Take care of your servers/services/(web)apps as you (hopefully) do with your car

February 27th, 2013 No comments

If you want to have your car for a long(er) time, you usually do your servicing, or in other words, you look after it.

This is the same what you should be doing with your servers/services/applications what you are responsible for. You look after them, you do a regular oil-change (ie. “updates and/or patches”), you do your regular MoT (here in UK), ie. your regular yearly review.

You are also obliged by law that it is roadworthy, or you loose your insurance. So when there is “something sticking” out of it, ie. when it is a security hazard, you go and fix it. Same for your server, you fix it, ie. you configure it correctly or you remove it altogether.

And last but not least, there are also “zero-days” on cars. Year, right. Like manufacturers faults or a design/construction problem. There is nothing what you can for yourself. When you don’t know about it, you can’t fix it. For the most cases, it comes down that the manufacturer lets you know and – here you go, patch your system.

If your manufacturer doesn’t know, or doesn’t want to let you know (that’s unfortunately quite common in the software industry), that’s it. If you are lucky, you can turn that particular feature off, if not, you have to live with it.

Just some thoughts, heading off now.

Categories: Security Tags:

A Raspberry Pi behind a 22″ TV

February 16th, 2013 No comments

imageI had an old 22″ monitor standing around, where the integrated CD/DVD player was broken – but lucky me it still had a HDMI input, so… *g

So I stuck the Pi with doublesided super strong mounting tape at the back of it, put some more “sticky points” to hold the wireing in place and that there is no strain on the cables and the Pi – and here you go.

I orginally had it mounted so that the power leads and the SD card are easily accessible from the top,but then realized it would be better when they are on the right side (so that all the cables come out on the left, right and buttom). That super strong mounting tape actually removed some of the original TV’s labels…

Right now I labelled my SD cards, as I am trying different things right now. These are

  1. XBMC viewing station with OpenElec
  2. Plain Raspbian for testing software on a plain Linux installation, like Minecraft.

It is great and I am enjoying it – my son as well, as he likes Minecraft and really would like to have this hooked up to his TV… but not yet, not gonna give my toy out of my hands yet.

Categories: Ideas Tags:

Comment on “Symantec SSL certificates feature cryptography 10k times harder to break than RSA-bit key”

February 15th, 2013 No comments

I just came across  Symantec SSL certificates feature cryptography 10k times harder to break than RSA-bit key and Symantec/VeriSign Expands Encryption Options For SSL Digital Certificates.

I must say, I am stunned. AFAIK no certificate has been “broken” yet, and those few ones what have, were implementation errors or via MD5 collision attacks. And then there are plain hack-into-their-system and steal the private keys attacks, like DigiCert. There are a few others most likely.

The problem is not the encryption of the SSL certificate, present SSL encryptions are strong – again, most of them, MD5-based SSL certificate hashes are considered broken (or anything MD5 based in general), and also the recent “Lucky 13” when using a specific cipher.

There are still enough ciphers out there to make existing SSL certs good enough. Deploying a new cipher takes time and is new code, what has not been (security)tested yet.

Attackers will always attack the weakest link, and this is not by bruteforcing the cipher, in most cases they go after the human.

Categories: Security Tags:

Jacob Appelbaum’s keynote at the 29C3 in Hamburg

February 4th, 2013 No comments

Jacob Appelbaum at the 29C3 keynote about the new, top-secret NSA building in the US and a couple of other things, what gave me the chills – mainly how the US government is – let’s say “performing”.

You can watch it on YouTube.

Or if you want to get the video, the filename is “29c3-5385-en-not_my_department*” on any of 29C3’s mirrors.

Categories: Events Tags:

Downloading “Astronomy Picture of the Day” with subtitles

February 3rd, 2013 No comments
Image Credit: NASA (www.nasa.gov), ESA (www.spacetelescope.org), and The Hubble Heritage Team (heritage.stsci.edu)

Image Credit: NASA (www.nasa.gov), ESA (www.spacetelescope.org), and The Hubble Heritage Team (heritage.stsci.edu)

Some time back I came across Astronomy Picture of the Day – some picture are really stunning. I wanted to have this as a wallpaper, but subtitled with the description (I still want to know what I am looking at!). So I wrote a Bash-script doing that for me.

It requires the following programs

  • wget
  • html2text
  • convert from “imagemagick”

be accessible within $PATH.

All directory references are relative to the directory it is in. It needs two directories “resized” and “subtitled”.

The script doesn’t download already downloaded pictures. When called with no parameter it downloads the latest, or you can also alternatively browse their website and pass the URL to it.

You can download the script here.

By the way, APOD also offers a calendar.

Categories: Scripting Tags: