Paranoid Beavers

Security, Privacy, Canadianism

about me

Long time Linux enthusiast, web developer, sysadmin, security mongrel.

Spy stuff: symmetric crypto with forward secrecy

We're all impatiently waiting on quantum-proof asymmetrical crypto algorithms to become commonplace. Until that happens, we must all live with the assumption that all currently used asymmetric crypto will be trivially decryptable once quantum computers become powerful enough. This is probably the reason why government agencies have been wholesale logging …

written in crypto, security, privacy, quantum Read on →

Reverse Proxy Grapher

I am working on documentation for an upcoming security audit and needed a way to display how various externally available ports and URLs mapped to internal VMs, clusters, and services. I didn't want to draw them manually in various charting tools because this is the kind of data that quickly …

written in infosec, sysadmin, graphviz, python Read on →

Travel (Linux) laptop setup

The Linux Foundation Open Source Summit is happening in Beijing next week, and some of the topics I've had to cover in my capacity as "the security person" were from members of the IT staff asking my advice about the best strategy for bringing laptops and being able to do …

written in infosec, security, travel, laptops Read on →

Keep track of weird logins with Howler

Howler is a small utility I wrote to be notified when my users were logging in from unusual locations. I wanted to know if someone who normally logs in from Canada was suddenly logging in from Korea -- and especially if they were suddenly rapidly hopping between two different locations. It's …

written in infosec, security Read on →

Airbags and steel frames

In my keynote to the 2015 Linux Kernel Summit I compared the way we currently approach IT security to the way car makers approached automotive design in the 1960s. Back in the day, car companies concentrated on adding more engine power, improving vehicle reliability and tweaking the overall body design …

written in infosec, security, cars Read on →

Obligatory first post

Obligatory first post is obligatory. I guess I've grown fond of using pelican for kernel.org, so I'm going to adopt it for my own needs as well. Besides, I find writing my articles in VIM so much more appealing than any kind of web tool like Medium.

This "blog …

written in helloworld Read on →