We recently implemented two factor authentication for VPN access to our LAN. We use Yubikeys from Yubico to provide one time passwords (OTPs) which, when combined with the domain login and password, protect us from an array of attacks that password-only solutions can never solve.
You hang yubikeys on your keychain so you always have them with you and there are zero interoperability concerns (unlike smartphone solutions such as google’s authenticator). A yubikey requires no battery but draws its power from the USB port you plug it into. To your computer, it looks just like a keyboard, and pushing its green button will make it type 44 letters followed by <enter>, as if you typed it.
We wanted to use the standard windows VPN client built into windows 7, so we can connect from any computer running windows 7 without having to install custom software. In the most straightforward deployment, you append your Yubikey OTP to your normal domain password. But it turns out that the windows 7 VPN client supports a maximum of 48 characters for the password, after which it starts truncating from the start of the password. Since the yubikey OTPs have 44 characters, that supports only passwords up to 4 characters, which of course is far below the acceptable range of domain password strength.
To all my American friends, colleagues and readers – please have a safe and happy holiday weekend surrounded with family and friends!
Please join me in welcoming our newest contributing author Arne Joris! Arne is has been my colleague at ChasmX for several years and has had a diverse fifteen year career spanning the world.
We’re always interested in hearing from talented folks that might like to contribute to Geospecialling – if you’d like to become a contributing author please feel free to contact me.
Another day another baby! On November 2nd at 1am exactly our son, Ozzy Ash Pawliuk-Maidlow was born. Yup, Ozzy as in Ozzy =] Weighing in at a hefty 6 lbs 5 oz (as opposed to our daughter who was 4 lbs 7 oz). Mom and baby are doing great. As I hoped this time around was a LOT easier. Much better when you have some idea what you’re getting into. The only thing I wasn’t prepared for was the lack of sleep. Staring blankly at a screaming baby on maybe 2 hours of sleep trying to remember how to change the diaper on a newborn. The last time I did an all nighter was when our daughter was born. Before that it had been many years =)
Fortunately the little guy looks great in pink : )
The ChasmX team has been working onsite at the head office of a trade union for the year or so. One the very first day I started onsite my partner Arne (who had been there for a few months) met me outside. One of the first things he pointed out to me as he led me to our office were these machines. One of the members had built these amazing wooden replicas of three big machines. Click on the pictures to get a larger more detailed image. Amazing! See the pics
My wife and I recently took a mini vacation and spent a few nights in Banff, Alberta. Man I’ve missed that town… We took the gondola up to the top of Suplhur mountain and there amongst the clouds at the end of the top of the mountain hike I found this large hunk of rock near the edge of a cliff. Being a P90X/2 junky I felt compelled to Crane on top of this rock, 7350 feet above sea level, near the edge of the cliff and share it with the world.
I would like to send a big thumbs down and a boo to madison seating for misleading advertising. They sent me an e-mail yesterday advertising their big sale on Aeron chairs. My current Aeron is almost a decade old and squeaks / creaks / groans when I sit down - so I figured this would be a great time to get a new one! I jump on their site configure the chair and place my order for a couple chairs.
Look – free shipping, ships to Canada and a great price!
The hackers that made the FLAME virus have published a secret login console on flamer.com. It’s top secret but maybe you already know the login and password…. http://www.flamer.com
But seriously folks. I have not been in a place to write much this year. We’ve been insanely busy improving workforce productivity with automation over at ChasmX – . I’ve also been helping my wife launch her new CPR instruction business Dr. Bones CPR. On top of that our daughter has become mobile and is keeping us on our toes. That said – I’ve got a half dozen cool topics in the works. I’m hoping to get some good posts laid down here in the coming weeks.
My six month old daughter LOVES my notebook…
My colleague Arne just released a helpful little utility aptly named the Digital Pen Library Utility. This tool plugs a few gaps we’ve noticed in the Anoto digital paper library software during our development sprints while building our smartpen based solutions at ChasmTech. This utility provides the ability to more effectively manage your digital paper libraries by checking if printed documents in the library are still pending. This will give you a clear view of the current library allowing you to decide if it is safe to archive the current library and start a fresh one. More details on this download can be found on the ChasmTech download page.
Have a feature request for this app or a comment? We’d love to hear it. Comment here or contact Arne via ChasmTech.