Saturday, May 26 2007
today (at ph-neutral) I got my hands on a Neo1973 (OpenMoko) phone and I must say it is smaller and lighter then I expected. This is really good,
I had the fear that it would be kind of big and heavy. Playing with the software was kind of disappointing, it seems really slow. I know
the software is not final and probably was build for debugging.
Tuesday, May 22 2007
In early July I am giving my PocketPC MMS talk at
SyScan in Singapore. Looking at the speakers list you will find another trifinite member and many guys from Germany :-)
This will be my first time to Asia and I'm really looking forward to it!
Monday, May 21 2007
In Episode 21 in Season 18 (about 15 minutes into the show) Bart asks Lisa if he is on a secure line (24 reference), Lisa answers you are on a Bluetooth cellphone the most vulnerable device known to man.
This is way cool!
Thanks to Erik for pointing it out!
Wednesday, May 02 2007
some time ago I setup a new root server for a new project of a friend and myself, this time I wanted to
go full crypto. In the beginning I thought this might be a lot of work but as it turned out it is quite simple
if you do some thinking.
There are many ways to do this, this is how I did it.
The setup works like this: the server boots into a minimal system starting only the SSH daemon. The you login
and enter/upload the passphrase to unlock the disk(s). Finally you tell the system that you are done, after
which you are kicked out and the system completes the boot by mouting the real root partition and executing
init from there. At this point everything is as usual.
There are two basic parts in this setup: first building a good minimal system so you don't waste too much
space and second build the init script for the minimal system.
The minimal system needs to contain stuff like:
sshd, filesystem tools such as mkfs, fsck, fdisk, etc., cryptsetup, networking tools like ifconfig, route,
ip, etc., mdadm (if you run raid), and of course all the required libraries. The easiest way to do this
is using the recovery tool your hoster provides. Just setup a minimal system on one partition and strip it down
before moving it to the boot partition.
The init script is quite simple, it needs to do three things: first, configure the network (ip address and
route); second, start sshd; and third, start the actual system after the root partition has been unlocked.
My script works as follows: after sshd has been started the script waits for a file to be created in the
tmp directory. As soon as the file is created all ssh processes are killed, and the real system is booted.
Files:
file list of my minimal system
init script for minimal system (touch /tmp/READY_TO_BOOT after
you unlocked the root partition)
Some notes:
You need to encrypt your swap otherwise this is useless!
If you upload a key to your minimal system only upload to key to a ram drive, never write it to disk. Otherwise
all the work is useless!
Remember your key! Remember your key! Remember your key!
Todo:
Filesystem integrity check for the minimal system. This is a very hard task and I don't have a solution so far.