d10

HashiCorp Vault Plugin for Algorand

Fri, 24 Apr 2020 01:51:17 -0800

This post is based on my experience writing a plugin for HashiCorp’s Vault. While HashiCorp provides thorough documentation, I found that I had to read the code of several open-source plugins before I grokked a bigger picture of Vault plugin development. This is my attempt to document details that are not spelled out in HashiCorp’s basic example. Vault Paths & Policies Paths are a key concept of Vault. It’s fundamental to understand how they work, because Vault gets its utility and flexibility largely from the path mechanism.

Algorand BetaNet

Sat, 02 Nov 2019 01:51:17 -0800

I recently had an opportunity to try Algorand’s BetaNet. Similar to the TestNet, the BetaNet is a place for developers to experiment. Unlike the TestNet where nodes run stable code, the BetaNet runs with features not yet on the live network. For good instructions from the The Algorand team see official BetaNet docs and get help when needed at the BetaNet forum. My notes (this post) may help, if you’re setting up a short-lived node for local development or testing.

Trading with Ledger-cli and Lots

Wed, 07 Aug 2019 10:00:00 -0500

Update: I’ve published the tool described below as lotter, a companion tool to ledger. Source code and instructions: https://src.d10.dev/lotter.

Tracking cost basis for crypto trades is a huge pain. I’ve been experimenting with ledger-cli to track trading history. It works well, so I’m sharing some notes here.

about

Tue, 02 Jul 2019 18:06:11 -0700

David N. Cohen, founder of Beyond Central, works to make software applications more distributed and more secure. Recent Work / Current Projects dumbdown Converts output of go doc into “README.md”, by adding a touch of markdown (in a not particularly smart way). getvain An HTTP server who’s only purpose is to serve the <meta> tags that go get requires when you host your own golang module source code.

discuss

Tue, 02 Jul 2019 18:06:11 -0700

Comments are not supported directly, because we can’t have nice things. You’re invited to reach me via Google group. (Direct link or embedded below.) document.getElementById("forum_embed").src = "https://groups.google.com/forum/embed/?place=forum/d10dev" + "&showsearch=true&showpopout=true&showtabs=false" + "&parenturl=" + encodeURIComponent(window.location.href);

Authenticating Software Dependencies

Tue, 21 May 2019 07:51:17 -0800

To build secure software, we pay attention to many threats that come from outside. Malicious users attempting SQL injection, DoS techniques, and the like.

We also need to pay attention to threats from inside. By this I mean the software dependencies that we import and invoke from within our code. Malicious or compromised dependencies are not just a potent theoretical threat, successful attacks have been documented in the wild.

Given that we rely on dependencies, and that we need a streamlined process to keep them updated, how can we protect our builds from a compromised dependency?

I’ve been working on a tool to do just that, called hancock.

TL;DR

go get src.d10.dev/hancock/cmd/...
go doc src.d10.dev/hancock/cmd/hancock

End-to-End Not-Encrypted

Tue, 21 May 2019 06:51:17 -0800

Let’s play a quick round of word association. I say “end-to-end.”
You say …?

If you’re a cryptographer, I bet you say “encryption.” And with good reason: end-to-end encryption is a basic best practice and fundamental building block of secure communication.

TL;DR

Let’s apply strong authentication to our communication, even when unencrypted.

Screensharing in Qubes (update Dec 2018)

Tue, 11 Dec 2018 07:51:17 -0800

This is an update to an earlier post. Thanks to contributions on this thread and related bugfix. The Qubes operating system aims to be reasonably secure through isolation. One example of isolation: one virtual machine (“Qube”) runs the windowing environment, while other VMs run applications, which are displayed in that environment. This separation from the X11 environment means that an application, like skype or bluejeans, cannot share the screen. This is by design, and highlights the security that makes me a fan of Qubes.

Sign and Submit RCL Transactions

Fri, 06 Apr 2018 13:08:03 -0700

I’m fortunate to be spending this week at Recurse Center, a fantastic “coder retreat” in Manhattan. Highly recommended! My goals for this short stay are: (a) dust off some coding skills that started to grow rusty, and (b) become more fluent in my favorite software language. To those ends, I’ve put together a set of tools that construct, sign and submit Ripple Consensus Ledger (RCL) transactions. There’s a reason I explicitly list construct, sign, and submit.

Building Development Dependencies for Qubes VMs

Sat, 03 Feb 2018 17:10:40 -0800

Qubes has recently published a release canditate for version 4.0. I’m upgrading my system, and taking some notes as I go… Users of Qubes know that template VMs tend to lag behind the latest release of an OS. As I write, for example, a Qubes template is based on Fedora 26, while Fedora 27 was released almost 3 months ago. I mention this not to fault the Qubes team, who do great work.

Screensharing in Qubes

Tue, 23 Jan 2018 12:22:17 -0800

NOTE: The setting described below have security implications. See https://groups.google.com/d/msg/qubes-users/3amtMOIBTgI/rXLXmbM5AAAJ for discussion. At the moment, I am not recommending this approach. I’ll update here if I am able to improve on it. Caveat emptor! UPDATE: See revised post. The Qubes operating system aims to be reasonably secure through isolation. One example of isolation: one Qubes virtual machine runs the windowing environment, while other VMs run applications displayed in that environment.

XRP API Intro

Mon, 30 Oct 2017 23:57:13 -0700

One of my responsibilities at work is to assist exchanges (sites that trade bitcoin, etc) support Ripple’s digital asset, XRP. Ripple’s documentation team is fantastic. Everything that an exchange needs to know is found on ripple.com/build. Still, a newcomer to that documentation may not know where to start, and that could slow things down. To keep things moving fast, my approach is to give these exchanges a “jump start”. By that I mean a brief (one to two hours) presentation, at the end of which they…

Rippled Notes

Tue, 20 Jun 2017 22:59:07 -0700

Some helpful commands, when running rippled. Posted here as a reminder to myself. Commands shown here should work when installed on RHEL or Centos. Alias for rippled alias rippled="/opt/ripple/bin/rippled --conf=/opt/ripple/etc/rippled.cfg" Check the status rippled server_info is essential. Watch this command to see when the server manages to sync: watch "/opt/ripple/bin/rippled server_info | egrep 'load_|complete|peers|status|server_state'" Use ctrl-c to stop. Run in standalone mode Create a copy of systemd unit file