Don't forget to restart all your OpenSSL binaries
The wonder of UNIX is that you can delete running binaries and loaded shared libraries. The drawback is that you get no warning that you're still actually running old versions. E.g. old...
View ArticleAnother way to protect your SSH keys
Let's say you don't have a TPM chip, or you hate them, or for some other reason don't want to use it to protect your SSH keys. There's still hope! Here's a way to make it possible to use a key without...
View ArticleColour calibration in Linux
This is just a quick note on how to create .icc colour profiles in Linux. You need a colour calibrator (piece of hardware) for this to be useful to you. #!/bin/sh NAME=$1 COLOR=$2 DESC="Some random...
View ArticleClik here to view.
Secure browser-to-proxy communication - again
I've previously blogged about a secure connection between browser and proxy. Unfortunately that doesn't work on Android yet, since except if you use Google for Work (an enterprise offering) you can't...
View ArticleKilling idle TCP connections
WhyLet’s say you have some TCP connections to your local system that you want to kill. You could kill the process that handles the connection, but that may also kill other connections, so that’s not...
View ArticleClik here to view.
Decoding FSK
Something I’ve been playing with lately is software defined radio with GNURadio. I’m not good at it yet, but I’ve managed to decode the signals from a couple of things.This is my step-by-step for how I...
View ArticleClik here to view.
Microwave
Two interesting things I saw when listening to the output from my microwave:The frequency is not stable. I assume it’s not thermally controlled.Probably not a good idea to use WiFi channel 6, being...
View ArticleReFS integrity is not on by default
I really don’t like the trend of filesystem authors to only care about filesystem integrity by default. How about having seat belt for your data integrity by default and let people turn it off if they...
View ArticleYubikey for SSH after the Infineon disaster
Because of the Infineon Disaster of 2017 lots of TPM and Yubikey keys have to be regenerated.I have previously blogged about how to create these keys inside the yubikey, so here’s just the short...
View ArticleIs my TPM affected by the Infineon disaster?
I made a tool to check if your TPM chip is bad. Well, it extracts the SRK public key and checks if it’s good or bad. If the SRK is bad then you can bet all other keys are bad too.This will also detect...
View ArticleInternet in China
In this post I’ll describe some experiences I had with the Internet in China, and what it means for people making websites in the west in order to reach expats, visitors, and anyone else in China. So...
View ArticleWPA2 and Infineon
The recent bug in WPA2 has a worst case outcome that is the same as using a wifi without a password: People can sniff, maybe inject… it’s not great but you connect to open wifi at Starbucks anyway, and...
View ArticleWhy bitcoin is terrible
For every day that passes I like bitcoin less. It’s bad for the world.I have ranted about this many times, and it’s time I consolidate these rants into a blog post.We’ll see with time if this rant ages...
View ArticleMicrosoft: ReFS is ridiculous
I’ve blogged before about how the new integrity-checking filesystem in Windows, ReFS, doesn’t actually have integrity checking turned on by default. It’s pretty silly that for a modern filesystem meant...
View ArticleYubikey for SSH on Windows
Short post this time.If you on Linux set up your Yubikey in smartcard mode then you can use that Yubikey without any setup at all on Windows.Just open PuttyWincrypt, put in the host to log in to, and...
View ArticleClik here to view.
Amateur Radio and FT8
My interest in SDR got me into Amateur Radio. One reason was that so that I could transmit on non-ISM bands and with more power. Turns out the 2.3GHz band available to Amateur Radio operators is much...
View ArticleBase Go packages
The Go standard library is generally great, but some parts have replacements that are just plain better and remove frustrations that you may have not even realised were frustrations. Here are my...
View ArticleJT65 with SDR
JT65 is a slow protocol for propagation reports. In short it takes 60 seconds to send 13 characters. Then you wait 60 seconds for a reply, and repeat.The 60 seconds are actually 1 second silence,...
View ArticleD-Star is a closed system
What is the point of amateur radio? To learn about radio, propagation, and the electromagnetic spectrum in general. To understand how it works, and maybe even build or modify your own equipment. The...
View ArticleTCP MD5
TCP_MD5 (RFC 2385) is something that doesn’t come up often. There’s a couple fo reasons for that, good and bad.I used it with tlssh, but this should explain why I didn’t enable it by default.What it...
View Article