If you have BT broadband and want to graph the synced speed and actual use of your broadband connection, and you use the BT provided router (Home Hub), then you can’t use SNMP to get these counters. But you can get the data over HTTP without too much trouble. Here’s some ugly one-liners for doing that.Read the rest of this entry »
These are my notes on how to set up a system securely, in a way that would prevent attackers from being capable of performing an “evil maid attack”.Read the rest of this entry »
I decided to combine these two problems into one solution:
- Modern CPUs are idle way too much of the time. Why have all this computational power if we don’t use it?
- I have these funny old Quake demos that there’s no good way to convert to something playable.
My solution is to convert Quake .dem files to .pov files and render them with POV-Ray.
Update: New better screenshot:Read the rest of this entry »
You spend all your waking time at a keyboard. This blog post is about keyboards, and can be summarized as: Buy quality, cry once.Read the rest of this entry »
I've previously blogged about a secure connection between browser and proxy. Unfortunately that doesn't work on Android yet, since except if you use Google for Work (an enterprise offering) you can't set Proxy Auto-Config.
This post shows you how to get that working for Android. Also it skips the stunnel hop since it doesn't add value and only makes Squid not know your real address. I'm here also using username and password to authenticate to the proxy instead of client certificates, to make it easier to set up.Read the rest of this entry »
This is just a quick note on how to create .icc colour profiles in Linux. You need a colour calibrator (piece of hardware) for this to be useful to you.
Read the rest of this entry »#!/bin/sh NAME=$1 COLOR=$2 DESC="Some random machine" QUALITY=h # or l for low, m for medium set -e dispcal -m -H -q $QUALITY -y l -F -t $COLOR -g 2.2 $NAME targen -v -d 3 -G -e 4 -s 5 -g 17 -f 64 $NAME dispread -v -H -N -y l -F -k $NAME.cal $NAME colprof -v -D $DESC -q m -a G -Z p -n c $NAME dispwin -I $NAME.icc
Let's say you don't have a TPM chip, or you hate them, or for some other reason don't want to use it to protect your SSH keys. There's still hope! Here's a way to make it possible to use a key without having access to it. Meaning if you get hacked the key can't be stolen.Read the rest of this entry »
The wonder of UNIX is that you can delete running binaries and loaded shared libraries. The drawback is that you get no warning that you're still actually running old versions. E.g. old heartbleed-vulnerable OpenSSL.
Server binaries are often not forgotten by upgrade scripts, but client binaries almost certainly are. Did you restart your irssi? PostgreSQL client? OpenVPN client?
Find processes running with deleted OpenSSL libraries:
Read the rest of this entry »$ sudo lsof | grep DEL.*libssl apache 17179 root DEL REG 8,1 24756 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
In my last blog post I described how to set up SSH with TPM-protected keys. This time I'll try to explain how it works.Read the rest of this entry »
Not long after getting my TPM chip to protect SSH keys in a recent blog post, it started to become obvious that OpenCryptoKi was not the best solution. It's large, complicated, and, frankly, insecure. I dug in to see if I could fix it, but there was too much I wanted to fix, and too many features I didn't need.
So I wrote my own. It's smaller, simpler, and more secure. This post is about this new solution.Read the rest of this entry »