This article lists a rough feature comparison between currently available European cloud providers and their American counterparts. European cloud is available and abundant. Stackit, OVHcloud, Scaleway, IONOS, Exoscale, Upcloud are all parties you should have on your radar when building critical infrastructure for European clients. The US is proving to be less and less reliable as an IT partner. You’ve got to move.
Read More “European alternatives to AWS/Azure/GoogleCloud” »
With new European rules like the GDPR and local variations like the Dutch AVG, interest in Anonimatron is increasing. Although I do not keep track of who is using it and where, sometimes new requirements do pop up. Recently a feature was added to Anonimatron 1.9.2 to also anonymize files.
In the wake of those additions, I planned to give Travis CI a try to automate the builds. It turns out that Travis CI integrates beautifully with GitHub, and automatically builds branches and pull requests right out of the box.
Users of Mattermost have probably noticed the less-than-optimal interface design where de Delete option is right above the Leave option in the Channel menu. On a busy server, you can imagine having quite a few incidents where people accidentally completely delete a channel.
In the Open Source version of Mattermost, everybody van do anything, because there is no sensible security model with roles. Mattermost Inc. seems to think that the Open Source community is not entitled to roles, which I (and others with me) strongly disagree with.
Forking Mattermost, learning Golang and enabeling security, improving a few other issues for the open source community along the way is a plan. But there is a simpler workaround for people running Mattermost inside Nginx.
For Let’s Encrypt to automatically renew certificates on your Raspberry Pi, you probably want to install certbot. The installation instructions of certbot tell you to make use of the Debian Backports packages. Following the instructions to install backports packages into apt-get on raspbian (which is a Debian Jessie), you will probably run into the following error:
$ sudo apt-get update ... W: GPG error: http://ftp.debian.org jessie-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
If you used DSA keys to log in to your SSH server and have upgraded your client machine to macOS Sierra (or OSX Sierra if you like), you probably ran into this problem:
client$ ssh -p 8123 george@10.0.0.10 -i ~/.ssh/id_dsa Permission denied (publickey).
The answer to this problem is replacing the DSA key with an RSA key, but how do you do on the server when your only means for connecting is the OSX client machine you just upgraded? Here’s how:
The new firewall in Mavericks is great. For the common user. For a developer, not so much. If you are a Java developer like me, and you just need to open one port (say, 8080) so that the web application you’re working on is accessable from another computer, you can’t. I disabled the Firewall altogether for a few days, but it didn’t feel right.
I googled around and to make a long story short, here’s how to open port 8080 on any interface to any application on your OSX Mavericks installation in 3 steps:
sudo vim /etc/pf.conf
Then add the following lines at the end of the file:
# Open port 8080 for TCP on all interfaces
pass in proto tcp from any to any port 8080
Test (and, according to the documentation, load) your edits with:
sudo pfctl -vnf /etc/pf.conf
Reboot.
(I have found at least 5 pieces of voodoo to make the Firewall restart and reload, but none of them seemed to work reliably, so pardon the reboot)
You can close it by commenting out the lines in pf.conf and reboot again. If anybody knows of an easier way to do this, preferably in one terminal command, and without rebooting, let me know.
Hope this helps.
Regular readers of this blog already know that I am not using dropbox, and I was an Evernote user, but recently decided it became to dangerous and replaced it with my own scripts. I had an interesting discussion on Twitter which made me decide to show you how I run my digital life without the help of Google, Facebook, Dropbox, Whatsapp or iCloud, and still be able to have all the functionality these services offer.
The search was hard and sometimes I need to reconsider some of the choices, but the last few years the selection of products was very stable and the setup has worked flawlessly. Searching for a secure replacement for Whatsapp or Google? It’s in here.
Read More “There’s life without Google. Or iCloud. Or Facebook.” »
In the past I have used Evernote extensively, it really helped me in my research for this blog and keeping track of meeting notes, todo lists and even making pictures of whiteboards at work searchable. As a product, there is no note taking app that can beat Evernote. But there is a little problem that has become a deal breaker for me, and that is basically the NSA and the way Americans, and particularly the American government seems to think about people’s privacy and online security.
Evernote is an American company, which sadly has to comply with whatever ridiculous request by the U.S. government to turn over data of innocent people all over the world (yes, even outside the U.S. border, I know, it’s amazing). This, combined with the fact that Evernote clearly can not use zero-knowledge encryption because of the services it provides, makes that all the data you and I put into Evernote are at NSA’s fingertips at all times. If you find that as scary as I do, and you have a Mac, there is a way to solve this.
After reading my last blogpost on Anonimatron, you must have asked yourself “Great, but how do I actually use Anonimatron to de-personalize my database”? I tried my best to make basic Anonimatron configuration as self-explanatory as possible, just start it without any command line arguments and it will tell you.
Less adventurous or in a big hurry? This blogpost will show how simple it is to install and configure Anonimatron on an example MySQL database.
In every software project, there comes a time where a bug pops up, nobody knows how to reproduce it, and somebody says “I know, let’s test this against a copy of the production database”. Even with the best intentions, once production data leaves the production machine with all its safeguards it becomes really hard to do access control on that data.
Most of the time, it’s not even needed to have that data. Developers just need a data set which resembles the production scenario close enough. Some brave souls have mixed succes with data generators, but those generators usually are tedious to maintain and die a slow death under the pressure of the daily grind.
In some ambitious projects automated integration testcases are built on top of the data which was inserted by the data generators. As the generators die, so die the tests. If you recognize this pattern, Anonimatron might be the answer for you.