Miscellaneous updatesIn the past month, I have sat down to write entries here several times, only to end up deciding that I didn't have enough to say about the topic in question. Well, not enough times four probably is enough, so here's the miscellaneous news/musings update for the month.
On May 16 - 19 I was in Ottawa attending BSDCan'07, meeting all of the FreeBSD developers whom I hadn't seen since BSDCan'06, and giving a talk about FreeBSD Portsnap (my slides are available in PDF format). My talk was unofficially subtitled "a case study in black magic" --- unofficially since the conference T-shirts were already being printed when I came up with the subtitle --- and I very much hope that's what people take away from my talk (and from reading the slides, for those people who didn't attend the talk itself): Lessons which can be learned from Portsnap and applied to other problems. As usual, BSDCan was fantastic --- Dan is an amazing conference organizer --- and I'm sure BSDCan'08 will be even better next year.
While I was at BSDCan, many people asked me if I had followed up on my earlier musings concerning Encrypted snapshotted remote backups. The answer is yes: I decided to work on this instead of taking a job with a company which I can't name due to an NDA. At BSDCan, the status of my work was that I had a really great offline non-encrypted snapshotted backup system and was in the middle of putting the bits together for the encryption; the status is now that I have what I consider to be the world's greatest offline encrypted snapshotted backup system, and am working on the "online" code.
Speaking of cryptography, the past few weeks have reminded me why I don't like OpenSSL very much. Among its many other problems, OpenSSL:
- Doesn't have any documented mechanism for exporting and importing "raw" RSA key parameters (i.e., without base 64 encoding or similar nonsense). In my code I'm reaching into a "struct rsa_st" to access the BIGNUM fields directly, and hoping that OpenSSL won't change so much as to make this stop working any time soon.
- Doesn't have any documented mechanism for differentiating between "internal OpenSSL error" and "RSA signature is invalid" (or, less importantly, between "internal OpenSSL error" and "RSA-encrypted message is invalid"). In my code I'm looking at the error code returned by ERR_get_error, but this is not a documented solution (and is not guaranteed to work in the future -- OpenSSL has added new error codes as part of security patches in the past).
- Doesn't have any documentation at all for the AES_* family of functions. It's not hard to figure out how to use them, but still...
To conclude with a completely non-technical note, it seems that 2006/07 is the year of Colin's friends leaving Vancouver: Within a 12 month window, I have friends moving to London, Japan, Montreal, and Winnipeg. They all have perfectly good reasons for leaving, and they're all coming back to Vancouver sooner or later; but it's still a bit disconcerting seeing so many of my mid-20ish friends scattering.
blog comments powered by Disqus