Danny Grove drGrove

Disaster Recovery

Overview

This document outlines the creation of a "Disaster Recovery" (DR) system which functions as a one-way box that we can encrypt secrets to at any time, but only recover them with cooperation of a quorum of people with access to multiple offline HSM devices stored in a diversity of physical locations.

In short, it should be trivial to backup data, but very expensive to recover;

GPD Win Max 2 - QubesOS 4.1

Firmware Settings

Get to firmware settings by tapping "Del" while booting
Alt+F5 then reboot and return to firmware settings to get secondary "Advanced" menu
Advanced -> CPU Configuration -> SVM Mode -> Enabled
Advanced -> PCI Subsystem Settings -> SR-IOV Support -> Enabled
Advanced -> AMD CBS -> NBIO Common Options -> IOMMU -> Enabled

I know exactly what I want in a long term role so I can save us some time.

For me to be willing to change jobs at this point I would expect:

A high level of autonomy where I am allowed to work weird hours.
Have my obsession for auditable everything be humored/tolerated
- I prefer to work with open operating systems like Linux
- I am never asked to rely on any software I can't audit on any of my personal or company devices.
No need to go find clients myself or worry about the business side of the house
Travel/lodging covered for the 2-3 security conferences I try to attend every year.

SKS Keyserver Network Attack: Consequences

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Back in late February, the Internet Freedom Festival put together a roundtable of communications security nerds to help dissidents in Venezuela figure out how to organize and communicate in the face of widespread DNS poisoning. I contributed a brief HOWTO explaining what the Maduro regime was doing and some simple, effective mitigations. At the very top of the HOWTO was a paragraph of security considerations. Chief among them was a caution that this document came with an OpenPGP digital signature: before relying on the information in the document they ought ensure nobody had tampered with it, either to install malware into the PDF or to alter the advice I was giving.

I put this HOWTO out in the wild. I've had four people send me thank-you notes for writing it. I figure that means it's been seen by between fo

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

ANNOUNCEMENT

I have moved this over to the Tech Interview Cheat Sheet Repo and has been expanded and even has code challenges you can run and practice against!

\


	# Install quemu, docker, etc
	yaourt -S qemu qemu-user-static binfmt-support

	# The quemu-user-static AUR package is outdated and broken. The .deb package they pull is no longer in the ubuntu repository.
	# Edit the PKGBUILD and use qemu-user-static_2.4+dfsg-3_amd64.deb (With SHA1 sum "84d83a16c60c82b6c579f2f750b04a3ac26c249b")

	# Enable ARM emulation
	update-binfmts --enable qemu-arm