assorted pieces of random gobbledygook

All this rambling about not being able to boot WinXP on the new is beginning to really get onto my nerves.

I think it might actually be much easier to get other OS’s booting on the box not by relying on EFI but rather making use of OSX. After all, porting kexec from Linux to Darwin shouldn’t be too hard if I see things clearly enough. We can even do that without having the 10.4.4 source code for Intel (only the ppc tree is out, no new Intel specific bits have been released to this date): Device drivers have power management functions that get invoked when the system is put to sleep, shutdown or rebooted.

I am definitely planning to get a new 20″ iMac once I return from California in late February - however, I first want to see one in real life first. The plan is to visit the Apple Store in San Francisco on February 9th - before CodeCon. If nobody has made any progress on EFI till then I shall commence hacking on a kext to make my idea reality. Stay tuned.

I sooooooo want to see this band live! Rock on! Hopefully they’ll be touring Germany, otherwise I’ll have to catch a flight to Sweden sometime soon.

technorati tags: music

One of the biggest gripes I had concerning WordPress when I looked into migrating to it from blosxom half a year ago was that it required me to use a MySQL database. Using a fully blow SQL database for maintaining a blog is just pure overkill in my opinion. Databases of course have their place, but c’mon… Using them to store a couple of posts and comments is using a sledge hammer to drive a nail into a 2mm thick piece of balsa wood.

This has now turned into a real problem. The database performance of my web hoster just isn’t up to par. For some reason the WordPress people seem to have ignored a patch allowing for database abstraction; this would allow me to replace MySQL with SQLite. Hopefully it isn’t too hard to port this patch to WordPress 2.0…

Catching up with the mailing lists i’m subscribed to, I came across the following absolutely hilarious commentary by Peter Gutmann; a postscript to the endless discussions on the brokenness of the trust model of X.509 certificates.

From: Peter Gutmann
Date: December 31, 2005 1:49:21 AM GMT+01:00
To: cryptography@metzdowd.com, perry@xxxxxxxxx.com
Subject: Re: ADMIN: end of latest SSL discussion

Peter.

Of course I couldn’t keep my trap shut when Jacob Appelbaum recently dissed Rubberhose in a recent talk at the 22C3. So I decided to do some research into the current state of disk encryption myself. I haven’t been really following that topic since about the 2000 or 2001. I’m currently using FileVault, LUKS and GBDE on my boxen, but to be honest - even though I’m a cryptologist, I haven’t had time to research their security yet - save some failed attempts at reverse-engineering the DiskImages framework of MacOS X to figure out what exactly Apple is up to with FileVault.

The following links are without meant to be notes to self for future research.

Research papers:

I. Damgård and K. Dupont:

Universially Composable Disk Encryption Schemes (IACR ePrint, PDF)

K. Gjøsteen:

Security notions for disk encryption (IACR ePrint, PDF)

M.J. Saarinen:

Encrypted Watermarks and Linux Laptop Security (WISA 2004 proceedings, backup can be here)

Implementation reports:

Dowdeswell and Ioannidis: The CryptoGraphic Disk Driver (NetBSD)

P.H. Kamp: GBDE - Geom Based Disk Encryption (FreeBSD)

C. Fruhwirt: LUKS On-Disk Format Specification Version 1.0 (Linux, dm-crypt based)

Deniable encryption:

Phonebook (Linux)

Rubberhose (NetBSD/Linux) mirror only

TrueCrypt (Windows XP/2000/2003, Linux)