Protecting yourself from Flash cookies

Its not well known that Flash has some good privacy options. When installed on OSX, you get a control panel item that allows to set your preferences. If you use Firefox you can also use Betty Privacy to control your flash cookies, also known as Longterm Storage Objects or LSOs.



In System Preferences, click on the Flash button





and it loads the options. You can choose what you want, suggest going for "ask me before allowing sites". Google's gmail sets 2 LSOs, maybe it doesn't work properly if you prevent gmail setting LSO.





You can also click "local storage settings by site" to set per Site options, or "delete all" and do exactly that.

Howto forget known host in CrOS / ChromeOS

Since CrOS / ChromeOS does not have a real test editor, if a host you SSH to changes, its not obvious how to remove the old one from known_hosts so you can add the new one.



In CrOS (ctrl+alt+t) type

ssh_forget_host

You then get a list of know hosts, so just type in which one you want to forget.

Macs with AES-NI

Macs with AES-NI - green = yes, red = no. If your Mac is not on the list, then likely its no, as at 15 August 2011. Basically to have any chance you need Core i5 or i7.

With OSX 10.7 Lion having Full Desk Encryption (FileVault 2), and it being able to have hardware acceleration from CPUs that have AES-NI, you need to ask which CPUs in Apple Macs have AES-NI. Also useful if you use TruCrypt, which can use AES-NI. You can use TruCrypt to share encrypted drives / partitions between Macs and Windows - very useful if you use your office for off-site backup of home data.



Information compiled from www.everymac.com and ark.intel.com

How fast is openssl with AES-NI?

Now that Apple have moved to core i CPUs across their line from just a few before,

and with the release of Lion with its AES based full disk encryption called File Vault 2 (FV2), I've been curious about performance hit from FV2.



As far as I can tell, using FV2 gives a file system performance hit of less than about 10%. So if you were to move to SSD from spinners and then use FDE / FV2 on Lion then you would still see a big gain in disk I/O.



Anyway, you can run some openssl benchmarks.



On my personal MBP a 2.53 core 2 duo

$openssl speed aes-256-cbc



Doing aes-256 cbc for 3s on 16 size blocks: 18280734 aes-256 cbc's in 2.96s

Doing aes-256 cbc for 3s on 64 size blocks: 4660089 aes-256 cbc's in 2.94s

Doing aes-256 cbc for 3s on 256 size blocks: 1196116 aes-256 cbc's in 2.98s

Doing aes-256 cbc for 3s on 1024 size blocks: 298821 aes-256 cbc's in 2.97s

Doing aes-256 cbc for 3s on 8192 size blocks: 36577 aes-256 cbc's in 2.92s

OpenSSL 0.9.8r 8 Feb 2011

built on: Apr 22 2011

options:bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) aes(partial) blowfish(ptr2)

compiler: -arch x86_64 -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings -fasm-blocks -O3 -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DMD32_REG_T=int -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DOPENSSL_THREADS -DZLIB -mmacosx-version-min=10.6

available timing options: TIMEB USE_TOD HZ=100 [sysconf value]

timing function used: getrusage

The 'numbers' are in 1000s of bytes per second processed.

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes

aes-256 cbc 98934.37k 101410.31k 102676.20k 102983.81k 102790.17k

If you have AES-NI and your openssl has AES-NI ability you can run

$openssl speed –engine aesni –evp aes-256-cbc

If I find myself in an Apple store I might try running this.

NVU is dead, long live Kompozer

If you used to like Nvu for your web site editing, you'll know its not been updated well, for ever. Now it has a spin off that is more up to date, Kompozer