Yutaka Niibe gniibe@identi.ca

Maebashi, Japan

GNU wannabee ['gnu:be], FSIJ chairman, Debian Developer

  • Hackarnaval!

    2018-05-18T04:50:43Z via Pumpa To: Public CC: Followers

    I had a talk (GnuPG + Gnuk Token) and a workshop with FST-01. https://hackarnaval.online

    It was my surprise, in Paris, people accept things don't work. Vending machine not accepting credit card, subwey gate denying to accept tickets, and drivers/officers (for public transportation) being on strike, etc.

    (This is my first visit to Paris.)

    People in Paris just accepted the fact those services are made by private companies on behalf of government, and they have no power on private companies. You don't vote the CEO.

    milo at 2018-05-20T09:49:42Z

    Yutaka Niibe likes this.

  • GPG4Win statement on Efail research

    2018-05-18T04:44:48Z via Pumpa To: Public CC: Followers

    Here is an official statement: https://gpg4win.org/statement-efail.html

    (I am not involved, since it's for GPG4Win.)

    GnuPG does regular release, but no "security" release for this.

    For GnuPG proper (for OpenPGP), here is the ticket: https://dev.gnupg.org/T3981

  • Effective Hype or Ehype

    2018-05-15T05:10:32Z via Pumpa To: Public CC: Followers

    Recently, "security researchers" seem to adopt/develop strategy to cheat media people to get maximum attention (only providing technically "correct" things which impress people, while they don't give enough information for the impact, which is actually not that big).

    Given the situation that it's not well coordinated to upstream(s) involved, I'd say it's a kind of "MitM" attack. I'm sad that national CERT didn't worked well this time.

    I observed that some industries love even fake news, because people's attention is so important for them to maximize flow. So, it's difficult to stop this fashion, I suppose.

    I wish "social engineering" researchers doing some research for this strategy. I would call it Ehype.

    milo, Jason Self, George Standish likes this.

    Err... I didn't have time to review the title. It should be: "EFFective Hype (or Ehype)"

    Yutaka Niibe at 2018-05-16T04:49:52Z

  • UDP stands for "USB Disk in Package"

    2018-05-10T00:27:16Z via Pumpa To: Public CC: Followers

    For me, it's "User Datagram Protocol".

    I learned that small factor USB flash drive now uses new production technology: PIP (Product in package).
  • Circle (C) on a chip

    2018-05-09T23:10:07Z via Pumpa To: Public CC: Followers

    IIRC, it was V20/V30 (NEC's pin-compatible CPU to the Intel) which resulted "copyrighting" semiconductor products.

    Supporting GD32F103 for Chopstx, it reminds me such a history.

    Claes Wallin (韋嘉誠) likes this.

  • Gnuk runs on GD32F103 @ 96MHz

    2018-04-27T06:52:20Z via Pumpa To: Public CC: Followers

    I managed to run Gnuk on GD32F103, with some fixes. It takes 6 seconds for RSA4096. For 100 invocations of gpg --decrypt with cv25519, it takes 7.5 second (for STM32F103 @ 72MHz, it takes 21 second). For 100 invocations of gpg --detach-sign with ed25519, it takes 4.4 second (for STM32F103 @72MHz, it takes 10 second).

  • GD32F103

    2018-04-21T04:16:20Z via Pumpa To: Public CC: Followers

    Got GD32F103 in ShenZhen. With 96MHz setting, it works fine on Chopstx (USB-CDC example). Then, I tried NeuG, but it doesn't work. ADC driver requires some change, I suppose.

  • Biang Biang Mian

    2018-04-20T07:51:46Z via Pumpa To: Public CC: Followers

    For 9th Anniversary of SZDIY, we ate at the Biang Biang Mian shop.

    The charactor requires 57 strokes to write:


  • GnuPG 2.2.6 released

    2018-04-11T03:10:43Z via Pumpa To: Public CC: Followers

    This release include --card-edit/kdf-setup subcommand to setup KDF Data Object on Gnuk Token (and newer OpenPGPcard).

    We can use this feature to lower the risk for some invasive attacks.

    martinho, McClane, milo likes this.

    martinho, martinho, martinho, McClane shared this.

  • Gnuk 1.2.9 released

    2018-04-05T06:44:42Z via Pumpa To: Public CC: Followers

    This version have better KDF support.
    I added more tests, so, I am a bit confident it's better (than other releases :-).

    Now, I set up my tokens with KDF Data Object. With it, host computes hash from PIN. So, the risk of exposure of private keys when token will be stolen and flash ROM will be analyzed (somehow) can be smaller.

    McClane, McClane, McClane, McClane shared this.

  • PocketBeagle as SWD writer

    2018-03-23T08:34:07Z via Pumpa To: Public CC: Followers

    I updated BBG-SWD and use it with PocketBeagle. In this case, power is supplied from PocketBeagle to the target (FST-01).

    I like the "Do Not Feed The Google" sticker.

    George Standish at 2018-03-23T11:53:46Z

    I was gonna say the same thing ↑


    JanKusanagi at 2018-03-23T12:13:38Z

  • TPM chip

    2018-03-23T08:27:49Z via Pumpa To: Public CC: Followers

    I got TPM chip from mouser.com and board for TSSOP-28. It's too thin for hand soldering. No, I don't support TCG at all. I am seeking some use of the chip outside the scope of "trusted computing".

  • Submitting a patch series to lkml

    2018-03-20T03:48:31Z via Pumpa To: Public CC: Followers

    It was more than 25 years ago, when I submitted the first patch of mine to Linux mailing list. We didn't have lkml yet at that time.

    Things have been changed a lot sice then, but I believe that I found a long standing bug.


    George Standish likes this.

  • Emacs crashes X

    2018-02-28T02:32:34Z via Pumpa To: Public CC: Followers

    I was bitten by this bug: https://bugzilla.freedesktop.org/show_bug.cgi?id=105169

    Emacs redraw caused this issue. I installed experimental mesa libraries.

  • FQDN

    2018-01-27T00:57:11Z via Pumpa To: Public CC: Followers

    Upgrading to stretch, I found that it's better to use FQDN for /etc/hostname (for exim4, at least).

    Practice changes in time.

    McClane likes this.

  • Spectre & Meltdown

    2018-01-10T04:41:45Z via Pumpa To: Public CC: Followers

    I found their names in the author list. Since 2013, they sent us (GnuPG team) several side channel attacks.

    Now, it's not an application, but CPU itself.

  • USB signal and USART signal

    2017-12-19T08:57:05Z via Pumpa To: Public CC: Followers

    USB full-speed is 12Mbps, USART running at 115200 bps.

  • po: msgstr entries with unmatched %-format string

    2017-12-19T02:34:16Z via Pumpa To: Public CC: Followers

    The problem of GnuPG key generation only for Japanese was reported: https://dev.gnupg.org/T3619

    It is due to unmatched %-format in msgstr (in po/ja.po).

    This kind of bug can cause DoS targetted to a specific locale. I think that msgfmt -c should check this, too.

  • Learning Sigrok

    2017-12-11T01:29:20Z via Pumpa To: Public CC: Followers

    I develop my USB driver with no USB alalyzer or digital alalyzer. I mean, with no looking any signals on wire.

    Last week, I looked the signal using Sigrok. With my ZEROPLUS, only it can caputure three frames of USB (3ms). But I can see the transactions: command from host, response from device, seven NAKs while responding an answer.

    McClane likes this.

  • regcomp+regexec with REG_ICASE

    2017-11-10T01:43:06Z via Pumpa To: Public CC: Followers

    On GNU system, regexp \x\y\z doesn't match xyz, while \X\Y\Z does. I tested on FreeBSD, both match xyz.

    I learned that grep uses DFA, so its behavior is different.