Comment on “Symantec SSL certificates feature cryptography 10k times harder to break than RSA-bit key”

February 15th, 2013 Comments off

I just came across  Symantec SSL certificates feature cryptography 10k times harder to break than RSA-bit key and Symantec/VeriSign Expands Encryption Options For SSL Digital Certificates.

I must say, I am stunned. AFAIK no certificate has been “broken” yet, and those few ones what have, were implementation errors or via MD5 collision attacks. And then there are plain hack-into-their-system and steal the private keys attacks, like DigiCert. There are a few others most likely.

The problem is not the encryption of the SSL certificate, present SSL encryptions are strong – again, most of them, MD5-based SSL certificate hashes are considered broken (or anything MD5 based in general), and also the recent “Lucky 13” when using a specific cipher.

There are still enough ciphers out there to make existing SSL certs good enough. Deploying a new cipher takes time and is new code, what has not been (security)tested yet.

Attackers will always attack the weakest link, and this is not by bruteforcing the cipher, in most cases they go after the human.

Categories: Security Tags:

Jacob Appelbaum’s keynote at the 29C3 in Hamburg

February 4th, 2013 Comments off

Jacob Appelbaum at the 29C3 keynote about the new, top-secret NSA building in the US and a couple of other things, what gave me the chills – mainly how the US government is – let’s say “performing”.

You can watch it on YouTube.

Or if you want to get the video, the filename is “29c3-5385-en-not_my_department*” on any of 29C3′s mirrors.

Categories: Events Tags:

Downloading “Astronomy Picture of the Day” with subtitles

February 3rd, 2013 Comments off
Image Credit: NASA (, ESA (, and The Hubble Heritage Team (

Image Credit: NASA (, ESA (, and The Hubble Heritage Team (

Some time back I came across Astronomy Picture of the Day – some picture are really stunning. I wanted to have this as a wallpaper, but subtitled with the description (I still want to know what I am looking at!). So I wrote a Bash-script doing that for me.

It requires the following programs

  • wget
  • html2text
  • convert from “imagemagick”

be accessible within $PATH.

All directory references are relative to the directory it is in. It needs two directories “resized” and “subtitled”.

The script doesn’t download already downloaded pictures. When called with no parameter it downloads the latest, or you can also alternatively browse their website and pass the URL to it.

You can download the script here.

By the way, APOD also offers a calendar.

Categories: Scripting Tags:

Latest XBMCbuntu doesn’t wake up via remote anymore

February 3rd, 2013 Comments off

This short post describes a fix for a standby/wakeup problem with XBMC, latest XBMCbuntu (fully updated with Kernel 3.2.0-37-generic-pae and XBMC 2:11.0~git20120423.cd20772-1).

For some reason I couldn’t resume/wakeup from suspend my XBMC system via the remote anymore. In earlier versions you might had something like

echo USB3 > /proc/acpi/wakeup

in your /etc/rc.local. This configured your system tro accept USB-wakup calls via the “USB3″ port. So to get it to work again, the first thing is to comment that line out. Then

root@xbmc:~# dmesg | grep -i flirc
[    2.014322] input: flirc as /devices/pci0000:00/0000:00:1d.3/usb5/5-2/5-2:1.0/input/input2
[    2.014636] generic-usb 0003:20A0:0001.0001: input,hidraw0: USB HID v1.01 Keyboard [ flirc] on usb-0000:00:1d.3-2/input0

If you do a

root@xbmc:~# cat /proc/acpi/wakeup
USB3	  S3	*enabled   pci:0000:00:1d.3

shows you two things: First, 1d.3 is “USB3″. Then usb5 is what we need in our next step. The new line for /etc/rc.local is as follows:

echo "enabled" >  /sys/bus/usb/devices/usb5/power/wakeup

and that needs to go before the “exit 0″ line of course.

Categories: XBMC Tags:

An XBMC installation

January 30th, 2013 Comments off

xbmcpicThis is just a quick description of my XBMC system what I setup quite some time ago. The installation and setup is fairly easy, if you have some Linux background you do it in one evening.

The base hardware is a ZOTAC ZBOX ID42 with 4GB memory and a 320GB 2.5″ harddisc. The ID42 has an integrated NVidia Ion chipset, which is quite decent (and gives you decent HD quality playback). You can see it a bit on the picture in the top right corner.

Then I didn’t want to have yet another remote at the livingroom table and went for a decent Logitech universal remote. These are universal remotes, not that rubbish you can buy elsewhere. Their middle-range of remotes have a nifty feature called “activities” which makes basically your range of somehow connected TV “multimedia” devices be seen as just one device. It let’s you define that Volume is your soundsystem, not your TV. It is worth the money, looks good and the quality and “finger feeling” is just awesome (as compared to any other remote I have ever used).

I nearly forgot, you certainly need something on your ID42 that your button presses on your shiny remote make something happen. FLIRC is the way to go. It is fairly in-expensive, but most importantly, just works with your remote. Its software is installed fairly easy and configured and then, it just works – again.

My ID42 has still Eden (version 11) of XBMC installed. Version 12 (“Frodo”) just came out recently and has a huge range of features, like “Live TV”. My theme is “Aeon Nox”, which is the most configurable and beautiful them I could find. Please checkout their video demos, they are really helpful, as they explain how to setup it up properly.

I am nearly at the end of my setup, I don’t think I have forgotten something. Maybe one thing, if you want to give XBMC a try, you can either try to use “XBMCbuntu”, that’s a Live-CD, what can be installed. Alternatively, you can give OpenElec a go, which is XBMC as an embedded system, very slick and slim – and the installation on a Raspberry Pi is done in 10 minutes – seriously! More on this another time.

Categories: XBMC Tags: