Brad, in an unprecedented display of usefulness, has written up a nice little guide about using Truecrypt to protect your files, short and sweet.
I’ve previously blogged about Truecrypt you can read a bit of background on these entries:
On The Fly Encryption (OTFE)
Truecrypt Version 4
Most people who read this probably know by now I’m a bit of a mapping geek, I’ve been keeping track of my comings and goings since around 2000 using my trusty Magellan GPS 315. A few years back though I had a bit of a set back when years of tracks and waypoints covering 4 continents got lost when my Laptop got stolen and due to some unfortunate choice in application everything I had was useless since Fugawi requires a Dongle and won’t give me a new one.
A lot has changed since and I’ve mostly moved my whole life online to various services like Flickr. It means that my desktop becomes totally portable since no data resides on it and backups can be centralized etc.
There is a gap in the GPS tracks world though a few online services exist like MotionBased.com but with heavy restrictions for free usage.
I’m busy writing a online application that will allow uploading of GPS tracks in the open GPX format for online storing, tracking, graphing and so forth. The idea is to allow for basic storage of tracks and waypoints for the hiker etc but also to cater to runners, cyclists etc who would like to track statistics over time using GPS units.
Key requirement is for the data to be available to blogs and other personal sites, you can store your data on the my system and it will allow you to display it on your own site if you choose, but only for tracks that you actually mark publicly available.
A quick demo of the data it provides, the below is pulled in directly from the database as it stands at the moment, the links to maps and graphs will work. The graphs especially requires some work still.
(If you do not see a table with information above this then please visit this entry directly via a browser, you’ll need to have javascript enabled, it also seems some services like Bloglines strip out the javascript!?)
The above is from a walk that I took along the London South Bank on Saturday. The few data anomalies are due to bad GPS reception etc, I obviously did not walk on water, I’ll look into ways to normalize the data at import time. This demonstrates though that any blogger can import the data using just one line of code into their own blogs ๐
Sometimes I need to encrypt some stuff but do not want to install PGP or GPG. I typically use OpenSSL for this kind of thing and have written a simple frontend script to achieve strong password based encryption using OpenSSL. Sometimes you need public / private key encryption though, below will show you how to do it using just OpenSSL.
Public/Private key encryption is a method used usually when you want to receive or send data to thirdparties. The system requires everyone to have 2 keys one that they keep secure – the private key – and one that they give to everyone – the public key. Data encrypted using the public key can only ever be unencrypted using the private key. This method of encryption that uses 2 keys is called asymmetric encryption.
So by example if Person A want to send Person B data in a secure fashion she just have to encrypt it with Person B’s public key, only Person B can then open the file using her private key. There are other advantages to this kind of encryption. If I met you in person and gave you my public key, I can send you something electronically using my private key to encrypt it, if the public key you have can decrypt that data then you can trust that it was sent by me, it’s mathematical proof of identity. This is the basis for Digital Signatures.
Using OpenSSL on the command line you’d first need to generate a public and private key, you should password protect this file using the -passout argument, there are many different forms that this argument can take so consult the OpenSSL documentation about that.
$ openssl genrsa -out private.pem 1024 |
This creates a key file called private.pem that uses 1024 bits. This file actually have both the private and public keys, so you should extract the public one from this file:
$ openssl rsa -in private.pem -out public.pem -outform PEM -pubout |
You’ll now have public.pem containing just your public key, you can freely share this with 3rd parties.
You can test it all by just encrypting something yourself using your public key and then decrypting using your private key, first we need a bit of data to encrypt:
$ echo 'too many secrets' > file.txt |
You now have some data in file.txt, lets encrypt it using OpenSSL and the public key:
$ openssl rsautl -encrypt -inkey public.pem -pubin -in file.txt -out file.ssl |
This creates an encrypted version of file.txt calling it file.ssl, if you look at this file it’s just binary junk, nothing very useful to anyone. Now you can unencrypt it using the private key:
$ openssl rsautl -decrypt -inkey private.pem -in file.ssl -out decrypted.txt |
You will now have an unencrypted file in decrypted.txt:
$ cat decrypted.txt<br> too many secrets |
All of these examples use the RSA encryption method, some hard core mathematical information about it here.
There are a fair few limitations to this approach – it will only encrypt data up to the key size for example. And you really should never encrypt english plain text using a method like this. You’d use this to safely encrypt a random generated password and then aes encrypt the actual text you care about. Look in the comments for examples of that.
TaoSecurity pointed me to a new release of the (IN)SECURE Magazine, previously I was unaware of this magazine but having read the latest issue I can really recommend it to anyone interested in security.
The articles are well written and in depth, the magazine has some ads but they are well done and not intrusive at all. The article list for this issue number 5 are:
You can see it covers a wide range of topics, covers Windows, Linux and FreeBSD so there certainly is something for everyone in here. Check it out.
Google has become more than a traditional search engine to me – it’s become a means of navigation by keyword, like a application launcher on a traditional desktop.
This is of course not optimal, each time I want to generate a random password I used to just search for ‘random password’ and find the first available on line tool and just use that. In time I would know what to search for to find a specific tool I want to use and just repeatedly perform those searches. Not very fast but it worked in some way.
Enter YubNub a full blown command line for the web, users can define a keyword such as ‘g’ any query into YubNub for ‘g something’ will do a Google search for ‘something’.
To take my example of the password generator above further you can define (and someone has indeed done this) a ‘passwd’ command that is a front end to Winguides.com’s password generator. Simply typing ‘passwd 8’ into YubNub will give you 8 character passwords, not too shabby. The idea is sound and I like it, so what’s wrong?
Well lets say my company has it’s own policy for passwords that I’d need to use, I still want to use the web as my command line to this kind of tools but I’m stuck with YubNub’s ‘passwd’ not complying to my policy. I could in theory define a ‘rippasswd’ command that points to an internal server to produce my passwords but that is just bad for many obvious reasons. What you really want is your own version of this, and indeed you can download the YubNub source code and run your own. For most users though I think the full YubNub on their own systems might be overkill or you might just not be a Ruby on Rails fan.
There are other alternatives – one very notable one from Yahoo! called Open Shortcuts – this lets you do something similar by prefixing your keywords on their toolbar with a ! so you could search for “!passwd 8” and achieve the same goals. Yahoo goes a bit further you can create your own ‘passwd’ keyword overriding any existing one which effectively fixes one of the major problems I had with YubNub, except now you have to really be using the Yahoo toolbar which is not an option Yahoo is well known for their very very bad practices with delivering all sorts of nasties onto your computer along with their toolbar, so while the idea is great it isn’t viable.
Back in August I could not sleep one Friday evening and I wrote a self hosted keyword query system very much like YubNub except it is not intended to be open to everyone to add/edit keywords. This is specifically intended to host on your own machines – think company or personal intranet – it allows you to add your own keywords, it has a normal YubNub inspired user interface and also at the moment a Firefox Mycroft search plugin.
You can see my install of it at cmd.devco.net. Having used it now for 5 months I can safely say I cannot imagine my online life without it ever again, it has become as essential to me as Google itself. Looking at my stats I’ve done 2500 queries against it with only 1600 of them being Google, that means it has saved me from the search-click-click-click pain of using online tools that I had before. You can see which commands I have defined on mine here. I am going to release this as opensource to everyone soon, at the moment it requires Postgres but I intend to make it use SQLite instead and polish up the documentation etc a bit first.
Most readers here will probably know Synergy already, it’s a tool that lets you share one keyboard and mouse between two machines. The machines can run Windows, Linux, FreeBSD, OS X etc. in any combination. I don’t always realize it but this little tool is as integrated into my work environment as the computers themselves, I simply could not live with out it.
Till now getting it going on the Mac was a major pain, it involved all sorts of silly files being copied by hand etc, was hard to make auto start etc. Enter SynergyKM, it’s a GUI to Synergy, has a System Preferences plugin and sits nicely in the menu bar (optionally) showing your current status. It supports auto discovery of your current location via Bonjour otherwise you can just select your location like the normal network location tool on the Mac. It supports configuring both client and server mode.
