Skip to content. | Skip to navigation

Personal tools
Log in
You are here: Home - Blog

Thoughts on U2F

Posted by admin |

U2F is an authentication standard pushed by among others, Google. It is used for two factor authentication, where a USB dongle or NFC is used to cryptographically sign a response to a request from the party that requires you to authenticate. Here are my thoughts so far. I basically think it's good but I piled on more on the bad side below:

The good:

  • Cryptographically signing a response is really smart and potentially very secure. It is similar to how Bitcoin works. It is more secure, if the device signing has its own display so you can verify what it outputs. Otherwise you may just think you are signing something, and in fact your nefarious computer is in fact signing with something else.

The bad

  • It needs to communicate with a computer, and this is for obvious reasons done over a standard interface, such as USB. Which interface is a little bit over-expressive in its communication abilities. Which means that secure computers disable USB access. And now you have nowhere to stick your dongle.
  • A popular security measure now is sandboxing and virtualization, such as with Qubes OS. If you are using a dongle, you now need to route the USB port to that virtual machine.
  • Currently only Chrome supports it, but that may change. My Linux Firefox refuses, in spite of extension and udev rules. I may have done something wrong but then again, there you go.
  • Many sites and services seem happy with OTP, and are not in the process of switching over: USB Dongle Auth List
Apr 06, 2017 12:05

Using a virtual machine for Ardour/Jack on a pulseaudio host OS (Linux)

Posted by admin |

KVM works, VirtualBox doesn't in my tests.

Ardour and Jack do not play well with PulseAudio. On my Ubuntu 16.04 it kills Pulseaudio and that is a bit awkward. So I decided to install Ardour on a virtual machine, and I wanted to test the performance. So I installed Ubuntu Studio on VirtualBox and KVM too see which one gives me best performance for audio editing. In VirtualBox it seemed to work internally, but alas, no sound reached the host system, regardless of configuration Kvm/Qemu worked on the first try!

Host operating system is Ubuntu 16.04LTS

Guest operating system is Ubuntu studio 16.04

Virtual machine is KVM/QEMU

Using the virtual machine manager

You may want to share files between the host machine and the Ubuntu Studio VM. In that case: Mount a volume into the virtual machine like this:

Setting up KVM shared directory in ubuntu 14.04 | Pascal d'Hermilly's tech Blog


Make a mount filesystem with driver Default in kvm, mode passthrough, enter "/commonshare" for target path.

Try in clientmachine

sudo mount -t 9p -o trans=virtio,version=9p2000.L /commonshare /mnt/commonshare

Then enter in /etc/fstab

/commonshare /mnt/commonshare 9p trans=virtio,version=9p2000.L,access=any 0 0


Apr 02, 2017 07:45 | Comments (2)

Audio compression on Linux

Posted by admin |

Just some notes:

sox has compression. I am toying with this one, basically lifted from the man page. At least it looks a bit complex:

sox audio-in.wav soxied.wav gain -28 mcompand "0.005,0.1 -47,-60,-34,-55,-17,-33,0,-10" 100 "0.003,0.05 -47,-60,-34,-55,-17,-33,0,-10" 400 "0.000625,0.0125 -47,-60,-34,-50,-15,-33,0,-10" 1600 "0.0001,0.025 -47,-60,-34,-50,-31,-31,-0,-30" 6400 "0,0.025 -38,-60,-28,-28,-0,-25" gain 15 highpass 22 highpass 22 sinc -n 255 -b 16 -17500  gain 9 lowpass -1 17801



Mar 31, 2017 04:41

Audio compression tools for screencasts on Linux

Posted by admin |

Summary: Use ardour - the digital audio workstation with the Calf Studio Gear - GNU/Linux Audio Plug-Ins and the JACK Audio Connection Kit system.

See other options on Linux than Ardour, such as ffmpeg, sox and Audacity below, with examples.

Ardour, Jack and the Calf plugins are all in the Ubuntu repositories if you are using Ubuntu.

However PulseAudio in Ubuntu does not play well with Ardour, and you would probably prefer a Linux distribution that natively uses Jack instead, and not PulseAudio. The problems with PulseAudio and Jack together are listed here:

JACK Audio Connection Kit|How use PulseAudio and JACK?

One option is to use the Ubuntu Studio Linux distribution directly on your computer, or in a virtual machine for Ardour/Jack on a pulseaudio host OS (Linux) . The latter works surprisingly well; I'm using it!

Ardour's plugin system is just gorgeous. Above two of the "Calf" series plugins in the foreground: An equalizer and a compressor. Effects can be stacked and signals routed in different ways. If you use Ardour 5 in Ubuntu studio, there are hundreds of effects plugins to choose from.

Apply the compressor twice. The effect was better I felt when using a moderate compression twice instead of a stronger once, as mentioned here:

"If you want to heavily compress a voice recording without making it sound too unnatural, use two or three compressors in series. This will sound better than using drastic settings on a single compressor"

That page has a lof of other useful advice as well.

Before you compress

Clipping is accentuated by compression in my limited experience. So if you record with clipping it may be a good idea to re-record. It's better to redo a recording until the suond is good, than try to fix it afterwards. Gigo.

Other choices

  • Audacity has and can use a set of effects plugins
  • ffmpeg has and can use a set of effects plugins
  • sox has a set of effects

But after having seen Ardour, who cares? :D Although sox and ffmpeg can be used from scripts, it must be said.

Audacity example

Here are the settings that worked for me, in Audacity's compress effect:

Threshold: -16dB first time (I think), -13dB second time

Noise floor: -30dB

Ratio: 2.5:1

Attack time: lowest (0.10 secs)

Release time: 1.0 secs first time, 2.2 secs second time

Sox example

sox has compression. I am toying with this one, basically lifted from the man page. At least it looks a bit complex:

sox audio-in.wav soxied.wav gain -28 mcompand "0.005,0.1 -47,-60,-34,-55,-17,-33,0,-10" 100 "0.003,0.05 -47,-60,-34,-55,-17,-33,0,-10" 400 "0.000625,0.0125 -47,-60,-34,-50,-15,-33,0,-10" 1600 "0.0001,0.025 -47,-60,-34,-50,-31,-31,-0,-30" 6400 "0,0.025 -38,-60,-28,-28,-0,-25" gain 15 highpass 22 highpass 22 sinc -n 255 -b 16 -17500  gain 9 lowpass -1 17801

ffmpeg example

ffmpeg -i screncast-audio.wav -vf "compand=points=-80/-105|-62/-80|-15.4/-15.4|0/-12|20/-7.6" comptest.wav





Mar 31, 2017 11:35

Rotate an upside down video with the aid of ffmpeg

Posted by admin |

Tested by me:

ffmpeg -i -vf "transpose=2,transpose=2"  -c:a copy -t 10

See: rotation - Rotating videos with FFmpeg - Stack Overflow

If only rotating metadata:

ffmpeg -i input.mp4 -c copy -metadata:s:v:0 rotate=90 output.mp4
Mar 27, 2017 02:35

Linux software for making, editing & compressing screencasts

Posted by admin |

Currently I use this:

Recording - Kazam, can record region of the desktop, among other things

Editing - KDEnlive, shows the sound graph very well and makes it easy to punch in markers with just typing "*", and to then remove pauses and extraneous and erroneous words. You make cuts by typing "x" and then cut in a good place. Cut once more, then type "s" to get the selection tool, select the cut part, delete it. Finally right click in the empty space and choose "Remove empty" space from the context menu. That will move all clips in that channel to the right of the cut left in order to close the space.

 KDEnlive is no good in my tests at compressing though, so I render it losslessly, and procede to the next step:

Compressing - Handbrake - still fiddling with the settings here. I want no JPEG artefacts since It's a screencast with sharp edges and few colors, so one would assume some kind of GIF or PNG encoding would be good.

Here are my settings right now for producing a screen cast:

Sound: Mono, mp3, bitrate: 96

Video: Bitrate 150kb/s. Encoder: H264. Tune: still image. Variable frame rate, 2-pass encoding.


Mar 18, 2017 09:10

Sphincs quantum resistant hashing

Posted by admin |

PHINCS-256 is a high-security post-quantum stateless hash-based signature scheme

Read more: Link - SPHINCS: Introduction

Mar 14, 2017 10:47

ChaCha20 a cryptographic algo that is amazingly simple

Posted by admin |

Chacha20 is a secure, fast, and amazingly simple encryption algorithm. It's author Daniel J. Bernstein explains it well in his Salsa20 and Chacha20 design papers (which I recommend), but did not dwell on details experts already know. Filling the gap took me a while.

Read more: Link - The design of Chacha20

Feb 18, 2017 12:40

Prevent Linux raising windows, disrupting your workflow

Posted by admin |

Found an option in Compiz manager -> General options -> Focus and raise behaviour

Changed the 'Focus prevention level' from "Low" to "Normal" and it seems to have worked

Read more: Link - [SOLVED] Prevent newly opened apps to steal the focus

Feb 12, 2017 12:29