Long time Linux enthusiast, web developer, sysadmin, security mongrel.
We're all impatiently waiting on quantum-proof asymmetrical crypto algorithms to become commonplace. Until that happens, we must all live with the assumption that all currently used asymmetric crypto will be trivially decryptable once quantum computers become powerful enough. This is probably the reason why government agencies have been wholesale logging …
I am working on documentation for an upcoming security audit and needed a way to display how various externally available ports and URLs mapped to internal VMs, clusters, and services. I didn't want to draw them manually in various charting tools because this is the kind of data that quickly …
This is the most depressing thing I've written. I hope I am proven wrong on all counts.
It started out fairly slow. A couple thousand people received the same poorly-worded email, coming from pay4silence@gmail.com:
Hello. Your name is Bob Jones. You live in Cityville, ST …
The Linux Foundation Open Source Summit is happening in Beijing next week, and some of the topics I've had to cover in my capacity as "the security person" were from members of the IT staff asking my advice about the best strategy for bringing laptops and being able to do …
I wanted to have a quick way to find out which systems had a particular set of outstanding errata. There are actually quite a few solutions that will do that for you, but I wanted a free/libre way of doing it that would integrate with our existing open-source Puppet …
Howler is a small utility I wrote to be notified when my users were logging in from unusual locations. I wanted to know if someone who normally logs in from Canada was suddenly logging in from Korea -- and especially if they were suddenly rapidly hopping between two different locations. It's …
In my keynote to the 2015 Linux Kernel Summit I compared the way we currently approach IT security to the way car makers approached automotive design in the 1960s. Back in the day, car companies concentrated on adding more engine power, improving vehicle reliability and tweaking the overall body design …
Obligatory first post is obligatory. I guess I've grown fond of using pelican for kernel.org, so I'm going to adopt it for my own needs as well. Besides, I find writing my articles in VIM so much more appealing than any kind of web tool like Medium.
This "blog …