Profile

Cover photo
Pavel Šavara
Works at NCR
Lives in Prague
149 followers|45,433 views
AboutPostsPhotosYouTube+1's

Stream

Pavel Šavara

Shared publicly  - 
1
Add a comment...

Pavel Šavara

Shared publicly  - 
 
 
Radioactive waste repositories built today will be dangerous 10,000 years from now. At that time they'll be much older than the Pyramids or Stonehenge is now.

How do we make sure that people in such a distant future understand the dangers of such a place? Or — if they don't really understand — at least how do we make sure they stay away?

Excellent read.

(via +Winchell Chung) 
To tell the mythology of Yucca Mountain, we might as well start with the fees. In 1983, a small fee of just a tenth of a penny per kilowatt-hour began appearing on electricity bills in America. The money was meant for Yucca Mountain, a wrinkle of land on the edge of the Nevada Test Site that was ...
3 comments on original post
1
Add a comment...

Pavel Šavara

Shared publicly  - 
 
 
Issue 1 of CoreOps has been published. This issue investigates Agony & Ecstasy-style scanners http://inversed.ru/CoreWar/CoreOps_01.txt
______ ______ // __ \ _____ __ ____ _____ // \ _____ ______ // / \\/ // \ // '___/ // __ \ // / / // \ // __/ // /____ // / / // / // ____/ // / / // / / _\\ \ \\______/ \\____/ //__/ \\____/ \\______/ // ,__/ //____/ .................................................... // / .
3 comments on original post
1
Add a comment...

Pavel Šavara

Shared publicly  - 
 
 
From the article: "The new method is much faster because it works continually, instead of in layers [...]. As a result, it works in minutes, rather than hours — 25 to 100 times faster, its creators say, than conventional 3D printing."
View original post
1
Add a comment...

Pavel Šavara

Shared publicly  - 
 
 
U včerejší příležitosti dne čísla π vyšla poslední kapitola díla, které vám zanedlouho začneme přinášet...
 ·  Translate
Vydařená fanfiction Harryho Pottera představuje alternativní realitu k populární sérii knih. Jde o knihu, která by v HP sérii patřila mezi ty delší. Na jednu stranu bere celé téma magického světa o dost vážněji a snaží se k němu přistupovat logičtěji, na druhé straně hýří humorem, vtípky a odkazy na populární kulturu. Čím si fanfiction Harryho Pottera zaslouží vydat na našem webu? Má to ...
View original post
1
Add a comment...
Have him in circles
149 people
Pavel Šavara's profile photo
Peter Skvarenina's profile photo
Milisav Tadic's profile photo
Егор Добровольский's profile photo
Валерий Филиппов's profile photo
Petr Stefek's profile photo
Foaad AlHayek's profile photo
Rastislav Švarba's profile photo
Adam Kolařík's profile photo

Pavel Šavara

Shared publicly  - 
 
 
Deprecating Old Crypto in a Linux Distro: A tale of something that looked obvious but .. there's a lesson in it somewhere.

While working on my Linux distro project at work, one of the things I recently wanted to do is phase out old crypto.

Yes we all read Bruce Schneider's text and how important it is, but nothing drives it home like reading The Guardian articles followed
by OpenSSL downgrade attacks in the last year or two.

Now, nothing should be defaulting to some of the antique crypto, but the only way to know 100% sure  that the algorithms in question aren't being used, is to just not compile them into the various crypto libraries of your distro.

So.. step 1 was to look at the algorithm list of openssl:

arjan@clr:~$ openssl ciphers

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA




A few things stand out immediately.

RC4. This like seriously predates MD5, and MD5 is already suspect.

DES. Yes really. DES. in 1995 I worked at a company as an intern that made DES chips that you could use to brute force DES. In 1995, when Twin Peaks was on TV  and you measured transistor sizes of a chip in micrometers not nanometers.

MD5. The general consensus seems to be that for crypto, you shouldn't use MD5 anymore. I'm not talking about SHA1, where one can argue that existing uses are still ok, but MD5.

I decided to draw my first line there, stick to the consensus and all that.

The good news is that OpenSSL is very configurable, and it's pretty easy to say

no-rc4 no-des no-md5

on the configure line (and for good measure, I added no-ssl2 and no-ssl3).

At this point, I thought I was on a roll, removing old crypto is easy, lets finish this 15 minute project before the project meeting starts.

So now on to the bad news. And sadly, there is plenty to be had.

openssl does not even compile with the no-md5 option:

make[1]: Entering directory '/builddir/build/BUILD/openssl-1.0.2a/ssl'
In file included from s3_srvr.c:171:0:
../include/openssl/md5.h:70:4: error: #error MD5 is disabled.
 #  error MD5 is disabled.
    ^
In file included from s3_clnt.c:158:0:
../include/openssl/md5.h:70:4: error: #error MD5 is disabled.
 #  error MD5 is disabled.
    ^
....


Ok, so MD5 is technically not insane broken for small packets, and
it's just consensus not so much hard earned proof, so maybe deprecating md5 is a project for another day.

openssl does not even compile with the no-des option:

make[2]: Entering directory '/builddir/build/BUILD/openssl-1.0.2a/apps'
../libcrypto.so: undefined reference to `EVP_des_ede3_wrap'

or when you fix that, it does not pass its test suite (I'll spare you the details). 

Now here I had to draw a line. 20 years ago DES was not secure.. never mind today. I wouldn't  be surprised if someone will chime in and say that their smartwatch can brute force DES in realtime now.
So.. fixing it is.

I suppose the good news is that no-rc4 went just fine.

The success story then, with the list of crypto from openssl after no-rc4 and no-des:

$ openssl ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA

no DES, no RC4.




But, as it was a Monday, the misery only started there (Dave Jones should have taught me that misery is like lawyers, it always comes in pairs).

I threw the no-rc4/no-des package into our build system, and in no time the world came apart on me. Half the distro broke!
Well not half, but several very important pieces.

It turns out that components like curl, libcurl (so anything speaking http), wget, openssh, mariadb, ...

all hard-code DES usage. Now, I'll give curl credit, with creative use of configure options, you can make it not compile DES in, but you can't then make it pass its testsuite.

There must be a lesson in here somewhere.

One, our team will be fixing these projects to not require DES (or RC4), and we'll send those patches to the upstream projects of course.

But more, and this is a call to action: If you're working on an open source project that uses crypto, please please don't opencode crypto algorithm usage.
The algorithm may be outdated at any time and might have to go away in a hurry. 
And if you have to use a very specific algorithm anyway (for compatibility or otherwise), at least be kind and make a
configure option for each algorithm in your project, so that when things go bad (be it in 5 or 20 years), its very feasible to disable the algorithm entirely. 
29 comments on original post
1
Add a comment...

Pavel Šavara

Shared publicly  - 
Years ago I was being surprised to learn that patients usually can't pick docs based on track records of previous patient outcomes. Because, people say, that would invade privacy and make bad incentives for docs picking patients. They suggest instead relying on personal impressions, wait times, ...
1
Add a comment...
 
 
I've turned my talk about mindfulness and meditation from +ng-conf into a website with slides and script intermixed. Enjoy!
Today I'm going to share with you my experience with meditation and mindfulness. Why this talk? I know that this is a different talk from all the others, and some of you might wonder if it even belongs to a design and engineering focused conference like ng-conf. I think it does.
4 comments on original post
1
Add a comment...
 
Introduction During past few months we introduced and heavily extended usage of Microsoft Unity IoC container in our code base as a part of the effort to make the code more loosely coupled. As a result of those changes we now...
1
Add a comment...
People
Have him in circles
149 people
Pavel Šavara's profile photo
Peter Skvarenina's profile photo
Milisav Tadic's profile photo
Егор Добровольский's profile photo
Валерий Филиппов's profile photo
Petr Stefek's profile photo
Foaad AlHayek's profile photo
Rastislav Švarba's profile photo
Adam Kolařík's profile photo
Work
Employment
  • NCR
    present
Basic Information
Gender
Male
Other names
Žamboch
Story
Tagline
Software Engineer
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Prague
Pavel Šavara's +1's are the things they like, agree with, or want to recommend.
Waze social GPS Maps & Traffic
market.android.com

Waze é um app divertido de mapeamento, trânsito e navegação baseado em uma comunidade. Milhões de motoristas de todo o mundo unem forças par

TodoMVC
todomvc.com

Helping you select an MV* framework - Todo apps for Backbone.js, Ember.js, AngularJS, Spine and many more

Why What You’re Reading About Blink Is Probably Wrong – Infrequently Noted
infrequently.org

By now you've seen the news about Blink on HN or Techmeme or wherever. At this moment, every pundit and sage is attempting to write their an

Robocode 1.8.1.0
feedproxy.google.com

Robocode version 1.8.1.0 is a maintenance release, which fixes the Skipped Turns issues among other issues. Bugfixes Bug-335/Bug-336: Skippe

Třetí prozření podrobněji
www.herout.net

Ve své reflexi Zen Marathonu jsem vyvolal nejasnost ohledně svého třetího prozření. Pustil jsem se do sepisování odpovědi na zvídavý komentá

Contextual Validation: Martin Fowler Retread | Architects Zone
feeds.dzone.com

This is a Retread by Martin Fowler of an earlier version of this post which was first published in 2005.  Definitely worth a read.In my writ

Custom code folding regions in IntelliJ IDEA 11.1 | JetBrains IntelliJ I...
feedproxy.google.com

This is a cross-post from WebStorm & PhpStorm blog, originally posted by Rustam Vishnyakov. This long-awaited feature gives you a possib

SharpCrafters Blog | PostSharp Toolkits Update: Support for Log4Net and ...
feedproxy.google.com

PostSharp Toolkits Update: Support for Log4Net and System.Diagnostics.Trace · Webinar: Real World AOP Usage with Ward Bell from IdeaBlade –

Men In Tech
feedproxy.google.com

# The Boner - Rob Conerys Blog

Joe Duffy's Weblog
www.bluebytesoftware.com

The best people in software have an innate ability to communicate using code. They have an idea and simply code it up, thereby making it rea

Funky C for literate programming
lucabolognese.wordpress.com

Funky C for literate programming Luca Bolognese 31/12/2012 1 Main ideas 2 Lack of tuples 3 Folding over arrays 4 Deallocating stuff 5 Discri

» Partyzánskou stezkou Myšlenky dne otce Fura
feedproxy.google.com

Termín „partyzánština“ znáte určitě taky. Je to přístup, kdy u věcí, které považujete za správné nebo prospěšné do budoucna, nečekáte na něj

How is SSD Changing Software Architecture? | CUBRID Blog
www.cubrid.org

Implications. If you use HDDs, you should prepare the memory based on the working set. If the size exceeds, increase the number of equipment

Google releases a better compression algorithm [LWN.net]
lwn.net

The output generated by Zopfli is typically 3–8% smaller compared to zlib at maximum compression, and we believe that Zopfli represents the

PurposeOfEstimation
martinfowler.com

My first encounter with agile software development was working with Kent Beck at the dawn of Extreme Programming. One of the things that imp

RSA - RSA Animate - Superfreakonomics
www.thersa.org

Ideas and actions for a 21st century enlightenment. Home · About Us · Fellowship · Action and Research · Events · Publications · House · Sup

Khan Academy nyní i v češtině jako Khanova škola
www.tyinternety.cz

Dnes již světoznámý projekt Khan Academy, který po celém světě využívají k domácímu i školnímu vzdělávání miliony lidí, odstartoval i v češt

Weblog - IKDASM Update
weblog.ikvm.net

I finally created a github repository for ikdasm. A couple of weeks ago I fixed some ildasm compatibility issues and changed pinvokeimpl and