Skip to main content

Posts

Showing posts from May, 2016

Setting up CloudFlare's Universal SSL and Origin CA on Plan 28

Although I work for CloudFlare there are some products that I haven't experienced as a customer and it's always fun and useful to actually behave as a customer and try them out. I like to do this to make sure the experience is good and try to spot bugs.

CloudFlare recently released a feature called Origin CA that generates a certificate you can drop onto your web server to ensure that the connection between CloudFlare and the server is secure. CloudFlare also offers a feature called Universal SSL that offers free SSL connections for the connection between a web browser and CloudFlare. Put the two together and you've got SSL from browser to CloudFlare and CloudFlare to the origin web server. Neat.

One of my domains, plan28.org, had a web site that was served over HTTP and I decided to SSL it using CloudFlare. I'd seen it demoed but there's nothing like trying it out for yourself. It was really quick to get set up. plan28.org is on CloudFlare's free tier.


He…

What the "Silicon Valley" Easter Egg code does and how

In the TV series Silicon Valley there was apparently a snippet of code presented that is part of a compression algorithm. The code (or at least part of it) can be executed and the the program will output:

DREAM_ON_ASSHOLES
The code itself has been published first as a screen shot, then as text and got some press. But I hadn't seen a good explanation of how it works. It looks pretty complicated but most of the code (written in C) is unused and the part that is actually executed is pretty simple (if you've spent years coding in C-like languages). Here it as presented:

#include <stdio.h> #include <stdlib.h> typedef unsigned long u64; /* Start here */ typedef void enc_cfg_t; typedef int enc_cfg2_t; typedef __int128_t dcf_t; enc_cfg_t _ctx_iface(dcf_t s, enc_cfg2_t i){ int c = (((s & ((dcf_t)0x1FULL << i * 5)) >> i * 5) + 65); printf("%c", c); } enc_cfg2_t main() { for (int i=0; i<17; i++){ _ctx_iface(0x79481E6BBCC01223 + ((dcf_t)0x1…

Two factor paper passwords

I guess it makes me boring but I try to get people to use stronger passwords.

People love to use the same password over and over again, or they invent some amazing scheme like the same single word followed by their birth year, or replacing a's with 4's. And no matter how many password database get hacked the idea that password security matters doesn't seem to really sink in.

When I do get someone to listen I tell them to use diceware generated passwords and them write them down in a little book and guard the book jealously (actually, I tell them to use a password manager but most people seem to balk at using software I think for fear of losing their passwords).


So I advise them to buy something like this and then keep a record of their passwords generated using diceware. Usually people seem happy to have something that creates them passwords like this:


But then they often ask the sensible question: "What if someone steals that book?" And so I suggest a 'two …