Avoir de bonnes résolutions, c’est important

Préambule

Cet article est né du constat que plein de gens, pour plein de bonnes raisons, ne savent pas vraiment comment fonctionne la résolution des noms et adresses IP sur les équipements. Du coup, l’annonce de Cloudflare sur 1.1.1.1 (et dans une certaine mesure celle plus ancienne de Quad9) fait se poser plein de questions sur les performances et la gestion de la vie privée sur ces aspects.

J’essaie donc — comme sur Twitter 1 début avril — d’expliquer du mieux possible tout ça. Comme d’habitude, le diable est dans les détails et si l’offre Cloudflare est intéressante, il ne faut pas faire les choses à moitié.

Read on →

De la cryptographie dans l’Histoire - épisode 3 : Midway

WWII : Le tournant de la guerre dans le Pacifique

J’en ai un peu parlé dans le premier article de cette série, celui consacré à la mort de l’Amiral Yamamoto. La bataille de Midway, qui se passe peu de temps après la bataille de la Mer de Corail en mai 1942, marque la fin de la suprématie japonaise et l’arrêt des conquêtes. C’est aussi l’aboutissement d’années d’efforts conjugués entre Américains et Britanniques dans le domaine cryptographique pour casser les codes statégiques japonais, notamment le JN-25.

Read on →

De la cryptographie dans l’Histoire - épisode 2 : Dreyfus

L’Affaire Dreyfus et le plus fameux télégramme de la Belle époque

Comment la cryptographie a permis d’innocenter le principal accusé de l’affaire Dreyfus

L’affaire Dreyfus restera comme la plus connue des histoires d’espionnage de la Belle époque, moins pour les aspects liés à la cryptographie qu’à ceux liés à l’antisémitisme d’une partie de la population.

L’affaire ébranlera la République au travers de la chute du gouvernement Dupuy et le « J’accuse ! » de Zola.

Read on →

De la cryptographie dans l’Histoire - épisode 1 : Yamamoto

Préambule

Storify est mort, vive le blog !

Cet article et le suivant ont été publié sous forme de fil de tweets, lui-même regroupé par feu storify.com en Tweet story. Pour faciliter l’exploration via des moteurs de recherche, je les re-publie sous forme de billet.

Read on →
Comments

2017 in books

Preambule

Hopefully I have broken the bad luck series I have been in the past two years; not only I managed to read all the books I planned to, I even manage to more or less explode my challenge with 65 books out of 35 \o/. What happened? Better work conditions with my new position and a new house might just have been what I needed so I could find more time for reading…

Our friends at Goodreads have done some nicely presented stats here and this article will go in more details than just stats :)

As always, a mix of re-reading books I like and new authors & series and some disappointements as well, nothing is perfect…

To the books!

Read on →
Comments

ripe-atlas is now usable…

Background

A long time ago, I got a RIPE Atlas probe from a friend of mine — who does not know Stéphane Bortzmeyer?. For those who don’t know, these probes creates a big friendly botnet that enables all users — including you, whether you have one or not — to create “measurements” on the global Internet.

Measurements are used today to (guess what) measure things like DNS queries, network latencies and more. Having a probe enables you to participate by submitting your own network data. The more probes there are, the better. It has been frequently used on the past to find out about DNS censorship like here, here or here.

How does it work? The probes have a set of builtin measurements that get sent regularely to the RIPE servers and there is an API available to make queries out of these probes. There is of course an official tool available but it is in Python. While I could just use it, I do not like Python.

Various tools are available in different languages as well here.

As a Golang fan, I’ve tried to use these and was never satisfied. Either the CLI sucks or the tool had too many dependencies or something else. So you can guess, I had to write one myself. That was also an excuse to play a bit more with Go as a language :)

And today, I released version 0.21 of my so called ripe-atlas tool. After (way too many) commits, changes and test-by-errors, it is now usable.

Read on →
Comments

New mfsbsd tutorial out for FreeBSD 11.x

Preambule

You may remember these articles I posted a while ago in the “howtos” category on my website. I had two of them on my ZFS-on-root setup, one on FreeBSD 8.2 for a local machine and one for a remotely managed server on FreeBSD 9.2.

The most important one was the latter as I moved all my services on dedicated servers hosted in datacentres (all managed by Online1).

My most heavily used machine at Online is getting old now by today’s standards and, to stay within the scope of the aforementioned articles, lacking the cryptographic hardware extensions in its CPU (an Intel Xeon L3426 — as you can see, old :)).

While I was just running my web & mail site out of it, I do not really need blazing fast disks (or I’d have taken SSD) but still, now that I’m sharing stuff with the Transmission P2P client and building my own set of FreeBSD packages for the host and its jails with Poudriere, the bandwidth limitation is taking its toll (35 MB/s without the AES-NI instructions vs 150 MB/s).

I may also running out of disks space (ahem), the disks are 90% filled…

Read on →
Comments

Calife 3.0.6 is out!

Minor upgrade for Calife, now at 3.0.6. Some cleanup & refactoring of the code. Better diagnostics when fork(2) fails. New header file to have better declarations like for die(), courtesy of Bertrand Petit.

It is available on my Bitbucket and Gibhub repositories. There is a fingerprints file signed with my GPG key. Please, check the signature before using the files. BTW, the GPG key is here

It is now-ish in the FreeBSD ports tree.

Comments

2016 in books

Preambule

Well, if I thought (cf. the previous article) that 2015 was bad for reading, well, 2016 clearly beat 2015 by a long shot :(

I planned reading a bit more than 2015 (goal was 48) and I managed… 30. A freaking disaster. I was mostly unable to read during the first half of 2016, too many issues at work and in my personal life.

See for yourself: the 2016 challenge

Read on →
Comments

Last day at BSDCan 2016 - conference

(followup on previous article)

The last day of BSDCan is always special: all talks start at 10AM instead of the usual 9AM to account for the preceding night, generally filled with beer and food for some reasons :) It is also when the famous auction is taking place. During the closing session, Dan will auction a few items and the money given to the Ottawa Mission charity. He does that also with PGcon, the equivalent of BSDCan for Postgresql.

Auctioning

But for now, the talks!

Read on →
Comments