GPG Key Management Rant

Written on 12 Jul 2014, 5 min read.

2014 and it’s still annoyingly hard to find a reasonable GPG key management system for personal use… All I want is to keep the key material isolated from any Internet connected host, without requiring me to jump through major inconvenience every time I want to use the key.

An HSM/Smartcard of some sort is an obvious choice, but they all suck in their own ways:

FSFE smartcard – it’s a smartcard, requires a reader, which are generally not particular portable compared to a USB stick.
Yubikey Neo – restricted to 2048 bits, doesn’t allow imports of primary keys (only subkeys), so you either generate on device and have no backup, or maintain some off-device primary key with only subkeys on the Neo, negating the main benefits of it in the first place.
Smartcard HSM – similar problems to the Neo, plus not really supported by GPG well (needs 2.0 with specific supporting module version requirements).
Cryptostick – made by some Germans, sounds potentially great, but perpetually out of stock.

Which leaves basically only the “roll your own” dm-crypt+LUKS usb stick approach. It obviously works well, and is what I currently use, but it’s a bunch of effort to maintain, particularly if you decide, as I have, that the master key material can never touch a machine with a network connection. The implication is that you now need to keep an airgapped machine around, and maintain a set of subkeys that are OK for use on network connected machines to avoid going mad playing sneakernet for every package upload.

How I’m voting in 2011

Written on 24 Nov 2011, 3 min read.

It’s general election time again in New Zealand this year, with the added twist of an additional referendum on whether to keep MMP as our electoral system. If you’re not interested in New Zealand politics, then you should definitely skip the rest of this post.

I’ve never understood why some people consider their voting choices a matter of national security, so when via Andrew McMillan, I saw a good rationale for why you should share your opinion I found my excuse to write this post.

GPG Keysigning Update

Written on 26 Jun 2009, 2 min read.

From the better late than never category… I finally got around to signing keys from the LCA2006 key signing party, the verification sheet from which has travelled with me from NZ to Dublin and then sat on my desk for a few years. I inevitably lost a few of my notes and verifications along the way, so if you were still expecting a signature from me and didn’t get one let me know!

The government listened!

Written on 24 Feb 2009, 6 min read.

I was very pleased to wake up this morning to the news that National has delayed the introduction of S92A via an order-in-council. It’s a nice short-term victory, but I’ll save the champagne until the law is fundamentally rewritten.

The most pleasing aspect of the decision is simply that it was made at all. Within two weeks, a small band of protesters were able to harness the power of the Internet to direct international attention and place enough pressure on a Government, whose Prime Minister admitted to not having read the bill prior, that he then took the time to understand the issues and personally announce the delay in implementation of the law. We owe much thanks to the Creative Freedom Foundation for all the effort they put into co-ordinating the protest and ensuring that a single coherent message was presented. Just a little bit of my cynicism and belief that politicians never listen to public opinion outside of election campaigns was chipped away today.

Blacked Out – no “Guilt Upon Accusation”

Written on 18 Feb 2009, 4 min read.

If you’re reading this post via the website rather than a feed/planet then you will notice that the site has gone completely black in support of the Creative Freedom Foundation’s campaign against S92A of the NZ Copyright Amendment Act which is due to come into effect on 28th February 2009. I’ve also joined the wave of people blacking out their “avatar” on Facebook/Jabber/MSN, etc.

S92A introduces “Guilt Upon Accusation” whereby if you are accused of copyright infringement (downloading music and movies, etc) “repeatedly” (likely 3 or more times) you are at risk of being disconnected from the Internet by your ISP. The law does not require any proof or substantiation of the accusations and the entire process would occur outside of the courts and the established legal system. Not only does it place every user at risk, the wording is very unclear on exactly what type of organisation is considered an ISP and there is significant concern that schools, businesses, libraries and hospitals will be placed in the difficult position of determining whether their users have broken the law and require disconnection.

Ubuntu versions numbers on crack

Written on 13 Jul 2008, 2 min read.

On hardy after the latest round of updates:

matt@krypton:~$ dpkg -s flashplugin-nonfree | grep Version
Version: 10.0.1.218+10.0.0.525ubuntu1~hardy1+really9.0.124.0ubuntu2

Granted this package is in hardy-backports not hardy proper, but still, what on earth?!?!

Comments

Comment by Philipp Kern on 2008-07-14 05:05:38 +1200

Well, it’s documented in the changelog on https://edge.launchpad.net/ubuntu/+source/flashplugin-nonfree. Ubuntu more or less refrains from using epochs unilaterally[0]. This upload was done to undo a bad backport to hardy, i.e. an old version (9.0.124.0ubuntu2) was uploaded to supersede one with a higher version number (10.0.1.218+10.0.0.525ubuntu1~hardy1).

The Australian Open Source Industry & Community Report

Written on 12 Apr 2008, 2 min read.

I highly recommend making some time to read the The Australian Open Source Industry & Community Report. Based on a census of the Australian Open Source community conducted at the end of last year, it presents a range statistics about the state of the Open Source community and industry in Australia.

The report seems to be aimed at demonstrating to Government and Businesses that Open Source has become a very viable business strategy in Australia and in particular how increased adoption of Open Source would reduce the Australian trade deficit. You don’t need to worry about being put to sleep. The report is relatively casual in tone and easy to read with lots of bright graphs to present the key statistics and findings. Including:

POSIX/NFSv4 ACL Inheritance Problems

Written on 08 Jul 2007, 3 min read.

I (as root) have a directory hierarchy that I want a particular group to always have write access to. The files and folders inside the hierarchy are owned and manipulated by a wide variety of diffrent users.

Essentially I want to delegate ‘root’ access for a portion of the filesystem to a particular group.

My first attempt at implementing this was to use the standard POSIX ACLs that are available for almost every filesystem Linux supports.

Back on the Intarnets

Written on 12 Jun 2007, 1 min read.

Now that we’ve settled into our new apartment in Dublin, the ADSL has been connected and I’m back on the net!

Obviously I’ve had Internet access at work during this time, but there has been so much new information to take in that I haven’t really had time to do any Debian or WLUG work.

I’m still waiting for the shipping company to deliver my computers, so it will be another week or two before I have a development environment that can build and test package. Once that’s setup again I have updates queued for the following:

Travelling

Written on 30 Mar 2007, 1 min read.

In just a few hours, I’m hopping on Emirates flight EK433 from Auckland to Singpore, to start the first leg of my trip to Dublin. I’ll be travelling for pretty much the next month, so if you’re trying to get hold of me please don’t be offended if I take several days to reply.

Kat and I have setup another blog to detail our travels, and I’ll try and keep this blog free of too much personal stuff so as to not clutter the various planets that it is syndicated to. If you’re interested in our travels and what we are up to then head over to http://www.mattandkatbrown.com.

My DPL Vote

Written on 29 Mar 2007, 5 min read.

- - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
e0acebd2-71f1-4df8-ae4d-50355ad7aa81
[ 6 ] Choice 1: Wouter Verhelst
[ 6 ] Choice 2: Aigars Mahinovs
[ 3 ] Choice 3: Gustavo Franco
[ 3 ] Choice 4: Sam Hocevar
[ 2 ] Choice 5: Steve McIntyre
[ 4 ] Choice 6: RaphaÃ«l Hertzog
[ 1 ] Choice 7: Anthony Towns
[ 6 ] Choice 8: Simon Richter
[ 5 ] Choice 9: None Of The Above
- - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-

My rationale follows, if you care…

Dublin Bound!

Written on 06 Mar 2007, 3 min read.

I’ve accepted a job with Google and we’re shifting to Dublin!

Back in January, Kat and I decided that it was about time we put thoughts into action, and booked some one-way plane tickets to get ourselves to Europe. Our plan is to spend at least a couple of years (more if I have my way) exploring the other side of the world and generally broadening our horizons.

We leave NZ on the 31st of March flying on Emirates to Singapore. We plan to spend a couple of weeks in Malaysia visiting some of Kat’s extended family (who I’ve never met), followed by 3 nights in Singapore, a night in Dubai, finally ending up in London at Heathrow Airport on the 17th of April.