How To

When we download software, we need to verify two things: The integrity of the software we have just downloaded. The authenticity of the package. Checking these two things will ensure that the download went well, and that the software is authentic (and not malware, for example). For the impatient, here is the process assuming that we have downloaded: A software package we want to use, in the example software.pkg A file containing the reference hash; in the example, software.pkg.sha256 A file containing the signature of the Software Author; in the example, software.sig The public keys of the Software Author; in the example, author.gpg $ sha256sum -c software.pkg.sha256 # 1. Check the download integrity $ gpg --import author.gpg # 2a) Import downloaded public keys $ gpg --keyserver hkp://<server> \ --search-keys <shortID> # 2b) Import public keys from a server $ gpg --verify software.sig software.pkg # 3) Verify signatures $ gpg --list-public-keys --with-sig-check # 4) If needed, check web of trust These commands, why we run them, how they work, and how we should understand them, are discussed next. All the commands are Linux-specific, but information on Windows equivalents can be found in plenty of sites and I will probably write other post in the next few days. ...

If you have a Synology NAS and you are a technology enthusiast, or have some interest in using such machines as home servers, you may run into a problem that is quite common. Judging from the amount of Google results, the User Home service gets somehow broken quite often the first time it is activated, and neither is detected by some other services that use it as a dependency, nor can it be deactivated. ...

This post is motivated by the confusion and the still prevalent recommendation of disabling Secure Boot when installing GNU/Linux, no matter what distribution we are talking about. Contrary to the mainstream trend of such a disablement and proceeding with an outdated bootstrap, security-wise, many distributions do support Secure Boot since a while ago. In this post I will provide some links, references, and “glue text to make sense” in order to provide clarity about Secure Boot: what it is, what it provides, and what it takes from us –mostly in terms of user experience, or friction. ...