Why do I want to? Because I run the incredibly awesome [FreeNAS](http://www.freenas.org/) on a small server, and the jails are FreeBSD. One of those jails is supposed to be a in an N2N VPN, so I can access the files from elsewhere.
Do you want to know more?
Are you also annoyed with the Windows lock screen? You know, the one you must swipe or click away before you can enter your login data. The one that doesn't even respond to shift anymore since Windows 10.
It can be disabled as follows:
* Open the Group Policy Editor. Either
1. press
Win+R
and run gpedit
or, if you don't have gpedit.msc
,
2. open the Microsoft Management Console by pressing Win+R
and entering mmc
. Go to File
→ Add/Remove Snap-In
, select the Group Policy Object Editor, press Add
, Finish
and OK
.
Expand the Local Computer Policy.
* Navigate to
3. Computer Configuration
4. Administrative Templates
5. Control Panel
6. Personalization,
edit Do not display the lock screen
and set it to Enabled
.
Just recently, the latest CyanogenMod nightly began supporting encryption on my phone, even though the bugreport still says it's an open issue. I don't mind. Anyway, this allowed me to finish a major project of mine: Protect the data on my phone, even in the case of a theft, while maintaining the ability to use the device conveniently.
The goal. I want a strong disk encryption password, but i want a weak screen password or PIN, because unlocking the device is a frequent task. In such a scenario, it makes sense to implement an account lockout policy: In other words, we want the phone to shut down after, say, 3 failed attempts to unlock the screen. This prevents the screen password from being brute forced.
Your device needs to be rooted to do everything I did. You will also need the Android studio if you want to do this properly, and it's a large download, you might as well start now. Click here if you're still interested.
I really love Signal, but it is lacking a good Public Key Infrastructure. I hope this is something that the WhisperSystems people are going to be working on in the future, because all the potential is there: The authentication method of scanning QR codes is brilliant, because it is so usable. For now, I have my fingerprint up on my homepage so people can verify it (as long as they believe that I have full control over my homepage).
If you want to get your fingerprint as a QR code image file, this is what you do: Get the
qrencode
command line tool either through your Linux package manager or through cygwin on Windows. In Signal, choose My identity key from the main menu and type those digits into a file, say textsecure-fingerprint.txt
. Then, use this little Python script to generate the QR code:
from base64 import encodebytes
from os import system
d = open("textsecure-fingerprint.txt","r").read().strip().split()
k = encodebytes(bytearray.fromhex(''.join(d)))
system("qrencode -o textsecure-fingerprint.png -l L -t PNG " + k.decode("utf-8"))
And there you go. If someone knows how to get the fingerprint directly from the device, I'd be happy to know that.
So you have a scanned document, and you want to produce a searchable PDF from these images. In my case, I want to digitalize some of my books. There are other tutorials out there, but none of them worked for me. Here's what I did, maybe it helps you.
First, get a debian box and install the packages
tesseract
(this is the OCR software), xsltproc
(dark magic), exactimage
(for hocr2pdf
) and of course pdftk
. Now, take your scan and use scantailor to split it into several neat black and white .tif
files, one for each page. Now, create a file called fix-hocr.xsl
and put this in it:
<?xml version="1.0"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<!-- use on hocr file to fix for hocr2pdf 0.8.9 textbox placement -->
<xsl:template match="/html">
<xsl:text> </xsl:text>
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="node()|@*">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="span[@class='ocr_line']">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
<xsl:element name="br"> </xsl:element>
</xsl:template>
</xsl:stylesheet>
Don't ponder on that. It is a dark conjuring that fixes a bug in hocr2pdf. For every .tif
file, we now do the following:
* Perform OCR on it, and record the information of where the letters are located in the image. That's what HOCR is all about.
* Do some vodoo with fix-hocr.xsl
on the HOCR information from tesseract because tesseract's output causes problems with hocr2pdf, at least it did for me.
* Use the hocr2pdf
tool to create a PDF document which contains two layers: One layer of text information and the original tif image above it.
And here's how we do that.
for pg in \$(ls *.tif); do
tesseract -l eng -psm 1 $pg stdout hocr |
xsltproc -html -nonet -novalid fix-hocr.xsl - |
hocr2pdf -i $pg -o "\${pg%%.tif}.pdf";
done
Ignore the warnings about nonclosing ?xml
tags, they're bogus. Now you should have tons of searchable pdf pages, let's merge them into a document.
pdftk *.pdf cat output book.pdf;
The document will be huge. Compressing it is a whole different story of pain and awe. What worked pretty good for me was to convert the PDF to PS and then from PS back to PDF and then from that PDF to DJVU:
pdf2ps book.pdf book.ps;
gs -dCompatibilityLevel=1.4 -dBATCH -dNOPAUSE -dPDFSETTINGS=/ebook -dPDFA=2 -sDEVICE=pdfwrite -sProcessColorModel=DeviceGray -sColorConversionStrategy=/RGB -dUseCIEColor -sPDFACompatibilityPolicy=2 -sOutputFile=book2.pdf book.ps;
pdf2djvu --loss-level=200 --dpi=299 --verbose --monochrome -o book.djvu book2.pdf;
For 300 dpi files. Somehow, setting the DPI to 299 for pdf2djvu shrunk the file size absurdly, as opposed to 300. My wild guess is that 299 somehow allowed pdf2djvu to actually use its lossy compression, while maintaining the 300 did not. As you can see, I have no actual idea what is happening here, so you will probably have to toy with the options a bit like I did. Another side note: The PDF remained huge no matter what I tried, but I got the DJVU down to about 10kb per page, which would be 2mb for 200 pages.
Say you work somewhere where all workstations run Linux, only you have Windows on your laptop, which you basically use all the time. Now as I type this, I am not sure if anyone else shares my fate. Anyway; this does not stop you from running some of the cool Linux tools. Just install CygwinX (through the regular Cygwin installer) and start the XServer from the start menu. Icons will appear in your taskbar and you can start an XTerm. Inside that XTerm, type:
rattle@windows.box$ ssh -Y rattle@linux.box
Password:
Last login: Thu Sep 17 12:43:19 2015 from windows.box
rattle@linux.box$ xmaple
and there you go!
The -Y
switch is the one that does all the magic, obviously.
Today, this video tutorial led me to the application verifier, which is pure awesome, as explained here in part. I had never heard of this thing before, and I am having the time of my life with it. If you like Windows hax, check this out.
Scenario. You have a Windows 7 key and want to farm a Windows 10 key from it, using the automatic upgrade. Of course, you want to do this in a VirtualBox ((Side note. If you have a customized Windows, you possibly need to install Virtual Box 4.3.12 because anything after that will throw an error.)). The first thing you do is, set up a VM with at least 30GB of harddrive. Let's assume that this VM is called Nekarat. This is an outdated pop culture reference, google it.
In the host system (not the VM), go to your happy place (i.e. cmd.exe) and do this:
cd c:\Program Files\Oracle\VirtualBox
VBoxManage.exe setextradata Nekarat VBoxInternal/CPUM/CMPXCHG16B 1
It will not seem like anything has happened, but trust me, it did. It enables a certain CPU instruction for the virtual machine without whome the Windows 10 update fails.
Boot the VM. Install Windows and update it completely. Do not install the VirtualBox Guest additions: The display driver is incompatible with the Windows 10 update. Now might be a good time to make a snapshot if you want to upgrade more than one key. Activate Windows. Then, in the VM, add this to the registry, courtesy of filecritic.com:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade]
"AllowOSUpgrade"=dword:00000001
Check for updates, it should now download Windows 10. Wanna know how to extract the key?
Virtual Desktops rock and you should read this list of new shortcuts before complaining that there are none, like I did. Important ones:
* WIN + TAB, new task view opens up and stays open.
* WIN + CTRL + D, create new virtual desktop.
* WIN + CTRL + F4, close current virtual desktop.
* WIN + CTRL + LEFT/RIGHT, switch virtual desktop.
Unfortunately, the new start menu doesn't really rock. I suggest you have a look at my suggestion about the Search Everywhere Interface and maybe vote on it.
When students write exams, they want to know their score as fast as possible. However, the system that is supposed to deliver this information to the students is usually slow, for a lot of reasons that I will not go into. Where I work, it has become quite usual to publish a pdf on the course website that lists the student ID together with the number of points they scored. Since student IDs are usually anonymous, most people don't see it as a problem. However, the more this practice is used, the less anonymous a student ID actually is: Once there are enough of these lists public, this data might theoretically be used to connect a student to his or her student ID only by knowing which courses he or she attended.
I propose a much better solution. I did not come up with this myself by the way, this is due to a brillian colleague of mine, but I still wanted to share it with the world. (more…)
I recently broke the display of my smartphone and wanted to sell it on eBay. However, I am paranoid about my data. So this is what I did:
* Get a new phone and set it up.
* Encrypt the Phone with Android's builtin encryption feature:
* Set a lock screen password (not a PIN) with a random 16 letter string (at the time of writing, Android won't let you choose longer passwords).
* Go to security in your settings and find the option to encrypt the phone, confirming your password.
* After this is done, open an ADB shell on your phone. Because the phone's internal memory is flash, there might still be areas that contain sensible and unencrypted information. We will overwrite them with random data.
cat /dev/random > /data/junkfile
* If you have a stock Android installed, perform a factory reset. If you do not have a stock Android installed:
* Go to the Google Developers' Factory Images for Nexus Devices page and grab your image.
* Extract that file and find a batch file that will flash this stock distribution on your phone automatically.
Warning. You might really have to try several different USB cables and several different USB ports on your computer before fastboot succeeds. For me it worked on the 3rd port and the 2nd cable, that's 7 failed attempts.
* Take pictures of your old phone with your new phone and make sure to remove all the metadata from those pictures:
for img in $(ls *.jpg); do mogrify -strip $img; done
* Now you're good to go, put that old heap of junk up for sale!
If you have any comments, go ahead.
So you want to have some more control over your android phone? Sure you do. For any, just slightly above userlevel stuff you might want to do with it, you require the tools ADB (the Android Developer Bridge) and Fastboot (Fast boot). Since I am still quite ignorant to all of this, I decided to write a small reminder blagpost for myself on how to get those tools. Oh yea, this is all on Windows. Linux users have package managers and stuff like this just works.
You will need the Java Development Kit. After you got that, you need to get the Android SDK Tools. Download "SDK Tools Only". Once you have installed it, open the SDK Manager. It will want to install a lot of stuff, but unless you actually want to do development, you might not even have to install anything. I installed the following only:
* Android SDK Tools
* Android SDK Platform-tools
* Google USB Drivers
Assuming that
%GSDK%
is the path where you installed the SDK tools, you will find the applications adb.exe
and fastboot.exe
in
%GSDK%\Android\android-sdk\platform-tools
You might want to add that to your path, or not. Fun fact. If you use cygwin, you can call adb shell
from a cygwin terminal and then invoke bash
on the phone, and the cygwin terminal will interpret all the color codes sent back from the phone's bash correctly, so you can have a really comfortable shell open on your phone:
TrueCrypt is pretty dead. We need some options here, and as far as I can see, there are only two three:
* CipherShed. Currently a vanilla fork of TrueCrypt.
* VeraCrypt. A fork of TrueCrypt with some fixes and improvements.
* Keep using TrueCrypt.
Neither of the two alternatives has had an official source code audit or anything. They are both open source. I will give a quick summary of the facts on both forks, concluding that I have no clue and will probably flip a coin roll a D3. Whether these facts are pro or con is up to your discretion.
CipherShed Facts
- They are on github.
- They seem dedicated. Meaning, the information on their homepage sounds like they thought this through.
- Not much has happened yet, they only forked TrueCrypt.
- There is only a pre-alpha version available, which I won't touch.
- They do not have any licensing information at all.
- Longterm Plans are a bit fuzzy, according to their wiki they want to
- Secure the code through audits, simplification, and a secure architecture.
- Migrate towards a OSI-approved licensed codebase
- Work closely with existing efforts such as OpenCryptoAuditProject, LUKS, GELI, and tc-play.
VeraCrypt Facts
- According to the author in this thread, VeraCrypt was first published on June 22nd 2013, so it has already aged a bit.
- In fixing some of the security flaws in TC, they break backwards-compatibility. There is a conversion tool available.
- They are on CodePlex and the software is under Microsoft Public License.
- Binaries are available for download, cross-platform.
- Most relevant longterm plan is the ability to encrypt Windows system partitions/drives on UEFI-based computers (GPT).
So. If you have additional information, let me know in comments or by eMail. I am rattled beyond my usual level of confusion as to what I should do. Currently, I will probably give the VeraCrypt binaries a test ride on some machine.