Ramblings of a Unix Geek

I've been doing this for a long time... I ramble!

Blame Security

Else-net there was a discussion on how “security” is generally seen as a blocker; they’re seen as gate keepers and people who just say “no”, or who may be focused on regulatory compliance and not actual security. Who needs Mordac, the Preventer Of Information Services when you have a security team?! The thing is, “security” isn’t a monolith, and it’s not a one way street. Many teams I’ve only really seen security from a megacorp perspective, both from the companies I’ve worked for and the people from other companies I’ve spoken with over the years.

Digital Safe version 3

Previously I had modified a digital safe to be controlled via an ESP8266; basically a WiFi safe. I was asked if I could create a firmware for it that made it act like a timer safe; something along the lines of a Kitchen Safe. I decided to take the opportunity to build (yet another) safe, using the combined esp/relay board. Without any soldering, I’m sure I can make a cleaner more reliable build!

Terrahawks Noughts and Crosses

table { table-layout: fixed ; width: 100% ; border-collapse: collapse; border-style: hidden; } td { width: 1 ; border: visible; } Yes, this is a blog about a very old TV show. I went down a rabbit hole. A very stupid rabbit hole. A meaningless rabbit hole. There was a 1983 Gerry Anderson puppet show “Terrahawks”. It wasn’t as good as his older stuff (e.g. the original Thunderbirds).

Using network namespaces for ipv4 only

The problem I use the Ookla Speedtest CLI in a cron job to get an idea of the speed of my internet connection (Verizon FIOS), and spot if there are problems. Why? Because why not :-) It let’s me draw graphs like this. However, recently I was starting to get error messages that the command wasn’t able to reach speedtest.net to get the configuration. It wasn’t happening every time; sometimes it would go hours without issue, other times it would fail 3 or 4 times in succession.

ChatGPT and Calculators

This is one of my infrequent “philosophical” type posts. An earlier version of this appeared on LinkedIn. There was a LinkedIn post along the lines of “are we treating ChatGPT today like we used to treat calculators in the past”. In my mind the question is “what skill do we believe is valuable that ChatGPT will replace”. The parallels between how we treated calculators in a school setting (“no you can’t use them for homework”) vs how we’re treating ChatGPT (“no you can’t use them for homework”) needs a deeper dive.

Looking at YubiKey 5

I don’t normally write about specific products, but I was asked to take a look at the YubiKey series (primarily 4 and 5) and write up a summary of when and how it can be used. This is timely, because CISA is pushing for access management enhancements and recently published a chart for phishing resistance. I thought this interesting; typically I’ve looked at this from a user perspective (“can I use this to secure access to my bank account?

Microservice Security

Recently I was invited to be part of a panel on Microservice Security. The fools! Normally on these panels they want you to talk for 5-ish minutes; unfortunately I came up with about 15 minutes worth of material! That’s perfect for a blog :-) Older designs Before I talk about microservices I want to take a look at older designs Monoliths. A “monolith” is pretty much an “all in one” application.

Secure your cloud

I got asked another question. I’m going to paraphrase the question for this blog entry. Given the Russian invasion of Ukraine and the response of other nations (sanctions, asset confiscation, withdrawal of services, isolation of the Russian banking system…) there is a chance of enhanced cyber attacks against Western banking infrastructure in retaliation. How can we be 100% sure our cloud environments are secure from this? Firstly, I want to dispel the “100%” myth.

The problems with port 80

I got asked a question… this gives me a chance to write an opinion. I have lots of them! If I redirect my port 80 traffic to another site, do I need to get a TLS cert? The question here is related to if a bank (or other service) has changed their name, then do they still need to maintain a TLS site for the old name? Can’t they just have http://mybank.

Singe cloud or multi cloud?

I got asked a question… this gives me a chance to write an opinion. I have lots of them! Is it reasonable to just stick with a single cloud provider, or is it better to go multi-cloud? It think it seems reasonable. I expect very few places are true multi-cloud, as in a given app runs in two clouds. That becomes challenging if trying to use cloud native services ‘cos how you access RDS would be different to how you access Azure SQL, so writing a true multi-cloud application isn’t so simple.