Friday, December 11, 2015

Ads trickery

For whatever reason the cluster-maps widget began to
distribute ads via their feed.

As I have strong no-ads policy here, I was forced to delete
it. Thats a bit unfortunate as I really liked it and
it was a cool widget to see where visitors came from.
Wrong move!

If anyone knows how I could disable the ads w/o
disabling the entire cluster-maps widget or knows about
an ad-free alternative to it, please leave me a comment.

Thursday, December 10, 2015

deniability trickery

Pushed some new changes to opmsg git:

o deniable personas: opmsg now supports OTR-style messages
  that are signed and integrity protected but still deniable
  so your peer cannot proof you wrote a certain message. Nothing
  in the message format changes and you can use deniable messages
  as any other ones. Please check the README about this topic.

o Its now possible to specify more than one -E target persona to
  support Cc/Bcc of emails. Please note the slight mutt config
  changes: '%r' vs. %r if you are going to use Cc (also check

Thursday, December 3, 2015

randup trickery

We at opmsg team take security very serious. Really.

So at times we end up digging in underlying libs which
we use, to understand entropy and key generation.
Since we take security so serious (really), we are very Nazi
about entropy. If we find anything that might be an issue
or could be an issue if used in certain environments,
we take all necessary actions to protect you.

So this time we inform you, our valued customer, that
usage of libressl in certain Linux environments could
be dangerous with regard to key generation. In nested
container environments (cloud!) the state of the PRNG
may be cloned and there is nothing you, our valued
customer, can do about it via the libcrypto API.
Thats why we, who take security very serious, informed
the libressl team and proposed a solution.

PoC and solution may be found here. Please note that
this is different from the CLONE_PID issue in past
which allowed for reuse of pids but is no longer possible
on recent Linux kernels.

Beside that, opmsg team acknowledges time and effort libressl
developers invest into the project and found libressl
code clean and mature. We continue supporting and recommend
use of libressl in opmsg.