2.6.13 is almost ready to go stable in Gentoo, especially now that the evil AMD64 SMP bug has been solved (this also affected the last few kernel releases).
Beagle 0.1.0 is out, the result of much hacking from all directions over the summer. The release announcement pretty much says it all. On a sidenote this will be available in Gentoo’s package tree sometime soon.
Alauda driver is pretty much finished – reading, writing, hotswapping – to both XD and SmartMedia cards, even simultaneously, on 2 devices at the same time. The only problem right now is that a tester has reported reading of 8mb smartmedia does not work – this is difficult to track down as I do not own any cards this small, and the address space is different on this media (but the driver is written so that this should work…)
I’ve been donated a MS keyboard with fingerprint reader with the task of getting the fingerprint reader working on Linux. There is a major complication here though, the device appears to simply send an image of the fingerprint to the host computer, but the I think the image is encrypted. Can’t be an impossible problem to solve, right?
Regarding the spam-attacks on the Gentoo hosted weblogs, I can globally remove and blacklist spam (based on keyword or URL) very easily so please just report it to me. If anyone knows of good ways to automatically combat spam in b2evolution or feels like hacking something up then please let me know. I’m not too fond of the “type the letters from this image” schemes, but something like an additional confirmation screen (where the user just has to click a button) if the user included 3 or more URL’s in the same comment would probably confuse the spambots enough to quieten things down.
Update: Missed this earlier, but it looks like the new b2evo release has improved antispam capabilities. Will see how this turns out…
I’ll be offline for a while as of Monday, moving back up to Manchester into a new house to start my 2nd year of university.
Regarding the fingerprint reader encryption algorithm, the XTEA algorithm could be a good first bet. I did some Googling, and found this (1) review, where some information regarding the security of Microsoft’s standalone device is given.
It wouldn’t be far fetched to believe that the same hardware is used for Microsoft’s standalone and keyboard combo fingerprint readers.
The standalone units (at least) are apparently built by Digital Persona according to (2). Coincidentally, the information given about the security in (1) seems to be derived from blog comments in (2), where they describe the workings of an APC fingerprint reader and not the Microsoft one. The source of the information is shady as well, and I’m not 100% sure the mechanics described make much sense.
Which is all a bit confusing.
I haven’t been able to find much information on who built the APC one (as I doubt they do anything besides buying an OEM reader and slapping their name one it) but then I didn’t look very hard.
Anyway, Microsoft don’t recommend using their fingerprint readers for serious security measures, which should mean that it isn’t a tamper-resistant hardware platform with a signed key exchange, 256-bit AES encryption and a whole slew of bells and whistles added to that. I guess poking around the driver software would be the best option. Chances are the key is in there somewhere.
Hehe, I’m not sure I made much sense above, bit may just be pointless drivel. I stumbled across your blog whilst at the Beagle site and killed some time Googling a subject which interests me (namely security). If I had a similar fingerprint reader myself, I’d offer to help, but unfortunately I don’t.
(1) – http://www.globetechnology.com/servlet/story/RTGAM.20041115.gtfingernov15/BNStory/TechReviews/
(2) – http://blogs.msdn.com/mswanson/archive/2004/12/03/274170.aspx
Pingback: dsd’s weblog » Blog Archive » Digital Persona UareU Fingerprint Sensor driver for Linux