Yutaka Niibe gniibe@identi.ca
Maebashi, Japan
GNU wannabee ['gnu:be], FSIJ chairman, Debian Developer
USB ID and the repository
2018-07-01T23:51:11Z via Pumpa To: Public CC: Followers
For some unknown reason, the maintainer has not yet registered our official USB ID to the database (for years).
https://usb-ids.gowdy.us/read/UD/234b
Today, I digged up the files (of physical papers), and found this one which was sent by FAX.
I wonder if it's enough evidence to be registered to the repo.De-facto standard of Wrist USB
2018-06-28T02:10:59Z via Pumpa To: Public CC: Followers
In China, it seems that there is de-facto standard of PCB for the wrist USB.
Manufacturer offers the band independently.Wrist USB
2018-06-28T02:09:29Z via Pumpa To: Public CC: Followers
I'm considering this type of USB device.Ben Sturmfels likes this.
Interesting =)
Export Control
2018-06-15T01:18:09Z via Pumpa To: Public CC: Followers
I still remember that we had "non-us" section in Debian.
It was due to the export control.
Last month, I bought parts for USB flash memory in China (via TaoBao), to evaluate USB PCB design. But, due to an export control which prohibits exporting illegal content (copyright-wise and anti-china?), it was unable to deliver to Japan.
I had known that CD cannot be exported from China, but I didn't know USB flash too.
weird laws
I read a suggestion (in Japanese) to ask removal of CD when you ask exporting PC mother board from China. That's exactly to avoid export troubles.
It's pretty strange for me that most of PC are from China, and it comes with CD (of drivers, etc.).CVE-2018-0495
2018-06-14T00:55:34Z via Pumpa To: Public CC: Followers
I learned that OpenSSL has a practice not to assign CVE for side channel attack to localhost.
When I asked an allocation from Debian pool, my intention was one for libgcrypt. Then, reporter used it for multiple vulnerabilities among different libraries.Communication to Foreign Country
2018-06-01T04:07:18Z via Pumpa To: Public CC: Followers
Installing "Taobao-lite" to my Xiaomi phone, I managed to order some electric parts. I used Chinese input method of hand writing.
It reminds me late 80's and early 90's when I was struggled to order T-shirt from FSF, using FAX.Tiny USB shell
2018-05-31T23:42:27Z via Pumpa To: Public CC: Followers
I learned that there are common shell designs for Tiny USB shell (for WiFi or Blooth adoptor).
We can design PCB for those shells.
https://item.taobao.com/item.htm?spm=a1z10.5-c.w4002-14993676703.41.25d11938VOB2Df&id=544014231711
https://item.taobao.com/item.htm?spm=a1z10.5-c.w4002-14993676703.56.25d11938VOB2Df&id=549087371947
https://item.taobao.com/item.htm?spm=a1z10.5-c.w4002-14993676703.77.25d11938VOB2Df&id=543560717225Metal enclosure and internal USB PCB
2018-05-30T00:49:07Z via Pumpa To: Public CC: Followers
This is the one which I have an interest.
Finally, I found the connecter for this design:
http://www.usbljq.com/m/?/goods/id-403/index.html
It seems that the design is originated by Sony Vaio USB flash.
And compatible part is available for this design:
https://item.taobao.com/item.htm?spm=2013.1.20141003.6.410260eaoqUtIj&id=547344246086Another PCB de facto standard for USB flash
2018-05-30T00:33:30Z via Pumpa To: Public CC: Followers
This is another one for "DT101G2", but different.
Please note that both designs requires a bit different USB type-A plug, which are a bit thin.McClane likes this.
USB PCB design for USB flash or USB key
2018-05-30T00:30:36Z via Pumpa To: Public CC: Followers
In China, "semiproduct" is available even to individuals.
While I'm considering updating my USB PCB design, I realized that there are something like "de fact" standard; Here is the one which originates Kingston DT101G2 (I suppose).
Compatible enclosures for DT101G2 is available at taobao.com. But actually, there are two different PCB standards for that. This is the one, and I'm going to put another in the next post.Ben Sturmfels, McClane likes this.
Subway Line #4
2018-05-28T04:39:17Z via Pumpa To: Public CC: Followers
Since train was on strike, my selection to CDG was "le bus direct". I bought the ticket on-line beforehand. I thought that I had well prepared.
The funny thing was, in the morning, when I went to the subway station to Montparnasse, it found that the line stopped from that day (May 19th). I turned to another station of line #13.Hackarnaval!
2018-05-18T04:50:43Z via Pumpa To: Public CC: Followers
I had a talk (GnuPG + Gnuk Token) and a workshop with FST-01. https://hackarnaval.online
It was my surprise, in Paris, people accept things don't work. Vending machine not accepting credit card, subwey gate denying to accept tickets, and drivers/officers (for public transportation) being on strike, etc.
(This is my first visit to Paris.)
People in Paris just accepted the fact those services are made by private companies on behalf of government, and they have no power on private companies. You don't vote the CEO.
Yutaka Niibe likes this.
GPG4Win statement on Efail research
2018-05-18T04:44:48Z via Pumpa To: Public CC: Followers
Here is an official statement: https://gpg4win.org/statement-efail.html
(I am not involved, since it's for GPG4Win.)
GnuPG does regular release, but no "security" release for this.
For GnuPG proper (for OpenPGP), here is the ticket: https://dev.gnupg.org/T3981
Effective Hype or Ehype
2018-05-15T05:10:32Z via Pumpa To: Public CC: Followers
Recently, "security researchers" seem to adopt/develop strategy to cheat media people to get maximum attention (only providing technically "correct" things which impress people, while they don't give enough information for the impact, which is actually not that big).
Given the situation that it's not well coordinated to upstream(s) involved, I'd say it's a kind of "MitM" attack. I'm sad that national CERT didn't worked well this time.
I observed that some industries love even fake news, because people's attention is so important for them to maximize flow. So, it's difficult to stop this fashion, I suppose.
I wish "social engineering" researchers doing some research for this strategy. I would call it Ehype.
milo, Jason Self, George Standish likes this.
Err... I didn't have time to review the title. It should be: "EFFective Hype (or Ehype)"
UDP stands for "USB Disk in Package"
2018-05-10T00:27:16Z via Pumpa To: Public CC: Followers
For me, it's "User Datagram Protocol".
I learned that small factor USB flash drive now uses new production technology: PIP (Product in package).
https://www.supertechina.com/index.php/products/109-micro-udp-usb-flash-drive-chip-s1a-8005cCircle (C) on a chip
2018-05-09T23:10:07Z via Pumpa To: Public CC: Followers
IIRC, it was V20/V30 (NEC's pin-compatible CPU to the Intel) which resulted "copyrighting" semiconductor products.
Supporting GD32F103 for Chopstx, it reminds me such a history.
Claes Wallin (韋嘉誠) likes this.
Gnuk runs on GD32F103 @ 96MHz
2018-04-27T06:52:20Z via Pumpa To: Public CC: Followers
I managed to run Gnuk on GD32F103, with some fixes. It takes 6 seconds for RSA4096. For 100 invocations of gpg --decrypt with cv25519, it takes 7.5 second (for STM32F103 @ 72MHz, it takes 21 second). For 100 invocations of gpg --detach-sign with ed25519, it takes 4.4 second (for STM32F103 @72MHz, it takes 10 second).
GD32F103
2018-04-21T04:16:20Z via Pumpa To: Public CC: Followers
Got GD32F103 in ShenZhen. With 96MHz setting, it works fine on Chopstx (USB-CDC example). Then, I tried NeuG, but it doesn't work. ADC driver requires some change, I suppose.
Biang Biang Mian
2018-04-20T07:51:46Z via Pumpa To: Public CC: Followers
For 9th Anniversary of SZDIY, we ate at the Biang Biang Mian shop.
The charactor requires 57 strokes to write:
https://en.wikipedia.org/wiki/Biangbiang_noodles
GnuPG 2.2.6 released
2018-04-11T03:10:43Z via Pumpa To: Public CC: Followers
This release include --card-edit/kdf-setup subcommand to setup KDF Data Object on Gnuk Token (and newer OpenPGPcard).
We can use this feature to lower the risk for some invasive attacks.