I finally got around to installing a Yubikey authentication server on my LAN, so I'm taking the opportunity to build a completely new infrastructure. I've had a few VPS running the services I've needed previously (proxy, VPN, tor, irc bouncer, etc), but will be nice to finally have all of those things local to my own LAN.
Part of my drive for implementing fresh services locally is to get away from leaving this data out there in the universe. I suppose I'll have some failover stuff hanging out somewhere out there, but what's the point of having a Yubikey if you don't run your own authentication server to keep the fascists out?
April 3rd 2014, 02:33:47 UTC
git clone git://git.gnupg.org/gnupg.git
That will get you a clone of the latest GnuPG source. You'll need a few tools to compile, like automake and autoconf and probably other tools I'm too lazy to track down right now. In g10/keygen.c run a search for "4096" and you'll see a line that looks a little bit like this:
unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
Change "4096" to "8192", run autogen.sh, then configure && make and voila! 8192-bit keys to keep fascist scumbag terrorists the hell out of your business.
January 2nd 2014, 06:09:46 UTC
So this post is about Bitcoin. I haven't talked about my involvement in the past, even though I've been mining since the first part of 2010. No, I'm not a millionaire. I sold most of my holdings in January of 2012 and then again in April of 2013. Of course I still have a pile of the things, just that what I have won't be getting me onto that Mediterranean yacht into the villa on Formentera as soon as I'd hoped. It's still an attractive number, regardless. Anyways, I've taken to selling small amounts on eBay considering the huge amount of press that's been generated about it.
Mostly what interests me about Bitcoin is Satoshi Nakamoto. I believe his/her/their -- hereafter referred to by the neutered English pronoun "him" -- identity is truly one of the greatest mysteries of our time. I've had some ideas here and there about tracking him down. There exist a number of interesting things to see in the Bitcoin world. The wallet that mined the first block
and the very first block of Bitcoin mined
, for example. Or the very first post by Satoshi about Bitcoin
as a currency, or as a piece of software
Lately I've been consolidating my effort and grouping it into a "special project" of mine. I'm a big nerd and have special "operation" names with component "project" names that sound like the old atomic weapons or military black project names. As a result, I can't tell you the operation or project name that got me results, but... I've isolated a piece of information that either no one has yet discovered, or at the least no one has yet published. Will I publish it? Perhaps, but only if I end up getting further along the highway in this endeavor. Who knows what the prize is for discovering his identity? A few Bitcoin? His entire wallet? Fame, fortune, and naked women? Or most likely just some street cred with other cypherpunks.
December 1st 2013, 23:31:16 UTC
So I've got a pretty concise and thorough article on using Salt
to spin up an AWS EC2 instance as an OpenVPN server. All of the individual instructions are explained alongside justifications for needing to know these kinds of operations from a philosophical standpoint. It also reads well, but I'm biased.
Originally I had written the article for a pretty big name in the Linux world on the advice of someone at the company I work for. However, that opportunity fell through and it looks like the poor thing is now an orphan. It wasn't sent to the editors of the intended publication so it hasn't been vetted (or rejected) by anyone. That being said, I've been published previously and hope it's clear from this website that I can write with something approaching articulation.
I'm going to send this article along to a few other publications in the hopes of seeing it in print. I would also like to see the knowledge spread far and wide, so that every reader learns a healthy amount of antiauthoritarian guerilla network knowhow.
If you're into tech publishing and want to read it, I'd be happy to send it along.
November 25th 2013, 07:32:24 UTC
I know PHP very well. Due to the nature of web development -- and considering my history as a business owner in that particular industry -- knowing the Pre-Hypertext Processor is a requirement. Here's thing: If computer languages are like Santa's elves, PHP would be the slow, fat, retarded one. And I say that with a sense of love. Sort of.
Lately, my duties at work have shifted from systems administrative tasks designed to improve the structure and quality of our internal network, to more regular software development tasks. The previous assignments gave me the chance to gain intimate working knowledge of how our network and resources are put together. Now I am working on tasks more aligned with the development of pfSense, the open source Unix firewall at the center of our business.
This week and last, it meant developing a proprietary pfSense plugin for use by the company I work for in keeping customer licensing and support data aligned with the newest version of pfSense (2.1). Developing a plugin means writing PHP. It also meant working with the UI, which is a tale for another time, since it is built using HTML tables. Anyways, it was the first time in probably a year that I had written anything completely unique in the language, and PHP didn't waste a moment to bare its fangs in the worst way.
My first complaint about PHP is its reserved keyword namespace. Last I checked, there were over 3,300 functions in the primary language namespace. That's three thousand and three hundred functions in the primary namespace! Nobody can convince me that levenshtein() or metaphone() are absolutely necessary in the core PHP language. No sane human being (that isn't a linguist) would devise a language that has functions like these available without even needing to import them into the namespace.
Ignoring the huge fatness of the language namespace, as well as the fact that these functions seem to have been named by cats (Yeah, I'm looking at you, htmlspecialchars() and strnatcasecmp()), there are other issues. For example, filter_var() has several options that are incredibly important, because PHP is one of the premier languages used on the Internet. For example, FILTER_VALIDATE_EMAIL or FILTER_VALIDATE_URL absolutely need to work without a hitch. Surprise! They don't! Several email addresses and URLs that are valid according to the RFCs won't pass this filter.
Another problem that might affect everyday programming is PHP's stupid handling of isset() on any variable. PHP will return a boolean false when isset() tests a variable that exists and is set to null. Hey, braindead language developers! Null-set variables are NOT the same thing as non-existent variables! If you want to redefine null as a value, then do it and say so in the documentation. That being said, something tells me this isn't a language decision, but a function written incorrectly.
Sometimes writing PHP makes me feel angry and betrayed, because for a language so ubiquitous on servers around the world, it's sure got more than its fair share of stupid caveats.
November 17th 2013, 02:29:42 UTC
I've had the great misfortune of causing a stir online about the extremely poor service now offered by ResellerZoom, which is also known as HostingZoom and ModVPS and JaguarPC. It was my very first reseller account years and years ago, probably back in 2004. I've had some problems with being invoiced properly since JaguarPC purchased the company, but it wasn't until the last month or so that the service itself has really completely tanked. DAYS of downtime for various reasons followed by the head of support of the company actually lying during damage control. In the end, I decided that enough was enough and moved my domains the hell off of their service. If you're in the market for any hosting services... DO NOT move forward with HostingZoom/ResellerZoom/ModVPS/JaguarPC. You WILL be making a terrible mistake that you WILL regret.
At work recently I ran into a few problems setting up Dynamic DNS with the DHCP server on FreeBSD 9.1, using TSIG keys with DNSSEC. We have a medium-sized network with a variety of resources that need to play well together. It turns out there were a few small problems working against me. There seems to be a bug or some other fundamental and esoteric problem with getting those update keys to work properly with 'allow-updates' in the individual subnet definitions.
There's a billion other things I'm trying to get working both at the office and on my personal network. I just wanted to put a small update here to let everyone know that I'm still alive. :)
Besides the above, I took my beautiful wife to Nashville to visit my brother and his family and their newest addition. We also went to a Taylor Swift concert, which was actually pretty good. There were a lot of screaming little girls, but beyond that, it was a good concert.
September 24th 2013, 04:44:30 UTC
Aloha. Sorry about the downtime. I know you were riveted to the refresh button waiting since June for something to pop up. ;) Here it is!
I had used Lunarpages
hosting since about 2004. They're a really great provider and I recommend them for fast, cheap, robust shared hosting. My needs (and skillset) have moved beyond shared hosting, and this site (among all of my others) are now hosted on my own private "mad science" network of VPS.
I'm building a couple of open source projects with enthusiasm, and moving to Austin, Texas at the end of this month to start working for a friend of mine. I'm extremely excited about this development, even if my wife will be in Sweden for a month without me.
One of the projects I'm working on is called the Shroud Project
. It's a set of browser extensions -- and hopefully someday soon, mobile applications -- designed to take a bite out of the efficacy of the fascist, illegal, unconstitutional NSA catchall surveillance machine that, if left unchecked, will lead us straight into an American holocaust.
Another project I've been working on is a small, commercial, web security and notification product called Site Seal
, one of the companies I lead. I don't expect to make a ton of money off that product, it's just a little something to help the world stay safe and secure in these trying times.
July 7th 2013, 04:14:54 UTC
Oh boy. I had a few friends over last weekend for my wife's birthday party, and one of them reminded me of a strange phone number circling the web about six months ago. We couldn't remember the specifics in our beer haze, but the next morning I got a message with the whole story.
Fast forward a week and I'm wading knee-deep in the abyss. Or wading knee-deep in the ABISM, if that's more appropriate. I can't really explain what OTP22
is beyond "a kind of ARG, maybe, or possibly an old semi-secret government system" ... or something along those lines. You will just have to look for yourself.
for creating graphs. Not graphs that managers want to see in finance reports, but graphs that computer scientists use to study relationships among datasets.
And you have my sincerest apologies if you get sucked into OTP22. Don't say I didn't warn you!
April 7th 2013, 09:23:03 UTC
It's hard for me to tell you how much I hate Microsoft products. I've been using Linux since the early 90s and exclusively for just over a decade. I have never in my life had a machine that ran any version of Windows exclusively. It was a dual-boot setup, or restricted completely to a virtualized environment. In fact, I started programming on an old 386 with MS-DOS v6.22. Turbo C compiler. But I digress...
Anyways, the last week or so I've been helping my best friend do some work for a client whose workforce is 100% IT worker drone and therefore whose product base is entirely Microsoft branded. Nothing is easy to do with Microsoft's shit. There is always a silly layer of abstraction in the form of paternalistic dialog boxes asking me if I'm absolutely certain I want to do what I just told it to do. Of course, you also need to have your credit card handy because about half of the things an operating system is supposed to do on its own costs money in the Microsoft world. Keep that credit card out. At the very least, you'll need it to unzip whatever you download. Let's just not mention the resource hoarding and completely audacious technical blunders that Microsoft developers managed to cram into one, single, shitty box of software.
Back to the point. When I say "IT worker drone" here, you know the type: Loud, unjustifiably cocky and arrogant, annoying, completely devoid of any depth of knowledge, and generally lacking in any real computer skills. "IT worker drones" are the people who don't know enough about computers to know that they don't know a goddamn thing about them.
In other words, IT worker drones are noobs, but noobs that never blossomed into something beautiful. Their development was stunted at some point and they are forever relegated to performing basic help desk functions and generally enraging real programmers, because everything becomes a worthless competition. Don't get me wrong: I love competition. But what these people do is fail to bring anything worthwhile to the table, thereby essentially wasting your time -- and the Earth's precious oxygen -- with totally meaningless and stupid "non-content" in a futile attempt to make themselves look good in front of the large segment of the human population to whom technology and technical subjects are basically just different ways of pulling a rabbit out of a hat.
My real problem with Microsoft comes from my truly deep and eternal loathing for the IT worker drones of the world. Microsoft products share an interesting symbiotic relationship with the IT worker drone archetype. It is reasonable to say that the point-and-click, half-broken, buggy, featureless, expensive shit made my Microsoft was built to cater to the IT worker drone personality. It is equally reasonable to say that the huge brain-dead IT worker drone population -- having lost career momentum at the confluence of total cluelessness combined with a false veneer of technical knowledge as seen by that ninety-nine percent of humanity to whom technology is magic -- was an easy target for the niche market identified and exploited by Microsoft.
Because of the nature of the Department of Veteran Affairs, I am required to enroll in certain classes that fulfill degree requirements on paper that I don't actually need to graduate in practice. One of the classes I am being forced to endure is ITS 144: PC Maintenance and OS Installation. It is one of the final requirements of an IT certificate at the community college. There are almost thirty IT worker drones taking the class, which meets every Friday for three hours. Three. Hours. This week is the tenth week of the semester and I have been to a grand total of two Friday sessions. The reason for my absence should be obvious. Otherwise, read this post from the top.
As I grow older and spend hour after hour tossing programming books into the huge bonfire in my brain, assimilating enormous volumes of specialized, technical knowledge as I have done now for twenty years -- for the single reason that I love computers and programming -- I find myself growing increasingly impatient and severely less tolerant of the entire herd of halfwits and mouth-breathers targeted (and incubated) by Microsoft.
March 5th 2013, 11:41:17 UTC
Location-Based DNS Load-Balancing. Sounds relatively simple, right? Depends. There exists an ACL-based method using the free GeoIP databases from maxmind.com. However, the author of that method claims a lookup speed of 88 milliseconds on a 1Ghz processor. No, thanks. It defeats the purpose of serving different IPs to get your clients closer to your edge. There is, however, a nice little link
to another, much faster method. It involves patching and compiling your own BIND 9.x release to work with the same IPv4 country database.
The method described there is a step-by-step to patching the source. It only changes three files and if you look at the diff, you'll see that BIND was already pretty close to understanding the database natively. Another reason you should read the diff is that you'll see it only supports the country database, not the city database. Lastly, if you read the diff, you'll see what exactly the patch author wants to do to your system, and you should always, always, always
be aware of what a third-party patch does before applying it.
Oh, and, uhh... Note to self: The GeoIP City database needs to be named GeoIPCity.dat, not GeoLiteCity.dat as it is named in the extracted file. That
was two hours gone. Doh!
One cool thing from RL: In my discrete math class, our current homework project is to code up the RSA algorithm. I've heard from a lot of other people that discrete math is the class "they" use to weed out people from computer science. I fucking love
February 10th 2013, 10:17:36 UTC