Erik L. Arneson — Writer and Software Developer

Using WireGuard over xfinitywifi

2024-11-08T00:00:00+00:00

If you are a Comcast Xfinity customer, you hopefully know that you can log into WiFi hotspots wherever other Xfinity customers have them enabled, all using the SSID xfinitywifi. You may have also figured out by now that WireGuard doesn’t seem to work over this WiFi service without additional tweaking.

Well, I have tweaked a WireGuard configuration until it seems to work.

I searched the Web for quite a while to find a good solution, and there seemed to be a general feeling that the MTU needed to be adjusted. Lots of people offered various solutions.

Through some experimentation, I discovered that on the client-side WireGuard configuration, the maximum transmission unit (MTU) needed to be set to 1280. Apparently this is a significant number because it’s the lowest possible MTU for an IPv6 network. Setting the MTU so low will impact performance, but if you are going through a WireGuard VPN, performance probably isn’t your biggest concern.

In the end, your client-side WireGuard configuration, which is located in /etc/wireguard/wg0.conf if you are on Linux, should look like the example below. Note in particular the MTU and AllowedIPs line.

[Interface]
PrivateKey = <your private key>
Address = <your ip address and netmask>
DNS = <your DNS server>
# This MTU line is the important one!
MTU = 1280

[Peer]
PublicKey = <your public key>
PresharedKey = <your pre-shared key>
Endpoint = <your endpoint>:51820
# This is important for client-side routing!
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25

This became important to me because I’ve been shifting over to using a secure travel router when I am out and about. The router I chose to go with is the GL.iNet GL-SFT1200 Opal, and it has built-in WireGuard support that you can enable with a switch on the side. It is very cute and effective. This allows me to use WireGuard to create a VPN tunnel back to my home network, which gives me the ability to use my dual pi-hole setup from anywhere in the world!

If you have been struggling with that pesky xfinitywifi network and its weird settings, I hope this helps. It took me too long to find the right solution!

Many Posts of Interest for January 2024

2024-01-18T00:00:00+00:00

Once again, I have collected far too many links over far too long a period of time. Anyhow, here is a collection of blog posts and links from around the web that I found to be good reading over the past couple of months. Is it too late in January to say Happy New Year?

2024 has been a pretty weird year for me so far. I spent the first couple weeks of the year in isolation, and then Portland got hit with a Snowpocalypse (I love how that’s a regular thing now), followed by freezing rain. This is the third day in a row that the sidewalk outside my front door is basically an ice skating rink. That means it’s a great time to do some reading!

Security

Privacy is Priceless, but Signal is Expensive [Security] I really appreciate this incredible breakdown of Signal’s costs and how they use donations. Signal is cool. You should be using it. For real.
Breaking Laptop Fingerprint Sensors (Bruce Schneier) [Security] Do people actually use their laptop fingerprint sensors? I hate mine. I just disable the dang things and use a password.
Surveillance by the US Postal Service (Bruce Schneier) [Security] To Catch a Thief, starring Cliff from Cheers.
Senator Ron Wyden of Oregon opens discussion of push notification surveillance by Apple and Google (Rick Turoczy) [Security] There is some interesting legal stuff going on around the ability of tech companies like Apple and Google to use push notifications to capture user data that could be used for nefarious purposes. Definitely a story to keep your eye on!
Holding NSA’s Feet To The Fire (jcs) [Security] Here is a second post about Senator Ron Wyden. He appears to be fighting the good fight! Go Senator Wyden!

Emacs

Transient for convenience with emms [Emacs] Tory Anderson shares a really convenient EMMS control panel that uses the new version of transient.
Talk to Emacs with a GPT4 Co-Worker [Emacs] Gallagher Pryor shares a method he has for speaking to Emacs using ChatGPT-4. This is from back in November, so perhaps he has a package now!
Jeremy Friesen: Mentoring VS-Coders as an Emacsian (Jeremy Friesen) [Emacs] I really enjoyed this talk about moving people away from VS Code and toward Emacs. The big takeaway for this talk seemed to be that demonstrating what Emacs could do was going to be more effective than just arguing. Let Emacs win just by letting it do what it does.
Jeremy Friesen: Test Driving a Campaign Status Document (Jeremy Friesen) [Emacs] This post has some superb ideas for running a TTRPG campaign from Emacs. I’ve been doing this for a while, but my documents get really messy. I need something a bit more structured.
EmacsConf backstage: Using Spookfox to publish YouTube and Toobnix video drafts (Sacha Chua) [Emacs] I love how crazy this is: using spookyfox to work with YouTube’s crappy interface to do things to videos. Go Sacha!
Charles Choi: Improving Emacs isearch Usability with Transient (Charles Choi) [Emacs] This is pretty cool. I recently learned about how rich the isearch feature set is, but I haven’t played around with it a ton yet. Another thing to add to my Emacs to-do list!
William Denton: Basic citations in Org (Part 1) (William Denton) [Emacs] This is an excellent introduction to how citations work in org-mode. There are four parts in the series so far, so keep reading!

Programming

Pike’s Rules Of Programming (jcs) [Programming] These are some good rules, even if they can make some parts of programming a little less exciting.
Variations on styling variables in SSGs (Bryce Wray) [Programming] I am still using Sass a lot more than the vanilla CSS stuff that should be replacing it. Also, I am starting to see that this is a change I’ll need to take in my future WebDev adventures.
Firefox on the brink? (Bryce Wray) [Programming] Bryce Wray is warning (or predicting?) that Firefox may be in a very dangerous spot in its loss of user share. This is really disappointing, given how evil Chrome continues to be. And it’s only going to get more evil. Convince your friends to run Firefox!
Zachary Kanfer: Numberdle! (Zachary Kanfer) [Programming] This is a really fun browser game for people who enjoy numbers more than words. Move over, Wordle!!

History

Finally, here’s something fun to share with the kids.

The Teddy Bear Was Once Seen as a Dangerous Influence on Young Children Before gifting stuffed animals to the wee ones in your life, consider that bears are dangerous!

Posts of Interest for November 2023

2023-11-16T00:00:00+00:00

I was planning to make posts like this more regularly, but I entered into a period where I was thinking, huh, I am not collecting very many links. But I was wrong, I was collecting links. I collected too many. And now look at everything you have to read! I am sure these links will keep you occupied for a while.

Security

Tech CEO Sentenced to 5 Years in IP Address Scheme (BrianKrebs) [Security] This is an interesting story: five years in prison for stealing IP addresses! I guess you shouldn’t do that.
Defense in depth: Layering your security coverage (Sue Poremba) [Security] Security isn’t just at the edge. Layers are very important, as this article reminds us.
How The Thompson Hack Worked (jcs) [Security] Aaaah! This is an amazing look at Ken Thompson’s 1983 Turing Award lecture. How can we trust software? Do we trust software? You’ll enjoy this one and it will tickle your inner computer nerd.
Pentesting vs. Pentesting as a Service: Which is better? (Josh Nadeau) [Security] What is pentesting and how does it work? Well, now you can know.

Emacs

Whatever happened to Guile-based Emacs? [Emacs, Mastodon] This thread on Mastodon has some insights into what ever happened to a Guile-based Emacs.
Andrey Listopadov: You don’t need a terminal emulator (Andrey Listopadov) [Emacs] Andrey Listopadov explains how he stopped using a terminal emulator because he’s all about that Emacs. Nice!
Emacs Line Wrapping (jcs) [Emacs] For several years, I have been dealing with a line-wrapping annoyance in Emacs that I just couldn’t figure out. It turns out it was filladapt, a package that apparently isn’t used often anymore, but I hadn’t noticed. I disabled the package and everything just works the way I want it to. Arrrgh!
Does Working From Home Damage Productivity? (jcs) [Emacs] I have mostly worked from wherever-I-want for the last 14 years, and I’d have it no other way.

Games

Kensett: A Free 19th Century Urban Cartography Brush Set for Fantasy Maps (K. M. Alexander) K.M. Alexander shares a lot of cool brush sets for creating maps for fantasy games. I have been trying to figure out how to use them, and this one really caught my eye. Check out all of their brush sets!
Lovat’s Genesis: City of Darkness (K. M. Alexander) I am once again running a D&D game, with a homebrewed campaign, so I think it will be fun to include a few RPG-related posts every once in a while. Seeing how others get their inspiration is really helpful when I need to find some of my own.

History

The Silent Treatment: Solitary Confinement’s Unlikely Origins [Pub 20231101] A very curious history of solitary confinement and its origins, presented by the Public Domain Review. This is worth a read.
What Emoji Tell Us About the History of Tea I love the strange history of tea, and the Smithsonian has managed to tie this history to tea emoji. So that’s cool.
Divide and Concur: A Radical Plan for Peace in Europe (1920) [History] This is an amazing and bizarre plan for bringing peace to Europe in the 1920s. It is worth looking at and puzzling over.

Posts of Interest for 13 October 2023

2023-10-13T00:00:00+00:00

This is the second of my “posts of interest” posts. This week, I have also included some interesting Mastodon posts, because the Emacs community on Mastodon is thriving like crazy. It is really a blast to see so much interest in Emacs and so much activity.

If Mastodon interests you, find me there!

Programming (1)

Scheme in the browser: A Hoot of a tale – Spritely Institute Yes, SCHEME IN THE BROWSER. This is pretty cool, go check it out.

Emacs (6)

Text showdown: Gap Buffers vs Ropes [Programming, Rust] Troy Hinckley has been working on building the core of Emacs in Rust. This sounds like a very difficult project, and it is informative and interesting to follow along. The latest entry in his saga involves various ways of storing and working with text buffers, along with many benchmarks. This is an interesting read!
ELPA and Emacs Zine (September 2023) The new ELPA and Emacs Zine has released its latest issue, with some pretty interesting stuff about the current state of tree-sitter and how development is progressing.
Emacs Macros [Mastodon] Emacs macros remain kind of a mystery to me, but they were presented in an interesting way recently: these are ways to provide a high level of automation in Emacs without learning how to program Emacs Lisp. Well, they are worth checking out, then!

Taking advantage of tree-sitter [Mastodon] This is a really cool Emacs function that takes advantage of tree-sitter to copy the current function. I think it might need something to detect if tree-sitter is active, and error out if not.

(defun my-copy-function-name-with-ts()
  (interactive)
  (let ((funcname
         (substring-no-properties
          (treesit-node-text
           (treesit-node-child-by-field-name (treesit-defun-at-point) "name")))))
    (kill-new funcname)
    (message "Copied name: %s" funcname)))

XMPP in Emacs [Mastodon] Fabio Natali on Mastodon reports that his XMPP usage would be more consistent if Emacs supported it better. In particular, he misses E2E encryption support. I’ve also had a lot of difficulty with moving to XMPP.
Alex Schroeder: Posting to Oddµ from Emacs (Alex Schroeder) Alex Schroeder provides a simple, straightforward way to use the url package in Emacs to post stuff to another service. In this example, he uses Oddμ.

Security (4)

C-suite weighs in on generative AI and security (Chris McCurdy) More on the adoption of generative AI and security risks. 96% of business leaders say adopting generative AI makes a security breach likely in their organization within the next three years! That’s certainly something to think about.
10 years in review: Cost of a Data Breach (Jonathan Reed) Data breaches are dang expensive! We all know that. This piece explores some of the most important factors in preventing and mitigating data breaches. There have been some changes in recent years, some of which are caused by the rise of importance in AI. That means you should probably read the article.
The fraud was in the code (Molly White) In the SBF court case, they actually used a code review to show fraud.
Bounty to Recover NIST’s Elliptic Curve Seeds (Bruce Schneier) Here is a delightful story about the history of NIST elliptic curve cryptography and how things came to be. Also, a cryptographic puzzle about where they may be going!

Posts of Interest for 6 October 2023

2023-10-06T00:00:00+00:00

This is my first attempt at using elfeed-curate to collect interesting blog posts and share them. I have also attempted to subscribe to the RSS feed for the #Emacs hashtag on Mastodon, but that doesn’t seem to be working correctly yet. I’ve seen other blogs do similar things, but is this useful for my blog? I don’t know! Let me know what you think.

Computers (4)

The intriguing announcement of Cloudflare Fonts (Bryce Wray) [Programming] Oooh, this is cool. Bryce Wray talks about the introduction of Cloudflare Fonts!
What to know about new generative AI tools for criminals (Mike Elgan) [Security] Generative AI is still a minor concern for security professionals, but the threat is rising! This is an interesting look at the state of the art and current means for addressing the threat.
Alex Schroeder: 2022-03-20 Torchbearers and bodyguards (Alex Schroeder) [Emacs] Alex Schroeder continues his exploration of running tabletop RPGs using Emacs. Check out the other blog posts in the series—they are a lot of fun. I have been playing with Emacs for running TTRPGs, as well. Someday I’ll explain my methods.
Elfeed-curate (jcs) [Emacs] Elfeed-curate sounds like a really neat package. This is my first annotation using that package, which I will soon attempt to export.

Portland (1)

Tour of Untimely Departures – SOLD OUT! (lfadmin) The Tour of Untimely Departures is an annual event at Lone Fir Cemetery in Portland. But guess what? It’s already sold out! It sold out a while back, but I didn’t notice because my RSS feed for the Friends of Lone Fir was broken.

New PGP Key for 2018

2018-05-24T21:10:43+00:00

I’ve upgraded to a 4096-bit RSA OpenPGP key. The new key fingerprint is FB05 D043 5BA4 6C32 66AE 2F74 17D0 60A6 16EC 3D6E and you can download it by clicking on that link.

The key is also available on your favorite PGP keyserver, or through my Keybase account.

Driftwood Public Library Follow-Up

2017-05-01T17:27:58+00:00

Driftwood Public Library is great! I had a wonderful time in Lincoln City speaking about secret societies and cryptography. Links to my slides are below.

Secret Societies in Fiction How Computers Changed Cryptography

For a bibliography for “How Computers Changed Cryptography”, check my notes for my OMSI Science on Screen talk.

Also, I would like to thank the ‘D’ Sands Condominium Motel for sponsoring the talks and providing me with a really lovely room.

[caption id=”attachment_708” align=”aligncenter” width=”1024”] This is the view from my motel room balcony at the ‘D’ Sands.[/caption]

OMSI Science on Screen Wrapup

2017-03-29T16:51:34+00:00

My talk at OMSI last night, “Computers and the Dawn of Modern Cryptography,” went really well. It was a great crowd and there was a good Q&A session afterwards. I’m going to keep this post really brief. First, there will be slides for my talk. Following that will be a brief bibliography if you’re interested in learning more about this fascinating topic.

Click here to download my slides.

Bibliography

Singh, Simon. The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography. Reprint edition. New York: Anchor, 2000. This book is the best resource I've found for a logical breakdown of how cryptography and cryptanalysis worked for WWII cryptology.
Boone, J. V. A Brief History of Cryptology. Annapolis, Md: Naval Institute Press, 2005.
Copeland, B. Jack, ed. Colossus: The Secrets of Bletchley Park’s Codebreaking Computers. Oxford ; New York: Oxford University Press, 2006. I can't wait to explore this book more! It is a massive collection of articles and papers from a wide array of authors.
Drea, Edward J. MacArthur’s ULTRA: Codebreaking and the War against Japan, 1942-1945. Modern War Studies. Lawrence, Kan: University Press of Kansas, 1992.
Wilcox, Jennifer, United States, National Security Agency/Central Security Service, and Center for Cryptologic History. Sharing the Burden: Women in Cryptology during World War II. Fort George G. Meade, Md.: Center for Cryptologic History, National Security Agency, 1998.

In addition, almost all of the photos and information on individual cipher machines can be found at Crypto Museum. This is a rich and bountiful resource for those interested in the internal workings of modern encryption.

OMSI Science on Screen: The Imitation Game

2017-03-17T20:17:00+00:00

On March 28th, I will be giving a lecture called “Computers and the Dawn of Modern Cryptography” at OMSI as part of their Science on Screen program. I’ll be speaking and answering questions just before a screening of The Imitation Game, starring Benedict Cumberbatch and Keira Knightley. I am really excited about this opportunity! Please come down to OMSI for an informative lecture and an excellent film.

Buy Tickets Here

From StartCom to Let's Encrypt

2017-01-20T00:33:04+00:00

This past Fall, a bunch of big names removed StartCom from their trusted SSL Certificate Authority list. As a result, when I renewed my SSL certificates this year, I went with Let’s Encrypt. It was a pleasant experience, because Let’s Encrypt uses a command-line client called Certbot that does most of the heavy lifting for you.

After certificate renewal, everything is still looking pretty good. Please let me know if you have any SSL problems with my website through the contact form.

Security Link Rodeo: Privacy, Your Passwords, and Hackers

2015-06-19T21:34:02+00:00

Edward Snowden wrote an op-ed in the New York Times where he argues that people are finally starting to care about privacy and preventing global surveillance. And though we care more, we also feel more powerless, according to a recent survey.

Online password database service LastPass had a serious security breach. Encrypted master passwords were leaked. This further outlines the problem with our current password-based approach to security. We need something better!

https://twitter.com/intermedia_net/status/611925215526961152

Things are getting better for privacy and security on the web. Cedexis reports that SSL use is on the rise, and about 35% of the traffic they are routing is encrypted now. After switching to SSL, you might want to read about hardening your WordPress site against malicious use.

Finally, learn how to hire a hacker on the deep web, and read an interview with Jesse Victors, a new Tor developer.

https://twitter.com/ste_trombetti/status/451355792923688961

The featured image for this post is from Flickr user Marc Falardeau.

How to Increase Your Privacy on the Web

2015-06-12T15:01:30+00:00

This week, I’m going to share a few links about how to lock down your PC to increase your privacy on the Web. There are a number of things that can be done, even if it’s something as small as turning on tracking protection in Firefox. As I’ve written about many times, our privacy has been under attack since before the Internet existed. You are not powerless, regardless of what you may think.

https://twitter.com/runasand/status/606958744396828673

Why Firefox?

If you want to increase your privacy, Firefox is your best bet. The author of Security Spread wrote a thorough analysis, in which he said, “I’m looking at this review from just the security and privacy perspective and I must say that Mozilla’s Firefox is the best. Both when it comes to ‘out of the box’ features and available add-ons.” He’s not the only one. Many security experts, analysts, and amateurs seem to agree that Firefox provides the strongest privacy protection.

Firefox is also available for most mobile devices, as are the extensions I mention below.

Configuring For Privacy

Now that you’ve listened to me and a bunch of other strangers on the Internet, you’ve got Firefox installed. Let’s get started! The first and easiest step is the “Do not track” setting. Go into the Privacy panel of your Preferences and check Tell sites that I do not want to be tracked.

This setting sounds good, but it might not do much. Mozilla says on their website, “Companies are starting to support Do Not Track, but you may not notice any changes initially.” This means that it’s only the nice, polite companies who didn’t realize they were doing something unsavory who are going to stop tracking you.

You should also disable third-party cookies. These are cookies set by a website that can be read by another. For example, Facebook “Like” buttons do this. Sometimes they’re necessary, but you should experiment and see what works for you. You should still be on the Privacy panel, so select “Use custom settings for history” from the History > Firefox will: drop down. Then change Accept third-party cookies to “Never”.

These settings are a good start, but there’s more we can do. To go further, you’ll need some add-ons and plugins.

Privacy-Enhancing Plugins

Remember that you need to try to protect your privacy not only from parties trying to track you via cookies, ads, and websites, but also network providers, corporations, and governments who have access to your raw Internet traffic. The add-ons below attempt to address both of these situations.

HTTPS Everywhere

The Electronic Freedom Foundation provides HTTPS Everywhere. This is an extension that works for Firefox, Chrome, and Opera, so even if you ignored my advice to install Firefox, you should still be able to use this. It does everything it can to try to make an encrypted connection to a website. In Firefox, it provides you with a drop down menu that lets you know how many encrypted and unencrypted connections you’ve made to the current page.

Ghostery

Ghostery is an extension that blocks third-party tracking. It works with Firefox, Safari, Chrome, and Opera. Currently, it claims to block 2,019 different trackers, which seems like a lot. It has a nice interface that lets you pick and choose which trackers you will block on each site. For instance, you could allow WordPress analytics to work on this website, or you could universally allow Cedexis Radar for performance reasons.

Adblock Plus

On top of Ghostery, you’ll want to install Adblock Plus. This extension is available for Firefox, Safari, Chrome, Opera, and a number of other lesser-known browsers. Addblock Plus can be used to block additional content and trackers that Ghostery might not be catching. However, it takes more configuration. You will want to visit the Addblock filter list to decide what to block.

And Others

There are other add-ons and extensions out there. Here’s a pretty good list. Note that I didn’t cover some of the other staples, like NoScript. This is because I don’t want you to get frustrated by usability issues on the Web and give up on protecting your privacy all together.

Heavy-Duty Privacy: Tor

If you really want privacy, and you’re really serious about it, you’ll want to use Tor. Using it correctly takes some learning, though. I would advise you to read as much as you can, and then ask me questions about it. To get started as fast as possible, you should check out the Tor Browser, which is of course based on Firefox.

That's Just a Start

Unfortunately, you have to remember that most eCommerce websites, advertisers, and governments don’t want you to remain private. You will need to pay attention to what you’re doing online. Be mindful of your activities and remember that anything you release into the wilds of the Internet might be traceable back to you—forever.

"Privacy is not something that I'm merely entitled to, it's an absolute prerequisite." ― Marlon Brando

The featured image is a screenshot of the SSL certificate for rya.nc. RyanC writes about how he created the certificate here.

Security Link Rodeo: Silk Road, the Patriot Act, Alan Turing, and Your Passwords

2015-06-05T17:33:25+00:00

The man behind the Silk Road, Ross Ulbricht, received a life sentence after being convicted of money laundering and drug trafficking. It’s estimated that he made around $18 million on the website, which ran as a hidden service in the Tor network. Some of the operators for the Silk Road argue that it was a haven for libertarian philosophy, but does that really excuse the amount of damage they enabled? The Economist notes that since the Silk Road fell, illegal drug sales on the Internet have doubled.

Security Intelligence discusses the effectiveness of password security questions, pointing out that they are particularly weak points in a system. Two-factor authentication or some kind of physical key are definitely better. And when it comes to passwords, there’s a better way that produces easy-to-remember pass phrases!

Bitstamp, an online Bitcoin marketplace and wallet, now offers debit cards. I’ve used Bitstamp many times in the past and it’s always worked well for me.

Section 215 of the Patriot Act finally expired! Not willing to really stop bulk surveillance, Congress then pushed through the USA Freedom Act, which has nothing to do with freedom. Find out how long your mobile phone carrier will retain your call data in this handy chart. Demand Progress rightfully foamed at the mouth.

https://twitter.com/demandprogress/status/605849691675189248

Phil Zimmerman is still not happy with the state of privacy in the United States. He’s right to be concerned.

Two more papers are available from Alan Turing, the father of modern computing and an important cryptologist.

Finally, the UK Government has documented security guidance for Ubuntu. Read the document. It has a lot of really good suggestions for securing your Linux machines.

https://twitter.com/OUHOSCollection/status/603588936020131843

Security Link Rodeo: The Patriot Act, Logjam, and Hacked Websites

2015-05-29T17:51:59+00:00

Kind of good news: Senators Ron Wyden and Rand Paul teamed up to squash the Patriot Act extension. It’s going to expire on June 1st unless another vote is called on the 31st. The USA Freedom Act (which I think is good?) unfortunately didn’t make it through Senate, either.

https://twitter.com/RonWyden/status/601979044318547969

Regarding the Logjam vulnerability that I mentioned last week, if you’ve got a cloud server and you’re generating new Diffie-Hellman parameters, make sure you’ve got good random numbers! Digital Ocean has advice on generating sufficient random data on cloud servers. The short version is that you should be running haveged on all of your servers.

https://twitter.com/dholmesf5/status/601848616525942784 Here’s an informative and easy-to-understand description of the Logjam attack by Matthew Green. He just happens to be one of the cryptographers who helped discover the problem. And the EFF talks about the implications of Logjam and how the NSA is a bunch of jerks who really don’t care about our privacy at all. Seriously, NSA. It’s like you don’t even want to be our friend!

The creepy mobile spyware app mSpy was recently hacked, resulting in a leak of about 400,000 user accounts. They spent a long time denying it. You can check HaveIBeenPwned to see if you’re one of the users.

Last week it was also revealed that AdultFriendFinder was hacked, leaking about 3.9 million user records. Even worse, it is possible that “AdultFriendFinder may not get rid of data after customers leave.” This is just a reminder that you need to be mindful about what you share on the Internet. If you want to keep information secret and secure, make sure that you are the only one in control of it.

https://twitter.com/SwiftOnSecurity/status/601854610018414592

The featured image for this post is from Flickr user Jason Hollinger.

Security Link Rodeo

2015-05-22T20:57:00+00:00

My four-week History of Cryptography class at Portland Underground Grad School is almost over. While I’ve had plenty of experience with speaking to audiences about difficult subjects, this has been my first time with an ongoing class. I think I’m learning as much as my students! Because this class has helped rekindle my passion for cryptography and computer security, this link rodeo is going to focus on those subjects.

Crypto superstar Bruce Schneier has written a good overview of the new Logjam attack against the Diffie-Hellman key exchange protocol. If you want to test your browser and various websites against the bug, check this website. The CloudFlare blog also has a good explanation of the Logjam attack.

https://twitter.com/NSA_PR/status/601163480499093505

GNU Privacy Guard (GnuPG) version 2.1.4 was released earlier this month. Read the announcement here. The exciting thing about the 2.1 releases is that they support elliptic curve cryptography (ECC), and allow you to create ECC public keys. I still find ECC difficult to understand, but here’s a pretty good introduction written by Nick Sullivan.

Finally, back in February, Moxie Marlinspike wrote about how he hopes OpenPGP will die someday. I, on the other hand, still use it regularly and enjoy it! In fact, I’m going to encourage you to check out the FSF Email Self Defense website so you can get started with encrypting your email today. When you’re ready, drop me a line using my OpenPGP key.

The featured image for this post is courtesy of Flickr user Jaymis Loveday.