Dendritics

Author: Dendritics

  • olA squeaks

    A very clean desktop.

    Black wallpaper and dark mode make Oracle Linux 10 presents a clean graphic user interface (GUI) with the Gnome 47 desktop and minimalism of Wayland. Think of a clutter free tablet using a mouse, and you understand the approach.

    Look at the left edge of the ribbon atop the screen. The tip of the mouse highlights the bright-bar dim-dot, ready for a click. Right or left will do.

    When clicked, the active desktop shrinks. A second desktop, with more if needed, is to the right. Your “Dash” appears at the bottom. I have graphical System Monitor and Terminal windows open. Other minimized windows would dynamically appear in the shrunken workspace. Still clean and free of clutter.

    The pointer now illuminates the nine-dot icon in the Dash. This may be familiar to users of Chrome, or other offerings under the Alphabet umbrella. Only a left click will bring up the “installed” apps selection.

    If it’s not pinned to your Dash, it’s on this screen. Utilities was there, out of the box, but Office was created after installing LibreOffice from a tarball, using the dnf localinstall command. By dragging one Office app over another, a group spawned. After dragging all the apps into the group, a double-click opened it.

    Dragging an icon in the group, over and left of another, will push the stationary icon to the right, making a spot to drop the dragged icon.

    There is surprisingly little to learn when using this GUI. Yes, there are a great many sliders and adjustments under Settings, two ways to get there, and some quick-access controls in the upper-right corner.

    In this respect, the ribbon layout matches the mouse. Left to act on and do things, and go right for administration. A healthy and complete exploration of the settings is strongly encouraged. Over the past six years, the settings have not changed, and those presented under Gnome 47 and Oracle Linux 10 (olA) are thoughtful and appreciated. All in all, it’s squeaky clean for an new OS.

    Deeper Details

    For readers with a thirst for the technical, the rest is yours.

    The target system is a Dell with an i5-6300U processor, released 15Q3 and lapsed from Intel’s update list as of 22Q4. With multithreading enabled, trust must rest in reptolines. The quirks in the LCD are annoying, but installing with basic graphics helped. Suspend and resume corrects a fluttering display.

    Anaconda, the Red Hat installer, has changed some from the RHEL-7 era. It avoids schizophrenia by restricting the user’s options. While it is possible to open LUKS volumes in the Custom Install dialog, it is not possible to select enclosed file systems or dm devices as installation targets.

    An plain-text /boot volume was created in parallel with the preexisting encrypted boot volume on the same auxiliary media as the EFI boot file system. Anaconda agreed to use the ext4 file system in the new boot volume, but insisted on formatting the root volume. The /boot target was not allowed to be encrypted, while the option worked for the temporary root volume.

    A dark OS upgrade is a security necessity for Ω-systems, as is loading the kernel image and initial ramdisk from encrypted media. Luckily, vgimportdevices brought awareness of the array to the system, proving that olA had the expected behavior having twiddled the appropriate bit in the lvm configuration. Now it was a matter of switching to the proper boot volume.

    It was necessary no obtain seed files from another system. The seeds contained the automatically generated grub directives to boot from an file system inside a cryptographic container.

    The Admin Panel pops up with a single click in the upper right corner. The pictured pointer toggles the wired network on or off with a second click. This enhances adherence to the minimum connection time mandate of dark updates. This reduces the temporal exposure, of the network attack surface, to the absolute minimum.

    Fresh off the olA success, I packaged my development workstation into tarballs. After duplicating them securely over the network, the release update to 22.04.03 LTS was kicked off. After a cleanup and a restart, it ran like the wind for a strong hour. After resolving a handful of config file updates, and another half hour, it was time for the final restart. The system failed to dismount /run/user/1000 and hung. A ten-second closure of the power-on switch shut down the system.

    The restart looked normal, until the root volume was mounted. A missing library was needed to perform LUKS setups. Prior to root being online, modules in grub handled the task. A copy of the library was located next door, but getting it to the target was a bit of a yak shave. The system boots, but glitches to emergency mode. From there, the rest of the system can be unlocked.

    Ubuntu Gnome Wayland — Settings ⇒ About

    The above is presented as proof of function, as bumpy as it may be. It is presented as a comparison of style. It is a snippet from the action pane in the setup window that takes two clicks to get to. Many system and all desktop settings may be reviewed and possibly modified in the Settings window.

    Ω soldiers on

  • Owner Verified!

    Probability is an enticing headache. The number of possible 64 KiB entropy files is easy to write: 25665,536 We get this from place value in number theory. The Gnome calculator overflows. Would be nice to know how many digits it is in normal human base 10.

    Napier gave us the tools. Four centuries hence they still work. Just as log2 of a number gives the effective number of bits (ENoB), while the common log will give us the effective number of decimal digits. Type log(256) into your Gnome calculator then multiply by 65,536.

    Rounded up to a whole number. We need 157,827 regular digits to count the number of possible files. That makes a mere 78 digits for a 256-bit number look reasonable. The 20 digits of a 64-bit number look tiny by comparison.

    Yes, the above image was acquired from Tony Software and scaled. It’s a partly expanded stream processor, with iterations adding stages. I’d prefer a buffer that gets processed and padded if too short to finish the algorithm — an input tape that needs no rewind. What is fundamental is the initial vector.

    The headache with the algorithm is that the length must be included. An 8-byte big-endian 64-bit integer with the exact number of bits in the message. A running byte count should be maintained. Padding begins with a header marker of a single “1” bit (0x80 in byte parlance) and follows with “0” bits to align the bit-length long-word at the end of a 512-bit block. If the 9-byte suffix won’t fit in the current block (p=0.140625), place the header marker and zero to the end of the block. Remember that the header marker is placed.

    If the message filled a larger buffer that was an even multiple of 64 bytes, or the padding of the 56-byte plus block completes the buffer, the buffer must be manually reset. Once space for a final block is targeted, place the header marker if not already placed, or a zero byte otherwise, at the head. Zero the following 55 bytes of the buffer. Auto-increment was made for this.

    Convert the message byte count to bits with << 3 and the carve it up or pass the halves through the htonl() function if not already on a big endian CPU. Regardless of any conversion, it can be placed at the buffer pointer. With the suffix complete, finish the computation and output the 256-bit result.

    For every entropy file sold via the Dendritics SHQP, a secured database retains the date and time of availability, your order number, and the sha256sum of the purchased file. As an uninterested 3rd party, Dendritics can supply a sworn affidavit of purchase. Downloading any one of our entropy files would mark “ownership” of the media it’s written to, in a legally demonstrable manner.

    In the Linux world, it’s quite easy to stuff such a file in a commonly unused portion of media that uses a GPT partition. Caution and due diligence are necessary. With care, the area will survive, even if the drive is re-partitioned and reused. This might be the only way to prove that a stolen, but recovered, hard disk or solid state drive is indeed yours.

    In the Mac & Windows worlds, a reasonable strategy is to copy the Entropic Identity file to multiple locations initially. Periodically duplicating the file to newly created folders enhances the possibility of identification, post recovery. While individuals may benefit, organizations have asset management needs that are well served by unique digital media identification.

    If ownership verification is on your priority list, drop us an e-mail. Questions may be posted below (click the date). Visit often, as there are some interesting offerings in the works .. perhaps even a Collision Sweepstakes … err … Rebate Offer …

  • Yours: The Only Copy

    Block Diagram: Secure Entropy Harvest & Delivery

    In the age of double and triple-digit gigabyte quantities of system memory, swapping memory to disk is not only cumbersome, but often unnecessary. Linux, our operating system of choice, makes very efficient use main memory, including thinly allocated ram disks on a per-user basis. Their use enhances security by preventing transient images.

    USB devices, in general, are fully accessible to user space on a Linux system. Sequestering access to the Quantum Random Number Generator (QRNG) requires a secure satellite system. The Harvester runs a background process that fills only back-stock parts files on the user ram disk. They move forward only when filled and needed. An NFS export, via secure IP transport, permits a background process on the server to consume forward-stock Parts to assemble back-stock files in the Vault on the Server Ram Disk, and moves them forward in the Vault when ready for sale.


    Both Harvester and Server stocking processes rely on the move (mv) command to move completed back-stock files forward. Sale security leverages fact that mv does not copy the file when the move destination resides on the same file-system as the source. In this case, only directory entries are created and removed, leaving the original file in place. This is true for moves from the Vault folder to the Sold folder on the Server Ram Disk.

    Upon payment approval, the purchaser is presented with the Thank You page, and has one hour to use the Browser Download link. The original WordPress Express Checkout plug-in was modified to support dynamic downloads when specific static files are purchased. The first use of the Browser Download link targets the static text matching your purchase agreement. This action triggers allocation and secure presentation of your unique entropy file.

    After refreshing the browser window, a unique and secure download link is presented under Copy Direct URL. Use a right-click and select “Copy link address” to place the long string on your clipboard. This link has unlimited uses for 60 minutes, once created by activating Browser Download. After 60 minutes the file and access structure are purged. Once the Copy Direct URL link may appear, the Browser Download link redirects to the purchased file, and is valid for the remainder of the 60 minute activation window.

    A check is performed by the Thank You page to conditionally display the Copy Direct URL link. Once captured, and perhaps transferred to a needy client, the provided https:// Direct URL will dutifully encrypt everything from the 3rd forward-slash to the end of line. This shields your custom download link from prying eyes. 60 minutes after creation, the custom URL will result in a 404 error if used, and the Copy Direct URL will disappear from a refreshed Thank You page.

    Questions, suggestions, and comments are invited.



Dendritics