Profile

Cover photo
Perry Lorier
Works at Google
Attended University of Waikato
441 followers|83,354 views
AboutPostsPhotosYouTubeReviews

Stream

Perry Lorier

Shared publicly  - 
 
This is what I do.
 
Today for the first time we've revealed how Google scaled its frontend infrastructure and how you can now take advantage of our technology by using Google Cloud Platform.

Putting Google's Network to work for You

I want to give a huge thank you to +Trisha Weir , who not only created all the drawings in the presentation but also TPM'ed many of the projects covered here.

#io2014
8
1
Chris Whittleston's profile photoScott Raynel's profile photoSimon Boggis's profile photo
2 comments
 
Nice one +Perry Lorier, looks right up your alley :)
Add a comment...

Perry Lorier

Shared publicly  - 
 
 
From today's poetry bash on #linux:

"Ba ba bash shell have you any bool?
Yes, sir, yes but naught is true.
One for the error and more for arcane.
Zero for command which correctly exits main."
2
Add a comment...

Perry Lorier

Shared publicly  - 
 
Comments 3 Four Fallacies Factors of 1.5 to 2 don't matter. It is sometimes argued that a factor of 1.5 to 2 isn't important. CPUs continue to increase in speed, and surely this will make up the gap. The facts say otherwise. The annual cost to operate a large banking data center today is $150,000 per square foot. It is by far the most expensive real estate in the world, and more than one third of that cost is the cost of cooling the data cente...
2
Scott Raynel's profile photo
 
Really interesting.

Aside from all of the technical reasons (data representation, weak typing, aliasing, etc), I think there's a really telling quote in that article:

"Kernel programmers already operate at (or slightly beyond) the outer limit of systemic complexity that can be mainained in a programmer's head."

A language like C allows the programmer to develop very straightforward mental models of what's going on; there's very little "magic" going on such as there is in C++, etc. This ability to map C code to simple mental models allows programmers to "operate at the outer limits of systemic complexity" more readily.

Thanks for sharing. Wishing I was back doing more systems programming now :(
Add a comment...

Perry Lorier

Shared publicly  - 
 
Once upon a time there was an Americans company called Motorola, and they decided to implement GSM. Unfortunately they decided to deviate significantly from the specification and implement their own proprietary back-haul protocol between BTS and BSC, called Mo-bis. It replaces the standardized A-bis interface. Today, There are plenty of phased-out Motorola Horizon / Horizon II macro BTSs that have been phased out. Basically you can get them for ...
1
1
Ian McDonald (personal)'s profile photo
Add a comment...

Perry Lorier

Shared publicly  - 
 
"An Extension Language for the DNS" - John Levine
http://tools.ietf.org/html/levine-dnsextlang-02.txt
2
Greg S's profile photoPerry Lorier's profile photoWilmer van der Gaast's profile photoMurali Suriar's profile photo
6 comments
 
Oh dear.
Add a comment...
Have him in circles
441 people
David Hallett's profile photo
Angela Savina's profile photo
Stuart Turner's profile photo
Andrew Stephen's profile photo
Jeremy Utting's profile photo
Ailson Lima's profile photo
josé luiz Candido's profile photo
Mundo da Dora's profile photo
Brett Lorier's profile photo

Perry Lorier

Shared publicly  - 
 
The problem that the heartbleed attack demonstrates is that people's private keys are available to a server that is also available (via heartbleed) to the attackers.

Ideally you'd want your TLS keys to be stored in an HSM(hardware security module), where if your machine is compromised they cannot be extracted.   Usually this can be done via PKCS#11, an standard API for asking something else to do the crypto operations for you. This is plausible for client applications on devices with TPMs (eg Thinkpads), but the builtin TPMs are extremely slow, and are not usually available on servers. For example for storing things like client SSH keys, this is ideal.  (You don't need to use the Platform Configuration Registers which is the bit that most people object to, and ideally you'd get a "real" HSM, not just reuse the TPM as a HSM.).

Ideally what you want to do for a web farm is to have a software daemon that pretends to be a HSM, which runs as a separate user than your webserver.  When your webserver needs a crypto operation done that involves your private keys, it asks the software HSM to do the operation for it.  Thus, even if an attacker gains access to the user the webserver is running as (eg remote code execution), they cannot just read out the TLS keys, and probably also the password used to encrypt them from the config file!  If the softHSM running as a separate daemon in a second user account, they need to be able to access that second user (eg by exploiting bugs in the kernel etc) to get the keys, which is a much higher bar (and is not provided for by things like heartbleed).  The attacker, if they did get full access to the webserver account could ask the softHSM to do the operations for it, but when combined with Perfect Foward Security, this doesn't really buy the attacker much that they didn't get just by sniffing the unencrypted streams they already have access to.  If you wanted to later upgrade the security of your machine (eg, you have a TPM added to your server), you could swap out the software HSM's PKCS#11 driver library for your "real" HSM PKCS#11 driver, which is a small configuration change.

Unfortunately, at the moment all the softHSM's I've looked at operate as a shared library, and thus still have problems with key leakage.  I have also not been able to figure out how to get any of the webserver SSL configurations to actually use PKCS#11. So far they only seem to allow you to say "I want to use PKCS#11" but then don't let you configure anything that you need to such as ... which PKCS#11 module to use, or what the User PIN for the HSM is, or which slot, token or certificate to use within the HSM.  The current state of the art appears to recompiling to configure much of this.  Hopefully I'm wrong here.

Heartbleed is bad, but it's not going to be the last bug that we ever see that gives access to the webserver account.   There's going to be bugs in protocol handling (either TLS, or perhaps in new HTTP/2.0 implementations) and there's going to be bugs in websites that mean that file contents are leaked, or allow for varying degrees of remote code execution.  

The best fix here is to not expose your keys to the same process that is exposed to the Internet.  The best standard we have today for this is PKCS#11.  To do this we need a software daemon based PKCS#11 that can run as a separate user and a driver PKCS#11 module for it (communicating over, say, a unix domain socket, perhaps dbus or something), and we need to have webserver vendors support PKCS#11 as a first class citizen in their configuration.
44
12
Andrew Mitry's profile photoElliot Murphy's profile photoChris Boyle's profile photoIan McDonald (personal)'s profile photo
19 comments
 
You might find this interesting - AcceSSL: a "soft HSM" for OpenSSL to secure private keys - https://github.com/gozdal/accessl/
Add a comment...

Perry Lorier

Shared publicly  - 
1
Gerard Sharp (WalkingDuc)'s profile photo
 
.. Haven't read it, but, do complex systems fail by not realising when to "down tools" and go for nachos?
Add a comment...

Perry Lorier

Shared publicly  - 
 
You should update your firewalls.
[Docs] [txt|pdf] [draft-pignataro-t...] [Diff1] [Diff2] Independent Submission C. Pignataro Request for Comments: 6592 Cisco Category: Informational 1 April 2012 ISSN: 2070-1721 The Null Packet Abstra...
1
Add a comment...

Perry Lorier

Shared publicly  - 
 
I've always been intrigued by HIP, it's interesting to read a (extremely!) detailed report about what's been learnt.
[Docs] [txt|pdf] [draft-irtf-hip-ex...] [Diff1] [Diff2] Internet Research Task Force (IRTF) T. Henderson Request for Comments: 6538 The Boeing Company Category: Informational A. Gurtov ISSN: 2070-1721...
1
Add a comment...

Perry Lorier

Shared publicly  - 
 
2012-03-01, rev -01: This document is a follow-up of a University thesis which aims to measure the evolution over time of IPv6 traffic and to analyze the geographical distribution of IPv6 nodes. The first measurements were done during the Summer 2009 using a specific-purpose program which connects to the BitTorrent peer-to-peer network and this document adds measurements done with the same program but in October 2011 and February 2012.
1
1
Ian McDonald (personal)'s profile photo
Add a comment...

Perry Lorier

Shared publicly  - 
 
VisualK is a new tool that allows to visualise the evolution of the service provided by the K-root name server. It can be used to monitor the status of K-root in near real-time.
2
Add a comment...
People
Have him in circles
441 people
David Hallett's profile photo
Angela Savina's profile photo
Stuart Turner's profile photo
Andrew Stephen's profile photo
Jeremy Utting's profile photo
Ailson Lima's profile photo
josé luiz Candido's profile photo
Mundo da Dora's profile photo
Brett Lorier's profile photo
Education
  • University of Waikato
    BCMS, 1997 - 2000
Links
Other profiles
Work
Employment
  • Google
    SRE, 2010 - present
  • WAND
Basic Information
Gender
Male
Apps with Google+ Sign-in
  • Iconic - Guess The Name