It

i just got hold of interesting document. let me quote it: As remarked in this table the Windows version of TrueCrypt 7.0a deviates from the Linux version in that it fills the last 65024 bytes of the header with random values whereas the Linux version fills this with encrypted zero bytes. From the point of view of a security analysis the behavior of the Windows version is problematic. By an analysis of the decrypted header data it can’t be distinguished whether these are indeed random values or a second encryption of the master and XTS key with a back door password. From the analysis of the source code we could preclude that this is a back door. For the readability of the source code this duplication of code which does the same thing in slightly different ways was however a great impediment. It certainly must also hamper the maintainability of the code. ...

you could meet me sometimes during late night hours on Call of Duty Modern Warfare 2 multiplayer servers. now, i decided to change environment a bit and return to love of my life - flight simulators. i dusted off CD with Microprose Falcon 4.0 and i’m downloading BMS patches while reading about Allied Force (CD is already on my way from one of the Amazon warehouses). i’m still using Saitek Fly 5 but if i’ll be able to find more time to fly - there are couple of better sticks out there. after watching some youtube videos, old memories are coming back - with packs of friends doing missions together. ...

…you have to get back to good old CLI. i’m trying to export VM from very remote VMware vSphere 5.1 to OVA. unfortunately, packing 40GB is not apparently easy, as the whole process fails at different stages with error called by VMware simply timeout (yeah, kudos for brevity). so you have to enable SSH and then copy whole directory with SCP. for optimal transfer from remote location it make sense to use additional parameters: -C and -o CompressionLevel=9 to get locally fully functional and packed OVA: scp -C -o CompressionLevel=9 xyz@zdalne_IP:/vmfs/volumes/very-long-uuid-string/vm_name/\* . ...

next thursday, april 11th, i’ll be visiting Warsaw University on invitation from Maciej Broniarz to have a chat about security from service provider point of view. note it will be mechnism and best practice related talk, not vendor pitch. i’ll mention blackholing as well ;) i may have some gadgets and freebies to give away - so please prepare good questions and see you there!

last CloudFlare DDoS demonstrated, that 300Gbps is no longer some magic barrier for attackers. given such throughput, you can easily drop country like Poland from Internet. of course, immediately such concepts like ‘critical infrastructure’, country financial stability come to mind. i’ll be one of the panelists of RIPE 66 meeting dedicated to BCP 38. it’s one of the things (implementing BCP38!) that you just have to do, to make sure internet is safer. of course closing open resolvers is another one. take care of your network hygiene! and big FIBs! and 100GE interfaces! ...

i’ve just stumbled upon this gem - it’s hard to find these days such well aggregated and summarized information.

it seems that EU has made a reasonable choice to oppose ITU’s taking control over internet. consequences of handing over real control over future of internet to entity that’s slowly sliding into oblivion and has hardly any real influence on the development of technology are not hard to imagine.

…how tightly coupled should it be? i can’t help to think about it. i’m writing this post on construction that was defended to his last days by Steve Jobs. according to his belief, only software tightly integrated with software can be effective and predictable. independently of what Steve believed, there are other examples of such thinking in the world. let’s take for an example company i work for - Cisco. most of our solutions are based on software integrated with hardware without ability to add questionable “apps” to the mix. only then vendor can claim predictability, and so it happens across the whole market of network devices (and not only them). ...

using our new blogging platform, i just published short piece about just announced onePK. i’m watching live discussions for over two years now about network control capabilities. i was one of those distanced guys when it comes to OpenFlow “explosion” in popularity. and as time did show - I was right. today even hardware vendors suddenly slowed down a bit and distance themselves from new standard versions, and development tempo also falls down. more and more of these that believed supporting OpenFlow will suddenly change their support model and feature set - start to understand thats hardly true. some of them even decided to abandon this direction altogether. ...

i just made a short post describing a bit behavior and characteristics of new Sup720-10GE switching matrix that can be installed in Catalyst 6500 - for cisco-nsp@ folks: In old Sup720 design, the Supervisor itself is connected to the fabric using one channel. This channel is used by Hyperion ASIC to provide for bus interface, and multicast/SPAN features. Because there’s no other way to connect the uplinks on the Sup itself, the Hyperion has it’s interface also terminating the uplinks (2xGE) thus limiting effective throughput/etc. BTW, both PFC and MSFC are also connected to the rest of the chassis linecards by Hyperion (PFC) and Pinnacle (MSFC). On the Sup720-10GE, the separate, 19th channel is used to connect the uplinks directly into fabric. Hyperion is still there, it still takes the channel “belonging” to the slot which Supervisor itself is in, but thanks to such design doesn’t limit in any way performance you can achieve on the 2x10GE uplinks (or 4xGE). In the new design, Hyperion takes care of providing connectivity to MSFC3 complex, while Metropolis (ASIC terminating the uplinks and connected to fabric) takes care of providing transport to PFC3C/CXL. The 20th channel is used in the same fashion for the redundant Sup if it’s inserted into chassis. Hope that clears it a bit. ...