| Andrew Cooke | Contents | Latest | RSS | Twitter | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Lepl parser for Python.

Colorless Green.

Photography around Santiago.

SVG experiment.

Professional Portfolio

Calibration of seismometers.

Data access via web services.

Cache rewrite.

Extending OpenSSH.

C-ORM: docs, API.

Last 100 entries

Pulic Key as Address (Snow); Why Information Grows; The Blindness Of The Chilean Elite; Some Victoriagate Links; This Is Why I Left StackOverflow; New TLS Implementation; Maths for Physicists; How I Am 8; 1000 Word Philosophy; Cyberpunk Reading List; Detailed Discussion of Message Dispatch in ParserCombinator Library for Julia; FizzBuzz in Julia w Dependent Types; kokko - Design Shop in Osaka; Summary of Greece, Currently; LLVM and GPUs; See Also; Schoolgirl Groyps (Maths); Japanese Lit; Another Example - Modular Arithmetic; Music from United; Python 2 and 3 compatible alternative.; Read Agatha Christie for the Plot; A Constructive Look at TempleOS; Music Thread w Many Recommendations; Fixed Version; A Useful Julia Macro To Define Equality And Hash; k3b cdrom access, OpenSuse 13.1; Week 2; From outside, the UK looks less than stellar; Huge Fonts in VirtualBox; Keen - Complex Emergencies; The Fallen of World War II; Some Spanish Fiction; Calling C From Fortran 95; Bjork DJ Set; Z3 Example With Python; Week 1; Useful Guide To Starting With IJulia; UK Election + Media; Review: Reinventing Organizations; Inline Assembly With Julia / LLVM; Against the definition of types; Dumb Crypto Paper; The Search For Quasi-Periodicity...; Is There An Alternative To Processing?; CARDIAC (CARDboard Illustrative Aid to Computation); The Bolivian Case Against Chile At The Hague; Clear, Cogent Economic Arguments For Immigration; A Program To Say If I Am Working; Decent Cards For Ill People; New Photo; Luksic And Barrick Gold; President Bachelet's Speech; Baltimore Primer; libxml2 Parsing Stream; configure.ac Recipe For Library Path; The Davalos Affair For Idiots; Not The Onion: Google Fireside Chat w Kissinger; Bicycle Wheels, Inertia, and Energy; Another Tax Fraud; Google's Borg; A Verion That Redirects To Local HTTP Server; Spanish Accents For Idiots; Aluminium Cans; Advice on Spray Painting; Female View of Online Chat From a Male; UX Reading List; S4 Subgroups - Geometric Interpretation; Fucking Email; The SQM Affair For Idiots; Using Kolmogorov Complexity; Oblique Strategies in bash; Curses Tools; Markov Chain Monte Carlo Without all the Bullshit; Email Para Matias Godoy Mercado; The Penta Affair For Idiots; Example Code To Create numpy Array in C; Good Article on Bias in Graphic Design (NYTimes); Do You Backup github?; Data Mining Books; SimpleDateFormat should be synchronized; British Words; Chinese Govt Intercepts External Web To DDOS github; Numbering Permutations; Teenage Engineering - Low Price Synths; GCHQ Can Do Whatever It Wants; Dublinesque; A Cryptographic SAT Solver; Security Challenges; Word Lists for Crosswords; 3D Printing and Speaker Design; Searchable Snowden Archive; XCode Backdoored; Derived Apps Have Malware (CIA); Rowhammer - Hacking Software Via Hardware (DRAM) Bugs; Immutable SQL Database (Kinda); Tor GPS Tracker; That PyCon Dongle Mess...; ASCII Fluid Dynamics; Brandalism; Table of Shifter, Cassette and Derailleur Compatability; Lenovo Demonstrates How Bad HTTPS Is

© 2006-2015 Andrew Cooke (site) / post authors (content).

Remote Password Safe (for SUSE)

From: "andrew cooke" <andrew@...>

Date: Thu, 5 Apr 2007 14:11:04 -0400 (CLT)

I use password safe (actually a program called password gorilla) to store
all my passwords.  However, I work regularly on at least two different
computers and it's frustrating having to constantly re-synch password
database files.

http://www.fpx.de/fp/Software/Gorilla/
http://passwordsafe.sourceforge.net/

One solution to this problem is to use a USB disk, but that means plugging
it in and out.  Another solution would be to rewrite password safe (which
now has a Java version).  with POrqi and Mule that would probably be quite
simple, but it's still going to be a fair amount of work just getting
access to the source, persuading people to use it, etc.

Neither of those seemed very appealing so I thought further.

Since the database is encrypted it can be made public, but that doesn't
help if you want to add passwords unless there's a way to also have write
access.  So yet another solution would be some kind of public file system.
 However, while the database is secure, there is an obvious attack by
over-writing the database (or denial of service by simply deleting it). 
So the file system cannot be completely public.

So, I needed a public file system with some kind of basic protection from
reads: webdav!  Obviously this only works if you have a web server you can
use (and configure), but it seems to be a reasonable, secure solution.

So below I'll explain what I did:

- Enable webdav on my web server
  (In Suse this is done via Yast - enable the dav and dav_fs modules in
  the HTTP configuration)

- Configure webdav.  I was already using the userdir module, so I
  decided to place things in a sub-directory of my public_html

    <Directory /home/*/public_html/dav>

        DAV On
        AuthType Basic
        AuthName dav
        AuthUserFile /etc/apache2/passwd
        AllowOverride None
        Options None

        <LimitExcept GET HEAD OPTIONS>
            Require user dav
        </LimitExcept>

    </Directory>

  Obviously you need to configure dav with a suitable password too.

  Note that this provides public read access, just in case I forget
  the password while I am away :o)

  Also, my server uses SSL, so those passwords are safe from prying
  eyes.

- Install wdfs (alternatively you could use davfs, but Suse has wdfs
  packages pre-built).

- Mount the directory:

    mkdir passwords
    wdfs passwords -a URL -u dav -p PASSWORD

- Then start password gorilla with that database.  Easy!

- To dismount:

    fusermount -u passwords

Andrew

Updated Apache Config

From: "andrew cooke" <andrew@...>

Date: Thu, 5 Apr 2007 18:40:34 -0400 (CLT)

The above didn't give me read access.  This works:

    <Directory /home/*/public_html/dav>

        DAV On
        AuthType Basic
        AuthName dav
        AuthUserFile /etc/apache2/passwd
        AllowOverride None
        Options Indexes MultiViews
        Order allow,deny

        <Limit HEAD GET OPTIONS>
            Allow from all
        </Limit>

        <LimitExcept HEAD GET OPTIONS>
            Require user dav
            Allow from all
        </LimitExcept>

    </Directory>

Comment on this post