Change or Set PIN for FIDO2 Token on Linux

July 5, 2024
Security, Linux

The easiest way to change/set PIN for FIDO2 token seems to be with Chromium/Chrome: Plug in the token Launch Chromium, navigate to chrome://settings/securityKeys, or click Settings -> Privacy and Security -> Security -> Manage security keys Click Create a PIN, if you don’t have a PIN set already, a new PIN will be created, otherwise you will be asked to change the existing pin Alternatively you can also wipe the token with the Reset option

More than smartphone, not yet laptop: Swmo on the PinePhone Pro

May 7, 2024
PinePhone, Mobian, pinephonekeyboard, sxmo, Linux

I’ve been daily driving the PinePhone Pro with swmo for some times now, it’s not perfect but I still find it be one of the most enjoyable devices I’ve used. Probably only behind BlackBerry Q30/Passport which also has a decent keyboard and runs an unfortunately locked-down version of QNX. For me it’s less like a phone and more like a portable terminal for times when using a full size laptop is uncomfortable or impractical, and with the keyboard it’s possible to write lengthy articles on the go. ...

Troubles with the PinePhone Keyboard and a disappointing mitigation

April 23, 2024
pinephonekeyboard, PinePhone

The melting plastic and the smoke # The PinePhone keyboard contains a battery, which will be used to charge the PinePhone when the keyboard is attached. Althrough there are existing warnings on the pine64 wiki which sums up to ‘don’t charge or connect anything to your pinephone’s type C interface when the keyboard is attached’, my two pinephone keyboards still managed to fry themselves, with one releasing stinky magic smoke and the other melting the plastic around the pogo pins on the pinephone backplate. ...

Everything Open 2024 Quick Notes :: Day 2 and 3

April 20, 2024
Talks, EverythingOpen, rxlog

I didn’t take as much notes on day 2 and 3, so I merged them into a single article. Wednesday, 17 Apr 2024 # Keynote: How Adversaries Use AI # Adversaries: Nation States Ecrime Hactivism Not always clearly separated LLM can help eliminate common language mistakes, perform better social enginerring Many adversaries are trying to integrate LLMs into their workflow, with varying results Time frame from initial foothold to lateral movements is getting shorter, due to better toolings? ...

Everything Open 2024 Quick Notes :: Day 1

April 16, 2024
Talks, EverythingOpen, rxlog

sched_ext - Write your own Linux thread scheduler in BPF # BPF made creating new scheduler simpler with strong safety guarantee to not break the system, the side effects of bad scheduler are confined. run a binary to enable your scheduler, stop the binary to revert to default Scheduling problem is now more complicated due to increasing complexity of workload/CPU design BPF provides reliable access to critical data structures inside the kernel ...

Links and Further Readings for My Everything Open 2024 Talk

April 12, 2024
Talks, Linux, PinePhone, OP-TEE, EverythingOpen, Links

Here you can find a list of links related to my topic which I find useful or just interesting. Meta # Info page https://2024.everythingopen.au/schedule/presentation/24/ Slides EO2024.Slides.exploring.mobile.linux.security.odp Recording XXX to be processed VerityMobile GitHub :: ZhanYF/veritymobile Demo # Access Measurements from Linux Userland Sign in to GitLab with fTPM-backed FIDO token fTPM-backed SSH Identity Disposable Web Session OP-TEE # Docs Index and high level introduction # https://optee.readthedocs.io/en/latest/general/about.html Secure Storage # https://optee.readthedocs.io/en/latest/architecture/secure_storage.html ...

Monitor Upstream Updates for OpenBSD Packages

November 1, 2023
OpenBSD, Porting

As an OpenBSD package maintainer, I often need to watch for updates on packages I maintain. I used to do this using repology.org, which has the benefit of tracking package updates in many distros, but it can be unreliable for OpenBSD packages due to network delay and parsing problems. One better way to watch for upstream update is using OpenBSD’s portroach service, it monitors new upstream release and provides a JSON API that can be combined with jq(1) to produce clear information. ...

Encrypted and Version Controlled File Sync with git-annex(1)

October 21, 2023
Linux, sync, git-annex

git-annex(1) is a versatile and cross-platform tool build on top of git, it can sync, backup, archive files and provides many useful primitives for building customized workflow and storage system, for example, by combining git-annex with gcrypt, it’s possible to fully encrypt data stored on a remote. Partially due to its versatility, it has a steeper learning curve than some other tools in this field and it took me some time to figure out how to make it work for me, here is a quick guide that documents my journey. ...

Make you own 3.5mm serial cable

August 17, 2023
PinePhone, Debug, Hardware

Doing anything close to the kernel/bootloader on PinePhone almost always requires a serial cable, Pine64 store has premade serial cable available for 7$ USD, but making your own serial cable can be both cheaper and more flexible as a DIY cable can support multiple logic level and pinout configuration. Parts Overview # You will need: A 3.5mm audio cable, I got mine from a pair of broken headphone A multimeter for continuity test A USB-Serial adapter, you can get one online for around 3$ USD, make sure it supports 3. ...

OpenBSD on PinePhone Pro: First Impression

August 15, 2023
PinePhone, OpenBSD, BSD

Disclaimer # OpenBSD does not support PinePhone Pro yet and there are real risks involved in running it on your PinePhone Pro now, as such, I do not recommand anyone to do that. You might fry your device due to unsupported power management IC and in a worse case the battery might catch fire due to unconfigured/untested charging safety features. The purpose of this post is to document how to install OpenBSD on arm64 platforms not fully supported by OpenBSD, and much of this post is not PinePhone-specific, if you intend to follow what documented here, please be mindful about the risks and apply common sense. ...