19:53 Tue, 12 Sep 2006 PDT -0700

Objective-C Substrate Project

For the past few years, I've been fiddling with OpenDarwin's libFoundation in my spare time -- of which there is admitedly very little. For those new to the party, OpenDarwin's libFoundation project was an attempt to rewrite, refactor, and otherwise port the original libFoundation, as written by Ovidiu Predescu, Mircea Oancea, and Helge Hess, to Darwin. The end goals were simple. In order of importance:

The first goal was easily achieved, and surprisingly enough, I've been making some good progress on the second. With OpenDarwin's impending cessation of operation, I decided to set aside a week of my copious vacation time supplied by my generous employer to find OpenDarwin's libFoundation a new home, and tackle some difficult problems, including a unicode-aware NSString. I'm pleased to say that the week was well spent, and the newly christened Objective-C Substrate was the end result.

Click here to read more ...

[/code/objc] permanent link

18:08 Tue, 12 Sep 2006 PDT -0700

OpenVPN Auth-LDAP Plugin 2.0 RC1

I'd like to announce the first release candidate of version 2.0 of my LDAP authentication plugin for OpenVPN

This release is a vast improvement on the rudimentary 1.0 plugin -- new features include:

Click here to read more ...

[/code/ldap] permanent link

21:00 Sun, 30 Jul 2006 PDT -0700

Splat 1.0 Release

Nick Barkas and I released Splat 1.0 today, on behalf of the Three Rings Department of Public Works. If you need to synchronise information with an LDAP directory, Splat provides a great plugin interface. Included with the distribution are plugins to create home directories, write out SSH keys with command restrictions, and write out .forward files.

We use Splat here at Three Rings to distribute SSH keys to all of our servers, allowing us to further erradicate password authentication. Splat can apply filters based on LDAP groups, so we can, for instance, apply a subversion command= restriction only on the subversion server.

Next splat plugins I want to write:

[/code/ldap] permanent link

17:08 Wed, 26 Apr 2006 PDT -0700

Announcing Splat: The Scalable Periodic LDAP Attribute Transmogrifier

Introduction

Splat is a daemon designed to help keep information in an LDAP directory in sync with information outside of an LDAP directory. This information can be any set of attributes on any object in the LDAP directory.

Splat was originally written for the purpose of distributing SSH keys from LDAP in a way that did not require modifying the SSH daemon.

In the process, we designed a generic daemon capable of pulling nearly any information from LDAP and using it in any way you see fit. Synchronize your LDAP directory with a relational database, update an organizational chart, or build a x509 certificate revocation list.

Click here to read more ...

[/code/ldap] permanent link

14:58 Sun, 05 Mar 2006 PST -0800

Bacula File Daemon Encryption Complete

Introduction

I'm pleased to announce that Bacula's File Daemon now has complete support for signing and encrypting data prior to sending it to the Storage Daemon, and decrypting said data upon receipt from the Storage Daemon.

The code has been committed to Bacula CVS; usage instructions follow.

Click here to read more ...

[/code/bacula] permanent link

10:49 Sun, 05 Mar 2006 PST -0800

Bacula EFF Fundraising: Final Tally

Below is the final tally of EFF donations. A big thanks to all those that donated to the project! If you are not listed, but should be, send me an e-mail.

Update! Thanks to Roberto Moreda of Allenta Consulting for the final donation of $180, bringing the final tally to $3000!

      Donor:                  Amount:
        WingNET Internet        $500 
        Timo Neuvonen           $250
        Ed Grether              $25
        Charles Reinehr         $100
        Michael Proto           $25
        Phil Cordier            $100
        Dan Langille            $100
        Tom Plancon             $65
        Felix Schwarz           $60
        ClarkConnect            $500    
        Andrew Ford             $25
        INetU, Inc              $1000
        Jo at Winfix.it         $70
	Allenta Consulting      $180
        Goal: $3000      Total: $3,000

[/code/bacula] permanent link

13:44 Sat, 28 Jan 2006 PST -0800

The DNS Dead Drop

Storing Arbitrary Messages in Remote DNS Caches

A few months ago, I read Dan Kaminsky's presentation slides, Attacking Distributed Systems: The DNS Case Study. In the presentation, Kaminsky documents a method of implementing single bit data transfer with nothing more than:

After a particularly stressful week, I decided I needed to work on something fun -- an implementation of a DNS-based dead drop messaging system, utilizing Kaminsky's ideas.

Click here to read more ...

[/code/security] permanent link