This is another post in the series of how to protect SSH keys with hardware, making them impossible to steal.
This means that you know that your piece of hardware (e.g. Yubikey or TPM inside your laptop) was actively involved in the transaction, and not, say, turned off and disconnected from the Internet at the time (like in a safe or on an airplane).
What’s new this time is that we can now have a physical presence test on every use of the key. That means that even if someone hacks your workstation completely and installs a keylogger to get your PIN, unless they also break into your home they can’t use the key even while the machine is on and connected. Evil hackers in another country are out of luck.Read the rest of this entry »
This post explains how to set up a keyboard layout the way I like it. It may not fit you at all, but it may give you ideas that would work for you.
In short: I remap Caps Lock to add some extra keys.Read the rest of this entry »
This is just notes in case I need to do this again. It’s for my QPov project.
Read the rest of this entry »
sudo apt-get install autoconf libboost-all-dev libjpeg-dev libtiff-dev libpng-dev git clone https://github.com/POV-Ray/povray.git cd povray git checkout --track -b 3.7-stable origin/3.7-stable cd unix ./prebuild.sh cd .. ./configure --prefix=$HOME/opt/povray COMPILED_BY="My_Name on RPi" make make install
If you have BT broadband and want to graph the synced speed and actual use of your broadband connection, and you use the BT provided router (Home Hub), then you can’t use SNMP to get these counters. But you can get the data over HTTP without too much trouble. Here’s some ugly one-liners for doing that.Read the rest of this entry »
These are my notes on how to set up a system securely, in a way that would prevent attackers from being capable of performing an “evil maid attack”.Read the rest of this entry »
I decided to combine these two problems into one solution:
- Modern CPUs are idle way too much of the time. Why have all this computational power if we don’t use it?
- I have these funny old Quake demos that there’s no good way to convert to something playable.
My solution is to convert Quake .dem files to .pov files and render them with POV-Ray.
Update: New better screenshot:Read the rest of this entry »
You spend all your waking time at a keyboard. This blog post is about keyboards, and can be summarized as: Buy quality, cry once.Read the rest of this entry »
I've previously blogged about a secure connection between browser and proxy. Unfortunately that doesn't work on Android yet, since except if you use Google for Work (an enterprise offering) you can't set Proxy Auto-Config.
This post shows you how to get that working for Android. Also it skips the stunnel hop since it doesn't add value and only makes Squid not know your real address. I'm here also using username and password to authenticate to the proxy instead of client certificates, to make it easier to set up.Read the rest of this entry »
This is just a quick note on how to create .icc colour profiles in Linux. You need a colour calibrator (piece of hardware) for this to be useful to you.
Read the rest of this entry »#!/bin/sh NAME=$1 COLOR=$2 DESC="Some random machine" QUALITY=h # or l for low, m for medium set -e dispcal -m -H -q $QUALITY -y l -F -t $COLOR -g 2.2 $NAME targen -v -d 3 -G -e 4 -s 5 -g 17 -f 64 $NAME dispread -v -H -N -y l -F -k $NAME.cal $NAME colprof -v -D $DESC -q m -a G -Z p -n c $NAME dispwin -I $NAME.icc
Let's say you don't have a TPM chip, or you hate them, or for some other reason don't want to use it to protect your SSH keys. There's still hope! Here's a way to make it possible to use a key without having access to it. Meaning if you get hacked the key can't be stolen.Read the rest of this entry »