Thursday, June 2, 2016

SHA256 Wha?

What to do if you see instructions like...
 "You can find the SHA256 checksums for xxx online and you can verify the checksums signature file which has been signed using xxx's GPG key"
A SHA is a Secure Hash Algorithm (link), a one-way function of which it is difficult if not impossible to compute its inverse. I think its called an injective non-surjective function.
Anyway, online, we use SHA checksums to verify file integrity.

On Checksums...

For example: from the command line in the folder of the file you need to check thus:
$ shasum -a 256 -c vagrant_1.8.1.dmg
1bda0aed9691145a97cb5a8ae7b3492cc5e15a03  vagrant_1.8.1.dmg
Verify manually by inspection with a published copy of the checksums e.g.
vagrant_1.8.1_SHA256SUMS.txt
Or verify automatically if you have the published copy of the checksums file in the same directory as the file you need to check:
$ shasum -a 256 -c vagrant_1.8.1_SHA256SUMS.txt vagrant_1.8.1.dmg: OK 

Using the example of GPGTools and downloading the GPG Suite for Mac as of today (https://releases.gpgtools.org/GPG_Suite-2015.09.dmg). Without having GunPG installed you need to verify the downloaded file using the checksum and comparing against the published value for that file (as of today) i.e. comparing the published value to that calculated by shasum
SHA-1: f1fd930144720e70bd4c809dd36ac0573b0a7be2
$ shasum GPG_Suite-2015.09.dmg f1fd930144720e70bd4c809dd36ac0573b0a7be2  GPG_Suite-2015.09.dmg

Further reading

gnupg.org
kp.mit.edu
www.openoffice.org

(New Section) Diving into virtual machines with VirtualBox and Vagrant

1. VirtualBox
2. Vagrant

Sharing 360° video?

So, you've got a 360 degree video file from your GoPro. What to do with it? Well, share it on YouTube. YouTube supports uploading and pl...