Cogito Interruptus Vulgaris

Benchmarking Cinched

- - posted in benchmark, cinched

Now that a first version was cut, it seemed like a good time to start looking at how Cinched performs.

And I must say, things are looking good so far…

Introducing Cinched

- - posted in cinched, encryption, erlang, security

Given the frequency of rather embarrassing data breaches recently, I’ve had the opportunity to spend some time thinking about how to help developers protect the data they are storing.

Getting encryption right is hard, and designing cryptographic applications is not something web developers typically have lots of experience with. To (hopefully) help bridge this knowledge gap, I’ve written a microservice which provides encryption and key management services.

It’s a cinch to use, and will keep your data cinched. It’s also called Cinched. Get it?

I’ve released version 0.0.1, a preview to gather feedback. Some of the key features are:

  • An easy to use RESTful API
  • Clustered highly available service
  • Sane strong encryption defaults
  • All stored data is encrypted at rest
  • OS level mandatory access control using SELinux type enforcement
  • Tamper resistant and encrypted audit logging

Setting Up a CA

- - posted in CA, CentOS, PKI, security

Tired of creating your CA using openssl command line tools? Here’s a whirlwind crash course on creating a functional web-based CA in a couple of minutes.

Security Advice for the Average Joe/Jane

- - posted in security

Introduction

A computer lets you make more mistakes faster than any invention in human history – with the possible exception of handguns and tequila. —Mitch Ratliff

The Internet has gone through a massive transformation since it’s inception. From a tool used mostly by academics, it has come to be a pervasive tool used by just about everyone to communicate, shop, pay bills, invest, and entertain.

While the use cases never cease to increase, one aspect of Internet usage that is rather problematic is educating the public about the risks involved in living a connected life, and what are the ways people can defend against attacks.

Here is a non-exhaustive list of threat vectors to be cognizant of:

Puppet Lessons Learned

- - posted in ops

Over the past couple of years my team has iterated several times on the proper way of managing systems using Puppet. For a while it was a gigantic time sink while we tested and prototyped several different appraoches to configuring things with many frustrating failures. This post will be an exploration of some of the lessons learned.

Meshed VPN Using Tinc

- - posted in security

Tinc is a neat little VPN daemon that I’ve recently come across. It is surprisingly simple to configure yet powerful. In this post, I’ll show you how to setup a meshed VPN between four nodes with one of the servers acting as a DHCP server.

Geo Blocking With Iptables/ipset

- - posted in security

In this post, I’ll go over how to use iptables and ipset to create a basic firewall with ssh brute force protection and geo-blocking. I’m assuming CentOS here, adjust paths/commands accordingly for other distributions.

Pdi Bag of Tricks…

- - posted in code, pdi

After using PDI for a while, you start to encounter some common problems. PDI crashes, databases die, connections get reset, all sorts of interesting things can happen in complex systems.

As a general rule, when building PDI jobs that should behave monotonically I always strive to find a way to make a job re-playable and idempotent. This can be tricky given an unlimited input set over time.

Probabilistic data structures to the rescue!

To do this, at work we created a PDI bloom filter step (thanks Fabio!). This article will go over how it works and it’s use cases.

Unserializing PHP From PDI

- - posted in PHP, code, javascript, pdi

Here’s a quick post that explains how to do something which may not be obvious.

The scenario: You’ve got some serialized data stored in a not-so-portable data interchange format (serialized PHP), and would like the data to be made available as part of a PDI transformation.