|
||||||
|
I’m in the process of converting my Fedora/rawhide laptop to Debian. On Fedora the AES encrypted filesystems deliver about 38MB/s read speed according to dd. On Debian the speed is 2.4MB/s when running Xen and 2.7MB/s when not running Xen. The tests were done on the same block device. Debian uses a SMP kernel (there […] On a mailing list some questions were asked about disk encryption, I decided to blog the answer for the benefit of others: What type of encryption would be the strongest? the uncrackable if you will? im not interested in DES as this is a US govt recommendation – IDEA seems good but what kernel module […] checkmodule -m -o local.mod local.te semodule_package -o local.pp -m local.mod semodule -u local.pp Save the following policy as local.te and then run the above commands to make semodule work correctly and to also allow restorecon to access the console on boot. module local 1.0; require { class chr_file { read write }; class fd use; […] Following from my 5 minute OSDC talk yesterday on 5 security improvements needed in Linux distributions I gave a 5 minute talk on installing SE Linux on Debian etch. To display the notes I formatted them such that they were in 24 line pages and used less at a virtual console to display them. The […] Yesterday I gave a presentation at OSDC in Melbourne about my Postal mail server benchmark suite. The paper was about my new benchmark program BHM for testing the performance of mail relay systems and some of the things I learned by running it. I will put the paper on my Postal site in the near […] In a comment on my post more about securing an office someone suggested using biometrics. The positive aspect of biometrics is that they can’t be lost, no-one is accidentally going to leave a finger or an eye in their car while they go to a party while other authentication devices are regularly lost in such […] My post about securing an office received many comments, so many that I had to write another blog entry to respond to them and also add some other things I didn’t think of before. One suggestion was to use pam_usb to store passwords on a USB device. It sounds like it’s worth considering, but really […] One issue that is rarely considered is how to deal with office break-ins for the purpose of espionage. I believe that this issue has been solved reasonably well for military systems, but many of the military solutions do not apply well to civilian systems – particularly the use of scary dudes with guns. Also […] Today I discovered a bug in one of my programs, it called system() and didn’t correctly escape shell eta-characters. Fortunately I had written custom SE Linux policy for it which did domain_auto_trans(foo_t, shell_exec_t, very_restricted_t) so there was no possibility of damage. The log files (which were not writable by the daemon by both SE Linux […] This weekend I was in Sydney for Ruxcon. Ruxcon is a computer security conference with a focus on penetration testing and related skills. The presentation on Unusual Bugs by Ilya van Sprudel was particularly interesting. He spoke about a number of issues that could do with some improvement in Linux, I will file some bug […] |
||||||
