Miscellaneous updates

In the past month, I have sat down to write entries here several times, only to end up deciding that I didn't have enough to say about the topic in question. Well, not enough times four probably is enough, so here's the miscellaneous news/musings update for the month.

On May 16 - 19 I was in Ottawa attending BSDCan'07, meeting all of the FreeBSD developers whom I hadn't seen since BSDCan'06, and giving a talk about FreeBSD Portsnap (my slides are available in PDF format). My talk was unofficially subtitled "a case study in black magic" --- unofficially since the conference T-shirts were already being printed when I came up with the subtitle --- and I very much hope that's what people take away from my talk (and from reading the slides, for those people who didn't attend the talk itself): Lessons which can be learned from Portsnap and applied to other problems. As usual, BSDCan was fantastic --- Dan is an amazing conference organizer --- and I'm sure BSDCan'08 will be even better next year.

While I was at BSDCan, many people asked me if I had followed up on my earlier musings concerning Encrypted snapshotted remote backups. The answer is yes: I decided to work on this instead of taking a job with a company which I can't name due to an NDA. At BSDCan, the status of my work was that I had a really great offline non-encrypted snapshotted backup system and was in the middle of putting the bits together for the encryption; the status is now that I have what I consider to be the world's greatest offline encrypted snapshotted backup system, and am working on the "online" code.

Speaking of cryptography, the past few weeks have reminded me why I don't like OpenSSL very much. Among its many other problems, OpenSSL:

  1. Doesn't have any documented mechanism for exporting and importing "raw" RSA key parameters (i.e., without base 64 encoding or similar nonsense). In my code I'm reaching into a "struct rsa_st" to access the BIGNUM fields directly, and hoping that OpenSSL won't change so much as to make this stop working any time soon.
  2. Doesn't have any documented mechanism for differentiating between "internal OpenSSL error" and "RSA signature is invalid" (or, less importantly, between "internal OpenSSL error" and "RSA-encrypted message is invalid"). In my code I'm looking at the error code returned by ERR_get_error, but this is not a documented solution (and is not guaranteed to work in the future -- OpenSSL has added new error codes as part of security patches in the past).
  3. Doesn't have any documentation at all for the AES_* family of functions. It's not hard to figure out how to use them, but still...

To conclude with a completely non-technical note, it seems that 2006/07 is the year of Colin's friends leaving Vancouver: Within a 12 month window, I have friends moving to London, Japan, Montreal, and Winnipeg. They all have perfectly good reasons for leaving, and they're all coming back to Vancouver sooner or later; but it's still a bit disconcerting seeing so many of my mid-20ish friends scattering.

Posted at 2007-06-06 09:30 | Permanent link | Comments
blog comments powered by Disqus

Recent posts

Monthly Archives

Yearly Archives


RSS