.bindPopup('Market Square')

L.marker([34.985985, 135.741648]).addTo(map)
.bindPopup('Kyoto Railway Museum')

Don’t forget there is always the CSS file included with Leaflet.js.

It shouldn’t matter whether the map files are replaced with something better from the Mobile Atlas Creator, as the co-ordinates within the JavaScript will always be mapped to the correct places.

To minimise the download size, I’ve published this example on GitHub with map tiles for only one zoom level, but it’s easy to recreate what I’ve done in the Mobile Atlas Creator.