Techie

This post will serve to upset both sides of the coin. Apple users wondering why I would load an inferior OS Linux users wondering why I spent all that extra money on Apple Hardware I am going to skip the religious battles over OS and platform and say that if you happen to have loaded Linux on a piece of Apple hardware this post is for you. One of the first problems you will find is that your Alt+Tab doesn’t work as expected. If you follow the instructions your Command and Alt keys will work as you had hoped with the Apple Keyboard: ...

I have covered just about everything possible for drive encryption in OpenBSD. My last post is on using the least recommended option for encrypted volumes. It is slower, unsupported, and unfortunately the best option for seamless operations :) The best way to think about svnd is if you have used truecrypt, it is very similar in that you create an image rather than actually encrypting the entire partition. Using some fancy linking and auto mounts you can use it for hosting your /home /tmp and others. The instructions are below, but unlike the last howto it assumes your system is already installed. This is because svnd does not require you to modify the system prior to /install and can be a good security implementation to use if you are already up and running: ...

Earlier posts outlined howto utilize OpenSC to ensure your CAC worked in Linux or Mac. The problem is that there are new 144k CAC being passed out that do not work with the current coolkey or OpenSC toolsets. What is a happy Federal employee to do?! First you need to find a Windows computer that can access the https://software.forge.mil In a strange turn of events you will be unable to download the software necessary for your true platform of choice to access the software. Its a chicken and egg problem… ...

My original idea was to post a dual how-to for both softraid and svnd, but due to the size of the posts with screenshots, I have decided against that. Since softraid is the path forward in the OpenBSD world I will start here. This post is not dial-up friendly, so be patient while it loads from my poor server. This post is part of my larger OpenBSD crypto series for which the other posts are below: ...

To this day I am flabbergasted by the assertion that because your network is not connected to the big “I” Internet you can practice lax security. Countless places I have walked in the door to find unencrypted email traffic, no antivirus, and zero firewalls. Like the Masons of the middle ages they draw the boundary around the castle/network and assume they are safe. As architects and security professionals it is up to us to remind the Castle Builders that the threat of today is not warded off with simple walls of rock… ...