GPG Key Management Rant

Written on 12 Jul 2014, 5 min read.
2014 and it’s still annoyingly hard to find a reasonable GPG key management system for personal use… All I want is to keep the key material isolated from any Internet connected host, without requiring me to jump through major inconvenience every time I want to use the key. An HSM/Smartcard of some sort is an obvious choice, but they all suck in their own ways: FSFE smartcard – it’s a smartcard, requires a reader, which are generally not particular portable compared to a USB stick.

Continue reading...

Using StartCom Free SSL certificates with Cyrus imapd

Written on 12 Jun 2011, 3 min read.
A stumbled across Start Com a few months ago, an Israeli company that run a Certificate Authority (CA) called StartSSL with a root certificate in all the modern browsers and operating systems. Best of all they don’t participate in the cartel run by the rest of the SSL certificate industry and offer domain validated certificates at the price it costs them to issue them – nothing. I had the first opportunity to use their services today when I needed an SSL cert to secure the IMAP server I run for my parents and I was very pleased with the experience.

Continue reading...

Linux ignores IPv6 router advertisements when forwarding is enabled

Written on 11 May 2011, 3 min read.
IPv6 adoption is increasing, and along with it come a new set of behaviours and defaults that system administrators and users must learn and become familiar with. I was recently caught out by Linux’s handling of IPv6 router advertisements (RAs) when forwarding is also enabled on the interface. It took me a while to figure out and searching for obvious terms (such as those in the first half of the title of this post) didn’t immediately yield useful answers, so here is my attempt to help shed some light on the subject.

Continue reading...

Under the cover of the Kindle 3

Written on 07 Dec 2010, 8 min read.
For my birthday back in October, my wonderful wife gave me a Kindle 3 from Amazon. I’d been considering other e-book readers for quite some time, but I had mostly ignored the Kindle due to the lack of EPUB support and a general dislike of Amazon’s DRM enforcement. In the end, the superior hardware and ecosystem of the Kindle overpowered those concerns and overall I’m very pleased with the purchase. The screen is amazing, literally just like reading off a piece of paper and the selection of books is OK.

Continue reading...

Blacked Out – no “Guilt Upon Accusation”

Written on 18 Feb 2009, 4 min read.
If you’re reading this post via the website rather than a feed/planet then you will notice that the site has gone completely black in support of the Creative Freedom Foundation’s campaign against S92A of the NZ Copyright Amendment Act which is due to come into effect on 28th February 2009. I’ve also joined the wave of people blacking out their “avatar” on Facebook/Jabber/MSN, etc. S92A introduces “Guilt Upon Accusation” whereby if you are accused of copyright infringement (downloading music and movies, etc) “repeatedly” (likely 3 or more times) you are at risk of being disconnected from the Internet by your ISP.

Continue reading...

New Gadgets

Written on 08 Sep 2008, 6 min read.
It’s been a while since I last acquired new gadgets but I think I’ve made up for lost time with my last weeks purchases. You may remember that I’ve had my eye on the Openmoko phones since early 2007, but in between shifting across the world and starting a new job I never got around to purchasing one of the first versions. The second version, the “Freerunner”, was released in June this year and I placed an order with Pulster, a local distributor, shortly after.

Continue reading...

Ubuntu versions numbers on crack

Written on 13 Jul 2008, 2 min read.
On hardy after the latest round of updates: matt@krypton:~$ dpkg -s flashplugin-nonfree | grep Version Version: 10.0.1.218+10.0.0.525ubuntu1~hardy1+really9.0.124.0ubuntu2 Granted this package is in hardy-backports not hardy proper, but still, what on earth?!?! Comments Comment by Philipp Kern on 2008-07-14 05:05:38 +1200 Well, it’s documented in the changelog on https://edge.launchpad.net/ubuntu/+source/flashplugin-nonfree. Ubuntu more or less refrains from using epochs unilaterally[0]. This upload was done to undo a bad backport to hardy, i.e. an old version (9.

Continue reading...

The Australian Open Source Industry & Community Report

Written on 12 Apr 2008, 2 min read.
I highly recommend making some time to read the The Australian Open Source Industry & Community Report. Based on a census of the Australian Open Source community conducted at the end of last year, it presents a range statistics about the state of the Open Source community and industry in Australia. The report seems to be aimed at demonstrating to Government and Businesses that Open Source has become a very viable business strategy in Australia and in particular how increased adoption of Open Source would reduce the Australian trade deficit.

Continue reading...

POSIX/NFSv4 ACL Inheritance Problems

Written on 08 Jul 2007, 3 min read.
I (as root) have a directory hierarchy that I want a particular group to always have write access to. The files and folders inside the hierarchy are owned and manipulated by a wide variety of diffrent users. Essentially I want to delegate ‘root’ access for a portion of the filesystem to a particular group. My first attempt at implementing this was to use the standard POSIX ACLs that are available for almost every filesystem Linux supports.

Continue reading...