System Overlord

A blog about security engineering, research, and general hacking.


This weekend I'm going to be presenting a demo on ssh/gpg (e.g., cryptography and secure communications on Linux) at the Atlanta Linux Festival.  Some of the things I intend to cover include:

  • Basic SSH usage.
  • Public Key Authentication
  • SSH Tunneling
  • SSH Socks Emulation
  • GPG key generation
  • GPG signing and encryption (command-line)
  • Thunderbird integration (enigmail)

If anyone has any input on additional points to be covered or anything of that nature, please drop me a comment here or send me an email at david -at- webgroup -dot- org.

Cross-Platform Photo Tagger

I'm apparently looking for the impossible.  I want a cross-platform photo manager/tagger that can support concurrent access to a network share.

Here's the backstory:
My girlfriend and I occasionally travel and we take a LOT of pictures.  (Hey, digital cameras make it so easy, right?)  In the 4 years we've been together, I would say we have ca. 10,000 images.  And they're all sitting on a shared drive off my desktop.  They're in directories on a per-trip basis, but not really organized beyond that, so finding a photo involves scrolling through thumbnails: sometimes as many as 1000.  What I'd like to be able to do is access this share and tag the photos and be able to search through the tags.  Seems relatively straightforward, but since my girlfriend uses Windows, it needs to be cross-platform.  And I'd like it if it was (semi) stable if both of us access it at the same time.  I don't need photo editing, though I'd like to be able to directly open a local photo editor for cropping/other work.

Anyone know of something that meets these requirements?  If nothing can be found, I may end up implementing something in, say, Python, but I don't like to reinvent the wheel.

What Civil Liberties do we have left?

I know my blog is long overdue for an update, so this issue really got me started again.

After the Senate's complete ignorance of anything remotely resembling the American Constitution, they voted 69-28 to grant telecom companies immunity for their role in illegal and unethical wiretaps.  Looks like it's now okay to monitor communications without a proper warrant.  (The lack of warrant, admittedly, has more to do with the USA Patriot act than the FISA amendment.)

Sen. Obama, the presumed Democratic nominee for President, voted for the amendment.  Looks like his campaign speeches about civil liberties in this country don't extend quite so far as the Senate floor.  Perhaps he thought that he would be labeled as un-patriotic for supporting the Constitution.  In any case, I had been prepared to support Sen. Obama, however his vote on this issue and changes in his speeches since Sen. Clinton dropped out of the race has made me significantly question that.  Maybe he'd like to use the Constitution for White House toilet paper, if he makes it there.

Also notable is that Sen. McCain couldn't even be bothered to vote.  I guess he had better things to do, like the never-ending presidential campaign.  Or, perhaps, it just escaped his elderly mind, as things like the Bill of Rights and your job as a United States Senator tend to do once you reach his age.

In any case, it's a shame that there's no Presidential candidate who wants to support the people.  Instead, we will continue to have a country driven by a fear of 3rd-world people hiding in caves and remote villages in the Middle East.

British Police Don't Know Difference Between MP3 Player and Gun

[Normally, I stay away from politics on this blog, but this one is just over the top]

It seems that the British were taking notes when they invaded Germany in the 1940s -- it's time to throw civil liberties to the wind and throw people in jail for nothing, just in case they might try something later.  A man was arrested, fingerprinted, and DNA tested because the police are too blind to tell the difference between a gun and an MP3 player.  Additionally, once they realized they had made fools of themselves, they couldn't even offer a proper apology.  Oh, and in case anyone was missing it, they tracked him on CCTV cameras the whole way.  It wouldn't quite be a police state if we couldn't watch everyone at every second, now would it?

A Case of the Mondays

It seems like I have been hit with a case of the mondays.  My job (end user tech support at my school) sucks.  I don't mind helping people -- I love it in fact -- but I feel like a trained monkey sometimes.  90% of my time is spent resetting passwords.

In any case,  I am usually able to combat this with some of my entertainment sites (see below for the curious), but lately I've been looking more for a project to work on.  My learning process is heavily tied to getting something done -- I can read a book on Python (or whatever), but for me to understand it, I need a real-world project using it to work on.  No "hello world" application can grab my interest enough.  Perhaps it's some form of ADD.

So what does this all mean?  I'm becoming restless.  I need a project.  I've tried looking into becoming a MOTU, but I'm not sure I fully understand the process (and it's hard to fix bugs in apps I don't even use).  Something practical and useful, but not so large as to stretch into months or years.  (At least, I'd like something I can make progress on before months or years.)

Any ideas on ways to combat this crappy boredom?