Well who knew? RAM persists!

God dammed Princeton kids! They broke everything!

Cold boot attacks on Encryption Keys

The best fix I could think of would be to wipe the key from memory (overwrite actually) immediately after you’re done using it. Also maybe keep it scrambled, but that wouldn’t be fool proof. Another idea would be to try to put the encryption key where it would be overwritten by the dump program. But you can’t rely on that either, you could easily transfer the ram into another computer where it wouldn’t be the only ram.

This doesn’t make disk encryption useless, its just something to be aware of. As long as you turn off your computer (and now you know to wait a minute for the ram to clear) your data should be ok.If you’re computer is unlocked when it gets stolen, then you’re screwed anyway. This research just found out that the lock closes a little slower then we thought.

It’s also very cool.

-Francis

Quotes from pulled from space, net, and time.

“It‚Äôs like Feynman says, physics is like sex ‚Äî it may give practical results, but that‚Äôs not why we do it.” – xkcd


” I see it in your eyes. You have the look of a man who accepts what he sees because he is expecting to wake up.” – Morpheus from The Matrix

Repeated by HunterTV in reference to a leaked RIAA training video made for US prosecutors. Everyone loves a good manipulation of government and society.


“Cowardice asks the question, ‘Is it safe?’ Expediency asks the question, ‘Is it politic?’ Vanity asks the question, ‘Is it popular?’ But, conscience asks the question, ‘Is it right?’ And there comes a time when one must take a position that is neither safe, nor politic, nor popular, but one must take it because one’s conscience tells one that is right.” — Martin Luther King, Jr.

Via Wikileaks who recently lost their domain name because a crooked bank who they exposed took them to court. UPDATE: of course as time goes on there’s more to the story, they may sort of have their domain back. The Cyberpunk review has some good coverage on this stupidness.


And I’ll leave this post off with a source of many good quotes.

“Please note, we have added a consequence for failure. Any contact with the chamber floor will result in an unsatisfactory mark on your official testing record, followed by death. Good luck.”

GlaDOS from Portal of course.

Virtual Computers (that exist nowhere except inside computers)

I’m currently in the market for a new desktop. There are a few things I want to do with it, and they range from pretty simple requirements that barely need mentioning, to some pretty complex ideas.

  1. Large amount of protected storage. Raid 5
  2. Ability to play somewhat recent games. I don’t play often but the occasional title catches my eye and I’d like to be able to try it out.
  3. Large amount of protected storage. Raid 5, having a single disk, actually bothers the hell out of me.
  4. I want to be able to play movies over the network from my server. Yes that’s a requirement. Though by now it should be filled

Scratch that. I’ve got some thoughts on my computing setup in total. First off, what I currently have.

  • A Macbook Pro, 2.33 GHz Intel Core 2 Duo with 3 gigs of ram and a 200 Gig hd. I back this up to a 300 gig external every so often. It’s my primary machine by far. I program and do unixy things on it mostly. I constantly wish it had more hd space mainly because it houses my 60 gig music collection too. Leopard and XP in bootcamp and via Parallels (Even though I own VMware and I trust it more. Also XP has 20 gigs of hd.)
  • A recently deceased Intel P4 with 2 gigs of ram and two hard drives 80 and 120 gig, running windows xp. It was old enough not to play new games. (No bioshock, but Portals ran just fine.) Lately I mostly used it to play movies and be a synergy server for my laptop (keyboard and mouse sharing).
  • A low end AMD server with some ram (512?) and a 1.5TB raid 5. It runs uTorrent, tversity (to stream movies to an xbox 360 which isn’t mine) and does it all in Windows 2003 server. I had a plan to host offsite backups that required windows 2003 server, but I’ve long since abandoned that stupid idea. It wasn’t worth it. Now because of the windows domain the server is in my mac wont smb mount it’s massive data storage reliably and I’m using ftp/http for file transfer.
  • The router is an even lower powered amd box with some ram and an underused 80 gig hard drive running IPcop. It works as a router just fine. It’s also a caching transparent squid proxy with logging disabled to protect the guilty users who use it (sorta – not from authorities but from my other roommates). It’s got shit vpn capabilities and it doesn’t do anything else, but it doesn’t need to.

Some things I’d like to do.

  • Run a lamp/svn stack at home not on my laptop and with a decent amount of storage available.
  • Have a vpn that I can connect to on my mac and on windows with no extra software. And little fuss.
  • Have my movies mountable on my mac. The fact that they are all sitting on a 1.5 TB raid formatted NTFS that’s almost full makes portability tough.
  • Still stream movies to the xbox, that is a wonderful feature.
  • Not spend hours and days of my life dealing with the nitty gritty of linux.

I haven’t tried ubuntu, It’s supposed to be a lot better then linux was 5 years ago during my debian days. Five years seems like a long time too, but I for some reason refuse to believe anything has changed. I need to go get a live cd. OSX lets me run apache, mysql, and php. I can compile anything I want fairly easily, and it’s pretty. Long ago it replaced linux in my life.

But linux might come back. I’m attracted to keeping things partitioned. I’ve had a lot of servers hacked and learned I don’t want to be a security expert. It’s tough and nothing is impossible to break into. You just have to keep backups, keep things separate, and have a few layers between you and anything else. There’s a limit to the defense in depth in my opinion. If you’re letting packets into a program, regardless of how firewalled it is. If it’s exploited it’s exploited. I’m a little too paranoid to run public services from home anyway.

Back to partitioning. I’m attracted to virtual machines, which while they run on the same hardware they are separate (enough). And you can run more then one at once. It used to be that virtual machines were slow and slowed everything else down. They sucked a lot. Now they’ve got built into hardware instructions on how to operate at a virtual level, while looking like you’re working at a normal level. Long story short, You can boot up an operating system on it’s own, or inside another operating system and it wont be the wiser.

I’m still learning exactly what that means. How do two os’s use hardware? Sound cards? Video cards? Obviously somethings need to be put on hold, or switched between OS’s. Also they got something they call Paravirtualization, which instead of the OS running on your hardware totaly, it runs on some virtual hardware (sorta like what VMware does with the graphics hardware). With that you can get near native speeds and reduce a lot of the overhead involved in running a virtual os.

I would like to be able to take care of some of my wants and needs by using virtualization, but I’m not sure if the technology is mature enough for me to play with it. (by all means, this stuff works, and it is being used a lot) It’s got to be easy and I got to be able to play my games. I also don’t want to invest hundreds of hours into it.

In the end I’ll probably just dual boot. For gaming virtualization is stupid. I’d want it for multiple dev environments. But honestly I’d want it for multiple servers mostly.

Grr… I guess I just talked myself out of playing with Xen for my desktop machine. I still got to figure out a way to migrate my server to linux.

Hope Some of that is useful to somebody.

They had it coming.

I’m going to link you to a new favorite webcomic of mine.

Over Compensating

When you get there be sure to know what this particular comic is talking about. Read the news section below. It’s important.

-Francis

PS The torrent is still at 20 seeds! I can’t guess how many people have downloaded it! Mainly because I wasn’t involved in most of those transfers. =) Let me know if you have any complaints.

Truecrypt 5!

WOOO!!! Mac version of truecrypt!

Also now you can boot your entire PC from truecrpyt! This is the first free implementation of this that I know of for windows. (I’m probably wrong.) But from what I’m reading it’s really really easy to do. That is probably a first. But without waiting for your entire drive to encrypt, you can basically set it up, reboot, and it will start to encrypt everything as you continue to use your computer normally. You can even reboot (or crash!) before it finishes and it will pick up where it left off. I wonder how much this would slow your system down, and how much of a pain it would be to fix hard drive problems. I imagine it would mess with volume managers, backup software (like mozy or trueimage) and in the end whoever has to fix it (me). It’s still cool, and worth playing with if you have a spare system laying around. I wouldn’t tempt bootcamp with it, but I encourage anyone with vmware or parallels to goto town.

http://www.truecrypt.org/

Home encryption getting easier to do right every day! I just home it works ;-)

Hacker Crackdown!

One of my new interests Cory Doctorow read a book (which is just as much in interest) called The Hacker Crackdown by Bruce Sterling. If you’re curious why a bunch of kids playing on computers have an entire culture to work with then you should probably read this book. If you’re curious about why in the beginning of the movie Hackers an entire SWAT team was allowed to storm a house (and presumably took every computer, electronic device, and piece of paper in the house for an indefinite period of time) then you should probably read this book. If your curious how the first and largest network in America came about and why it’s owned by AT&T (and still is) then you should read this book.

In fact let me help you out. I have an edited podcast of Cory Doctorow’s reading and a Gutenberg PDF of the book. Both perfectly legal as Bruce not only let his book be distributed for free electronically (since 1992!) he also gave Cory permission to read it as long as he distributed his reading for free. See where I’m going with this? Cory publishes all his work under The Creative Commons License which says as long s I mention it’s his work then I can share it as much as I like.

So have it it. I made a torrent, you can download it right here.
DOWNLOAD TORRENT OF THE HACKER CRACKDOWN

What’s a torrent? Well I can’t blame you it’s sorta new, and not everyone knows what it is yet. Go download uTorrent or azureus and read up on how torrents work. Both utorrent and azureus have documentation on how to use them but you basically take my small file and use it to get the set of files for the Hacker Crackdown. It’s a large mp3 and a pdf. I’d give you the files right here but they’re big and I have to pay for my server’s bandwidth! In fact I have a large enough audience that if I offered both files up for download and paid for all the bandwidth that you would all use I’d be in the poor house pretty quick.

So as long as people will “seed” the torrent (as I do at home, but as of this writing so do 15 other people so I don’t even have to anymore.) then anyone can download the files free of charge. And it frees me of charges too, because you’re getting the file mostly from each other instead of me.

I’m glad technology like this exists.