Michael Rash, Security Researcher

Cipherdyne Site News    [Summary View]

Joined Twitter

Joined Twitter Sean Wilkerson convinced me to join Twitter as a way to help increase the exposure that the Cipherdyne projects have on the Internet, and also to interact more with peers in the security community. After having used Twitter now for a couple of weeks, I can see some benefit in its ability to rapidly broadcast updates (140 characters at a time) and to make it easy to see what others are working on (subject to what they choose to reveal of course). Further, it seems plausible that Twitter's flexibility and speed would make it easier to acquire answers to questions than trying to contact people directly via email. Sean also had mentioned that after a recent talk he gave at DojoSec (hopefully video of it will be posted soon) he noticed that people are using Twitter during security talks as a way to organize the audience around the topic at hand. This provides a way for the audience to converge on challenging questions and bring participation to a higher level. Finally, as a measure of its success, it might be worth noting that Twitter has also been in the news recently as a mechanism for organizing a revolution in the former-Soviet republic of Moldova.

Site Update - WordPress Theme without Running WordPress

WordPress site WordPress has a loyal following in the blogosphere and is used to power thousands of websites and blogs, and several books have been written about it. A compelling measure of WordPress popularity is the number of downloadable themes that can provide an easily deployed and consistent look and feel to WordPress sites. So, when I was looking to update the presentation of the site, it seemed a natural step to consider a WordPress theme.
I've updated to use a slightly modified version of the Daleri Selection (v1.0) Theme by Andreas Viklund, but with a twist: I don't run actually Word Press. All of that PHP code and MySQL database backend is throwing a lot of complex code (and associated potential security vulnerabilities) at a problem that (in my case) can be solved in a simpler way. That is, I just want to provide an outlet for my software and publications, and maintain a blog for my corner of the security technology landscape. For this, I just need a themed website in plain HTML and CSS along with RSS and Atom feeds, and I need an effective way to manage all of the pages and create new blog posts. This is where perl, rsync, and subversion comes in.
The website and blog is managed by a set of custom perl scripts that perform each the following tasks:
  • Provide a way to create new blog posts and link them into the blog hierarchy. For example, the forward and backward links at the end of each post (such as this one) are auto-generated based on the posting date, and the permanent blog links are created from each post by the blog post title. The number of blog posts is summarized by date and organized into categories that can be browsed via the blog archives, and updates to the RSS and Atom feeds are automatically generated.
  • Validate HTML and XML page structure. This is exceeding easy through the use of the perl XML::Simple module. But, using the W3C HTML validator is more thorough, so I periodically use it as well to spot check various pages on
  • Validate software release MD5 digests and GnuPG signatures (see the fwknop download page for example), and automatically correct if any digest is invalid.
  • Search through the entire website and flag any broken links (parsing the output of a recursive wget against the staging server make this easy).
  • Send blog pings out via the XMLRPC::Lite module to various blog aggregation services such as FeedBurner and Technorati.
  • Drive the entire site via Subversion for source control, and deploy with rsync to separate staging and production servers. When it comes to deploying a more complex piece of software for visualizing changes to the source code for any of the projects, my first choice is Trac, but when it comes to the main site, a set of HTML pages maintained by a consistent WordPress theme is sufficient. Site Update

The and websites have been updated. They are now powered with components borrowed from the Nanoblogger and Apache Forrest projects together with some custom perl code to maintain it. The front page of the site is now much more bloggified, stories are permanently archived, and there are both Atom and RSS feeds. Site Update

The and websites have been updated to use the Apache Forrest project for a better and more consistent look and feel. The Forrest project uses a validated XML description for each html page, which is automatically rendered and checked for consistency.