I finally got tired of Achievo not remembering what projects I last used, so I whipped up a small greasemonkey script to do that. It just makes the selection sticky, nothing very fancy.

I am currently working on implementing a cryptographic file system using FUSE. It is different from EncFS and similar in that it just mirrors a normal directory tree, but encrypts the contents of the files as they are read or decrypted as they are written.

My use case is backups. I have some machines where I and only I have access, machines which may contain proprietary information, personal emails and so on. Of course, I want backups of those, so when the hard drives stop working, I don’t lose any data. The machine(s) I am backing up to, however are not always machines where I trust all the people with physical access to not make a copy of my data. In addition, I don’t want broken hard drives returned under warranty to contain unencrypted data. This use case is the reason for why I’m encrypting on read rather than on write.

I have chosen to use CTR (counter) mode together with AES which should give acceptable security. One of the requirements CTR needs to work well is a nonce, typically 64 bits (for 128 bit AES) which must not ever be used twice. If you use it twice, you leak information about your plaintext, which is, for obvious reasons, bad.

My current design headache is how to choose a good nonce. Ideally, I believe it should be persistent for each version of the file and unique per file. Using the inode number takes up 64 bits (on AMD64 at any take, or when using -D_FILE_OFFSET_BITS=64 on 32 bit platforms). So while this gives me the latter, it doesn’t give me the former at all. I am wondering if I should use the inode number modulo 2^32 (effectively choosing the lower 32 bits of the inode number) and then something which is fairly sure to never be the same, such as mtime (or at least the lower 32 bits of it, when time_t becomes 64 bit). The reason for not just choosing a completely random value is I don’t want a command like diff file1 file1 to claim there are differences in the file.

My hope was I’d get a great idea on how to solve the problem as part of writing it down. Alas, that hasn’t happened, so if you happen to come across a great solution (or a reason to avoid a particular choice), feel free to email me

In Soviet Boston, button pushes you. Here is proof:

I’m in the process of moving servers at the moment, and amongst the services I am moving is my authenticated, but public SMTP relay service. That service includes a basic web-based CA whose CA certificate is going to expire in July 2008. Apparently, it is possible to refresh CA certificates without having to distribute fresh certificates to all the clients. The magic steps, using openssl are:

First, generate a new CSR using the existing certificate and key as input:

openssl x509 -x509toreq -in cacert.crt \
  -signkey cakey.key -out renew.pem

Then sign it:

openssl x509 \
  -extfile openssl.cnf \
  -extensions v3_ca \
  -CA cacert.crt -CAkey cakey.key \
  -set_serial 0 -days 365 \
  -req -in renew.pem -out newcacert.pem

This information was quite hard to come by, so hereby put here so I can find it if I need it again.

Daniel Burrows writes about the feature of some call centres whereas if all operators are busy, it gives the caller the option of being called back. He’d like the nice twist of being able to enter his phone number on a web page and then be called back so he doesn’t actually have to call, then wait.

I’m not sure where Daniel lives, but I’m happy to report that this practice is quite common here in Norway, so it might well be on its way to whatever companies are local to Daniel.

Also, why does bloglines link to the completely wrong place on dburrow’s posts? It links to http://planet.debian.org/tag:blogger.com,1999:blog-$blah rather than the real URL.

Recently, I added some photo related blogs to my reading list, amongst them strobist, and so I came across a post about the Open Source Wireless Trigger. Being interested in both electronics and free software, I read through most of the posts on the forum as well as the wiki. I also started experimenting a bit with an old Nikon SB-24 flash I had lying around since even if I managed to break it, it wouldn’t be that bad. And it’s old and robust.

So far, I’ve played around with how to make the flash go off. For the hot shoe, it’s just shorting the ground and center pin (I just used a big resistor). For the PC connector, I had to apply a bit of voltage; I used an AA/LR06 battery and that worked splendidly. (Oh, and PC in this context has nothing to do with computers, it’s an abbreviation of Prontor-Compur, two shutter manufacturers who decided on the design of the connector back in the 1950s.)

Just like an infinite number of monkeys, given infinite time are likely to produce infinite copies of Hamlet, I knew that given an infinite number of blog postings by Clint, I had to find one which both made sense to me and which I agreed with.

Somebody please write a free syndicate (or syndicate wars) clone.

I just read Sun’s announcement of “Project Hamburg”. I am not sure what it is about, but that is not very important in this context. I have worked a bit with Intel lately and gotten introduced into a whole new world of code names such as Mccaslin, Menlow and so on. Up until now, most of them were obscure enough that I thought they were just random names picked from somewhere, but they are, like Sun’s names of geographical features, be it towns, cities, rivers or something else. The reason for this naming is, like Sun’s, that geographical names can’t be trademarked, though in this particular case, Sun supplied a short list of “why Hamburg” with some references to Hamburg’s history.

Some people on Planet Debian seem to think that using oil for pancakes is a good idea. They really taste so much better if you use real butter (and preferably an iron pan, not a non-stick one).

Oh, and a nice receipe, which almost matches another one is:

• 1l milk
• 4 eggs
• 5dl flour (I use a mix of coarser and finer flour, but you can use anything you want)

Mix milk and flour, then add eggs last (blends better that way).

Your lucky number is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0. Watch for it everywhere.