There is a natural tension between confidentiality and availability. These days, it's pretty straightforward to keep stuff available: disks are cheap, google will cache stuff for you, etc. But if you want to keep it confidential, you might just store it on one disk, at which point you have to deal with all the failure modes yourself. <hr />**8Sep2004** <a href="http://www.angel.net/~nic/passwdlet.html">Password generator bookmarklet</a>. Thank you <a href="http://del.icio.us/tag/web">del.icio.us</a>! Hmm... I wonder if it's completely compatible with my Aug2003 algorithm. <hr />**17Jun2004** hmm... audio archives... I can rip CDs and put them online, but the results are (1) large, and (2) not licensed for public redistribution. The peers in my network are: an iPod mini, an iMac (in MaJoStudio), DirkMachine, SonyVaioJammer, and, if only for links and metadata, dm93.org. Oh... and the iTunes music store(@@link) and musicbrainz and freedb. First choice in the workflow is file format: * wav or cd or raw -- awfully big * flac -- still pretty big, and the iPod mini doesn't grok. But since it's lossless, it preserves options. Hmm... I wonder how many CDs would fit on one DVD in FLAC format. But only the iMac can burn DVDs... it does have a 200GB firewire disk... is there some sort of FLAC plug-in for iTunes? <a href="http://www.itunesregistry.com/articles/flac/">evidently not</a>. * <a href="http://www.apple.com/itunes/import.html">apple's lossless codec</a> -- is there open source support for this? * ogg -- quite storage-efficient, but the iPod mini doesn't grok <a href="http://www.gizmodo.com/archives/ogg-on-ipod-why-the-ipod-may-not-have-the-horsepower-for-ogg-015607.php">and might not be able to ever</a>; I think the iMac can be taught to. <a href="http://www.illadvised.com/~jordy/">ogg plug-in</a>. * mp3 -- not as open as ogg, but ubiquitously deployed/supported * AAC -- only works on iMac and iPod Then there's the choice of where to store the files: structure, metadata, etc. The right answer is, of course, determined by how it will be accessed. I tried client/server: xmms on SonyVaioJammer, .ogg in DirkMachine's /var/www/. Need some sort of access control for that, though. zinf and musicbrainz are cool for metadata; trms rock. I ripped U2's Bad 2 different ways, and both gave me <a href="http://www.musicbrainz.org/showtrm.html?trm=5272d6d0-1159-4dcf-85fc-9089795e25fd">the same trm, from Unforgettable Fire</a> I had trouble getting zinf to grab a .ogg by http pointer, though. [http://www.vanemery.com/Linux/Rip/rip-analog.html Analog Ripping HOWTO] <hr /><a href="http://www.fs.net/sfswww/sfsfaq.html">Self-Certifying File System: FAQ</a> (hmm... when? from ESW wikimarklet) <hr />**1Nov2003**: finally <a href="http://www.cvshome.org/docs/manual/cvs-1.11.7/cvs_2.html#SEC23">setting up a CVS repository</a> for dm93.org on mmac: cvs -d /Users/connolly/dm93cvs init <hr /><a href="http://www.nongnu.org/duplicity/features.html">duplicity</a> looks cool. <hr />**3 Oct 2003**: new disk for MaJoStudio prompted me to re-discover <a href="http://freshmeat.net/projects/dibs/?topic_id=137">DIBS</a> ... python "Backup your data by trading it with peers on the Internet." It's none too quick. <hr />**8Oct2003**: bandwidth... from local IDE disk on DirkMachine using rsync/ssh over 100MB ethernet to a local IDE disk on mmac, I get: <pre> wrote 106099384 bytes read 216660 bytes 484355.55 bytes/sec total size is 105175676 speedup is 0.99 </pre> how does IDE compare to firewire? are recent versions of NFS less evil? **13Sep2003**: hmm... what's the interface to ssh-agent? I'd like to write python programs to communicate with it. (perhaps cwm tweaks, or browser plug-ins, screensaver connections... hmm...). There... <a href="http://www.w3.org/2000/10/swap/util/sshAuth.py">sshAuth.py</a> communicates with ssh-agent... but... hmm... I can't verify the signature. **Sep2003**: I went to the trouble to create an MIT certificate, but now (a) I can't bookmark my MIT directory entry because SAP doesn't have enough WebmasterClues (javascript/cookie/session-uri out the wazoo) and (b) I can't figure out how to get the certificate from mozilla-firebird to galeon (one for BrowserChecklist?). ToDo: learn more about <a href="http://www.mozilla.org/projects/security/pki/psm/">PSM</a>, the mozilla personal security manager. **Aug2003**: going with DebianPackage:pwgen and traditional (paper envelope) key escrow. Hmm... paper envelope key escrow only works if you keep the envelope sealed until some emergency comes up, and I can't remember these pwgen passwords, so I'm not sealing the envelopes. So let's refine it... pick one (or a few) unshared secrets, then md5sum those with the web site domain to come up with the shared secrets. Ala echo aa.com *****|md5sum and then take the last 8 characters. made a key in May 2002 in Hawaii. Got it signed by a few folks May 2003 in Budapest. Keep it on flash disk? Sigh... seem to have misplaced my flash disk (18Aug2002). encrypted filesystem? <a href="http://www.kerneli.org/howto/node3.php">Using CryptoAPI</a>. (see also: <a href="http://ilrt.org/discovery/chatlogs/rdfig/2003-06-25.html#T23-03-23-1">25Jun #rdfig notes</a>) hmm... "muscle":http://www.linuxnet.com/middle.html smartcards for linux. <hr /> I'd like to know that I have archives of all my old systems but I'm not wasting too much space with too many copies of them... at least not on the same disk: * coco * UTMac / mac87 * PC from tandem * beach PC at MIT * shoal win NT (95?) * pancake * thinker * SonyVaioJammer <hr /> hmm... backups... plextor CD writer is a disappointment; supposed to write at 2x but I have only gotten it to write at 1x; I make coasters otherwise. I see a yamaha lightspeed CRW220EZ internal IDE CD-RW 10x20x40 for $99 after rebate. what about backups/archive for the laptop? using the net is probably best... 100mbit ethernet? From connolly Sat Feb 19 17:33:05 +0000 2005 From: connolly Date: Sat, 19 Feb 2005 17:33:05 +0000 Subject: under the hood of the OS X keychain Message-ID: <20050219173305+0000@dm93.org> Every time I log in with SSH Agent, that little "add to keychain" checkbox is staring at me, but I didn't know if keychain source is open to the security community, and I wasn't sure about its architecture. Turns out the core bits of keychain are open source: <a href="http://developer.apple.com/documentation/Security/Conceptual/keychainServConcepts/index.html#//apple_ref/doc/uid/TP30000897">Keychain Services and CDSA</a> refers to <a href="http://www.opengroup.org/security/cdsa.htm">the OpenGroup's CDSA stuff</a> which refers to <a href="http://sourceforge.net/projects/cdsa/">a CDSA sourceforge project</a> which seems to have been developed by Intel guys who explained their architecture in <a href="http://www.faqs.org/rfcs/rfc2693.html">RFC 2693 - SPKI Certificate Theory</a>. hmm... this comment belongs to StudentOfMacOsX too... AboutThisWiki note: perhaps a blog with categories would be a better fit.