Dzu's Blog (Einträge über security)

Using SoloKey2 under GNU/Linux

Detlev Zundel — Tue, 01 Apr 2025 09:01:30 GMT

As I used the i.MX8M Mini SoC in previous blog posts, I decided to explain the "magic" going on with the default boot settings in U-Boot. Understanding this gives us a solid foundation to efficiently work with the eval board during early development.

Of course it is also possible to reuse the framework for your own embedded Linux project, so it is even more important to understand the functional implications of it.

Weiterlesen… (2 min verbleiben zum Lesen)

checksec

Detlev Zundel — Tue, 01 Jan 2019 23:48:31 GMT

It is not a coincidence that the first post in this still young year is about security. Since I realized last year how far the current internet with its "data capitalism" has strayed from its beginnings, I did a lot of reading to understand the situation in more detail. Data and Goliath by the renowned security expert Bruce Schneier was a depressing eye opener and I am currently still reading his new book Click Here to Kill Everybody which reiterates the problems in light of more recent events. If you are looking for more in depth information from somebody with a long track record, I can strongly recommend those books as a starting point.

One of the lessons I recently learned is that real security is extremely hard to achieve - even by the best in the field. It is also pretty much impossible for a non-specialist to evaluate the security of any given solution without much more transparency into the security design process (threat models) and the implementation methods used to avoid them (protocols, etc.).

The Linux kernel and the GNU tool chains on the other hand offer a variety of hardening features to protect a GNU/Linux system from certain vulnerabilities. Having a tool to quickly evaluation which of those methods are in effect on a given system would be a welcome tool in the toolbox, especially when custom build systems are involved rather than the well known distributions.

The application security expert Tobias Klein provides a nice shell script to do exactly that. As checksec.sh only requires the Bourne Again Shell (bash), it is immediately usable on pretty much every GNU/Linux system out there.

Weiterlesen… (2 min verbleiben zum Lesen)

Switching to https with Let's Encrypt

Detlev Zundel — Sun, 22 Oct 2017 17:46:00 GMT

As you may have noticed, the blog is now being served as a secure, encrypted page with the help of a fresh TLS certificate from Let's Encrypt.

Ever since I first learned about this initiative supporting a more secure and privacy-respecting web, I wanted to use such a certificate for my blog. The immediate enthusiasm was slowed by the realization of the very short lifetime of the certificates and so the idea was left dormant for a while. With a validity of only three months, some sort of scripting infrastructre is needed to ensure that the certificates are renewed in a timely fashion and back then I didn't see an easy solution ready in a few minutes. Luckily enough, my web space provider Hostsharing eG integrated Let's Encrypt in a completely seamless fashion in the last weeks. All I needed to do was to tick the "Let's Encrypt Zertifikat" option in the HSAdmin web interface, specify the valid sub-domains and a few minutes later the website started serving the certificate.

Admittedly it took a little longer to find out why Firefox kept complaining about blocking mixed content on the TLS connection replacing the icons in the left hand panel by empty rectangles. Debugging the problem showed that the icons are in fact individual "characters" in an off-site font referenced by my chosen Nikola theme. Switching the template HTML to load the fonts also over https finished the transition.