Secure everything, everywhere. Squared!

Written by Dominik Joe Pantůček on September 27, 2016.

I was really keen to attend one of the (ISC)2 SecureEvents: The SecureCEE Conference 2016 in Prague. Read on if you are interested in current security trends!

■ ■ ■

Writing C extensions for Racket

Written by Dominik Joe Pantůček on May 26, 2016.

As our latest project has progressed we encountered a strange obstacle: there is no portable way to determine file inode number in Racket. That would not be much of a problem, but as we tried to dynamically link stat-like functions from libc using ffi, we found that each platform and glibc version has different ABI – including the sizes of various stat structure fields. So we dived into writing extensions in the C programming language.

■ ■ ■

Numerical approximation of inverse functions in Racket

Written by Dominik Joe Pantůček on May 19, 2016.

In one of our recent projects we are working hard to be able to detect filesystem changes that may indicate substantiate increase in the number of encrypted files. There may be several hints that given file contains encrypted data and one of the most prominent properties of such file is its high entropy. But how to measure it? And how to measure it effectively? In this post we will look into a relatively simple statistical analysis of file data that can shed light on its entropy. The only problem here is there are no readily available software solutions to do this.

■ ■ ■

Multiple networks elliptic curve cryptography testing

Written by Dominik Joe Pantůček on May 12, 2016.

As I have had to give a talk about elliptic curve cryptography for the testing community in Czech Republic at the regular pro[test] event held in Prague two weeks ago, I wondered what could be actually tested about ECC in real-world scenarios. As I was digging through my notes, I realized there is something everybody really hates – waiting for web page to load. And with HTTPs everywhere now the crucial part slowing the whole browsing experience down is how fast the connection can be established. That is because encrypted connection requires exchanging quite a lot of information at the beginning and can go on without much overhead afterwards.

■ ■ ■

Fun with MariaDB Galera cluster

Written by Dominik Joe Pantůček on April 21, 2016.

Striving for high-availability of some software systems requires ensuring their individual components are reliable and usually redundant. A typical example of such component is a SQL database – MariaDB being the case we had to handle this time.

We decided to go for MariaDB Galera cluster on CentOS and I would like to write about our experience here. We have chosen active-active (master-master) design with two nodes called nodeA and nodeB having IP addresses 192.168.0.1 and 192.168.0.2 respectively.

■ ■ ■

ECC beauty and legacy beast

Written by Dominik Joe Pantůček on April 14, 2016.

Picture yourself in an Abelian group on a two-dimensional finite field with identity point at the infinity and group generator…

Sometimes technology resembles psychedelic pictures of the 60’s – in a good way. Elliptic curve cryptography primitives are an example of such technology. When – as a programmer – you dive into them, you find yourself in a spectacularly simple yet effective machine. I am still talking about the ECC! While working on a project which uses ECC primitives I started wondering: why only a handful of protocols use these? Why is such beautiful tool as ECDSA left alone in the corner and everyone dances with bigger and bigger hammers like RSA?

■ ■ ■

SecPublica 2016

Written by Dominik Joe Pantůček on April 7, 2016.

I have had a tremendous opportunity to be a speaker at the SecPublica 2016 security conference held in Prague on 31st March. All the speakers – including myself – gave the talks in Czech and therefore the presentation slides and videos are useful only for you guys from the Czech (and Slovak) Republic.

Feel free to check them out for yourself at http://www.secpublica.cz/2016/. There are however a few things worth noting from my preparations for this talk I would like to write here about.

■ ■ ■

Linux routing API? No. ABI? Maybe – why?

Written by Dominik Joe Pantůček on March 22, 2016.

I would like – if I may – to take you on a strange journey.

As a part of developing a simple UDP-based networking application for Linux where the client may communicate with the server over multiple physical network connections, we needed to programatically setup source-based routing. It seemed like a really simple task. A simple task which turned into a roller coaster ride from the heights of pure amusement to the very depths of hell itself.

■ ■ ■