Thursday, August 25, 2011

Protecting yourself from Flash cookies

Its not well known that Flash has some good privacy options. When installed on OSX, you get a control panel item that allows to set your preferences. If you use Firefox you can also use Betty Privacy to control your flash cookies, also known as Longterm Storage Objects or LSOs.

In System Preferences, click on the Flash button


and it loads the options. You can choose what you want, suggest going for "ask me before allowing sites". Google's gmail sets 2 LSOs, maybe it doesn't work properly if you prevent gmail setting LSO.


You can also click "local storage settings by site" to set per Site options, or "delete all" and do exactly that.

Monday, August 22, 2011

Howto forget known host in CrOS / ChromeOS

Since CrOS / ChromeOS does not have a real test editor, if a host you SSH to changes, its not obvious how to remove the old one from known_hosts so you can add the new one.

In CrOS (ctrl+alt+t) type

    ssh_forget_host

You then get a list of know hosts, so just type in which one you want to forget.

Monday, August 15, 2011

Macs with AES-NI

Macs with AES-NI - green = yes, red = no. If your Mac is not on the list, then likely its no, as at 15 August 2011. Basically to have any chance you need Core i5 or i7.


With OSX 10.7 Lion having Full Desk Encryption (FileVault 2), and it being able to have hardware
acceleration from CPUs that have AES-NI, you need to ask which CPUs in Apple Macs have AES-NI. Also useful if you use TrueCrypt, which can use AES-NI. You can use TrueCrypt to share encrypted drives / partitions between Macs and Windows - very useful if you use your office for off-site backup of home data.

Information compiled from www.everymac.com and ark.intel.com

Saturday, August 13, 2011

How fast is openssl with AES-NI?

Now that Apple have moved to core i CPUs across their line from just a few before,
and with the release of Lion with its AES based full disk encryption called File Vault 2 (FV2), I've been curious about performance hit from FV2.

As far as I can tell, using FV2 gives a file system performance hit of less than about 10%. So if you were to move to SSD from spinners and then use FDE / FV2 on Lion then you would still see a big gain in disk I/O.

Anyway, you can run some openssl benchmarks.

On my personal MBP a 2.53 core 2 duo

    $openssl speed aes-256-cbc

    Doing aes-256 cbc for 3s on 16 size blocks: 18280734 aes-256 cbc's in 2.96s
    Doing aes-256 cbc for 3s on 64 size blocks: 4660089 aes-256 cbc's in 2.94s
    Doing aes-256 cbc for 3s on 256 size blocks: 1196116 aes-256 cbc's in 2.98s
    Doing aes-256 cbc for 3s on 1024 size blocks: 298821 aes-256 cbc's in 2.97s
    Doing aes-256 cbc for 3s on 8192 size blocks: 36577 aes-256 cbc's in 2.92s
    OpenSSL 0.9.8r 8 Feb 2011
    built on: Apr 22 2011
    options:bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) aes(partial) blowfish(ptr2)
    compiler: -arch x86_64 -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings -fasm-blocks -O3 -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DMD32_REG_T=int -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DOPENSSL_THREADS -DZLIB -mmacosx-version-min=10.6
    available timing options: TIMEB USE_TOD HZ=100 [sysconf value]
    timing function used: getrusage
    The 'numbers' are in 1000s of bytes per second processed.
    type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
    aes-256 cbc 98934.37k 101410.31k 102676.20k 102983.81k 102790.17k

If you have AES-NI and your openssl has AES-NI ability you can run

    $openssl speed –engine aesni –evp aes-256-cbc

If I find myself in an Apple store I might try running this.

Friday, August 5, 2011

NVU is dead, long live Kompozer

If you used to like Nvu for your web site editing, you'll know its not been updated well, for ever. Now it has a spin off that is more up to date, Kompozer

Monday, August 1, 2011

Howto Paste text into CroSH Chrome OS Terminal

If you have a ChromeBook, lucky you! On occasion I need to run terminal commands in CrOS's command line. You can do a copy from Chrome browser, but ctrl-v to paste doesn't work.

The answer is to do a three-finger click - ie press your middle three fingers onto the trackpad.