Non-domain MIT Kerberos logins on Windows 10

Note: The article here requires features that don’t appear to come with the Home edition of Windows 10, such as the Group Policy Editor.  These steps may well work on previous versions of Windows, but I haven’t tried it out on them.  This article assumes you’re familiar with setting up and administrating an MIT Kerberos KDC and password server.

Continue reading

Blast from the Past: Usborne Computer Books from the 1980s

For those of you who grew up in the 1980s, you  might remember the series of titles published by Usborne Books about what would be considered quite esoteric subjects today, from how to program in BASIC on your favourite home computer, to writing adventure games, and even how to write Z80 and 6502 assembler (and yes, I had a copy of the last two books!)

As various parts of the computer press have stated this week, Usborne have made PDFs available of these books for free download, which you can find here.  There is also a blog posting on how the books came about here.  (Even now, I’m still amazed they even published the book on assembler programming back then!)

Perhaps one day I should port the adventure game that’s described in “Write your own Adventure Programs for your Microcomputer” to something like Inform…

DNSSEC zone re-sign today

I’ve signed or re-signed all my domains with new more secure RSA/SHA-256 keys today (and adding some domains that weren’t previously signed).  I’m going to leave my old signing keys in for a while so you shouldn’t notice the changeover, and remove them in a few days when the new DS and DNSKEY records have had a chance to propagate to the wider Internet.

(For those of you unfamiliar with the concept of DNSSEC, it is a way of using encryption to verify that DNS lookups on the Internet, which convert names such as www.garyhawkins.me.uk to IP addresses and vice-versa, are genuine and are not being spoofed from an unauthorised server.)

Update: Old keys now gone from the server.

Yet another certificate disaster

I was dismayed to read this article on The Register today which suggests that yet another large manufacturer has shipped a security nightmare with its laptops.  You’d have thought these people would have learned after the Lenovo “Superfish” debacle, but apparently not.

It would appear that Dell ships a self-signed root CA certificate by the name of “eDellRoot” which is automatically installed by Dell software into the Windows trusted root certificate store.  This would normally be not too much of a problem, but this time they’ve managed to install the private key as well, which means (assuming the private key is the same on every machine with this certificate on) that it’s trivially easy to take the private key, sign certificates with it and then any Dell machine will blindly accept this certificate which can be used for nefarious purposes such as impersonating web sites, man-in-the-middle attacks, malware, etc, etc, etc.

What on earth were Dell thinking?!

ARIN Watched: 24 September 2015

The day has finally arrived.

ARIN announced today that their free pool has reached zero.  Unlike all of the other declared exhaustions, this actually means that there are no IPv4 addresses at all left in the ARIN region, covering the North Americas.

ARIN’s press release can be found here.  Note that this is potentially not the end for waiting list users, as it is possible IANA may make further redistributions of returned addresses every few months or so, but these are likely to be immediately gobbled up by the waiting list applicants.