The "Spellserver": A Generic Remote-Code-Execution Host

A "Spellserver" is my name for a very generic server design: one in which the server-side code is provided by the clients (but somehow constrained by the server owner). I've been exploring ways to achieve E-like delegation and attenuation-by-code, in which I can write a program to enforce my restrictions …

more…

SPAKE2 Interoperability

I've been working on a Rust implementation of SPAKE2. I want it to be compatible with my Python version. What do I need to change? Where have I accidentally indulged in protocol design, so a choice I make in this library might cause it to behave differently than somebody else's …

more…

Uniformly Random Scalars

Many cryptographic protocols, like Diffie-Hellman and SPAKE2, require a way to choose a uniformly random scalar from some prime-order range. Why? What is the best way to do this?

What (is a scalar)?

Classic Diffie-Hellman Key Exchange starts with each side chosing a random scalar. This is kept secret, but …

more…

Git over Tahoe-LAFS

Tahoe-LAFS provides reliability, integrity, and confidentiality, so you can store important data safely across multiple servers. Git provides version control and merge tools, enabling better coordination between multiple authors. By using Tahoe as a Git backend, we could get both.

Motivations

Dropbox-workalike

Tahoe's main API looks a lot like an …

more…

SPAKE2 "random" elements

SPAKE2 requires two special "arbitrary" constants M and N. What properties do these constants really need? What attacks are possible if these requirements are not met?

SPAKE2, like all PAKE ("Password-Authenticated Key Exchange") protocols, allows two people start with a weak password and then agree upon a strong shared key …

more…

Petmail mailbox-server delivery protocol

Petmail senders use a "Mailbox server" to queue encrypted messages when their recipient is offline (and even when they aren't). The recipient might pick up the message right away, or might not learn about it until later. These mailboxes need a way to tell whether they should spend their precious …

more…

Anonymity, Pseudonyms, and Linkability

Linkability

Communication systems can be evaluated on how much linkability they offer (or attempt to conceal) between different aspects of one's identity.

At one extreme, a face-to-face conversation with your long-term friend provides extremely strong linkability between two things. One is your conception of them: the idea in your head …

more…

Petmail, an introduction

Petmail is a secure-communications project I've been noodling at for a couple of months now. To be honest, I guess I've been noodling at it for over a decade: this latest effort is really a reboot of a project that I did ten years ago, and presented (audio) at a …

more…

The new Sync protocol

(This wraps up a two-part series on recent changes in Firefox Sync, based on my presentation at RealWorldCrypto 2014. Part 1 was about problems we observed in the old Sync system. Part 2 is about the protocol which replaced it.)

Last time I described the user difficulties we observed with …

more…

Pairing Problems

(This begins a two-part series on upcoming changes in Firefox Sync, based on my presentation at RealWorldCrypto 2014. Part 1 is about problems we observed in the old system. Part 2 will be about the system which replaces it.)

In March of 2011, Sync made its debut in Firefox 4 …

more…

Remote Entropy

Can you safely deliver entropy to a remote system?

Running a system without enough entropy is like tolerating a toothache: something you'd really like to fix, but not quite bothersome enough to deal with.

low-entropy munin graph

I recently bought a Simtec EntropyKey to fix this locally: it's a little USB dongle with …

more…

urllib3

Today I learned about the urllib3 module. The biggest feature (from my point of view) is that this one can properly validate SSL sessions. The python 2.x urllib, urllib2, and httplib libraries all vaguely speak SSL, but none of them actually look at the certificate they receive (and will …

more…

New Blog Software

Just finished moving the web site to a new host, and switching (yet again!) to new blog software in the process. I wanted to get rid of CGIs on the new host, so I switched to a static blog-site generator named Pelican. I'm still trying to work things out, but …

more…

Zombie T-Shirts

Just wanted to say hi to Dave and mention his nerd t-shirt store at http://www.nerdkungfu.com .

He's a regular at our weekly Bad Movie Night, and I think a lot of the movies we've screened have shown up as t-shirts on his site a few weeks later. If …

more…

emacs command of the day

C-x 4 c : clone-indirect-buffer-other-window

I keep learning new tricks in emacs. Today I was studying an overstuffed file, with two large classes, and I needed to navigate around both as I followed the code paths bouncing back and forth between them. I frequently use the "narrow-to-region" command (C-x n n …

more…

phishing training

I stopped by the bank this morning to make a deposit. While fussing with the ATM machine, I was listening to a nearby bank employee making a phone call. His side of the conversation went like: "Hi, this is Bob from $YOURBANK. Your father just opened an account with us …

more…

projects

Must.. write.. more. I'm trying to get over the temptation to rewrite my blog software again (probably using Jekyll). My blog-yak-shaving process works like this: "Oh, here's an interesting idea, I should blog about it. But my blog software is kind of annoying, I should really rewrite it first. Maybe …

more…

darcs-fast-export

So idnar just turned me on to darcs-fast-export, which can be used with git-fast-import to quickly convert a repository from darcs to git. I've been using Git more and more in the last few months, and I'm growing quite fond of it. Tahoe is managed in darcs, and I've been …

more…

Foolscap-0.4.2 released

I've released foolscap-0.4.2 .. download it from http://foolscap.lothar.com/trac .

I made the relase last week, and as usual I've managed to not send out the announcement email yet. One reason for that is that I wanted to blog about it first, and I've started using a …

more…

moved blog to git

I just finished moving this weblog to be managed in a Git repository, using the scheme described in http://joemaller.com/2008/11/25/a-web-focused-git-workflow/ . Plus, I'm running the connection over Foolscap.. more on that in a moment if this update actually works..

more…

web updates

I finally updated the system that hosts http://buildbot.net and http://foolscap.lothar.com (a dedicated VM that just runs apache for CGIs, needed to make trac and mod_python work well). Upgrading it from edgy to anything newer was a hassle, because the "update-manager" package that I wanted to …

more…

pastebinit

Another package that appeared in debian today: pastebinit, which is a command-line tool to upload bits of code to some of the various pastebin web servers out there (handy when you want to discuss some code over IRC and don't want to jam the whole thing into the channel.. it …

more…

Mutation Testing

I've often thought that it would be a great idea to test your test suite by randomly changing bits of code and seeing if the tests catch it. It turns out that other people feel the same way: I just saw a Ruby library named "Heckle" show up in debian …

more…

Emacs Trick of the Day

There are a few million gems hidden inside emacs. The two that I ran into most recently are:

C-x r m, C-x r b, C-x r l : these create named bookmarks, each of which records the file that you're visiting and a position within that file. When I need to …

more…

Levenshtein Distance

A library just showed up in debian ("python-levenshtein") to measure the Levenshtein Distance between two strings: the minimum number of edits (inserts, changes, deletes) necessary to turn one string into another.

I've been thinking about ways to implement efficiently-edited large mutable files for Tahoe, and it seems like a tool …

more…

sparkfun toys

I was thumbing through some of my old del.icio.us bookmarks today, and came across sparkfun electronics again. Man, their coolness doubles in size every six months. $25 for a half-inch square self-contained radio data link, serial interface that you can run with a microcontroller, 3V, built-in antenna. Wow …

more…

trac spam

Oh happy day! The buildbot.net trac instance just recently got visited by the link spammers. They haven't caused any actual damage yet, just a user account created with advertising in the profile text, but I'm afraid it's only a matter of time before the bots descend upon us and …

more…

foolscap.lothar.com

I just finished building a Trac instance for Foolscap, now online at http://foolscap.lothar.com/trac . It's got a (mercurial-based) code browser, tickets, and a wiki.

Setting it up required some twisted.web hacking, because my setup puts a twisted.web server out front, and reverse-proxies certain requests to …

more…

mercurial

Wow, so long since I updated this. Each time I remember that I do have a technical blog, and think to add something to it, I am tempted to start by rewriting the whole blog system in some brand new way that will make it easier to post to (and …

more…

forgetfulness-based development

You're probably familiar with eXtreme Programming, and branch-based development, and agile development. But I've discovered that I've been using a new technique recently, that I call Forgetfulness-Based Development. The way it works is this: I come up with something insanely complicated, that takes me weeks to get my head around …

more…

PyCon2007, Buildbot

I just got back from PyCon. Highly inspirational as always, saw some fascinating projects and some thought-provoking keynotes. r0ml's talk in particular has me thinking about how to structure code as a narrative, trying to bring the world of human-to-human communication and the world of human-to-machine communication closer together. He …

more…

Trac

I've been setting up a Trac instance for Buildbot, to make it easier for people other than me to publish advice and tips in a persistent and easily-searchable fashion, also to make the Buildbot web page a little bit less ugly. Trac is quite spiffy, and I've been looking over …

more…

utilities

/usr/bin/watch is a little utility that will erase the screen, run a command, sleep for a few seconds, then repeat. You can use it to follow files in /proc without continually re-typing the command.

This program has been around since 1991. How is it that I've been unaware …

more…

promise syntax

Zooko's in town, and already I feel 20% smarter. I roped him into a discussion about the Promise syntax I'm developing for Foolscap, and he suggested an alternative that has some good properties.

I'll illustrate with an example where promise-pipelining actually does you some good. (many of the use cases …

more…

new microcontrollers

I've been playing with Phidgets recently, having a lot of fun. They're great for prototyping, but they would be too expensive to use for most of the production purposes I have in mind. I've been thinking that for gadgets I plan to make more than one of, I'd use an …

more…

Promises

Aaaagh! Promises are hurting my brain.

I'm trying to figure out how to provide a useful subset of E's reference mechanics in newpb/foolscap. Specifically, one of the clever things that E does is to provide Promise Pipelining, a limited form of remote code execution, in which I can ask …

more…

newpb-0.0.2 released

I finally got some twisted time this weekend, so I fixed ticket #1999 and moved newpb out of the Twisted subdirectory entirely, renaming it to Foolscap in the process. I also released version 0.0.2, so there's a complete tarball ready to install and play with.

Having it live …

more…

antispam

I ran some stats on my spambuckets tonight, comparing which of my email addreses get a lot of spam now versus 6 months ago, and noticed a few addresses that had stopped getting spam altogether. This gives me hope that by making my 10-year-old primary address less harvestable, the 500-plus …

more…

new kernel options

I'm in the process of upgrading my systems to linux-2.6.14, and noticed a couple of neat patches that made it into the kernel this time around.

One is that FUSE (http://fuse.sourceforge.net) has finally gotten in. One thing I'd like to use this for is setting …

more…

concurrency

Had a great chat with Donovan today, about newpb and E and secure python and concurrency management. It turns out we have some of the same ideas about interesting things to do with these kinds of tools. He pointed me at a language named Io that's doing some neat stuff …

more…

happy birthday!

% whois lothar.com
...
domain:         LOTHAR.COM
person:         Brian Warner
nic-hdl:        BW116-GANDI
address:        The Castle Lothar
...
reg_created:    1995-07-29 00:00:00

Ten years ago today, I registered my little personal domain, with a woman at best.com named Pandora, who was nicely amused by the "company name". In the intervening time …

more…

hacking

The last few weeks have been mostly filled with hacking hacking. I'm neck-deep in the implementation phase of a big new set of features, and it's taking forever. But I think I'm finally past the hardest part, the design issues that remain to be solved are at last medium-sized ones …

more…

Go Tools

I was talking with my brother-in-law about a gadget to make playing Go online a bit more like playing it in person. The feel of the board and the THWACK! as you plunk down stones adds a lovely touch to the game, but you don't get that when clicking on …

more…

Twist-E

Spent another great day down at HP, talking about implementing E and web-calculus concepts within Twisted and newpb. Tyler Close was kind enough to spend the entire afternoon with me, explaining how his web-calculus works and the design decisions behind it. I'm really excited about implenting this stuff in newpb …

more…

books

I started in on Alastair Reynolds' Century Rain last night, got about halfway through before I finally succumbed to sleep. It's a good read: finally he gets to have at least a few chapters that don't involve pervasing nanotechnology or uploaded personality constructs or galaxy-spanning machine intelligences.

I was thrown …

more…

and a calendar too

Hey, that wasn't too bad. I also added some CSS to make everything a tiny bit less ugly.

Now all I need is auto-completion on the category elisp..

more…

adding subcategories

I think I've gotten my elisp code to handle pyblosxom categories now. pyblosxom was easy, but I have to add the glue to let you choose a category. Unfortunately creating new categories requires manual work (registering the CVS directory).

Next step: find a pyblosxom plugin to create that spiffy little …

more…

great week

Man, what a great week. I spent a couple of days working with Donovan at his office on a couple of issues: making py.test capable of running Twisted test cases, improving LivePage event notification, and setting up a BuildBot for their in-house test suite.

Thursday night was the BayPIGgies …

more…

SPF

I've been trying to decide whether to publish an SPF record for lothar.com or not. The last few days have seen an absolute deluge of spam from some german bastards, much of which is being forged in my name. The only real solution is, of course, to sign everything …

more…

iButtons

I was talking with Pavel (aka PenguinOfDoom, on #twisted) last week about iButtons, and mentioned the JavaButton I picked up years ago that I haven't really managed to do anything with yet. That prompted me to poke around the web site (was dalsemi.com, since bought by http://www.maxim-ic …

more…

sparklines

My friend Drew just sent this one along:

http://bitworking.org/news/Sparklines_in_data_URIs_in_Python

I'm pondering things I might do with this. I've been using Data: URIs for one of my projects, they're pretty handy and both Firefox and Safari are more than happy to take ridiculously large ones (50k or …

more…

pyblosxom-noindex

After some amount of perseverance, I finally figured out how to make pyblosxom insert "noindex" meta tags in the top-level index page. This was the last barrier keeping me from linking this blog to the main site, since I didn't want Google indexing a page that's going to change every …

more…

buildbot versus windows

I just spent several hours getting a reasonable python environment working under Windows, something I had hoped to never have a need for. The Buildbot is having some.. disagreements.. with Windows, and it became clear that being able to reproduce the problem locally was the only sane way to fix …

more…

buildbot hacking

I'm pushing to get a new BuildBot release out on monday, so the last few days have been a flurry of commits (and the weekend will probably be the same). I was very pleased to hear that the Boost crew have implemented a Buildbot to run their (very large) regression …

more…

twisted talk

So I think the talk went really well. I spoke for about an hour before the room was needed for another meeting, to about 10 or 15 OSAF developers. I managed to cover the reactor, Protocols, Factories, building higher-level protocols, Failures, Deferreds, reactor.run() vs twistd -y vs mktap/twistd …

more…

OSAF Twisted talk

This is a rough outline of the talk I'll be giving at the OSAF tomorrow.

definition of Twisted, resources:
 http://www.twistedmatrix.com
  svn://svn.twistedmatrix.com/svn/Twisted/trunk
  http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
  http://twistedmatrix.com/bugs/
  http://twistedmatrix.com/buildbot/
 #twisted, #twisted.web on freenode …
more…

emacs

I set up a few tools to post blog entries from emacs. All entries are kept in CVS, and the whole tree is rsync'ed over to the web server. The elisp which actually publishes the entry looks like this:

(defvar pyblosxom-entry-dir "~/stuff/Projects/WebLog/entries")

;; adapted from http://wiki.woozle …
more…

blog startup

I've been trying to get my project notes online for years now, and I finally realized that I need to start smaller. After a week of intermittent activity, I finally got PyBlosxom set up and behaving fairly well.

In the process, I discovered that the CGI specification doesn't actually require …

more…