xenol's blog

Chance favors the prepared mind

Dec 30, 2012 - 2 minute read - Comments - 29C3 CCC

29c3: Day Three

Third day of the Congress was filled with some number of interesting talks I visited. I started with a talk, in which I was interested the most - An Overview of Secure Name Resolution - DNSSEC, DNSCurve and Namecoin. Speaker gave great introduction into DNSSEC and also talked about its deployment rate. He also spoke DNSSEC’s use in amplification attacks and suitable countermeasures. DNSCurve and Namecoin was discussed as well. From this talk, it is clear that DNSSEC is the way forward.

Dec 29, 2012 - 2 minute read - Comments - 29C3 CCC

29c3: Day Two

I started this day with visiting talk by Axel Arnbak titled Certificate Authority Collapse. Axel talked about the current model being completely broken (nothing new in the security community) and that the change is needed. He described the DigiNotar incident. The European Union wants to address this issue by regulations, which do more harm than good. If the CA model is broken, it should be fixed technically and not by law.

Dec 28, 2012 - 2 minute read - Comments - 29C3 CCC

29c3: Day One

29c3 is my first Congress I visited. It returned to Hamburg after 8 years of being held in Berlin and is located at the Conference Center Hamburg (CCH). First day’s talk were mostly non-technical ones. Not my department by Jacob Appelbaum proposed that people should develop more software like Tor or similiar tools. The second talk titled Enemies of the State: What Happens When Telling the Truth about Secret US Government Power Becomes a Crime was about breaking the US constitution by the US goverment and the rise of spying practices after 11th September 2001 covered as the fight against the terrorism.

Oct 29, 2012 - 3 minute read - Comments - sysadmin FreeBSD DNS

DNSSEC automatization with OpenDNSSEC

DNSSEC is an amazing piece of technology. DNSSEC data is digitally signed. The validating DNS server can check if the data it receives is identical to those on the authoritative DNS server. This helps us mitigate DNS cache poisoning. I have signed my domain back in January 2012, signing my zone by hand. However, I forgot to resign my zone and the zone signature expired making it unresolvable. This made me wonder how could I automatize the whole process.

Jun 1, 2012 - 1 minute read - Comments - personal

Passed RHCE exam

I took and passed both Red Hat Certified System Administrator (RHCSA) and Red Hat Certified Engineer (RHCE) exams. The certification is valid for 3 years. After that you have to either retake RHCE exam or pass other higher level Red Hat certification in order to prolong certification validity. RHCSA exam took 2.5 hours and RHCE 2 hours. I was nearly done after 1 hour and used the remaining time for checking.

Feb 11, 2012 - 2 minute read - Comments - OpenIndiana

OpenIndiana involvement

I have been watching OpenSolaris development for a long time. As a technology fan, I really like all the cool features OpenSolaris offers: ZFS filesystem capabilities, service management with SMF, dynamic tracing and application debugging with DTrace, container-based virtualization with Solaris zones, network virtualization with Crossbow, safe system upgrades and downtime minimalization via Boot Environments and integratiom of all these features together makes it perfect operating system for a server. However, OpenSolaris is dead and it continues to live as OpenIndiana, which is a Illumos-based derivate.