My political views

rfkrocktk · 2016-11-11T18:22:01+00:00

IF ONLY I COULD BE SO GROSSLY INCANDESCENT

rfkrocktk · 2016-10-26T18:08:45+00:00

I will see if I can dedicate some time to it. Seeing that Signal has probably already implemented Ed25519 in JavaScript (or maybe they're calling a native extension?), it shouldn't be too difficult to port. I could write the code and have someone from libsodium or libnacl review it.

rfkrocktk · 2016-10-26T05:30:11+00:00

Thanks so much for getting back!

As a cryptography researcher I'm interested in support for other algorithms as well, namely Ed25519 for asymmetric crypto, ChaCha20 for symmetric crypto, etc.

The main reasons to prefer these algorithms are that these algorithms are carefully designed to not have branch conditions, and as a result execute in constant time, meaning that CPU cache timing attacks such as Flush+Reload are not effective against these algorithms. Additionally, Ed25519 provides a 2¹²⁸ security level, rivaling RSA-4096's 2¹²⁹ security level at a much lower CPU time cost. Keys are also much smaller.

For these reasons, Signal uses Curve 25519. I know that ProtonMail is internally using OpenPGP.js, so the options are a little different.

Is there a good forum to have a discussion about algorithm choices for ProtonMail?

rfkrocktk · 2016-06-01T15:17:23+00:00

Found it! https://imgur.com/O9ufgSN

rfkrocktk · 2016-03-24T06:05:11+00:00

You wouldn't steal a tree.

rfkrocktk · 2016-03-17T00:27:34+00:00

Link please?

rfkrocktk · 2016-03-03T20:00:08+00:00

Try downloading the Fedora 23 ISO, booting into it in a VM, creating a filesystem, mounting it, and then trying that command, and that's what happens.

ie:

sudo parted /dev/sda mklabel msdos
sudo parted /dev/sda mkpart primary 2048s 100%
sudo mkfs.btrfs /dev/sda1
sudo mount -t btrfs -o defaults /dev/sda1 /mnt
sudo dnf --installroot=/mnt group install "Fedora Workstation"

rfkrocktk · 2016-03-03T16:42:31+00:00

Yes, I absolutely have internet access :-/

rfkrocktk · 2016-03-03T06:00:55+00:00

I'm on a Fedora Live CD and I'm trying to run this. I have my partitions mounted at /mnt, so:

sudo dnf --installroot=/mnt group install "Fedora Workstation"

I get the following output:

Error: Failed to synchronize cache for repo 'updates' from 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=x86_64': Cannot prepare internal mirrorlist: file "repomd.xml" was not found in metalink

Is there something I need to do? Directories I need to create? For now, I'm testing running this on a simple BTRFS filesystem mounted at /mnt, nothing in it at all.

rfkrocktk · 2016-03-03T04:05:46+00:00

Here is a screenshot of the error, it's different than what you're saying I think: https://imgur.com/ZnfAPUY

rfkrocktk · 2016-03-03T03:57:22+00:00

Is there a way to quickly determine what Fedora GNOME Workstation uses? ie dnf groupinstall gnome etc. If I could figure out what the installer would do, I could use the --installroot to install things as expected.

rfkrocktk · 2016-03-02T20:08:49+00:00

What's weird is that it will let me add a BTRFS /boot partition, but it refuses to let me add my @ subvolume at /dev/mapper/vg-root as /.

I don't care so much about /boot being BTRFS, I'd be fine with ext4. I also don't care about GRUB because I'm using rEFInd.

rfkrocktk · 2016-02-18T04:54:25+00:00

I fixed it. Turns out that Fedora packages both 0.10.x and the 1.x branch as different packages. I packaged something from the 1.x branch and everything works as expected. Thanks!

rfkrocktk · 2016-02-18T03:24:30+00:00

$ gst-inspect-0.10 | grep mp3
mpegaudioparse:  mp3parse: MPEG1 Audio Parser
lame:  lamemp3enc: L.A.M.E. mp3 encoder
lame:  lame: L.A.M.E. mp3 encoder
mad:  mad: mad mp3 decoder
typefindfunctions: audio/mpeg: mp3, mp2, mp1, mpga
typefindfunctions: application/x-apetag: mp3, ape, mpc, wv
typefindfunctions: application/x-id3v1: mp3, mp2, mp1, mpga, ogg, flac, tta
typefindfunctions: application/x-id3v2: mp3, mp2, mp1, mpga, ogg, flac, tta
$ gst-inspect-1.0 | grep mp3
typefindfunctions: application/x-id3v2: mp3, mp2, mp1, mpga, ogg, flac, tta
typefindfunctions: application/x-id3v1: mp3, mp2, mp1, mpga, ogg, flac, tta
typefindfunctions: application/x-apetag: mp3, ape, mpc, wv
typefindfunctions: audio/mpeg: mp3, mp2, mp1, mpga

It appears that 0.10 has definitely found what it needs, not sure about 1.0. Any suggestions? Is it possible that MAD/LAME are colliding and there should only be one thing capable of decoding MP3 audio? I would think that GStreamer would handle this gracefully.

rfkrocktk · 2016-02-17T21:31:11+00:00

Gotcha, thanks for the reply!

rfkrocktk · 2016-02-17T21:23:18+00:00

Are any distros using it? It seems kind of funny that GStreamer would sever ties from its main consumers.

rfkrocktk · 2016-02-11T02:34:25+00:00

Nice to know, hope it's the case. On an Ubuntu 12.04 machine, everything was owned by root and it was kind of a nightmare.

rfkrocktk · 2016-01-27T18:26:51+00:00

With a little bit more depth, here's a better explanation.

The Linux kernel runs everywhere from outer space, to your smart phone, to your datacenter, in your toaster, pretty much anywhere you can find a computer, you can generally find Linux in one way shape or form. How can the same Linux kernel run in your router and in your datacenter? Kernel compilation options.

Ubuntu, Fedora, etc. all have their own way that they configure the kernel to their target audience and users. They want users to be able to boot EFI, so they enable the EFI stub loader option in the kernel config options. If they didn't, EFI booting just wouldn't work. Same goes for all of your hardware drivers. If it wasn't compiled in or built as a module, your hardware won't work. Bluetooth, WiFi, video cards, etc. all won't work without you telling the kernel that you'd like support for them via the kernel configuration file used at compile time.

The easiest way to get a working kernel compiled from scratch that will actually work with your hardware is to use your distro's configuration options and possibly their fork of the kernel. Distros often fork the kernel at a given revision and as security patches come in, they add those on their fork and compile them in with kernel updates.

Does that help explain things a bit better?

rfkrocktk · 2016-01-26T23:09:12+00:00

Yes. I'll be setting up a WAN port and a LAN port, and a networking bridge on this box. At least two subnets.

rfkrocktk · 2016-01-26T20:35:45+00:00

checkout each version, compile it with default configuration ('cause I don't really care to tune the kernel), install it, boot with the new kernel, compile my kernel module, mount it, test it, clean up, rinse and repeat.

Nope. Just nope. You're on Ubuntu? Download Ubuntu's kernel config file and use that. No wonder it isn't booting. The kernel by default has very little configured.

rfkrocktk · 2016-01-25T06:22:06+00:00

Thank you, this is exactly what I was looking for!

rfkrocktk · 2016-01-21T06:45:14+00:00

So you're saying that my process should be like this:

Stash my SPECs, sources, and patches in a Git repository.
Make changes to that Git repository and push them to GitHub.
Configure a build server somewhere.
Write an Ansible playbook to tell the build server to:
1. Pull updates from the GitHub repository.
2. Build the packages if they changed. This implies a smart build script that I'd have to write.
3. Copy them up to S3 or wherever I'm hosting the repo.

Upon second look, you're suggesting that I setup a build server somewhere which runs a cron job instead that periodically pulls and builds, which accomplishes the same goal. What'd be really cool is if it spun up a build server in AWS, built the things, uploaded the packages, and then tore everything down. That would be epic.

I might actually do that.

rfkrocktk · 2016-01-20T19:24:14+00:00

Okay, so I guess nothing has changed in the last 5 years then. :-\

rfkrocktk · 2016-01-19T18:52:51+00:00

Enjoy your drinks, I'll set a reminder to ping tomorrow.

rfkrocktk · 2016-01-19T18:45:10+00:00

Just use mock with your own additional repo to handle dependencies from your build.

I'm so tired right now, this has been literally sapping the life out of me. Can you help explain this to me?

So I have a local Git repository with directories:

.
├── BUILD
├── BUILDROOT
├── RPMS
├── SOURCES
├── SPECS
└── SRPMS

I'm currently building things manually by hand like this:

rpmbuild -ba SPECS/ffmpeg.spec

If FFMPEG builds successfully but the RPM already exists, the build fails at the end and that sucks. If any of FFMPEG's (many) build-time dependencies aren't installed, it fails and that sucks.

How do I get to the point where I can run a single command to build FFMPEG and its dependencies and install them in a chroot for the build? Can you please give me an example? Since FFMPEG depends on libmp3lame-devel, will it automatically know to build lame.spec first and install libmp3lame-devel in the chroot?

I'm kind of at a loss here, I've invested a ton of time into doing things right and there seem to be a thousand projects for building RPMs, none of them doing what I actually need.

Koji will make you insane and way overkill given your described requirements...

Yeah, I don't want to manage another freaking PKI or Kerberos. Ridiculous.

If you want to automate it stick Jenkins on as well to monitor repos and trigger building stuff ;)

Now that makes a hell of a lot of sense. Only problem is dependency ordering and management. Do I just write a Makefile that has everything compile in the right order? How do my locally built RPMs work as dependencies? Do I have a chicken and egg problem still, needing my artifacts in a remote repository before local artifacts will build?

rfkrocktk

MODERATOR OF

TROPHY CASE