* Posts by bert hubert

8 publicly visible posts • joined 19 Jul 2007

One man's mistake, missing backups and complete reboot: The tale of Europe's Galileo satellites going dark

bert hubert

Re: if there are any questions

Thanks - well, at a guess, only people that have experienced the pain of complex systems will demand simplicity. Complexity is just like entropy - it happens, without anyone asking for it. You only get someone simple if you have battle hardened cynics in the room that keep fighting against complexity. And I guess those people did not win the day.

bert hubert

Re: if there are any questions

Yes, this took a lot of work - especially to gather all the relevant documents, but I am so happy many people get to read about it now! I hope this contributes to some new transparency. Because the good news is that fundamentally Galileo appears to be a good system, once the kinks get worked out.

bert hubert

if there are any questions

Hi - I'm the "Bert Hubert" mentioned in the article, if anyone has any questions, I'd be most pleased to answer them!

How to nab a HTTPS cert for a stranger's website: Step one, shatter those DNS queries...

bert hubert

blog post with more details

I documented some of the history & provided diagrams describing this problem on the PowerDNS blog: https://blog.powerdns.com/2018/09/10/spoofing-dns-with-fragments/

Nominet pilots .co.uk domain security pump-up

bert hubert

Or use simple software

Sorry to blow my own horn here, but if you already run PowerDNS, and quite a number of large UK-based hosters do, consider upgrading to PowerDNS 3.0, which makes DNSSEC rather easy, see http://powerdnssec.org/ - it can be as simple as 'pdnssec secure-zone nominet.co.uk'.

Vendors form alliance to fix DNS poisoning flaw

bert hubert

Not the success story it appears to be

This is not as grand a success as it appears to be. The solution has been known since 1999, it is just that nobody bothered to implement it. See http://blog.netherlabs.nl/articles/2008/07/09/some-thoughts-on-the-recent-dns-vulnerability

DNS lords expose netizens to 'poisoning'

bert hubert
Thumb Up

PowerDNS & Random

Just to add my two bits. Amit Klein informed us in a very proper manner of our deficient random generator, and was helpful in finding a good replacement. We implemented his suggestion of going to AES in CTR-mode, which appears to work very well.

I can understand why not everybody goes down this route though - we've already had problems with people being unable to distribute PowerDNS because it suddenly contains 'encryption'.

DNS is vulnerable enough as it is, even with good random. Bad random is inexcusable. For more details, see http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-03

Bert Hubert


Nokia offers assistance for unresponsive GPS phones

bert hubert

A-GPS has to be seen to be believed - fix in 10 seconds

The A-GPS on the latest N95 firmware is absolutely miraculous, transforming the GPS from mediocre to by far the best I've ever seen.

It usually now only takes 10 or 15 seconds to get a fix, even in difficult circumstances.

Really amazing.