Encrypted partition path derivation via linear search through incrementally encoded packed data

locate is a lightning-fast command line search utility. It first hit the press in the early 80s when James A. Woods proclaimed the tradeoff of nightly updates is worth it for sub-second filesystem path matches.

The proposed architecture is simple but effective: incrementally encode all paths in a purpose-built binary database and perform matches with linear search. Since nearly all matches are partial, linear search generally outperforms binary search or other optimizations. Maintainers have followed this original architecture to the present day.

The indexer is called updatedb and it generally runs nightly, as root. If you have an encrypted home partition (and you should) nothing in your $HOME will be indexed. One workaround is to index it yourself. To maintain security I recommend storing the index inside your $HOME.

I like to use anacron since it automatically performs a catch-up run if necessary. This is handy for “daily would be nice” jobs that don’t need to run at an exact hour/minute of the day.

Here’s how to do it.

Add this to your crontab (this is one long line). This fires off your own personal anacron:

@hourly /usr/sbin/anacron -s -t $HOME/.anacrontab -S $HOME/.anacron

Add this to $HOME/.anacrontab to run your indexer daily (that’s the “1”) and after a 10 minute delay (that’s the “10”):

1 10 indexhome $HOME/bin/index-encrypted-homedir

Create the executable file $HOME/bin/index-encrypted-homedir with these contents:

#!/bin/bash
 
set -o errexit
set -o nounset
set -o pipefail
 
mkdir -p "$HOME/.var" "$HOME/.anacron"
updatedb -l 0 -n '.meteor .cache' -o "$HOME/.var/locate.db"

Finally, add this to your $HOME/.bashrc:

export LOCATE_PATH="$HOME/.var/locate.db"

You are NOT a Software Engineer!

I enjoyed You are NOT a Software Engineer! by Chris Aitchison. It’s a fun analogy. Writing software certainly does feel more like something roughly planned and growing organically or evolving rather than something perfectly specified and executed. And I think this is OK.

Another thing we coders often forget: we are also authors. We write code for humans (others and our future selves) to read. I want you to be stoked when you read what I write! And coding is writing.

offline HTML 5 validation

HTML 5 logo

I’m liking Henri Sivonen’s Validator.nu service. I’ve got it running locally, and it works well. I can use it as a web service and validate HTML from within Vim, using quickfix to rapidly resolve errors. My Jenkins CI server uses the same validator via phpunit tests.

Warning: it took me a very long time to get it running locally. Technically easy (just run a build script), but it downloads tons of libraries and files before it can do its job.

Secure Online Voting

We’ve got online banking, auctions, and dating. What about elections? I want to vote online to decide who gets to run our country and how it is to be run.

Online voting is a complex problem and I haven’t thought it completely through, but I feel like moving to some type of online system is inevitable and I’m curious how it will happen. Maybe I want to be involved. I love to kibitz about it with friends like Mark and Patrick.

Some points that any online voting system should address:

  • security
    • votes should be untraceable to the voter
    • should be difficult to impersonate a voter and steal their vote
    • should provide an equivalent to “election-day verification” (ala showing your driver’s license and signing a roster)
  • simplicity
    • should be as easy as possible to match a vote to a candidate without compromising security or robustness
  • robustness
    • voters should be able to confirm that their vote was counted, and counted correctly
    • recounts should be possible

But I’m an engineer. Of sorts. So I want to know how it would really work. I feel like it needs to involve some sort of high-grade encryption and should be FLOSS. Beyond simply being implemented as FLOSS, the blueprints of the entity creating the secure online voting system (including business processes involved, like project management, financials, etc.) should be completely transparent. And that’s the extent to which I’ve thought through the problem.

But at least one person has gone further. Check out Alex Weir’s proposal on SMS external encrypted voting. Here are my humble thoughts about it.

  • PROS. The proposal:
    • focuses on elections in developing countries (the “third world”), but there is plenty useful to developed countries as well.
    • employs a one-time pad idea seems pretty dang secure.
    • encourages cell phones be used as the transmission device. Excellent idea since the number of people with cell phones in third-world countries is supposedly booming. If SMS can be used, a Web interface should be pretty easy to tack on.
  • CONS. The proposal:
    • has had little exposure in mainstream media. I imagine his idea isn’t quite “press-ready”.
    • doesn’t adequately address how voter envelopes will be distributed.
    • doesn’t have a replacement for “election-day verification”. Voter envelopes and a cell phone are all that is needed to cast a vote.
    • outlines a poor user interface. The interface needs to be dumb simple, like “click HERE for candidate A, HERE for candidate B”. Not “encode the corresponding numbers in the one-time pad matrix for the candidate of your choice, and decode the response based on the second matrix.” So I’m fudging the description a little. My point is that the voter could be spared the complexity with a FLOSS application running on the cell phone that took care of the encryption. Or something. Perhaps an application running on the phone wouldn’t work because, well, how would you support the one-time pad? The idea of using another piece of paper with holes cut out that can be placed atop the one-time pad matrices sounds like an excellent solution to easing the complexity of encryption/decryption while maintaining security.
    • places too much power and responsibility in the one villager’s hands who happens to own the local cell phone.
    • requires fees of USD 0.001 per vote to Mr. Alex Weir. I don’t know how much is fair, but this just doesn’t feel right.

My feedback and opinions aside, this is a very exciting idea! It should at least provide some starting points for future secure online voting systems. Kudos, Mr. Weir!