Objective-C Substrate Project

12 Sep 2006, 19:25 PDT

For the past few years, I've been fiddling with OpenDarwin's libFoundation in my spare time -- of which there is admitedly very little. For those new to the party, OpenDarwin's libFoundation project was an attempt to rewrite, refactor, and otherwise port the original libFoundation, as written by Ovidiu Predescu, Mircea Oancea, and Helge Hess, to Darwin. The end goals were simple. In order of importance:

The first goal was easily achieved, and surprisingly enough, I've been making some good progress on the second. With OpenDarwin's impending cessation of operation, I decided to set aside a week of my copious vacation time supplied by my generous employer to find OpenDarwin's libFoundation a new home, and tackle some difficult problems, including a unicode-aware NSString. I'm pleased to say that the week was well spent, and the newly christened Objective-C Substrate was the end result.

Read more ...

OpenVPN Auth-LDAP Plugin 2.0 RC1

12 Sep 2006, 18:01 PDT

I'd like to announce the first release candidate of version 2.0 of my LDAP authentication plugin for OpenVPN

This release is a vast improvement on the rudimentary 1.0 plugin -- new features include:

Read more ...

Splat 1.0 Release

19 Jun 2006, 13:49 PDT

Nick Barkas and I released Splat 1.0 today, on behalf of the Three Rings Department of Public Works. If you need to synchronise information with an LDAP directory, Splat provides a great plugin interface. Included with the distribution are plugins to create home directories, write out SSH keys with command restrictions, and write out .forward files.

We use Splat here at Three Rings to distribute SSH keys to all of our servers, allowing us to further erradicate password authentication. Splat can apply filters based on LDAP groups, so we can, for instance, apply a subversion command= restriction only on the subversion server.

Next splat plugins I want to write:

Announcing Splat: The Scalable Periodic LDAP Attribute Transmogrifier

26 Apr 2006, 15:24 PDT

Introduction

Splat is a daemon designed to help keep information in an LDAP directory in sync with information outside of an LDAP directory. This information can be any set of attributes on any object in the LDAP directory.

Splat was originally written for the purpose of distributing SSH keys from LDAP in a way that did not require modifying the SSH daemon.

In the process, we designed a generic daemon capable of pulling nearly any information from LDAP and using it in any way you see fit. Synchronize your LDAP directory with a relational database, update an organizational chart, or build a x509 certificate revocation list.

Read more ...

Bacula File Daemon Encryption Complete

05 Mar 2006, 10:44 PST

Introduction

I'm pleased to announce that Bacula's File Daemon now has complete support for signing and encrypting data prior to sending it to the Storage Daemon, and decrypting said data upon receipt from the Storage Daemon.

The code has been committed to Bacula CVS; usage instructions follow.

Read more ...

The DNS Dead Drop

28 Jan 2006, 12:10 PST

Storing Arbitrary Messages in Remote DNS Caches

A few months ago, I read Dan Kaminsky's presentation slides, Attacking Distributed Systems: The DNS Case Study. In the presentation, Kaminsky documents a method of implementing single bit data transfer with nothing more than:

After a particularly stressful week, I decided I needed to work on something fun -- an implementation of a DNS-based dead drop messaging system, utilizing Kaminsky's ideas.

Read more ...