Category: HOWTO

How to bypass Mac OS X’s Gatekepeer and run arbitrary programs as a non-admin user

Gatekeeper is Apple’s name for a feature in Mac OS X that prevents a user from opening certain programs based on a few different security preferences. (Under the hood, it’s actually part of Mac OS X’s security assessment policy subsystem, which you can manipulate from the command line with the spctl command if you have admin privileges.) If you’ve ever downloaded an app from the Internet rather than the Mac App Store, you might have seen a dialogue box appear when you tried to open the app preventing you from doing so, like this:

Screenshot of Mac OS X Gatekeeper preventing from running "because it is from an unidentified developer."

Ordinarily, this is (mostly) a good thing. It’s a warning from your Mac alerting you to the fact that the author of the program you’re trying to run hasn’t registered themselves with Apple. It’s not a warning that the program is actually a virus or some kind of malware—those warnings are more explicit and actually say that the program “will damage your computer”—but the fact that the developer isn’t recognized could be a legitimate concern. Of course, it might also be completely innocent, as it is in the case of TorBrowser.

If have administrator privileges on the Mac, you tell Gatekeeper to permit the program to run by right-clicking on it and selecting “Open” from the contextual menu that appears, as Apple describes in “How to open an app from an unidentified developer and exempt it from Gatekeeper.” But what if you’re not an admin user? It turns out there are a number of ways you can work around Gatekeeper to open the app anyway.

This may sound like a security risk and thus a bad idea, but there are times when you might need to do this for innocent reasons.

For example, last night, my Mac’s hard drive crashed. :( I’ve been keeping regular backups, but I’ve also been working on a programming project that’s changing rapidly. The crash happened at the worst possible time: immediately after I’d just completed another chunk of work, but before the next backup was scheduled to run. It’s only about an hour’s worth of coding, but that’s still a chunk of effort I’d like not to have lost. Naturally, I’m now running SpinRite, a hard drive maintenance and data recovery tool, on the disk, and hopefully I’ll be able to get my work back. Meanwhile, however, I’m borrowing a Mac from someone else. The account I’m using doesn’t have admin privileges, but I still need to install some programs that Gatekeeper won’t allow, such as the Tor Browser, and my favorite text editor, MacVim.

So I went about trying to find ways to work around Gatekeeper, and I found two really simple workarounds that worked for me on a fully-patched Mac OS X 10.9.5 Mavericks system with Gatekeeper enabled, of course. They may work in earlier or later versions of Mac OS X, too.

Use the command line, not the Finder

Possibly the most obvious workaround to Gatekeeper is simply to bypass it entirely by not using the Finder to open the applications that you want to run. If the program is designed as a command line application in the first place, then Gatekeeper won’t have anything to say about it. But even if it’s designed as a fully-featured graphical app, you can still launch it from the command line, thus avoiding Gatekeeper’s restrictions altogether.

For example, although Gatekeeper gets in my way after double-clicking on the TorBrowser, opening it from the command line by calling its executable directly works like a charm:

The reason this works is because on Mac OS X, an “app” is really just a folder with its own files inside of it. One of those files is the app’s information property list (typically the bundle’s Contents/Info.plist) file, which is an XML file that lets app developers communicate a bunch of stuff to the Mac OS X Finder about how their app works. One of the most important of these properties is, of course, which file to actually run when the user double-clicks on the app icon. That’s saved in the CFBundleExecutable key, so let’s grep it out:

$ grep -r -A 1 CFBundleExecutable	<key>CFBundleExecutable</key>	<string>firefox</string>

By running the app’s main executable directly, you avoid Gatekeeper in the same way as other command line applications do. Note that the open command doesn’t avoid Gatekeeper because it actually calls to the Finder.

Remove the extended attributes

Another way to make sure that Gatekeeper doesn’t get called when you’re opening an app is to strip the app itself of the attribute that tells the Finder to call Gatekeeper. In this case, that’s the extended file attribute. Most modern operating systems, including Mac, Linux, and Windows, have filesystems that can attach arbitrary metadata to files, and this metadata is generically known as extended file attributes. On a Mac, you can use the xattr command to inspect the extended attributes associated with any file or folder.

Indeed, inspecting the extended attributes on the TorBrowser I just downloaded revealed the relevant attribute:

$ xattr

The -l@ switches to the more common ls command works, too, but produces different output:

$ ls -l@
total 272
drwxr-x---@ 6 maymay  staff     204 Dec 31  1999 Contents	    26 
drwxr-x---@ 5 maymay  staff     170 Dec 31  1999 TorBrowser	    26 
-rw-r-----@ 1 maymay  staff  137761 Dec 31  1999 precomplete	    26 

Since we own the downloaded file, we can modify its extended attributes, no admin privileges needed. Removing recursively is enough to disable Gatekeeper. We again use xattr, along with its -d switch, to accomplish that:

xattr -r -d

With the quarantine extended attribute removed, the Mac OS X Finder never calls to Gatekeeper so double-clicking on the app will work as if Gatekeeper was disabled.

So there you have it. Two simple ways to bypass Gatekeeper and open arbitrary programs even without administrator approval. None of this helps fix my broken hard drive, of course. I’ll still need to buy a replacement for my Mac (and since I work and live on a donations-only basis, if you can part with a few bucks by sending a donation to help me out here, I’d really appreciate it) but at least I can still install the tools I need to get stuff done while borrowing other laptops. And so can you!

HowTo: Make an archival copy of every page, image, video, and audio file on an entire website using wget

I recently announced that my blog archives will no longer be publicly available for long:

Let me repeat that: while I am still “on Tumblr” and so on for now, my archives will not remain available for very long. If you find something of mine useful, you will need to make a copy of it and host it yourself.


The errors you see when you just punch in my web address in your browser or follow a link from Google are not happening because my blogs “broke.” The errors are intentional; my blogs have simply become invisible to some while still being easily accessible to others. […] Think of my web presence like Harry Potter’s Diagon Alley; so hidden from Muggles that they don’t even know what they’re missing, but if you know which brick to tap, a whole world of exciting new things awaits you….

As a result, a number of you have already asked the logical question: “Is there some easy way to automatically download your archives, instead of manually copy-and-pasting almost a decade of your posts? That would take forever!”

The answer, of course, is yes. This post is a short tutorial that I hope gives you the knowledge you need to download an entire website for offline viewing. This will work for any simple website like most blogs and personal sites, including mine. Archival geeks, this one’s for you. ;)


A sculptor must understand stone: Know thy materials

A website is just a bunch of files. On a server, it usually looks exactly like your own computer’s desktop. A page is a file. A slash (/) indicates a folder.

Let’s say you have a website called “” When you go to this website in a Web browser, the address bar says: What that address bar is saying, in oversimplified English, is something like, “Hey, Web browser, connect to the computer at and open the first file in the first folder you find for me.” That file is usually the home page. On a blog, this is usually the list of recent posts.

Then, to continue the example, let’s say you click on a blog post’s title, which is a link to a page that only contains that one blog post. This is often called a “permalink.” When the page loads, the address bar changes to something like Again, in oversimplified English, what the address bar is saying is something like, “Hey, Web browser, make another connection to the computer at and open up the file called 123456 inside that computer’s posts folder.”

And that’s how Web browsing works, in a nutshell. Since websites are just files inside folders, the same basic rules apply to webpages as the ones that apply to files and folders on your own laptop. To save a file, you give it a name, and put it a folder. When you move a file from one folder to another, it stops being available at the old location and becomes available at the new location. You can copy a file from one folder as a new file in another folder, and now you have two copies of that file.

In the case of the web, a “file” is just a “page,” so “copying webpages” is the exact same thing as “copying files.”

Now, as many of you already surmised, you could manually go to a website, open the File menu in your Web browser, choose the Save option, give the file a name, put it in a folder, then click the link to the first entry on the web page to load that post, open the File menu in your Web browser, choose the Save option, give the file another name, put it in a folder, and so on and so on until your eyes bled and you went insane from treating yourself in the same dehumanizing way your bosses already treat you at work. Or you could realize that doing the same basic operation many times in quick succession is what computers were invented to do, and you could automate the process of downloading websites like this by using a software program (a tool) designed to do exactly that.

It just so happens that this kind of task is so common that there are dozens of software programs that do exactly this thing.

A sculptor must understand a chisel: Know thy toolbox

I’m not going to go through the many dozens if not hundreds of tools available to automatically download things from the Web. There is almost certainly an “auto-downloader” plugin available for your favorite Web browser. Feel free to find one and give it a try. Instead, I’m going to walk you through how to use simply the best, most efficient, and most powerful of these tools. It’s called wget. It stands for “Web get” and, as the name implies, it “gets stuff from the Web.”

If you’re on Windows, the easiest way to use wget is by using a program called WinWGet, which is actually two programs: it’s the wget program itself, and a point-and-click graphical user interface that gives you a way to use it with your mouse instead of only your keyboard. There’s a good article on Lifehacker about how to use WinWGet to copy an entire website (an act commonly called “mirroring”). If you’re intimidated by a command line, go get WinWGet, because the wget program itself doesn’t have a point-and-click user interface so you’ll want the extra window dressing WinWGet provides.

If you’re not on Windows, or if you just want to learn how to use wget to copy a website directly, then read on. You may also want to read on to learn more about the relevant options you can enable in wget so it works even under the most hostile conditions (like a flaky Wi-Fi connection).

Relevant wget options

While there are dozens upon dozens of wget options to the point that I know of no one who has read the entire wget manual from front to back, there are only three options that really matter for our purposes. These are:

-m or --mirror
This options turns on options suitable for mirroring. In other words, with this option enabled, wget will look at the URL you gave it, and then copy the page at that URL and all pages that first page links to which also start with the same URL as the URL of the first page until there are no more links to follow. How handy! ;)
-k or --convert-links
The manual describes this option better than I could. It reads:

After the download is complete, convert the links in the document to make them suitable for local viewing. This affects not only the visible hyperlinks, but any part of the document that links to external content, such as embedded images, links to style sheets, hyperlinks to non-HTML content, etc.

So in other words, after the download finishes, all links that originally pointed to “the computer at” will now point to the archived copy of the file wget downloaded for you, so you can click links in your archived copy and they will work just as they did on the original site. Woot!

This option isn’t strictly necessary, but if you’re on a flaky Wi-Fi network or the server hosting the website you’re trying to download is itself kind of flaky (that is, maybe it goes down every once in a while and you don’t always know when that will be), then adding this option makes wget keep trying to download the pages you’ve told it are there even if it’s not able to make a connection to the website. Basically, this option makes wget totally trust you when you tell it to go download some stuff, even if it tries to do that and isn’t able to get it when it tries to. I strongly suggest using this option to get archives of my sites.

Okay, with that necessary background explained, let’s move on to actually using wget to copy whole websites.

Preparation: Get wget if you don’t already have it

If you don’t already have wget, download and install it. For Mac OS X users, the simplest wget installation option are the installer packages made available by the folks at Rudix. For Windows users, again, you probably want WinWGet. Linux users probably already have wget installed. ;)

Step 1: Make a new folder to keep all the stuff you’re about to download

This is easy. Just make a new folder to keep all the pages you’re going to copy. Yup, that’s it. :)

Step 2: Run wget with its mirroring options enabled

Now that we have a place to keep all the stuff we’re about to download, we need to let wget do its work for us. So, first, go to the folder you made. If you’ve made a folder called “Mirror of” on your Desktop, then you can go into that folder by typing cd "~/Desktop/Mirror of" at a command prompt.

Next, run wget:

wget --mirror --convert-links --retry-connrefused

Windows users will have to dig around the WinWGet options panes and make sure the “mirror” and “convert-links” checkboxes are enabled, rather than just typing those options out on the command line. Obviously, replace with whatever website you want to copy. For instance, replace it with to download everything I’ve ever posted to my Tumblr blog. You’ll immediately see a lot of output from your terminal that looks like this:

wget --mirror --convert-links --retry-connrefused

--2015-02-27 15:08:06--
Resolving (,
Connecting to (||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘’

    [ <=>                                                       ] 188,514     --.-K/s   in 0.1s    

Last-modified header missing -- time-stamps turned off.
2015-02-27 15:08:08 (1.47 MB/s) - ‘’ saved [188514]

Now just sit back, relax, let wget work for as long as it needs to (which could take hours, depending on the quality of your Internet connection). Meanwhile, rejoice in the knowledge that you never need to treat yourself like a piece of dehumanized machinery ever again because, y’know, we actually have machines for that.

Even before wget finishes its work, though, you’ll see files start appearing inside the folder you made. You can now drag-and-drop one of those files into your Web browser window to open that file. It will look exactly like the blog web page from which it was downloaded. Voila! Archive successfully made!

Special secret bonuses

The above easily works on any publicly accessible website. These are websites that you don’t need to log into to see. But you can also do the same thing on websites that do require you to log into them, though I’ll leave that as an exercise for the reader. All you have to do is learn a few different wget options, which are all explained in the wget manual. (Hint: The option you want to read up on is the --load-cookies option.)

What I do want to explain, however, is that the above procedure won’t currently work on some of my other blogs because of additional techno-trickery I’m doing to keep the Muggles out, as I mentioned at the start of this post. However, I’ve already created an archive copy of my other (non-Tumblr) sites, so you don’t have to.1 Still, though, if you can figure out which bricks to tap, you can still create your own archive of my proverbial Diagon Alley.

Anyway, I’m making that other archive available on BitTorrent. Here’s the torrent metafile for an archive of If you don’t already know how to use BitTorrent, this might be a good time to read through my BitTorrent howto guide.

Finally, if data archival and preservation is something that really spins your propeller and you don’t already know about it, consider browsing on over to The Internet Archive at If you live in San Francisco, they offer free lunches to the public every Friday (which are FUCKING CATERED AND DELICIOUS, I’VE BEEN), and they always have need of volunteers.

  1. If you’re just curious, the archive contains every conference presentation I’ve ever given, including video recordings, presentation slides, and so on, as well as audio files of some podcasts and interviews I’ve given, transcripts of every one of these, all pictures uploaded to my site, etc., and weighs in at approximately 1 gigabyte, uncompressed. []

HowTo: Download movies, games, books, and other digital media freely and anonymously using BitTorrent with public proxies

Note: This guide assumes you never used BitTorrent before, and that you want to start learning about it with a safety focus from the outset, but it does assume you understand basic computer and Web lingo like “website address” and “downloading.” If you’re new to BitTorrent and don’t care about staying private, then LifeHacker’s “A beginner’s guide to BitTorrent” or “The Torrent Guide for Everyone” at may be more your speed. Also, if you do have some experience with BitTorrent, all the better. Things will make more sense to you more quickly. :)

If you’re going to read this how-to guide, I’m not going to assume you need to be convinced that downloading movies and other digital media like music, eBooks, games, and so on is something worth doing. There are, of course, many reasons why you might want to get media at no cost. These reasons range from the personal (Netflix doesn’t have the show you’re really into right now) to the political (fuck Netflix and also fuck capitalism) and everything in between (you don’t have “discretionary income” because, y’know, capitalism, but whatevs).

This guide isn’t trying to tell you what you should do—that’s your government’s job. All I want this guide to do is help you access the material you want, whatever that material is, regardless of why you want it, safely and anonymously. And since the most widely used and arguably most effective digital media distribution technology is BitTorrent, that’s what we’ll focus on today.

If you’ve heard anything about “downloading free movies on the Internet,” you probably heard of BitTorrent or its more colloquial synonym, “torrents.” You have also probably heard of companies threatening BitTorrent users with Internet service bans, financial penalties, and even lawsuits for “stealing intellectual property.” Through expensive and coordinated campaigns, companies like Disney and others represented by special interest groups like the RIAA and MPAA try to convince people that BitTorrent is hard, immoral, and unsafe to use. But these corporate-backed efforts are little more than self-serving moral crusades, effectively a big societal guilt trip, and a false one at that.

By the time you finish reading this guide, you’ll see how and why BitTorrent is easy, ethical, and safe to use. To do that, let’s start at the beginning. (If you’re one of those “just give me a fish, I don’t want to learn how to fish,” people, skip to Step 1, below. But I warn you, you’ll have a much better understanding of what I’m talking about, and that means you’ll be able to keep yourself a lot safer, if you read thoroughly than if you skip ahead. You can always skip ahead the next time, after you absorb the background information first.)

What is BitTorrent, really?

BitTorrent is a way to copy files between computers. That’s it. Really. “But if it’s just a way to copy files around,” you’re probably wondering, “what makes BitTorrent so special?”

What makes BitTorrent special: pieces, not files

What makes BitTorrent special is the way it goes about copying (or “sharing”) files. Ordinarily, to start downloading a copy of a file from someone else, they have to have the entire file. Not so with BitTorrent. Using BitTorrent, you can download (that is, receive, or copy)1 incomplete parts of a file from someone else who also only has some but not all parts of the desired file, themselves. Moreover, BitTorrent itself doesn’t care what the file is. The file might be a “pirated” movie, but it might also be literally anything else. BitTorrent isn’t just for piracy. BitTorrent can be, and often is, used to share anything that can be digitized, no holds barred, since all BitTorrent cares about are what it calls pieces.

You can think of BitTorrent “pieces” like pieces in a jigsaw puzzle. When you download a file with BitTorrent, what you’re actually downloading is copies of all the individual puzzle pieces that, taken together, make up the completed jigsaw puzzle. When you have all the pieces, BitTorrent automatically puts the pieces in the right places so they make up the desired file or files. This completed puzzle is what BitTorrent calls a “seed.”2

When you first go to download stuff with BitTorrent, you’ll be presented with something called a “torrent.” You can think of torrents, which are sometimes a kind of file themselves (a “.torrent file”), like empty jigsaw puzzle boxes.3 Torrent files describe their contents, but they are not the actual content. So the torrent isn’t a true puzzle piece, per se. Rather, a torrent is the additional information we need to look for the rest of the pieces. Much as a picture on a jigsaw puzzle box shows you what the complete puzzle with all the pieces in the right spots is supposed to look like, but it isn’t a puzzle piece itself, so too does the torrent itself describe the completed torrent contents.

Okay, but where do torrents come from?

Torrents are made by other people, just like you. Sharing something of your own with others using BitTorrent is actually pretty easy. Beyond that, especially if you want to share something big but don’t have a lot of resources like bandwidth or disk space, using BitTorrent to share it can help you out big time.

Making a torrent is a simple matter of using a program to make a new .torrent file (our proverbial “jigsaw puzzle box”) out of files you already have on your computer. Usually, this is as simple as choosing “New Torrent…” from the “File” menu in a BitTorrent app, such as in this screenshot of uTorrent 1.8.4 for Mac OS X, below:

Creating a torrent is as simple as: 1. Choosing "New Torrent…" from the "File" menu of your BitTorrent client and 2. Ticking a few boxes.

There are a lot of BitTorrent client apps you can choose to use. Naturally, Wikipedia has a huge comparison chart of them, and plenty of blogs have their “best of” picks. “uTorrent” is just the name of a popular one, and I like it well enough. For our purposes, the only really important thing is that whatever client you pick needs to have support for network proxies, which we’ll talk about next. If you’re not sure what to use, I recommend Deluge because it’s free, fast, works everywhere, and yes, supports proxies.

Sharing something of your own makes you the first seed for this torrent, since you obviously have all the pieces of the files you’re sharing. For other interested users to make their own complete copies of a file, there needs to be at least one person who’s got all the puzzle pieces. That is, there needs to be at least one “seeder.” But don’t worry, because once someone else finishes downloading all the pieces of your torrent from you, they become another seeder, since now they, too, have all the puzzle pieces. The group of folks sharing a torrent is what BitTorrent calls a “swarm.”

Any torrent you might download was first uploaded to the Internet by someone else in this way. Many people also take the next step of listing their torrents in one or more of the many public, searchable directories that index, archive, and categorize torrents, called “torrent sites.” The most famous of these community-driven websites was (may it rest in peace), but today there are dozens of popular ones, like Kickass Torrents, ExtraTorrent, and AhaShare, to name a few.

If you’re new to BitTorrent and just wanna practice using it without the threat of legal doom, then you can use this page as a test torrent! Get a torrent client app (I like Deluge a lot), and then click on this “seed this page as a torrent” link (or the similar link on any of my blog’s web pages). You’ll get a .torrent file to download. Open it in Deluge and you’ll begin downloading. When the download is done, you’ll have a copy of this guide. If you’re a blogger like me, you can make anything on your website into a torrent very easily by using the BitTorrent My Blog plugin that I wrote shortly after I put this guide together. :) Once you feel like you have the hang of torrent basics, read on to learn more about torrenting anonymously. (Alternatively, try downloading one of’s many zines using their torrent option, instead of the “direct download” option.)

So you see, there’s nothing nefarious, underhanded, or dangerous about sharing files over BitTorrent, or “torrenting.” The danger comes solely from malicious, overbearing, and greedy people who abuse others to try to control what is being shared, and who is allowed to share it. BitTorrent itself is just a tool, much like the rest of the Internet. Equating BitTorrent with wrongdoing is like telling people they’re doing something wrong when they browse the Web and read blogs. It’s just silly. Still, much like browsing the Internet, torrenting can be dangerous because of the malicious people, corporations, or tentacle monsters who are willing and able to abuse you for reading, saying, or sharing something they don’t want you to.

That’s where protecting yourself with public proxies comes in.

Public proxies as shields for our identity

To keep yourself safe from predators like corporations with itchy lawsuit fingers, you have to know a thing or two about network proxy servers.

It's dangerous to go alone! Take this.

Everything you need to know about proxies, and nothing you don’t

A network proxy is simply a computer that’s willing to forward a message from you to another computer on your behalf, just like a classmate who’s willing to pass your note along to a fellow classmate during class.

The nature of proxies makes them easy to abuse (much like a classmate’s trust), so many proxies are not available for public use. These are called “private proxies,” and they generally require that you have a username and a password before you can use them. But many other proxies are available for public use, offered freely to netizens like you by folks who understand the importance of a free and open Internet. Many of these proxies are listed in directories like,,,, and so on. These are called “public proxies,” to no one’s surprise.

By the same token, an anonymous proxy is a computer that’s willing to forward a message from you to another computer, and won’t tell that other computer who the message came from. For obvious reasons, anonymous network proxies are almost always also public proxies. Anonymous proxies are designed to shield our identities. The ones that take privacy seriously are like our best friends; they’re willing to pass notes for us in class and won’t snitch on us if they get in trouble.

Confusingly, there are about as many ways to describe (or “classify”) anonymous proxies as there are websites listing them. Each of the proxy directories I just mentioned displays their list somewhat differently, but they all classify proxies along the same basic criteria because, technically, they’re all doing the same thing. For our purposes, the important things to know about a proxy are:5

  • Its IP address and port number. This is the proxy’s internet address. It serves the same purpose as the Web addresses (URLs) you’re familiar with, but both parts are only numbers.
  • Its anonymizing features. We only want to use proxies that are labelled with words like “HiAnon,” “High KA+,” “Elite,” “Anonymous,” or “Ultra” anonymity levels. We don’t want “transparent” proxies.
  • Ideally, the proxy should also have “SSL,” “TLS,” or “HTTPS” support, which all mean the same thing. These proxies are the ones that accept the ubiquitous, encrypted Web traffic that many banks and e-commerce sites like Amazon and Facebook use. This is helpful to us because it means we can make our torrenting activity look like we’re browsing websites, even if we’re not.

Finally, there’s one peculiar and popular kind of anonymizing proxy that deserves a special mention: the Tor Browser.

Tor Browser: a very special, very important anonymizing tool

One very special example of an anonymous proxy service is called Tor: The Onion Router. I wrote a detailed description of it in another HowTo guide. While it’s technically possible to use the Tor network as an anonymous proxy for BitTorrent, that’s generally a bad idea because doing that slows down the whole Tor network, including your own BitTorrent downloads, among other reasons. Remember, the whole point of BitTorrent is to download large files quickly, which is the opposite of what Tor was invented to do (download tiny files super secretly). So, BitTorrent isn’t something you want to use Tor for.

That said, Tor does come in handy when you’re searching the Internet for torrents to download in the first place. Especially if you’re looking for some “intellectual property” protected by the legal system (*cough*movies/games/TV shows/apps/etc.*cough*), you probably want to use the Tor Browser to find torrents of it. This is because, if you use your regular ol’ Web browser and Internet connection directly, you’ll reveal what you’re searching for to anyone looking. Using the Tor Browser, rather than your regular browser, keeps others in the dark. Tor, in turn, then makes a request to The Pirate Bay or whoever on your behalf, and returns their answer (that is, the resulting web page) to you. So as long as you use the Tor Browser, your Internet service provider (and your government) remains none the wiser about what material you’re accessing.

This is how we want our actual torrenting to work, too. So what we need is a (fast) network proxy. But wait. We don’t want anyone to know that we’re looking for fast network proxies, because duh. What are we to do? The answer, by now, should be obvious: use Tor. So, if you don’t already have it, get the Tor Browser. It’s an easy to use Web browser that frees you to browse the Internet anonymously. We’ll need that.6

Torrenting anonymously: an overview

At this point, you have all the knowledge you need to torrent anonymously, even if you don’t feel like it, yet. Let’s review.

Torrenting is simply the activity of copying files from one computer to another using BitTorrent. To do this anonymously, you need to make sure that you never make a direct connection from your computer to other users. For that, you use a BitTorrent client that supports network proxies. You also need a way to search for torrents that your Internet provider won’t know about. For that, you use the Tor Browser.

You also use the Tor Browser to find an anonymous proxy. Once you find an anonymous proxy, you tell your BitTorrent client to use it, which is a simple matter of setting its proxy preferences to the address of the anonymous proxy you found. Then you load the torrent you want to download into your BitTorrent client, and you’re done.

That’s the whole process from start to finish. Now let’s take each step one at a time.

Preparation: Get the Tor Browser and a BitTorrent client that supports proxies

If you don’t already have it, download and open the Tor Browser. If you don’t already have a favorite BitTorrent client that supports proxies, try Deluge. Open it up, too.

Step 1: Find and configure an anonymous network proxy

As mentioned earlier, there isn’t anything magical about network proxies, and there’s nothing special you need to know to use one. All you really need to know about them is where they are. Luckily for us, there are public listings of them in much the same way that there are public listings of torrents themselves. A simple search for them on the Tor Browser’s home page, as shown here, will return many such listings:

Annotated screenshot showing how to use the search field on the Tor Browser's start up page to perform a secure, anonymous Web search. We're looking for anonymous proxies, but you could search for anything at all, without fear of being watched.

Make a note of the type (typically either SOCKS4, SOCKS5, HTTP, or HTTPS) and address (IP and port numbers) of an anonymous proxy. Then, configure your BitTorrent client with those network settings.

Here’s an example of what Deluge 1.3.11’s Proxy preference window looks like:

Screenshot of Deluge version 1.3.11 showing a sample proxy configuration for every BitTorrent request type.
Screenshot of Deluge version 1.3.11 showing a sample proxy configuration for every BitTorrent request type.

And here’s the same configuration in uTorrent 1.8.4 for Mac OS X:

Screenshot showing uTorrent's proxy configuration options.7

Anonymous proxies don’t stay online forever. They come and go at irregular, sometimes unexpected intervals. That’s why they’re listed in public directories alongside a timestamp, so you know when the proxy was last checked to be working.

Whenever you start torrenting, check the proxy settings in your BitTorrent client to make sure you’re using a proxy that is currently online.

Step 1-A: Enable BitTorrent encryption settings

While we’re digging around BitTorrent client preferences, it’s worth taking a look at some other settings related to privacy. Unlike the earlier settings, which you’ll need to adjust with a new anonymous proxy every time you want to start downloading a torrent, these are all “set it and forget it” options, and they all do basically one thing: turn on BitTorrent’s protocol encryption.

In uTorrent, you’ll find the protocol encryption options in the “BitTorrent” preference pane, where you want to set the “Outgoing encryption” option to “Force,” as shown here:


In Deluge, you’ll find the same options in the “Network” preference pane, grouped under the “Encryption” header:


Set all the encryption options available to you to “Force,” meaning that you’ll only accept encrypted connections. These settings help hide that the messages you’re sending through the proxy are BitTorrent messages, which means proxy operators and Internet service providers who don’t like torrent traffic will be less likely to notice that you’re torrenting. This also might mean you reject connections from some BitTorrent users who don’t support encryption, but these days enough folks do that you probably won’t notice a difference.

In my experience, using BitTorrent’s protocol encryption settings and getting into the habit of choosing a new anonymous proxy each time you start a torrenting session means you can fly under the radar and still use BitTorrent for a good, long while. Permissive coffee shops or other free Wi-Fi spots, instead of your home connection, are also good spots to torrent from. Just make sure you’re still torrenting using encryption and a working anonymous proxy—and that you tipped your barista. (Use cash.)

Step 2: Find a torrent to download

Back in the Tor Browser, click around some of the torrent sites or use their search features to find a torrent you want to download. Here’s what a search for “daily show” looks like at Kickass Torrents:

Searching any of the popular torrent indexing and archiving sites often turns up thousands of torrents shared by thousands of users. And remember, use Tor to browse these sites, not your regular Web browser!

As with most things in life, use common sense to help guide you to a good torrent. Remember, these torrent descriptions are like the outside of a product box; they’re labels, not the actual contents. Here are some common sense questions you could ask yourself to avoid fakes and scams as you browse for a good torrent:

  • Does the reported file size of the torrent seem reasonable for what you’re trying to download?
  • Does the torrent’s reported file count and content list seem reasonable for what you’re downloading?
  • Skim the comments associated with the torrent listing. Do commenters tend to agree that the torrent is high quality, or do they call it a fake?
  • Does the torrent have a healthy number of seeds? Remember, if a torrent has no seeds at all, then you’re not going to be able to complete your download.8

Step 3: Download the torrent file or click the magnet link, and load the torrent in your BitTorrent app

Once you find a suitable torrent, find and click the download link on the torrent site (usually a downwards-pointing arrow), or the magnet link (usually a horseshoe magnet icon). One, if not both, of these options will cause your browser to pass along the data to your BitTorrent app, which may ask you where you want to save the torrent contents. Choose an appropriate spot on your hard drive and start torrenting.

If you’ve set everything up by following the previous sections, you’ll begin to see connections appear in your BitTorrent client. In actuality, though, none will be direct connections you’ve made to any of those machines. Instead, those connections are being routed through the anonymous proxy you chose, earlier.

Congrats, matey! ;) You can now cancel your Hulu subscription and enjoy the wonderful world of media without commercial pollution interruption.

Optionally, verify it’s all working as intended

The simplest way to verify your setup is to use the netstat utility built in to your computer. This is a command line tool that shows you the state of all network connections your computer is currently making. On a Mac as well as most Linuxes and other UNIX-like systems, the easiest way to get the output we want is to invoke the netstat program with its -n and -p switches enabled. Open a new Terminal window, type netstat -np tcp, and then press return.9 This will produce a report looking something like the following:

$ netstat -np tcp
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)    
tcp4       0      0   ESTABLISHED
tcp4       0      0   ESTABLISHED
tcp4       0      0   ESTABLISHED
tcp4       0      0   ESTABLISHED
tcp4       0      0   ESTABLISHED
tcp4       0      0   ESTABLISHED
tcp4       0      0   ESTABLISHED
tcp4       0      0        ESTABLISHED
tcp4       0      0         ESTABLISHED
tcp4       0      0    ESTABLISHED
tcp4       0      0        ESTABLISHED
tcp4       0      0         ESTABLISHED
tcp4       0      0    ESTABLISHED
tcp4       0      0         ESTABLISHED
tcp4       0      0        ESTABLISHED

The important column for our purposes is the fifth one, “Foreign Address,” which lists the addresses of computers our computer is directly connected to. If you see the address of the proxy server you chose to use back in step 1, congrats, you’re torrenting via a proxy. What you don’t want to see there is the address of any peers (fellow participants in the swarm) that your BitTorrent client shows you:

Screenshot showing an active torrent download and the many connected peers. The addresses your BitTorrent client shows you are ones you don't want to see in Netstat's connection report.

If you see these addresses in netstat‘s “Foreign Address” column, it means your computer is directly connecting to the swarm, without using a proxy. As shown in the example above, comparing netstat‘s output with the peer list here shows that we’re set up nicely!

Torrenting anonymously can be tricky, and it certainly helps to have a friendly neighborhood technomage to ask for advice if you’re feeling uneasy. But as you can see, it isn’t a hard thing to learn once you have the information you need. Best of all, I can guarantee you this: torrent sites have a far better selection than Netflix. ;)

The best source for information about news and developments in the BitTorrent universe is Check it out!

Addendum: What about paid VPN services?

A link to this guide was posted on The Pirate Bay subreddit, where it was well-received. Several people suggested using paid VPN services instead of free public proxies. Using a paid VPN service means purchasing access to a private proxy from a corporate entity, which is something I do not recommend. There were also some good follow-up questions about using proxies. Here’s one such exchange.

separatebrah asks:

The first proxy I tried didn’t work (cmd was showing peer addresses), I tried another and it worked.

However, the first time, the torrent still downloaded, I wouldn’t have known it wasn’t going through the proxy, so is it necessary to check the connections every time I use a new proxy, start utorrent etc? What if the proxy stops working halfway through? It would be nice for utorrent to stop downloading if it’s not going through the proxy.

Also, why are paid VPNs so recommended if it’s as easy (and cheap) as this to avoid punishment?


I responded:

Yes, you should always check to see if the proxy you selected is actually working for each new proxy you select, and you should always choose a new proxy each time you fire up your torrent client. People pay money for reliability, not technology. The technology of a free proxy and the technology of a paid proxy is identical. The difference is the consistency and contractual uptime guarantee, that’s it. If you have bad habits (i.e., you’re not carefully checking to see if the settings you entered ACTUALLY WORK after you enter them), then maybe paying for reliability is something you want to do. Just keep in mind that when you pay for something, there’s a money trail. If you don’t use a paid service, there’s no receipt in someone’s financial accounting ledger that can be traced back to you. I prefer being careful and using free proxies over paying money for the same technology in a way that encourages me to be lazy.

Also, uTorrent has a bad habit of trying proxies you give it but falling back to whatever other means are available if the proxy doesn’t respond to you. That’s a problem with uTorrent, not you. It does mean that you might want to use a different BitTorrent client, though, if you’re not careful about checking the proxies you choose to use. Again, that’s why I like Deluge: if you give it a proxy that isn’t alive, it will try the proxy but the download will fail. That’s what you want, because the proxy is dead. You don’t want it switching to a direct connection behind your back.

Another thing you can do to be extra cautious is disable PEX (Peer Exchange) and DHT (Distributed Hash Table) lookups. Some clients don’t respect proxy settings for these two mechanisms, even though they should. Again, that’s a problem with the client, not you. It’s also easier to check that the proxy you’re setting up is really the proxy being used for trackers (as opposed to PEX or DHT) because numerous paid torrent VPN services also provide IP checking utilities that you can by definition use for free (even without being a customer). See, for instance, BTGuard: CheckMyTorrentIP. Just set up a free anonymous proxy like in the above HowTo guide, then follow the steps in the BTGuard CheckMyTorrentIP page, and look for the IP address of the proxy you set up instead of “BTGUARD IS WORKING”. BTGuard won’t tell you “it’s working” because you’re not paying or using BTGuard. But it will show you what IP address it thinks you’re using, and if that IP address is the address of the proxy you configured, then you’re torrenting (at least using traditional trackers) through that proxy. :)

Hope this helps.

  1. Everyone glosses over this point, myself included, but this point is actually very important: downloading something is the act of making a copy of the thing you are downloading. When you download or receive something from the Internet, you are literally creating an exact replica (a “copy”) of whatever it is you’re downloading. This is fundamentally different from “stealing,” which is the act of removing something from one place and putting it in another. You literally can not steal anything using the Internet no matter what you do, and anyone who tells you differently is trying to sell you something, or put you in jail. []
  2. BitTorrent suffers from a wealth of jargon. Thankfully, Wikipedia has a decent glossary of BitTorrent terms. []
  3. BitTorrent files typically have the .torrent file name extension, but they don’t have to. Technically, BitTorrent files are bencoded dictionaries, which is a fancy way of saying an index that lists the torrent’s referenced contents and where that content can be found. So they’re really meta or metainfo files. Sometimes they’re also called a manifest. When torrents are not files, they are usually something called “magnet links,” which serve the same purpose as a torrent file’s dictionary but that use a special URL instead of an actual file. More on magnet links later. []
  4. In the screenshot above, you might have noticed there’s a field for “Trackers.” That’s where you paste the URLs (the Web addresses) of any well-known trackers you want to announce yourself to. When you start sharing (or “seeding”) your file, those trackers will dutifully re-announce your announcement of your presence to any other BitTorrent users who want to copy what you’re sharing. There are numerous stable, public, free BitTorrent trackers available to you (like udp:// or udp://, and it doesn’t really matter which one you use. (In fact, the more you use, the easier it will be for others to find you.) For now, suffice it to say that a tracker’s job is to keep other users in the swarm updated about where everyone else is, in case things change and in order to help you find one another in the first place. Obviously, hiding our real identity from trackers as well as the rest of the swarm while still being able to find and share files with one another is a key part of what staying anonymous while using BitTorrent is all about. We’ll look at ways to do that in the next section. []
  5. Another useful consideration for a proxy server I don’t list explicitly is its physical location. You may want to use a proxy located in another country than you are in so as to avoid running afoul of local laws, or to route around geographic censorship. Remember, political and legal borders are not real, so the fundamental Internet technology we’re talking about doesn’t and, to work correctly, shouldn’t pay any attention to them. Most proxy lists display the country a proxy is in alongside its other information. []
  6. Technically, the Tor Browser is a package deal that comes with a modified version of Mozilla Firefox and the actual tor proxy software, all pre-configured to work together. If you want to learn more about Tor and, trust me, you do, consider reading my article all about it. []
  7. Even though each BitTorrent client’s preferences window looks different, they all describe the same basic behavior. []
  8. You can often still download many pieces of a torrent even if there are no seeders in the swarm. Sometimes, if a torrent has many independent files, you can still download the majority of the content you’re after because only a few pieces in a few files are missing. The quickest way to check this is to look for the “Availability” proportion in your BitTorrent client. Without a seed, this readout will be somewhere between 0, meaning absolutely no parts are available, and just under 1. The closer this value is to 1, the more pieces of the torrent are available. I once downloaded a torrent of a four-season TV show whose availability was 0.954, and was happy to find two complete seasons had downloaded without any problem at all despite never finding a seed for that torrent. Other torrents provided the missing episodes and all was well. []
  9. On Mac OS X, netstat is also available from the Network Utility application, in addition to the command line in Terminal. In Network Utility, go to the “Netstat” tab and choose the “Display the state of all current socket connections” radio button. This is the equivalent of typing netstat -a in Terminal. []

How to: Securely configure Mac OS X for network packet sniffing with Wireshark

If you’re anything like me, you often run into a computer problem or five that could be diagnosed more quickly by taking a peek at activity on the network. The best general purpose tool for inspecting network activity has gotta be Wireshark. It’s an industry-standard, open source packet sniffer that you can use for fun and profit. But on many Mac OS X builds, the default configuration for packet capturing is less secure than it ought to be. Here's how to fix that on your Mac.

Read more

How to use Tumblr as a web host for a blog you FULLY control, without paying anything

If you're not a computer nerd, buying web hosting can feel like buying a house. Or, worse, like buying a car. Or, even worse than that, a new computer.

It doesn't have to be painful. In fact, most people who want a simple blog or website don't even need to buy web hosting in the first place. And, this is the kicker, if you do end up buying web hosting, sooner or later you'll realize that you've invested your whole identity, or your business, or whatever's important to you, in a place that you don't actually have any control over, and can't easily leave. Backups will become important, but they're gonna be a massive headache. You may find yourself hitting resource quotas, or your credit card will be charged for hidden and contract "renewal" fees or some such bullshit like that, none of which you were told about when you signed up. And, worst of all, you could find yourself digitally gagged, censored, or even outright banned just because someone else on the same "shared server" you were assigned was behaving badly.

Fuck. That. Shit. And, more to the point, why on God's green Earth would you pay to be subjected to such bullshit?

With just a little bit of patience, enough computer know-how to understand how to click a few download links and move files from one folder to another, and a willingness to read this post, you can avoid every single one of those frustrating web host experiences, all while ending up with seamless, automatic backups of your entire blog, the ability to legally dodge shitty censorship and corporate contracts alike, and the ability to easily participate in the ever-expanding social media frenzy without spending hours managing all your different accounts manually. And did I mention it's free?

Read the full post, it's worth it.

Read more

WP-SeedBank plugin: a mini user’s guide

With the recent release of version 0.3 of the WordPress SeedBank plugin, and following PermacultureNews’s feature article about the WP-SeedBank plugin, I’ve been getting a lot of the same questions from people who describe themselves as not very savvy with technology but who would nonetheless like to use the plugin on their WordPress-powered websites. Rather than responding to everyone individually, which is exhausting and frustrating, I’ve put together this miniature user’s guide.

Thanks to Carolyn Zezima at NYC Foodscape and Carrie Jones at Common Wealth Seed Library for their questions prompting me to write this.

The main thing you need to understand to make good use of the WP-SeedBank plugin is that, like any good tool, WP-SeedBank does one thing and only one thing, but it does it very well: it gives registered users of your WordPress website the ability to publish content that’s specially tailored for the purpose of exchanging seeds with one another. It uses as much of WordPress’s out-of-the-box functionality as possible to do that, which means it does not manage user accounts, content permissions, privacy settings, and so on. WordPress itself can do much of this on its own, and there’s an entire ecosystem of WordPress plugins you can use in conjunction with the WP-SeedBank plugin to customize how your seedbank or seed library website works. I encourage you to explore that ecosystem. :)

Quick Start Guide

The WP-SeedBank plugin ships with a README file that contains a “Quick Start Guide.” The WP-SeedBank Quick Start guide can also be found online at the WP-SeedBank download page from the WordPress Plugin Repository. The Quick Start Guide is written to help you get a basic community seedbank’s website up and running as quickly as possible.

At the time of this writing, the WP-SeedBank Quick Start Guide reads as follows:

Follow these steps to get your seed exchange website up and running quickly:

  1. Install WordPress on your website, if you haven’t already. (You can use WordPress’s Famous 5-Minute Install instructions.)
  2. Install the WP-Seedbank plugin. (You can use WordPress’s Automatic Plugin Installation instructions, or the WordPress Beginner “Step by Step Guide to Install a WordPress Plugin for Beginners” instructions.)
  3. Enable user registration from your WordPress General Settings screen by checking the box that reads “Anyone can register.” This allows the people in your community to make user accounts on your website and use the WP-Seedbank software.
    1. Set New User Default Role to Contributor. This enables the people in your community who have made user accounts to create seed exchange posts and submit them for your review to publish.
  4. Share the Web address (URL) of your website with your community and invite them to join.
  5. Periodically check your website for seed exchange posts created by members of your community, review, and publish them. (The same process that you use for reviewing and publishing regular posts applies here.)
  6. Optionally, you can promote members of your community who have created seed exchange posts in the past to the Author role, so that they no longer need your approval to publish seed exchange posts. Learn more about WordPress’s user roles and capabilities.

How WP-SeedBank works with WordPress

The WP-SeedBank plugin extends the functionality that WordPress’s core blogging features give you out of the box: it makes it easy to publish web pages. (That’s pretty much the core of what “blogging” is—it isn’t more complicated than that.) You can think of the WP-SeedBank plugin like a mini-WordPress specifically for seed exchanges inside your WordPress blog. This means just about everything that applies for publishing a regular WordPress blog post applies for publishing seed exchanges, too. So, just like regular WordPress content such as posts or pages, nothing will be displayed to visitors on your website if you don’t create any seed exchanges. I explain creating and using seed exchanges below.

Of course, no one is going to use your seedbank website if no one knows about it. To make a post announcing that you’ve got the WP-SeedBank running in your WordPress installation, write a regular blog post, send an email newsletter, or do whatever else you would for any other situation in which you wanted to publish some announcement. But first, let’s make sure you’re ready to help new members use your website!

The WP-SeedBank Quick Start Guide gives a brief description of how you could configure your WordPress installation so that other people in your community can use WP-SeedBank. The first thing you need to do is enable user registration so that they can create their own user accounts with which to use the software. Since WordPress gives you this functionality as part of its core feature set, once you’ve installed WordPress on your website (by completing steps 1 and 2 in the Quick Start Guide), you don’t even need to get another plugin. The Quick Start Guide says:

  1. Enable user registration from your WordPress General Settings screen by checking the box that reads “Anyone can register.” This allows the people in your community to make user accounts on your website and use the WP-Seedbank software.
    1. Set New User Default Role to Contributor. This enables the people in your community who have made user accounts to create seed exchange posts and submit them for your review to publish.

On an otherwise unmodified installation, we recommend using the Contributor role because that ensures you’re able to review any content users want to post to your website before it goes “live.” (Learn more about User Roles and Capabilities from the WordPress Codex.)

Once you’ve enabled user registration, anyone who wants to use your Seedbank website can make an account and log in. Exactly how people register is up to you, and you can customize the registration process using other plugins if you want. (The folks who run the Cleveland Seed Bank have done this; sign up for their website to see what I mean.) Regardless of whether you customize the registration process, you’ll need to direct people to your Seedbank website’s user registration form, which will probably be at a URL such as, where “” is, of course, whatever your Seedbank website’s address is. (Note that if you go there now, before enabling user registration, you’ll see a message that says “User registration is currently not allowed.”)

If you’ve followed the Quick Start Guide, when I register, it will mean that I become a “Contributor” to your website, and that enables me (or whoever’s registering) to compose Seed Exchange Posts for you to review and publish if you approve of it.

The next instruction in the Quick Start Guide reads:

Share the Web address (URL) of your website with your community and invite them to join.

Or in other words, publish something (like a post or page on your blog) encouraging people to register for your Seedbank website. You may want to provide the registration link in whatever you write, itself. For example, the Taos Seed Exchange, which uses WP-SeedBank, has done this by publishing a top-level page on their website with a sign up link that sends people to the registration page.

In the simplest case, once you install WordPress itself, install the WP-SeedBank plugin, and enable user registration, people can register their user accounts and create Seed Exchange Posts. You’re technically done. If you want to learn more, the links in the Quick Start Guide go to articles where you can read about each step in more detail.

Creating and Using Seed Exchange Posts

Once you’ve installed the WP-SeedBank plugin, you can publish a new seed exchange post by logging in to your WordPress Dashboard and selecting “Seed Exchange” from the “+ New” menu item. That process is also described in the WordPress Codex.

Notice that the only difference from what the WordPress Codex describes is that instead of selecting “Post” from the “Add New” menu, you’re selecting “Seed Exchange.” This will take you to the Add New Seed Exchange screen, which looks very similar to the Add New Post screen in that it has a field for a seed exchange title and a seed exchange message (using the default WordPress WYSIWYG or “visual” editor). Unlike WordPress’s default “Add New Post” screen, the “Add New Seed Exchange” screen also provides you with a “Seed Exchange Details” box that has a fill-in-the-blank web form. This lets you enter details specific to seed exchanges, such as the kind of seed you’d like to exchange, the seed’s expiry date, and so on.

You can also click the “Help” button, usually located at the top-right of your WordPress screen, to get additional help about this screen. When you do, it’ll look something like this:

Screenshot of WP-SeedBank's "Adding a Seed Exchange" help tab.
Screenshot of WP-SeedBank’s “Adding a Seed Exchange” help tab.

Once you’ve composed and published a seed exchange post, it will be visible to anyone for whom your blog posts are normally visible. Unless you’ve customized your WordPress website to behave differently, that means your seed exchange post will be visible to anyone on the Internet by viewing the Seed Exchange Archives page of your website (which, if you’ve installed the WP-SeedBank plugin at, is probably going to be at, as well as being visible for logged in users of your website at the “Manage Seed Exchanges” screen (which, again, will be at a URL that looks something like

As you might have guessed by now, this is very much like how you would manage WordPress’s regular posts, except that the “posts” you’re managing are Seed Exchange Posts. That screen will look something like this, which I whipped up quickly to show you:

Screenshot of WP-SeedBank's "Manage Seed Exchanges" screen.
Screenshot of WP-SeedBank’s “Manage Seed Exchanges” screen.

This screenshot shows you the three (example) seed exchanges I authored and published. As you can see, two of them are “Swap” exchanges, and one is a “Sell” exchange. You can learn about and even customize the meanings of the possible values for the Exchange Type column by clicking on “Exchange Types” in the WordPress Dashboard Menu (the black stripe over on the left in the screenshot above). The default installation of the WP-SeedBank software defines four Exchange Types, and writes a description for each type so you know what they are. The four default types and their descriptions are:

Exchanges requesting seeds of a variety not already listed.
Exchanges offering free seeds being given away.
Exchanges offering seeds for money.
Exchanges offering seeds for other seeds.

These are customizable in the same way WordPress tags are and, also like WordPress tags, each one creates an archive page that lists every seed exchange post of that type. You can think of each Exchange Type like a virtual folder in which you’ll store a seed exchange post as a way to help keep your seed exchange posts organized. This is useful for visitors to your website who are browsing (as opposed to searching), so they can also find what they’re looking for.

The Common Name, Seed Genusand Scientific Name, and Exchange Status columns work exactly the same way as the Exchange Type column.1 You’ll notice that they each have an entry in the WordPress Dashboard Menu (on the left) that lets you customize their possible values, too. There’s a great article explaining WordPress tags on the Support site that also applies to self-hosted WordPress installations (like those that support WP-SeedBank).

Just about everything explained on that page for WordPress tags applies the same way to WP-SeedBank’s Exchange Types, etc., too. The major exceptions are that you add an Exchange Type to a Seed Exchange Post using the “Seed Exchange Details” box (not the “Tag module”), and that you can not select multiple Exchange Types for a single post.

Controlling who can publish Seed Exchange Posts versus regular blog posts

Another question I’m often asked is if letting users make Seed Exchange Posts with WP-SeedBank means you also have to let them make regular posts to your blog. The short answer is no. The longer answer is “it depends on how you want to set up your website.”

With respect to “who has access to post what content on my website, and where,” the Quick Start guide suggests new user account registrations be assigned the “Contributor” role specifically to ensure that you can review any postings before they are “live.” When you first install it, WP-SeedBank currently uses the same permissions for Seed Exchange Posts as for your regular posts, which means that users who have been assigned the “Contributor” role can submit both Seed Exchange Posts and regular Posts for review, but cannot publish anything without approval.

If you don’t want anyone else to even be able to submit posts for review, you can use any of the WordPress capability manager plugins such as the popular “Members” plugin to define different permission schemes for regular posts independent of Seed Exchange Posts. Yet another option is to create a totally separate website whose primary or even sole purpose is to run the Seedbank (a true “Seedbank website”), and send people to the registration page for that website instead of the website for your company or organization’s main blog when you make your announcement.

In other words, the functionality to make any number of additional customizations exists in the diverse ecosystem of plugins that WordPress already provides. The solution that works best for your community is not necessarily the solution that works best for other people’s communities. That’s why the WP-SeedBank plugin focuses only on managing seedbank-related tasks and content, while leaving things like user management, content permissions, and so on, to other plugins that do those jobs better.

We try to be like nature: highly specialized, and highly diversified!

Have feedback? Found a bug?

If you have feedback about WP-Seedbank, or if you believe you’ve found a bug in the software, there are two places where you can go for support.

The first is the WP-SeedBank’s WordPress Plugin Support Forum. If you post your question or ask for help here, you might get an answer from anyone who uses the WP-SeedBank plugin. I recommend you try asking for help there first because more people are watching the conversations that go on there than anywhere else.

The second place to ask for help is the WP-SeedBank project page on GitHub. This is where myself and others who are helping with the actual development of the plugin code coordinate our work with one another. While we do our work in public and you’re more than welcome to look over our shoulders, we ask that you please use this forum primarily for feature requests (that is, asking us to build some functionality into the plugin that it doesn’t currently do) or bug reports (that is, alerting us of things that you’re certain is broken within the plugin). Before you write a bug report, please also be sure you know how to write a bug report. Hilton Lipschitz wrote a fantastic article called “How to write a good bug report” that I’d encourage you to read, and the article even links to a useful bug reporting template that you can use to make sure your bug reports are understood by the WP-SeedBank development team.

And as usual, please remember that WP-SeedBank is a 100% volunteer project. There are no paid developers. There is no staff. There is also no budget. If you use this software, or like the idea, or just want to help sustain future development, donations to either The Hummingbird Project or donations to me (the plugin maintainer) personally are sincerely appreciated.

I hope this helps you set up your community’s seedbank or seed library. Thank you for your interest in WP-SeedBank and for the work you do helping us ensure sovereignty over our food supply!

  1. Some of these taxonomies have changed in the current version of WP-SeedBank. Please refer to your installation’s on-line help, which is usually a little tab at the top-right of your WordPress screen that reads “Help,” for more information about your version. []

One Minute Mac Tip: Open multiple Tor circuits in the new TorBrowserBundle 3.5 for Mac OS X

Earlier this month, the Tor Project released a new version of the Tor Browser Bundle, an easy-to-use anonymity-enhancing Web browser. In a previous post, I discussed how to use the Tor Browser Bundle (TBB) for other applications on your computer, such as Safari and even This post has updated instructions for doing some of the “fancy” things that the new TBB no longer provides a graphical user interface to do.

You should already have the newest Tor Browser Bundle installed on your Mac and have followed the steps in “HowTo: Use Tor for all network traffic by default on Mac OS X” for configuring a new Network Location to use Tor.

As of version 3.5, the Tor Browser Bundle on Mac OS X no longer ships with Vidalia, the GUI that lets you configure your connection to the Tor network. Instead, this is packaged as a Firefox add-on called TorLauncher. This add-on doesn’t have any GUI yet, but since it’s still a full-fledged Tor, you can access its advanced features using Tor’s configuration file.

Editor’s note: When I first wrote this guide, I suggested editing the torrc-defaults file to apply your customizations, but it is actually better to edit the torrc file. This second file overrides any configurations made in the torrc-defaults file and your customizations will be preserved even after Tor Browser auto-updates itself. Therefore, wherever you see torrc-defaults below, just replace this with torrc instead.

From the Finder, right-click (or control-click) on the TorBrowserBundle application and select “Show Package Contents.” A window will open showing the folders and files that make up the application bundle. The file we’re looking for is called torrc-defaults, which the TorLauncher uses to configure the Tor (essentially the equivalent of Vidalia’s old “Settings” screen). That file is located in Data/Tor/torrc-defaults, as shown below:

TorBrowserBundle torrc-defaults in Mac OS X Finder

Open the torrc-defaults file with any text editor (such as TextEdit). Its contents are a tor configuration file, and they’re pretty simple:

# If non-zero, try to write to disk less frequently than we would otherwise.
AvoidDiskWrites 1
# Where to send logging messages.  Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
SocksPort 9150
ControlPort 9151
CookieAuthentication 1

Using configuration directives in this file, you can tell Tor to, for example, use a specific country as an exit node so that you appear to always be accessing websites from the country you specify (useful for avoiding country restrictions on video content). You can also use it to open multiple Tor circuits for privacy reasons, as discussed in my previous post. That’s what we’re going to do.

To set up multiple circuits, simply delete the line that starts with SocksListenAddress and replace it with a line that reads like SocksPort 9050 (where 9050 is whatever port you want to use as your additional circuit). Here’s what my torrc-defaults looks like:

# If non-zero, try to write to disk less frequently than we would otherwise.
AvoidDiskWrites 1
# Where to send logging messages.  Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
SocksPort 9048
SocksPort 9049
SocksPort 9050
SocksPort 9150
ControlPort 9151
CookieAuthentication 1

Save this file, quit the TorBrowser, and re-open it. Tada. You can even open up your Console to watch the logs as Tor starts:

Console watching TorBrowser with multiple SocksPort

Don’t forget that using Tor by itself is not a guaranteed invincibility shield. To really make Tor work for you, you’ll need to change some of your habits.

HowTo: Use Rules to Automatically Manage Email in Apple Mail

After recently moving to San Francisco, I joined the San Francisco Freecyclers’ Network. Freecycle is a really cool set of local groups who prefer to give away items to people who want them instead of throwing them away into the trash. The group uses email to connect people who offer items and those who want them. In order to stay sane, a simple, conventional format for writing an email’s subject line lets you quickly figure out what’s on offer and where.

Thanks to this simple text convention in subject lines, I could trivially automate the process of sorting through the approximately 100 emails a day that the email list generates in order to single out only the emails that interest me. Here’s how I did it.

Define Your Goals

Before setting out on any task, it behooves you to take a moment and think about what it is you’re trying to accomplish. For me, with the San Francisco Freecycling Network (SFFN) email list, I wanted to achieve the following goals:

  • Keep my inbox clear of email from the SFFN list unless a message was particularly interesting.
  • Browse the SFFN messages when I wanted to look at them without having to go to the web site.
  • Highlight particularly interesting messages in my inbox visually and play a special sound to alert me that such email has been found in case Mail was running in the background (since free stuff gets taken fast!).

I defined “particularly interesting” messages as ones that offered items of need for my recent move. With this in mind, I set out to create email rules that accomplished each goal in turn.

Step 1: Create a mailbox to store the appropriate messages

I began by creating a new mailbox to store all the SFFN messages I was getting. This alternate mailbox would be the mailbox I would shunt all SFFN email to so as to keep my inbox clear of it. I called the mailbox simply “SFFN”.

Do this:

  1. From the Mailbox menu, select New Mailbox…. The New Mailbox sheet appears.
  2. Select any location (“On My Mac” is fine, as is the account that receives the mailing list messages), and give it a name.
  3. Click OK.

Step 2: Create an email rule to move all appropriate messages to the new mailbox

With the new mailbox created, I now needed to get all the appropriate messages in there and out of my inbox.

Apple Mail’s email rules work by looking at each incoming message and matching it against a set of conditions that you provide. If the message being evaluated matches the conditions you specify, such as “from the San Francisco Freecycler’s Network mailing list”, then an associated action is automatically performed. Every email you get is evaluated against every rule you have unless a rule moves the message to another mailbox or until you trigger the “stop evaluating rules” action.

Since moving an email message to a new mailbox ends the process of evaluating rules and moving messages to the SFFN mailbox I just created is the goal of the rule I’m creating, I decided to name the rule “END – SFFN”.

Do this:

  1. From the Mail menu, select Preferences…. The Mail Preferences window opens.
  2. Click the Rules button. The Rules pane appears.
  3. Click the Add Rule button. The Add Rule sheet appears:
    1. Enter a meaningful description (I chose “END – SFFN”) in the Description: field.
    2. Provide the conditions you want to match. Since all SFFN emails must be addressed to the mailing list, I simply provided the email address of the mailing list ( as the condition for the To header.
    3. Provide the actions you want Mail to perform. I simply wanted to move the matched messages to the SFFN mailbox.
  4. Click OK.

For me, the above configuration looked like this:


Step 3: Create an email rule to highlight a message of particular interest

At this point, any and all email I receive from the San Francisco Freecyclers’ Network is being moved to the SFFN mailbox I created for it. This is nice because it keeps my inbox clear, but it’s still not very helpful since I still have to go trudging through the SFFN mailbox in order to find anything that might be interesting to me. The whole point of this exercise is to reduce the amount of time I spend actively looking for interesting things and let my computer do that work for me. So the next step is to tell Mail what I’m looking for so it can show the interesting messages to me.

Now, as it happens I’m in need of a wireless router. Since “router” is an appropriately unique word, I’m going to tell Mail to look for that word in a subject line. However, since I only want Mail to tell me when a router is available and not when other people like me are looking for routers, I’ll also tell Mail to look for the keyword “OFFER” in the subject line. (And this is why the Freecycle guidelines tell users to format their subject lines in a conventional way.)

Finally, since I don’t want to have to go digging for the interesting email message and since my inbox is already going to be kept clear by the previous rule, I’ll simply have Mail highlight the message in a bright green color and leave the message in my inbox without moving it to the SFFN mailbox I created earlier.

Do this:

  1. From the Rules pane in Mail’s preferences, click Add Rule.
  2. Enter a meaningful description in the Description: field. (Since I’m looking for a router, I called it “SFFN – Search for OFFERed ‘router'”.)
  3. Provide the conditions you wish to match. For me, this meant email sent to the Freecycler’s mailing list with the two words “OFFER” and “router” in the subject line.
  4. Specify the actions you wish Mail to perform. I wanted Mail simply to color the message green and to leave the email go to the inbox (where it was originally destined for), so I chose “Stop evaluating rules”. (I also decided I’d want Mail to play a special sound to alert me that it had found something interesting. This is optional, of course.)
  5. Click OK.

When I was done creating my rule, the above configuration looked like this:

Screenshot of rule to highlight incoming Freecycling emails offering a router.

I can now repeat this step as many times as desired to tell Mail to highlight other messages that may be of particular interest for some other reason. For instance, say instead of looking for a wireless router, I wanted to look for a toaster. I would simply need to click on “Duplicate Rule” and replace all instances of “router” with “toaster”.

Step 4: Place email rules in appropriate order

Since Mail will repeatedly check incoming email against all the active rules, we need to be sure to place the rules in the correct order. You can think of each email rule as part of large Rube Goldberg machine, each message getting funneled through some piece of the logic at each successive rule. That’s why I began the name of the first rule I created with “END,” so that I’d know it should be placed after the rest of the SFFN-related email rules.

I decided that I wanted Mail to look for anything related to cameras and, of course, to toasters. This gave me a total of 4 rules (three to search for items of interest, and one to keep my inbox clear). Since the three highlighting rules all perform the same action, it doesn’t really matter which order they go in, but it is important that all of them appear before the rule to move messages to the SFFN mailbox.

To order rules, simply click-and-drag them into the order you wish Mail to evaluate them in. When I was done, my Rules pane looked like this:

Screenshot of the Rules pane with sorted rules.


Mail rules are an extremely powerful feature that most email clients have, but that too few people use. They can save you enormous amounts of time and increase your productivity by automating simple yet time-consuming tasks.

The conventional, standardized subject lines that the Freecycle mailing list uses simplifies the logic required to have your computer automatically process your messages for you. This is a useful observation because it can be applied to other areas of your life where using simple conventions can help to organize otherwise overwhelming information tasks into manageable batches. Although this particular example uses stock, simple commands, you can get as fancy as you like by having an action trigger an AppleScript.

Now, hopefully, finding some additional housewares and a wireless router for my new San Francisco apartment will be as easy as checking (but not manually sorting!) my own email!

How To Use Git-SVN as the Only Subversion Client You’ll Need

I’ve been using git as my favorite version control tool for quite a while now. One of its numerous distinguishing features is an optional component called git-svn, which serves as a bi-directional “bridge” that enables native git repositories to interact with a Subversion repository, performing all the normal operations you would need to use svn for. In other words, since you can checkout, commit to, and query the logs of Subversion repositories (among other things) using git-svn, git can serve as your all-in-one Subversion client.

One reason why you might use git-svn because your project actually resides in a Subversion repository and other people need to access it using Subversion-only tools. Another might be because you have multiple projects, some that use git and others that use Subversion, and you’re tired of switching between svn and git commands—like me. For us, it’s far easier to simply use git as a Subversion client and never have to call svn directly.

As an important aside, please note that I would strongly discourage people who are new to git from learning about it by using git-svn. Although you may think that moving to git from Subversion would be eased by using the git-svn bridge, I really don’t think that’s the case. You’re much, much better off simply using git by itself right off the bat, and you can do this even if your fellow committers are using subversion.

Also, I’m going to assume you’ve already got a Subversion repository set up somewhere.

First, checkout the subversion repository. In Subversion you would do this:

svn checkout

With git-svn, you do this:

git svn clone

This will cause git-svn to create a new directory called repo, switch to it, initialize a new git repository, configure the Subversion repository at as a remote git branch (confusingly called git-svn by default, although you can specify your name by passing a -Rremote_name or --svn-remote=remote_name option), and then does a checkout.

The output of this command will be a little awkward. Here’s a sample from one my repositories:

r14 = dbd7266f328ef2ad061ea4532f39ce7cebaba0c5 (git-svn)
	M	trunk/Chapter 6/Chapter 6.doc
	M	trunk/Chapter 6/code examples/6.1.html
	A	trunk/Chapter 6/code examples/6.2.html
r15 = 4cca08341ab0600069cece77ce67afc449caca68 (git-svn)
	M	trunk/Chapter 6/Chapter 6.doc
	A	trunk/Chapter 6/code examples/print.css
	A	trunk/Chapter 6/code examples/screen.css
	M	trunk/Chapter 6/code examples/6.1.html
	M	trunk/Chapter 6/code examples/6.2.html
r16 = 7b2f3e0ccfd79be61b527b6ba325f8689475dc01 (git-svn)
	M	trunk/Chapter 5/Chapter 5.doc
r17 = a319764855361d92bb6e006cfd18a51319046cae (git-svn)
	M	trunk/Chapter 5/Chapter 5.doc
r18 = 4cd5cb43d33b2dd45bd39b9a2b7ea9416f9e3d8f (git-svn)
	M	trunk/Chapter 6/Chapter 6.doc
	M	trunk/Chapter 6/code examples/screen.css
	M	trunk/Chapter 6/code examples/6.1.html

As you can see, git-svn is associating specific Subversion revisions with particular git commit objects. Due to this required mapping, the initial cloning process of a Subversion repository may take some time. This is a good opportunity for your morning coffee break.

When this process is done, you’ll have a typical git repository with a local master branch and one remote branch for the Subversion repository:

Perseus:repo maymay$ git branch
* master
Perseus:repo maymay$ git branch -r

You can now treat the Subversion repository as though it were a remote branch of sorts. Say you’ve done a bunch of work and, as you typically do with git, you commit this work to your topic branch.

Perseus:repo maymay$ git checkout -b awesome-feature
Switched to a new branch "awesome-feature"
Perseus:repo maymay$ vim awesome-feature-stylesheet.css
Perseus:repo maymay$ git add awesome-feature-stylesheet.css 
Perseus:repo maymay$ git commit -m "Now I'm perty."
Created commit 07ee832: Now I'm perty.
 1 files changed, 1 insertions(+), 0 deletions(-)
 create mode 100644 awesome-feature-stylesheet.css

Right now your changes are still in the topic branch (called awesome-feature in the above example). To get them to Subversion, you merely need to say git svn dcommit:

Perseus:repo maymay$ git svn dcommit
Committing to ...

Note that pesky extra “d” in the command. This is the equivalent of Subversion’s svn commit, but the commit message used is the one from the previous command, which in this case was git commit -m "Now I'm perty.". Also interesting to note here is that because Subversion doesn’t understand git branches, any change on any branch can be “pushed” to Subversion at any time using git svn dcommit—the git commits don’t have to be on any specific branch, since all git-svn does is map a git commit object to a Subversion revision and vice versa.

Similarly, you can at any time run the equivalent of svn update to get the latest changes from the Subversion repository into your Subversion branch.

  • To do this, without affecting your working tree—that is, to only fetch the latest changes but not write them to the filesystem, just to the git-svn metadata area and the remote git branch—use git svn fetch. To apply these changes to your local branch, you simply merge: git checkout master; git merge git-svn.
  • If you do want to write out the changes to the filesystem (as svn update would do), use git svn rebase, which automatically linearizes your local git commit history after the commit history of the incoming Subversion changesets. Very slick.

If your fetching/rebasing causes a conflict, you’ll be notified and will have to resolve it as per usual. If your “pushes” to the svn repo causes a Subversion conflict, you’ll be notified and you should again edit the appropriate files to resolve it, but this time make sure you run a git svn rebase before you try dcommit-ing again (since, remember, Subversion can only handle linear commit history).

As always, saying man git-svn or git help svn to your shell will give you all the other details. Among these, the most likely you’ll probably want to learn about is how to track multiple Subversion branches as normal git branches.

How To Start Contributing To Open Source Projects

If you’re anything like me, then you’ve been using open source projects for years. You love them, you know them, and you want to help them. But you aren’t the fastest programmer, or the smartest, and you’ve finally gotten to a point in your life where you’re okay that someone, somewhere, is going to be better than you at everything you do.

To this I say congratulations, because now—at last—you’re ready to start contributing to open source projects. To help you out, here are a few of the things that I’ve noticed that have been immensely helpful for me as I’ve started to make the transition from power user to contributor.

Start with the bugs

Contributors to open source projects are like Tom Hanks in the movie Cast Away. No matter how much help you get from the mailing list or the chat room, you’re still ultimately going to have to figure stuff out for yourself. This is a challenge, to be sure, but the good news is that you don’t have to work it all out on your own—it is an open source and collaborative project, after all, right?

So, very often, the best ways to start contributing is by sending bug fixes in as patches, the smaller the better. I think my first bug fix to an open source project was like 3 lines, and all my first contributions to subsequent projects have been that size or smaller. Surf to the issue tracker and cruise over to all the bugs in your down time, read them and work through the process of reproduce, fix, and test. Lather, rinse, and repeat until you have a patch to contribute.

Atomicity helps here, which is to say you should be certain to contribute one patch per bug fix. (Don’t send a single patch that fixes 10 unrelated bugs. That can be extremely difficult for a project maintainer to review.) Sure, bug fixing isn’t a glamorous contribution, but you’d be amazed how appreciated it is. Seriously, nobody likes bugs, so you can easily become an unsung hero for one of the core developers if all you do is ruthlessly cull the bug list.

Speak with results, not with possibilities

There are lots of times when it pays to discuss things on a mailing list before you go and lay down code for them. However, if you’re just getting started contributing to a project and your changes are relatively small and simple, you’re much better off just implementing them and sending in a patch. Once you have code to explain what you mean to do, then discussing it with the project at large can get you places.

There are a few reasons for this, but the primary one that’s impacted me is easier communication: many people use the same words to mean different things, and this makes communication about code in a human language (typically over a mailing list with hundreds of people living in countries all over the world) really hard. In comparison, (most) computers will treat your code in the same exact way. This means it’s much easier to talk to the community using the project’s own code than it is likely to be for you to get all the terminology correct in a mailing list message or a chat room.

Do things their way, not your way

This should be obvious, but I often see other people making this mistake so I’ll mention it anyway. When you contribute to a project, you really, really, really should pay attention not just to what the project is doing, but also how they’re doing it. This does actually require a bit more observation on your part than you might think at first, but it’s still not that hard.

If the open source project were a planet, then when you start contributing, you’re still an insect in its world. (That’s why you’re starting with the bugs, remember?) Quite simply, match the coding style of the project. Figure out what the preferred way to report bugs and to send patches are. For goodness sake, RTFM (no, really, read it—twice if you have to).

In many cases the project’s developers will have already spent hours trying to make all of this information available to you somehow, so it can be really demoralizing for them (and ultimately for you, too) if you don’t take advantage of it. Now admittedly, many projects don’t do this very well, but they have tried. In fact, if you think you can make the information more easily available, perhaps by fixing the grammar, correcting typos, reorganizing a wiki page, or whatever, then contribute!

Leave your ego on your side of the screen

Y’know office politics? Well, sometimes, open source politics can make office politics look like child’s play. It’s kind of a tragedy, actually, but it’s true. And all the poison stems from people’s egos. The maintainers of all the best-run projects remove negative emotion and ego from their mailing list messages, and are quick to defuse ego-filled situations.

As a contributor, this means you should do your best to do the same. Do not—do not—lobby for the inclusion of a particular piece of code, bug fix, feature, extensions, plugin, whatever, just because you wrote it. Seriously. Do not do this. In open source projects, your only currency is your reputation, and you’ll be doing yourself a lot more harm with your ego than you’ll do good with your code.

If you feel really strongly about something, you can always just fork the code base and do your own thing anyway. However, even better than that, try to avoid fragmenting the community and just maintain your own branch locally, and then freely share your patches amongst the people who care about it. (And if you’re not yet using a distributed version control tool, this is a major reason to learn one, like git.)

Acknowledge your strengths and your weaknesses

For a long time I completely shied away from areas in a project where I knew my skill was subpar. This was actually really stupid because it cut off one of the best opportunities I had to improve said subpar skill. I stopped doing this when I started looking at bugs in areas of code bases I was unfamiliar with and, guess what, I got better!

When you’re working in areas in which you are not an expert, it’s easy to become defensive about your lack of skill when you know you’re going to be reviewed by people who know more than you. It’s intimidating, and stressful, yes, but it’s also an amazing learning opportunity. That being said, you can’t just expect to jump into open source projects as a way to lazily get an education. If anything, I contend that learning with this method is way, way more reliant on your own initiative and effort than formal schooling is because, again, no one’s going to (nor should they) hold your hand.

It’s also exceptionally difficult because, since it’s open source, you’re essentially making your lack of expertise public knowledge. It’s not easy to admit having flaws in some areas, and it’s naturally even harder to do so in public. But again, when you can do this well, then you’ll also be able to garner the immense benefits that come with coding (and screwing up) in public, including greater creativity, better experimental branches, and a faster learning curve. (Once again, I think Git is a fantastic tool for this.)

Conclusion: treat others the way you would like to be treated

As I look over much of what I’ve written here, what strikes me more than anything else is that nothing here is specific to open source software development, except the terminology. All of this is, in fact, much more relevant to the every day living of one’s life. So, as you should do in code, do in your life: identify the problems, focus on results, hone your communication, and make bettering your own process an integral part of your process.

After all this, well, I guess I should should get back to work now. :)