0 comments

Warning, this post reeks of fanboyism!

I’ve been interested in bitcoin for the last few years, following the development, buying a bit here and there and spending some where I could. A couple of weeks ago I decided to spend a little to buy myself a Trezor.

TrezorAffAd_160x600

What’s a Trezor now?

The Trezor was the first true hardware wallet that was safe, open source and easy to use.

A hardware wallet, you say?

Well, a bitcoin wallet is a piece of software that keeps track of all your private keys and their associated addresses as well as lets you spend the bitcoins you have. A hardware wallet contains this same functionality in a small, dedicated computer.

The hardware wallet keeps track of your addresses, and generates private keys (and addresses) for you without being connected to the internet, and thereby without the possibility of being infected with malware or key loggers. This means your private keys, and thus your funds, are kept safe from hackers. Thus, you can use your Trezor safely even on an infected or untrusted PC.

Using it

The Trezor is extremely easy to use. After connecting it, you simply navigate to mytrezor.com and follow the instructions on the screen. Write down the 24 seed words (with a PEN and on a piece of PAPER!) and store them in a safe place. The seed is your backup and can be used to restore your wallet on a different Trezor device or using another wallet that supports it (like Electrum). So even if you lose your Trezor or it breaks for some reason, your funds are still safe. It works like a charm with the Mycelium wallet on Android, and the device connects to your phone through a USB OTG cable, which is also available for purchase with the device.

I’ve been playing around with my Trezor for a few days and I can see quite a lot of potential in the device. Apart from storing bitcoin private keys (or other cryptocoins like Litecoin), the device also supports SSH login without the risk of you exposing your private SSH key to an insecure environment. In addition a few sites now support “Sign in with TREZOR” functionality, completely eliminating the need for user names and passwords. The device simply exposes a public key to the site and allows you to log in by signing a login request message with the corresponding private key, stored inside the Trezor. Brilliant!

All in all this might sound like a bit of a fanboy post but it’s not that often I buy a device that lives up to my expectations and more. I can’t wait to see what else the guys at SatoshiLabs will put into the firmware. How about U2F support, Yubikey emulation or GnuPG support? I’d love to carry my GnuPG private keys around in a secure manner without the hassle of storing them on an airgapped machine like I do now.

Anyway, if you’re interested in getting a Trezor of your own, just click on the banner to throw a referral at me Smile

0 comments

So I’m working on setting up a small presentation for work and really like the simplicity of reveal.js. I’ve toyed around with some of the node-js plugins before and really like the “Server side speaker notes” plugin, which lets me view my speaker notes on a different device than the one running the presentation. I’ve used my Surface 2 for this purpose before with great success.

Anyway, for this presentation I decided it would be fun to host it on the web so I could just give people the URL later on, instead of distributing the slides via PDF or PowerPoint or the like.

So, why not host the presentation in an Azure Website?

Prerequisites:

 

First of all I clone the reveal.js repo from Github.

image

Then, to be able to run the speaker notes server extension on Azure, I need to modify it slightly. So, in the plugin\notes-server directory, open index.js in your favourite editor.
Around line 13 you should find the server port definition (set to 1947). Change this to process.env.PORT:

image

That’s all you need to change in this file. Remember to commit your changes to the local git repo.

image

There’s one more change you need to make, and that is to enable the speaker notes extension in your presentation. Follow the short guide here for instructions. It’s basically a question of adding two lines inside the dependencies section at the bottom of the presentation html page.

Now, to run on Azure you need to tell IIS to run the iisnode extension for your site. To do this, drop a web.config file in the root of the site, with the following settings:

<configuration>
	<system.webServer>
		<handlers>
			<!-- indicates that the app.js file is a node.js application to be handled by the iisnode module -->
			<add name="iisnode" path="plugin/notes-server/index.js" verb="*" modules="iisnode"/>
		</handlers>
		<rewrite>
			<rules>
				<!-- Don't interfere with requests for logs -->
				<rule name="LogFile" patternSyntax="ECMAScript" stopProcessing="true">
					<match url="^[a-zA-Z0-9_\-]+\.js\.logs\/\d+\.txt$"/>
				</rule>
				<!-- Don't interfere with requests for node-inspector debugging -->
				<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
					<match url="server.js\/debug[\/]?"/>
				</rule>
				<!-- First we consider whether the incoming URL matches a physical file in the /public folder -->
				<rule name="StaticContent">
					<action type="Rewrite" url="public{REQUEST_URI}"/>
				</rule>
				<!-- All other URLs are mapped to the Node.js application entry point -->
				<rule name="DynamicContent">
					<conditions>
						<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
					</conditions>
					<action type="Rewrite" url="plugin/notes-server/index.js"/>
				</rule>
			</rules>
		</rewrite>
	</system.webServer>
	<system.web>
		<compilation debug="true"/>
	</system.web>
</configuration>

Notice that the iisnode handler gets configured to point to the notes-server plugin and that all dynamic URLs are also mapped there. This ensures that the main entry point to our application is through that handler.

Save the file as web.config and add & commit it to the git repo.

image

Now we’re basically ready to push our presentation to Azure. After running the cmdlet Add-AzureAccount, you’re ready to create an Azure Website:

New-AzureWebsite testpresentation -Git

After a few seconds, Azure will have set up your website for you as well as add a remote to your local git repo, named “azure” (That’s what the –Git part does).

You also want to enable websockets on your new website. Run the following command:

Set-AzureWebSite -WebSocketsEnabled 1

All that’s left to do now is to push your presentation up to your newly created website:

git push azure master

The deployment will now run and set up your site for you in Azure, including installing all the required node.js modules. 10-15 seconds later, you should see a "Deployment Successful" message.

If you go to the URL you created above, in this case http://testpresentation.azurewebsites.net*, your presentation should appear, including a popup with your speaker notes. The URL in the popup window can be opened on any other device to give you speaker notes "disconnected" from your main presentation. This is extremely handy when presenting in a place where you don't necessarily have a dual-monitor setup. Instead, you can simply view your notes on your phone or tablet.

Awesome, right?

* Disclaimer: I won’t promise to keep this site online forever

0 comments

I just created a PGP/GPG key signing policy.

After holding a small but fun Key Signing Party in Copenhagen yesterday, I decided that it would probably be a good idea to document my own policy when it comes to when and how I will sign other people’s keys.

My main motivations for doing this are that I want to expand the web of trust and I want to spread the use of GPG among my friends, relatives and social media contacts.

My requirements for signing your key aren’t that strict. Basically if I know you well, I will sign your key. If I don’t know you that well, you can send me color scan of your Danish passport or driver’s license and I’ll sign your key after verifying the information.

0 comments

I recently discovered that my old GPG key had expired (truthfully I hardly ever used it). And of course I had forgotten to  generate a revocation certificate back then. So I generated a new key. This blog post is mainly just to verify that the key I published below does, in fact, belong to me.

If you want to add me to your “web of trust” by signing the key for me, I would be really happy. Let me know if you do!

Here’s the entire key, which has fingerprint 78189E24005B09330CF62536416C5A0DD9FA2EE5.You might want to check the MIT Key Server for a version with more trust signatures :)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (MingW32)

mQMuBFNBjvoRCADY4IacMQzonbpyHK+bEW0gyVmVW4Q/5avIgYPrZj21k4lP1UH4
/QbWyDaAFs4rHnGxkm+hksFiJzOI6QKQAQ71ckvs2kK8M0kAHirG0iocnxSh69lP
+bQS7rEjbbRXrowylEB1DFJ0QMozaH8y3Mc8qP9rl7gjec80TvYEH7bL4usZGBSD
czuBOPlgHV98vrgjWHn5tVX/fVYz+7J+bSE8LvW/a0pddVB36z4jdGPgAjNaH2Ue
UcUdBIxqKnKR7sDH6VlhCa5ykc1/+Mnu3FO3E98Bm2cTsrt6ZX8rX+pgjM5YUmp1
+V5fWSZoX8zaghgnVF+vi5EHVuJMHS361izzAQC55f7f8cqVdIeneK6C9JbhgYp6
1C4nkBR2qju6+Pmd2QgA0Khf8SPFizaka65fICyghNz5qX+kyYQakU0eCm/H1pnl
9uoQahkhkra6BlwkZ/zdfftAqCqlfF0Bhgm3qI0nOq+901XaVmoTDNbz7k6iGesZ
9WCucBAbALnFjSa+9khts6WyoHv/ei0Ljdy4phV2V2hBwGKKgra1FGhBaJWAspTn
lk4NNYfpbokvc3pejmCM1CtyruzlVsTlszfxpX+vzUHMOOcMFQq5OMB1YQWgmE3V
BCWoSirk4gKnjALDQ63HUdgWz5yS3s1tqV5wkBfbhTy92jzwZ3/5gDdmbx+JCgSi
oCUE0Zs3DMs3shOWhPsgNVoSg09GX8BazXuoAoGR4Qf+NinyqPoX5s90Lky+Uejm
k3PUTqif4ji2tS0gG5h+sG6q8bCeBYixJ3+kSm3+pEItAaJ8dtDxB2KgRJg5O5cI
4DDBGrEs9OQ53vVBdPVHpLEA3W/oXXPNzFBAvVyT2w8jHXNCZi1fzC6wVd/bjgBx
rZpOO+tgR6LYL6UOQY+V1wgDfZBn8BzckIxD22w2uvaOrp0O7zb4KEvnfenTBTWD
Kk7k5SUybMY5Qp+9FEpprtu2ANz1fB151zagnPT0jDpTu6NUtMaJl/Qnda+T+yt/
4HJJb3hBLE4XP4E4LQLC+U7fSA64c5v19YnVsNFJuT/PC2LArHSCPOsYbBjWi/PM
ULQxSmVzcGVyIEhlc3MgTmllbHNlbiAoR3JhZmZlbikgPGplc3BlckBncmFmZmVu
LmRrPoh7BBMRCAAjBQJTQY76AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AA
CgkQQWxaDdn6LuWEbwD/YdhMaO/ZDDSsiXkwPDiYtWyW7sC6f+xqaBlfM8Vj98kA
/2GyEW1WPmhjKGs+F+N3tHRMcTEaU3Pp2ajiTjJBNqbquQQMBFNBjvoQEACm3wCB
/9zJQcJmb2l/I6mkXc3rCUERb2DywDnPZeCVUY7X7oweIDM5lEmfnp2AKyiflV51
yYHqlUFAclW47pTZjBaDVX70tAj3WmZZHWT7WnbccL7yS0k7diMfzNsjRQOvOklu
Hag2bWcXAzv5OkN8P4K6lIxO4jS27MDH9+jcxBYBnh9WZP+YLuVuM0i1ebXUIU6v
icgTcZ2BHLnMislCTchZ2rwkaMIO1jK9CJzdvNtkrujCSB+3AW8k5P6wVE5GlyIP
Gm6W2bfFfJLW649SI6uCcxr9wPFMOquaVLRn6A322iClO7aW8JibQdc3rJOdip+D
Vg9eGyis9cDKUh1mCAqivkktUY/nojtLBmasDFsG9tvk7E3669Nqm89nhPrMCBzr
tAkSw91GRlfoSL2tzivGyOlu/0tLYh8H6ezZLzhqkjCvAkYMyRR1jUvMxtvhKXtz
uEA22XFtYoWKcRRLOdhb1CzDuNb20C3jF5MIJ28NT6TyoEFkn3t13umf39Fzb0zI
Qzbe/8+8e9k1CxpoveHV3i18LZKlNgsmcRxQsC8lkVI7ikqJLMmIj9YsND19sfx+
px/VdvzLn9/z1Ihti7bLi+3VluYebjDwlpk3LTgKjdANj16OOoHpEe245rQpG1PJ
7NrY/edjpCXA9WZ+bT/CYTq2rcx9glB1a9zatwADBQ/2KiLec8431QZPVdb8Hn8q
031J6FpMcRmoFLMkjdODFplx1kWfmJPSH4c5NhPXom2OxF/Oh+MtmET0wP78fMjs
REsDR6i/kzdFGZ3VFgO1RkE2SaRd/MbgItO8W3gyN+v2oXF1jvCeH5VziLxn8Em4
Etz/oRKWgNseTX6h2jgCSqJU0ErltCSKO6paTKb6ILdb40XQDzS8EJZ/itgFtbNY
4MciDM36jL/y2l4cKnpu1WtUtCn/q4c7Ff6APUBRzo6Z/G+n4oHVkZMUsHjXmjhc
I2ABlDWdwhwW/WcRwyGoGWZoiADRXRvBjL9WTlNqrSoHHb5X69tA1FmmMOjvzn+o
UGclLHG2WxxENcUwYL/XAmBGJjadF7NecOjW4MLS1bhdHUPudU7wRve5REe1eqTJ
ftqogbLaC+RBtpFxBgKLJ7ao9HRVbl/CDG6XhSb4XZlXdP4Dfu2eF2dpZ+M9GNRu
rCwdSqvFyXvaX8C4c12r4/IGf7keo/nLhgYFBDEYdlJRnJLRK9DulY7Ie0py2WJH
4SIbbF+SXGVfRp8DqvqF9Smx6JYShuvMQkXFlSiEfjmJ/sfTZwL8lau9iOOJaMcV
H0pzNSa2OeLKAxhSjSj+zAKI3sGyIWQNhPjpNcu6IXnUdkCXHGM2khH42gI7Mkk8
K2IzCBxRkSiRUk7KOpKwCIhhBBgRCAAJBQJTQY76AhsMAAoJEEFsWg3Z+i7l9GwA
/3BQW4GVJEO46PUAAeUYuANih94fE9i29oZ4LH65R4HPAQCRop9YruahuLCd13z8
iAbv4LyaISXKObAMJYvra3tuqw==
=W/UQ
-----END PGP PUBLIC KEY BLOCK-----

Edit: I just managed to revoke my old cert, so the one above is now the only one active for my email address.

0 comments

I enabled BitLocker™ encryption on one of my drives today and couldn’t seem to find a way of checking the status of the process. It turned out to be relatively easy.

Start a PowerShell command window as Administrator and enter the following command:

manage-bde -status L:

This will output a small hunk of information about the encryption status of the drive you selected.

C:\Windows\system32> manage-bde -status l:
BitLocker Drive Encryption: Configuration Tool version 6.3.9600
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume L: [iSCSI]
[Data Volume]

    Size:                 926,87 GB
    BitLocker Version:    2.0
    Conversion Status:    Encryption in Progress
    Percentage Encrypted: 12,7%
    Encryption Method:    AES 128
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: Unknown
    Automatic Unlock:     Disabled
    Key Protectors:
        Password
        Numerical Password

C:\Windows\system32>

Just thought I'd put this here for my own future reference.

Update: *dough* I should have just checked my System Tray for this little fellow:

image

Clicking it gave me this neat little window:

image

Oh well. It’s always fun playing around with PowerShell I guess.