Lots of great articles in the October 13, 2014 New Yorker, all connected by the common theme of knowledge is power. Who knows what and when gives one a considerable edge. Nothing surprising, but reading about it from several perspectives reveals just how true the old saying is.
more...
Reflections on a few security vulnerabilities; some recent, some less so.
more...
For the past few years, I’d been opting out of the new airport scanners. Initially I had several reasons for this decision, but over time things changed, and after some reflection I realized the most compelling rationale I now had each time I opted out was “I opted out last time.”
more...
“Startup culture starting to resemble a pyramid that has folded in on itself, exploring funding topologies Ponzi never dreamed of” - Pinboard
Funding topology is definitely a subject worthy of further research.
Copying another idea from Old New Thing and porting to unix. This time it’s Piping to notepad. Instead of starting a new notepad process, let’s feed stdin to any existing window.
more...
At the g2k14 hackathon in July, I thought about a new interface for SSL connections. One of the most frequent complaints from OpenSSL users was that it was too much work to do anything, and one of the most frequent complaints from advanced users was that it was too much work to do anything correctly. Notably, failure to check the hostname in the cert against the hostname of the network connection is an unfortunately common mistake. And so was born the ressl (reimagined SSL) interface. Joel Sing (jsing) ended up implementing it first, putting the libressl in LibreSSL.
more...
OpenBSD has lots of version numbers, each incremented at their own pace and for their own reasons. Here’s a rundown.
more...
They’re potato chips. Why would they have gluten? “Gluten free” is the new “won’t turn pink in the can”.
Matthew Green asked for a password generator that’s easy to enter on a phone.
more...
At the core of the bcrypt pbkdf is the magic string c"OxychromaticBlowfishSwatDynamite". The particular value of the string doesn’t change the algorithm, but the hash works by encrypting this string. All generated outputs are really just ciphertext versions of the magic string. What does it mean?
Let’s arrange the words on a 4x8 grid.
Oxychrom
aticBlow
fishSwat
DynamiteAn interesting pattern emerges with the capital letters. They form a triangle. Let’s take the letters inside.
xy
atic
fish
ynAtic fish? Y/N? hmmm. Two lines of two letters with a y and two lines of four with an i. y? i? They’re the only letters repeated, and perhaps have some other relationship (“change the y to an i...“). We’ll have to think about this some more. For now, let’s combine lines of equal lengths.
xyyn aticfishyy is very unusual in English. Maybe it doesn’t belong. Or maybe it’s a hint about the i as well? There seems to be some relationship between i and y, certainly. What if we delete the ys and the is and also the letters between the is? As so:
xn atshAnd suddenly the hidden message is revealed. It’s an anagram for thx nsa.