Previously I had modified a digital safe to be controlled via an ESP8266; basically a WiFi safe. I was asked if I could create a firmware for it that made it act like a timer safe; something along the lines of a Kitchen Safe. I decided to take the opportunity to build (yet another) safe, using the combined esp/relay board. Without any soldering, I’m sure I can make a cleaner more reliable build!
table { table-layout: fixed ; width: 100% ; border-collapse: collapse; border-style: hidden; } td { width: 1 ; border: visible; } Yes, this is a blog about a very old TV show. I went down a rabbit hole. A very stupid rabbit hole. A meaningless rabbit hole. There was a 1983 Gerry Anderson puppet show “Terrahawks”. It wasn’t as good as his older stuff (e.g. the original Thunderbirds).
The problem I use the Ookla Speedtest CLI in a cron job to get an idea of the speed of my internet connection (Verizon FIOS), and spot if there are problems. Why? Because why not :-) It let’s me draw graphs like this. However, recently I was starting to get error messages that the command wasn’t able to reach speedtest.net to get the configuration. It wasn’t happening every time; sometimes it would go hours without issue, other times it would fail 3 or 4 times in succession.
This is one of my infrequent “philosophical” type posts. An earlier version of this appeared on LinkedIn. There was a LinkedIn post along the lines of “are we treating ChatGPT today like we used to treat calculators in the past”. In my mind the question is “what skill do we believe is valuable that ChatGPT will replace”. The parallels between how we treated calculators in a school setting (“no you can’t use them for homework”) vs how we’re treating ChatGPT (“no you can’t use them for homework”) needs a deeper dive.
I don’t normally write about specific products, but I was asked to take a look at the YubiKey series (primarily 4 and 5) and write up a summary of when and how it can be used. This is timely, because CISA is pushing for access management enhancements and recently published a chart for phishing resistance. I thought this interesting; typically I’ve looked at this from a user perspective (“can I use this to secure access to my bank account?
Recently I was invited to be part of a panel on Microservice Security. The fools! Normally on these panels they want you to talk for 5-ish minutes; unfortunately I came up with about 15 minutes worth of material! That’s perfect for a blog :-) Older designs Before I talk about microservices I want to take a look at older designs Monoliths. A “monolith” is pretty much an “all in one” application.
I got asked another question. I’m going to paraphrase the question for this blog entry. Given the Russian invasion of Ukraine and the response of other nations (sanctions, asset confiscation, withdrawal of services, isolation of the Russian banking system…) there is a chance of enhanced cyber attacks against Western banking infrastructure in retaliation. How can we be 100% sure our cloud environments are secure from this? Firstly, I want to dispel the “100%” myth.
I got asked a question… this gives me a chance to write an opinion. I have lots of them! If I redirect my port 80 traffic to another site, do I need to get a TLS cert? The question here is related to if a bank (or other service) has changed their name, then do they still need to maintain a TLS site for the old name? Can’t they just have http://mybank.
I got asked a question… this gives me a chance to write an opinion. I have lots of them! Is it reasonable to just stick with a single cloud provider, or is it better to go multi-cloud? It think it seems reasonable. I expect very few places are true multi-cloud, as in a given app runs in two clouds. That becomes challenging if trying to use cloud native services ‘cos how you access RDS would be different to how you access Azure SQL, so writing a true multi-cloud application isn’t so simple.
A while back I wrote about some basic usage of SSH certificates as an authentication system. I only described the core, but the comments went into some further detail. I thought it time to write a follow up post describing some of the more advanced features. Quick recap To handle cert based authentication you need a CA certificate. This is created with the ssh-keygen command. e.g. $ mkdir ssh-ca $ cd ssh-ca $ ssh-keygen -f server_ca Server certificates are similarly signed with the same command.
