Yo
Time for the obligatory first post! Every once in a while, I have something that I think justifies the effort to write down. When such a thing happens, I’m going to put it here. I’m not going to be...
View ArticleHow About This? An Introduction
From time to time (and more often when I have more free time), I wonder “Hmmm, how would I solve [insert problem here].”, and from time to time I think “How about this?” That’s what I’ll be using this...
View ArticleMy First iOS Security Bug
About an hour ago, I opened bug #18403015 on Radar, Apple’s bug reporting web site. This is not the first time I’ve reported a bug to Apple: I recently opened a different bug (#18347673) because iOS...
View ArticleAn Analysis of the CAs trusted by iOS 8.0
iOS 8.0 ships with a number of trusted certificates (also known as “root certificates” or “certificate authorities”), which iOS implicitly trusts. The root certificates are used to trust intermediate...
View ArticleCAs, Name Constraints, and a Business Opportunity
Warning! I am about to bring up a topic that others have talked about before: Name Constraints (as it applies to SSL, that is). Name Constraints is a way for a Certificate Authority (a CA) to say...
View ArticleThe 911 Test
On Twitter, Andrew Mayes posted a link to an October 3 story posted by The Verge titled This is what happens when 911 fails. The article talks about experiences people had trying to call 911, via...
View ArticleWeird object file warnings building Perl on OS X 10.11 El Capitan
I just recently got a Mac laptop with Mac OS X 10.11 (El Capitan) installed, and one of the things I do in a new system is install a local Perl environment using perlbrew. It allows me to install and...
View ArticleDeveloping on El Capitan? Need OpenSSL? Install MacPorts!
I’m right now experiencing the joys of setting up a Perl development environment on Mac OS X 10.11 (El Capitan). I’ve already talked about the weird linker warnings that appear when building Perl, and...
View ArticleUsing Net::SSH::Perl to sign stuff in SSH agents
Quick note for me: How to use Net::SSH::Perl to have a remote SSH key sign something, and then verify that signature later. use Net::SSH::Perl::Key use Net::SSH::Perl::Agent $a =...
View ArticleIdentifying spammers in your shared web service (featuring Postfix, auditd,...
Over the last week, we’ve been having a problem with spam in our shared web service: Something was sending out lots of low-quality, easily-blockable spam, and the bouncebacks were filling up the...
View ArticleUsing an OpenPGP card/Yubikey with SSH authentication? Don’t forget about...
Here’s yet another thing that hit me at work today, and getting the answer involved annoying searching & testing, so here it is for you! I use a Debian jessie workstation, and my SSH key lives on a...
View ArticleKarl’s Work Mac Setup
(This post is in beta) So, what all do I install, and why? The OpenSSH shipped in El Capitan is partially broken (GSSAPI Key Exchange doesn’t work). So, we build our own, including GSSAPI...
View ArticleConverting an Illumina workflow to a Singularity container
As part of my job, I support various labs (and other users) on campus. My work includes hardware maintenance, system administration, and software development. One of the labs on campus (the Quake...
View ArticleWelp, there go my Git signatures
Hello! If you already know about the RoCA vulnerability, and you know what I did about it (or you don’t care), then feel free to skip down to the good stuff! Signs of Trouble Monday morning, as I was...
View ArticleClik here to view.
Finding (and Trusting) the DoD Root CAs in macOS
Recently, I wanted to read about the NSA’s Commercial National Security Algorithm (or CNSA) Suite, which is their replacement to the Suite B algorithms. The web site for the CNSA Suite is...
View ArticleGetting an ECC Certificate from InCommon
I work at a University that is a member of InCommon. One of the benefits of joining InCommon is getting access to an unlimited number of TLS (SSL) certificates (including EV, client, and code-signing...
View Article
