I love the nitrokey stuff. If you want some practical examples, see the articles I wrote on the different models: https://raymii.org/s/tags/nitrokey.html - both HSM, Pro, start (which is a gnuk stick).
The support of codeweavers is very good and fast as well, the two times I had to contact them.
The bottle system is amazing. It allows you to have multiple wine environments with different Windows versions seperated, so not just one Wine for all. Office 2003 runs on Windows XP, 2013 on a Vista env.
The bottles can be exported to RPM or DEB or shell installer for easy deployment as well. Plus the easy online database with appliations and profiles makes Crossover, for me at least, have a big advantage over bare Wine.
I'm behind https://cipherli.st, together with some friends. IMHO there is no reason not to have HTTPS everywhere, especially now Let's Encrypt exists. I did think and discuss a lot with people on how 'strong' the page is, and if we might want to change that. The page is targeted at sysadmins who I expect to do at least some research before bluntly copy-pasting config files off somewhere, there are enough warnings on the page.
> You are free to keep your opinion but the statement that such possibility "still beats the purpose of the HSM though" is not shared by many people.
I'm aware of the FIPS standard, therefore I worded the piece as my opinion. I think it's better to be able to rotate the keys then to restore to the same/other device. Since extraction might lead to decryption. I do also know that software-wise that is an inconvinience and in some cases not possible. Bur still, a device that protects private keys should not give them up. As you say, my opinion.
> No, it is not a convenience. It is a manner to mitigate the risk of denial of service one may cause by purposedly destroying or stealing your HSM.
Stealing should be protected by the tamper-protection, thus causing a wipe of the device. In that case you might have a bigger problem, someone has access to your datacenter and racks. In that case a backup is very welcome. (I do find it a hard problem where the two sides, no backup, a backup, both are equally important.
> I challenge this statement: I deal with most big-name HSMs (and there are not that many) and none of them can do this. I do know because that is a risk we explicitly check for when evaluating one.
We've had a situation were two different revisions of the same device were not able to load a wrapped key. Support flew in and told us they could fix in in a new firmware in three months, no guarantees. We installed screen recorders and a keylogger, since they were on our production env (audit logging). They did, with undocumented commands, export the key from the device in an unencrypted format and loaded it into the other model so that we could continue our operation. Reviewing the recording and the logs showed that the commands did also work on other HSM's we had. I'm still under NDA so I cannot talk about which brand or model specific.
Author here, do note that device access and access to all previously setup passwords and PINs is required for this to work. It still beats the purpose of the HSM though. The article explains this a bit more in the #Rationale section. Happy to answer questions or comments.
Also my personal site describing my adventures in *NIX and cloudland: https://raymii.org/s/, plus a boatload of TLS related articles.
The mozilla guide is also very good, the ability to configure based on your server settings and browser support is a heck of a nice feature. Whenever I have time to learn javascript that's the first thing to implement.
Although, all my projects are open source (https://github.com/RaymiiOrg/) so merge requests are welcome. Ferm GPL believer here.