January 18, 2021

Public TOR IPv6 Only Gateway

These days, I feel like TOR is really getting pushed as only a method for anonymous internet browsing; almost entirely focused on HTTP. However TOR hidden services are really neat. They are the opposite of the client use case of TOR and are for server anonymity. The problem with TOR hidden services is that they require the clients to run the TOR software to view at all. Worse, for connecting to any other service besides HTTP requires jumping over some significant hurdles. The client side configuration for visiting hidden services is actually harder than the server side configuration.

April 15, 2018

Two factor for SSH, revisited

There are a great many guides that are using google authentication as a two factor source for SSH, and this is fine for one off servers where you are the one and only admin of that server. However there are several problems for a multi-server and/or multi-user environments. Let’s review these problems, getting a better understanding of two factor auth, and some solutions.

Problem 1: The secret key is stored in your user’s home directory on the server. With it, you can generate tokens at any time. This means that if your server gets compromised, they can now generate your one time tokens at will. If you have 10 servers using the same token, they can generate that token for all of them.

February 8, 2016

Exchange/Outlook is pretty dreadful.

I recently started at a company that uses exchange for email, and enforces that you use the exchange connectors. This means no IMAP or POP; only MAPI and EWS. I have tried giving it a fair shot that past few months, but I am fairly frustrated. It’s actually not entirely outlook’s fault, but its a large part.

Problem number one is a legacy problem. One email can only exist in one folder. This is great at small scale, and is far less confusing when you “delete” a message, however when you’re getting 500+ emails a day multiple views is a plus.

February 1, 2016

Keybase?

Key distribution is hard, no doubt about that. Keybase has a pretty good idea on its head, but falls on its face at the finish line.

The keybase approach of authenticating a key belongs to someone is by signing an advertisement for keybase with your private key and posting it to a social media account. This is actually a pretty decent idea, people are generally pretty sure their facebook/twitter/etc friend is the person they think it is. The more accounts you link to keybase, the harder it is for them to spoof being you, and ergo makes your public key’s authenticity pretty good!

January 23, 2016

SSHCRYPT

The other day, my friend was asking how to encrypt a file public key. I assumed he meant a PGP key, but he was actually talking about ssh keys. A quick google shows people have asked this question before, with kind of lack luster answers.

The majority of ssh keys are actually RSA keys, which is good as they are the only type of ssh keys which can also encrypt. It also happens to be the majority of PGP keys are also RSA keys. As a result, the underlying encryption of PGP messages and authenticating to a server are usually the same.

January 16, 2016

Bitcoin will never be what people want it to be

If you ask 10 different people what bitcoin is, you will get at least 10 different answers. I say at least 10, because many people have several different answers. For this article, I will try to leave as much of the technology behind bitcoin out of the discussion. There are tons and tons of articles about the technology behind bitcoin, and I’ll link to those instead of reinventing that documentation.

December 31, 2013

Xbox One

The Xbox One is a device that is so chuck full of potential, that seems to be setting itself up for a failure. One that is of its own doing, and is one Microsoft as a company likes to repeat. That is not to say that it is all bad, but could have been so much better right off that bat.

One of the main problems is that Microsoft is moving to a single OS for all devices. Their computers, phones, tablets, and video game consoles all run the same OS. This is actually a good thing. This means that all improvements to any one product can be applied to all their products. The problem is that they had to make a clean break from their existing code for the 360.