Some time ago I began a search for a decent note-taking tool that I could carry around with me. For many years I was a devotee of the notes.txt file on my desktop, constantly open in a text editor so I could add and refer to it as necessary. When that ceased to scale I turned to software that replicated the legions of sticky notes on my desks at work and home, such as Tomboy. And that worked well enough for a while, but when I started relying upon my mobile more and more for things it too stopped …
I know I haven't posted much this month. The holiday season is in full effect and life, as I'm sure you know, has been crazy. I wanted to take the time to throw a quick tip up that I just found out about which, if nothing else, will make it easier to get up and running on a Raspberry Pi that you've received as a gift. Here's the situation:
A couple of weeks ago a new release of the Keybase software package came out, and this one included as one of its new features support for natively hosting Git repositories. This doesn't seem like it's very useful for most people, and it might really only be useful to coders, but it's a handy enough service that I think it's worth a quick tutorial. Prior to that feature release something in the structure of the Keybase filesystem made it unsuitable for storing anything but static copies of Git repositories (I don't know exactly waht), but they've now made Git a …
In the last couple of years, a meme that's come to be known as security nihilism has appeared in the security community. In a nutshell, because there is no such thing as perfect security, there is no security at all, so why bother? Talking about layered security controls that reinforce each other is pointless because they always skip right to the end, which is the circumvention of the nth countermeasure and final defeat. In the crypto community, cries of "Quantum computer!" are the equivalent of invoking Godwin's Law, leading to the end of all discourse, nevermind trying to separate …
UPDATE - 20170228 - Added more stuff I've discovered about KBFS.
A couple of years ago you probably heard about this thing called Keybase launching with a private beta, and it purported itself to be a new form of public key encryption for the masses, blah blah blah, whatever.. but what's this thing good for, exactly? I mean, it was pretty easy to request an invite from the service and either never get one, or eventually receive an e-mail and promptly forget about it. I've been using it off and on for a while, and I recently sat down to really mess …
Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.
- Integrate with environment
- Continuous monitoring
- People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
- Compliance, per usual, means dick in the final analysis
- Roughly five year plan w/ deliverables
- Needs organizational supprt. Still answers to the Business.
- Supports, !replaces Business
- Security will not mature past …
I find it increasingly difficult these days to shake the feeling that the cyberpunk dystopia our world is becoming is shaping up to be more and more like Shadowrun. Ever since 2012 (which turned out to be a slightly less tumultous year than Terrence McKenna had always preached) things have become more and more surreal and disturbing (in a David Cronenberg and not a David Lynch kind of way). The Snowden/NSA scandal continues to bring truly frightening information to light, and the first thing that comes to mind is that ECHO MIRAGE exists as a real thing which is …
On the Internet, there exists a meme called Godwin's Law. Simply put, "As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one," (where probabilities are specified as floating point values between 0.0 (0%) and 1.0 (100%)). It is usually at this point that the discussion is considered completely derailed and no longer worth following.
It seems that a similar phenomenon is occurring more and more often in the twenty-first century, in which online discussions of cryptographic or security software will eventually lead to someone bringing up Ken Thompson's famous paper Reflections …
For no good reason today I decided to run some cryptsetup benchmarks on Windbringer. The only really significant change to the systemware configuration is that Windbringer is now running Linux kernel version 3.9.4-1-ARCH.
[drwho@windbringer ~]$ cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 407688 iterations per second
PBKDF2-sha256 222155 iterations per second
PBKDF2-sha512 144511 iterations per second
PBKDF2-ripemd160 334367 iterations per second
PBKDF2-whirlpool 187245 iterations per second
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 563.0 MiB/s 1862.0 MiB/s
serpent-cbc 128b 67.7 MiB/s 281.0 MiB/s
twofish-cbc 128b 158 …
At the DC Cryptoparty in October of 2012 I did two presentations: One on GnuPG and one on whole disk encryption. While I'd put the GnuPG presentation online I hadn't done the same for the disk encryption one because I had to update it after the cryptoparty to take into account new information acquired that afternoon regarding MacOSX and Windows. I did so, converted the OpenOffice Presentation deck into a PDF, PGP signed them, and uploaded them this afternoon.
v1.0 of the WDE presentation is now available for download:
- cryptoparty-whole_disk_encryption-v1.0.odp (v1.0) (sig)
- cryptoparty-whole_disk_encryption-v1.0.pdf (v1 …