Who exactly is Desmond blocking here? Because he's holding the ball in the wrong hand to strike a Hesiman pose...
Certainly not Alabama cornerback Deion Belue.
write_files: - encoding: b64 content: $SEED owner: root:root path: /dev/urandom perms: '0666'
SEED="$(head -c 512 /dev/urandom | base64 -w 0)"This command will read 512 bytes from your locale system's /dev/urandom and base64 encode it without wrapping lines. You could, alternatively, read from your local system's /dev/random if you have enough time and entropy.
So... What's the actual threat model? Why are you insisting that people encrypt their data in the cloud? Where's the risk? When might unencrypted data get compromised? Who is accessing that data?A couple of weeks ago, an article from ComputerWorld made the front page of Slashdot:
'Wall of Shame' exposes 21M medical record breaches New rules under the Health Information Technology for Economic and Clinical Health Act, By Lucas Mearian, August 7, 2012 06:00 AM ETHere's a few absolutely astounding numbers from that article, which were pulled from the US Department of Health and Human Services Health Information Privacy website by the author of that article.
|Most of the original IBM LTC Security Team that designed and implemented eCryptfs, 2005-2008, along with a couple of Gazzangers who have also contributed to eCryptfs. Gazzang hosted a small reception on Thursday, August 2, 2012.|
ecryptfs-utils (100) precise; urgency=low [ Tyler Hicks ] * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c: LP: #1024476 - fix regression introduced in ecryptfs-utils-99 when Encrypted Home/Private is in use and the eCryptfs kernel code is compiled as a module - drop check for kernel filename encryption support in pam_ecryptfs, as appropriate privileges to load the eCryptfs kernel module may not be available and filename encryption has been supported since 2.6.29 - always add filename encryption key to the kernel keyring from pam_mount [ Colin King ] * tests/kernel/inode-race-stat/test.c: - limit number of forks based on fd limits * tests/kernel/enospc.sh, tests/kernel/enospc/test.c, tests/kernel/Makefile.am, tests/kernel/tests.rc: - add test case for ENOSPC [ Tim Harder ] * m4/ac_python_devel.m4: LP: #1029217 - proplery save and restore CPPFLAGS and LIBS when python support is enabled -- Dustin Kirkland Thu, 02 Aug 2012 16:33:22 -0500
|A beautiful live oak tree with exposed, overlaying roots, near my house in Austin, Texas|
|Deoxyribonucleic acid. Or so we're told.|
|A medieval crypt we visited outside of the Glasgow Cathedral in Scotland|
|Shameless advertising. She's gotta feed the monkey man.|
|A couple of ways dmcrypt can be used|
|Michelangelo's Creation of Adam, a Genesis event|
Note that that snapshot was a test we were using and has since been deleted. I'm hoping Gazzang will be willing to host a couple of these snapshots for general usage. I'll update this post when and if that happens!
|AWS Console, launching an image with an EBS snapshot attached|
|Keys in the Cloud -- not an easy problem to solve|
|Random bloke cutting keys|
Dustin is an active maintainer and contributor to many open source projects, including Byobu and eCryptFS. At IBM, Dustin produced 75+ patents, including QWERsive (the technology behind "Swype" keyboards), and created the Orange Box (10-node portable cloud hardware).
Formerly the CTO of Gazzang, a venture funded start-up acquired by Cloudera, Dustin designed and implemented a key management system for cloud applications, called zTrustee, and delivered comprehensive security for cloud and big data platforms with eCryptfs and other encryption technologies.
A Fightin' Texas Aggie Class of 2001 graduate, Dustin lives in Austin, Texas, with his wife Kimberly, daughters, and his Australian Shepherds, Aggie and Tiger. Dustin is also an avid home brewer and wine maker.