Tag: security

Travis CI and Dependabot added to Anonimatron

2018-04-26 rolfje No Comments

With new European rules like the GDPR and local variations like the Dutch AVG, interest in Anonimatron is increasing. Although I do not keep track of who is using it and where, sometimes new requirements do pop up. Recently a feature was added to Anonimatron 1.9.2 to also anonymize files.

In the wake of those additions, I planned to give Travis CI a try to automate the builds. It turns out that Travis CI integrates beautifully with GitHub, and automatically builds branches and pull requests right out of the box.

Software

Mattermost Delete Channel “fixed”

2017-10-26 rolfje 41 Comments

Users of Mattermost have probably noticed the less-than-optimal interface design where de Delete option is right above the Leave option in the Channel menu. On a busy server, you can imagine having quite a few incidents where people accidentally completely delete a channel.

In the Open Source version of Mattermost, everybody van do anything, because there is no sensible security model with roles. Mattermost Inc. seems to think that the Open Source community is not entitled to roles, which I (and others with me) strongly disagree with.

Forking Mattermost, learning Golang and enabeling security, improving a few other issues for the open source community along the way is a plan. But there is a simpler workaround for people running Mattermost inside Nginx.

Software

Installing GPG keys for Debian Backports

2017-06-09 rolfje 6 Comments

For Let’s Encrypt to automatically renew certificates on your Raspberry Pi, you probably want to install certbot. The installation instructions of certbot tell you to make use of the Debian Backports packages. Following the instructions to install backports packages into apt-get on raspbian (which is a Debian Jessie), you will probably run into the following error:

$ sudo apt-get update
...
W: GPG error: http://ftp.debian.org jessie-backports InRelease:
   The following signatures couldn't be verified because the public
   key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY
   7638D0442B90D010

Software

macOS Sierra SSH “Permission Denied”

2016-11-12 rolfje 1 Comment

If you used DSA keys to log in to your SSH server and have upgraded your client machine to macOS Sierra (or OSX Sierra if you like), you probably ran into this problem:

client$ ssh -p 8123 george@10.0.0.10 -i ~/.ssh/id_dsa 
Permission denied (publickey).

The answer to this problem is replacing the DSA key with an RSA key, but how do you do on the server when your only means for connecting is the OSX client machine you just upgraded? Here’s how:

Apple

Open a port in OSX Mavericks’ Firewall

2014-05-10 rolfje 10 Comments

The new firewall in Mavericks is great. For the common user. For a developer, not so much. If you are a Java developer like me, and you just need to open one port (say, 8080) so that the web application you’re working on is accessable from another computer, you can’t. I disabled the Firewall altogether for a few days, but it didn’t feel right.

I googled around and to make a long story short, here’s how to open port 8080 on any interface to any application on your OSX Mavericks installation in 3 steps:

sudo vim /etc/pf.conf

Then add the following lines at the end of the file:

# Open port 8080 for TCP on all interfaces pass in proto tcp from any to any port 8080

Test (and, according to the documentation, load) your edits with:

sudo pfctl -vnf /etc/pf.conf

Reboot.

(I have found at least 5 pieces of voodoo to make the Firewall restart and reload, but none of them seemed to work reliably, so pardon the reboot)

You can close it by commenting out the lines in pf.conf and reboot again. If anybody knows of an easier way to do this, preferably in one terminal command, and without rebooting, let me know.

Hope this helps.

Software

There’s life without Google. Or iCloud. Or Facebook.

2014-03-08 rolfje 5 Comments

Regular readers of this blog already know that I am not using dropbox, and I was an Evernote user, but recently decided it became to dangerous and replaced it with my own scripts. I had an interesting discussion on Twitter which made me decide to show you how I run my digital life without the help of Google, Facebook, Dropbox, Whatsapp or iCloud, and still be able to have all the functionality these services offer.

The search was hard and sometimes I need to reconsider some of the choices, but the last few years the selection of products was very stable and the setup has worked flawlessly. Searching for a secure replacement for Whatsapp or Google? It’s in here.

Software

Replace Evernote with Spidernote

2014-03-02 rolfje 8 Comments

In the past I have used Evernote extensively, it really helped me in my research for this blog and keeping track of meeting notes, todo lists and even making pictures of whiteboards at work searchable. As a product, there is no note taking app that can beat Evernote. But there is a little problem that has become a deal breaker for me, and that is basically the NSA and the way Americans, and particularly the American government seems to think about people’s privacy and online security.

Evernote is an American company, which sadly has to comply with whatever ridiculous request by the U.S. government to turn over data of innocent people all over the world (yes, even outside the U.S. border, I know, it’s amazing). This, combined with the fact that Evernote clearly can not use zero-knowledge encryption because of the services it provides, makes that all the data you and I put into Evernote are at NSA’s fingertips at all times. If you find that as scary as I do, and you have a Mac, there is a way to solve this.

Software

Anonimatron: Quick Start

2013-11-03 rolfje 18 Comments

After reading my last blogpost on Anonimatron, you must have asked yourself “Great, but how do I actually use Anonimatron to de-personalize my database”? I tried my best to make basic Anonimatron configuration as self-explanatory as possible, just start it without any command line arguments and it will tell you.

Less adventurous or in a big hurry? This blogpost will show how simple it is to install and configure Anonimatron on an example MySQL database.

Read More “Anonimatron: Quick Start” »

Software

Anonimatron: Overview

2013-10-31 rolfje No Comments

In every software project, there comes a time where a bug pops up, nobody knows how to reproduce it, and somebody says “I know, let’s test this against a copy of the production database”. Even with the best intentions, once production data leaves the production machine with all its safeguards it becomes really hard to do access control on that data.

Most of the time, it’s not even needed to have that data. Developers just need a data set which resembles the production scenario close enough. Some brave souls have mixed succes with data generators, but those generators usually are tedious to maintain and die a slow death under the pressure of the daily grind.

In some ambitious projects automated integration testcases are built on top of the data which was inserted by the data generators. As the generators die, so die the tests. If you recognize this pattern, Anonimatron might be the answer for you.

Read More “Anonimatron: Overview” »

Software

How big is 5 Zettabyte?

2013-06-23 rolfje 3 Comments

Since the interview of Edward Snowden with the Guardian, the discussion about privacy and companies storing and sharing unencrypted private data is picking up. Particularly Americans are worried about what it does for their National security and their private data. But that’s actually a naive thought, given the NSA stores worldwide data.

In a recent coverage on theblaze.com (a rather tabloid-looking news station in the U.S.), the interviewers are shocked to see that the NSA spies on “every American”.

This is a limited view of the world and failing to see the importance of spying on people outside the U.S., but lets start with technical side of things first. What data are they storing and how big is their hard-disk?

Read More “How big is 5 Zettabyte?” »

Uncategorized