Late Night Thinking

by Thomas L. Kula

After Dinner Thoughts

Scene: After dinner, my husband and I sitting on the couch, he playing Diablo III, me reading Twitter I came across the phrase “Breaking a pool cue”, and find myself wondering, could I do that? If I were in a situation where that were warranted, would I be able to just break a pool cue in half or would I struggle. Now, I don’t anticipate ever being in a bar fight — far from it, I would go out of my way in my life to avoid bar fights — but it’s the kind of thing that if I were to end up in that situtation, wouldn’t I want to be prepared?


While I cannot wait to fire my last PGP into the Sun, my GnuPG and Yubikey combined with gopass is a pretty useful combination. The important parts here are gopass itself, as a way of managing passwords in a git repository while keeping them encrypted, and the use of Yubikey to be the thing which actually holds the key material to decrypt those passwords. I can have my password repository living off in my AFS homedirs on machines, keep them encrypted, and require a physical object (the Yubikey) and a PIN to decrypt things, a process which works because I can perform all crypto operations back to a local agent via a socket forwarded over ssh.

Dear Recruiters

Recruiters, contacting me at my job email is wholly unprofessional and I absolutely refuse to engage with any recruiting company that does this. It’s easy enough to find my personal contact information, do try harder. This brought to you by a recruiter whose entire company will now never even make it to my email inbox.

Cilantro Lime Dipping Sauce

Adapted from this recipe. 1 bunch cilantro leaves and steps, roughly chopped 1 cup plain Greek yogurt 4 cloves garlic 2 oz lime juice 2 oz olive oil 1 jalapeno, seeded and minced Salt and pepper to taste Blend everything in a food processor until nice and creamy. Chill. Works well with cilantro-lime chicken

Cilantro Lime Chicken

Adapted from this recipe. 1 bunch cilantro, roughly chopped 4 cloves garlic 2 oz lime juice 1 oz olive oil 1 tbsp salt 1 tsp chili powder 1 tsp ground cumin 1 tsp onion powder 1/2 tsp smoked paprika 1/2 tsp pepper 1/2 tsp cayenne or chili powder

Consul RPC Mechanism

HashiCorp Consul is a distributed, highly-available service which provides service discovery with corresponding health checks, a distributed key/value store, and a service mesh solution, which can run on a variety of platforms and environments. It is designed so that every node which provides services (things to be registered in service discovery, or participate in the service mesh) runs a Consul agent, which acts as a sort of intermediary: providing an easy interface for registering services, running local health checks for both services and the node upon which it is running, and acting as a control plane for service mesh components running on that local node, amongst other things.

Terrorist Attack on the US Capitol

Make no mistake, this is a terrorist attack on the United States Capitol. There must be no reconciliation, there is no reconciling this. There must be serious consequences to performing, and inciting, a terrorist attack on our seat of government, all the way up to and including the Executive. If we don’t, next time we won’t get the building back.

ATT Business Fiber and IPv6 Prefix Delegation

Earlier this week I had ATT Business fiber installed in the new apartment. This building was gutted and rebuilt in the mid-2010s, so there was already ATT UVerse fiber in the utility closet. Installation was fairly trivial; the technician showed up with a gateway (looks like a BGW210-700). Four ethernet ports on the back, one port which goes to the PON (the thing already screwed on the wall with the fiber going into it), and power.

HKDF Salt in Key Expansion

This weekend I made another addition to age-pkcs11, to follow best practices for HKDF key expansion from the shared secret at the core of the program. I’d been wanting to do this for a while, after reviewing some stuff I wrote about age and looking at the new V1 API there. If you recall back in June when I went into detail on the X25519 cryptography in Age, near the end Age builds up a salt which, when combined with a label and supplied to the HKDF function ties the derived key to a specific context.

X25519 Encryption in Age

I’ve been dealing a lot with the age encryption protocol lately, and had a rough idea of how the scheme worked, but I finally wanted to sit down and work it out until it actually made sense. As background, we have two parties, a sender, someone who wants to encrypt and send a file. We denote that party as U. Second, we have the recipient, that will receive that file and be able to decrypt it.