crypto

how many factors, anyway?

 crypto, risk, security, tech  Comments Off on how many factors, anyway?
Feb 242017
 
how many factors, anyway?

I’ve been using Google’s 2 factor authentication for awhile now, it’s simple to use and seems effective (and is probalby the most commonly used 2F on earth.) But how many factors is it, really? But perhaps I could try to distill this even a bit more, and go radical… is the 2nd factor really necessary or just a productivity hit/distraction? Once per month or so it dutifully asks me […]

 Permalink  crypto, security, tech, web  Comments Off on
Feb 052016
 

The free certs from https://letsencrypt.org/ do indeed work as described. I wanted to check them out for some public facing services I wanted to run. To get the certificate you run a program on a host that DNS resolves to the cert you want to get – so if “foo.example.com” resolves to 10.6.6.6, you need to install the cert generation program on 10.6.6.6, and have either 80 or 443 free (I […]

d3ck, d3ck, goose

 code, crypto, hack, philosophy, security  Comments Off on d3ck, d3ck, goose
May 132015
 
d3ck, d3ck, goose

A bit over 2 years ago I started on a journey that has become a bit surreal; I had what seemed like a modest goal, simply create something that would facilitate confidential (e.g. encrypted) sharing of information in an easy way. Then snowden came along, and things started become even more… interesting, in the Chinese way. Tragedy, comedy, farce, delays and complications beyond belief followed. But the basic problem […]

certificates and security

 crypto, philosophy, security, tech, web  Comments Off on certificates and security
Aug 052014
 
certificates and security

npm is the defacto package manager for the node.js javascript network programming environment thingee. The folks who make npm have taken a security leap: npm no longer supports its self-signed certificates Ah, they build the bastions of light and goodness, protecting us from the sins of the masses by standing tall. So… how do you install npm, anyway? Ah, yes, you look it up on their site… let’s see… why, […]

Even more IPMI, woohoo!

 BMC, crypto, embedded, ipmi, tech, work  Comments Off on Even more IPMI, woohoo!
Jun 052014
 
Even more IPMI, woohoo!

I wrote a small paper surveying the scene of IPMI in the wild – Sold Down the River – the title of which might give you some clue as to make on the situation. Used to be folks used guns to rob us… computers make everything so much easier!