security

Three Failings of Virtual Appliances

by

I’m torn when it comes to virtual appliances. I love them because they make a lot of installations absolutely brainless. I hate them because the people that create them make assumptions that are ridiculous and unsupportable. Here’s the three ways I hate them the most: 1. There’s no good way to back them up. For organizations that haven’t gone the “whole VM” backup route there are very limited choices for backing these things up. Sometimes the virtual appliance has some method to export the configurations and data, but often not. And when there is a method it’s usually a web interface that cannot be automated. What I want: virtual appliances should be able to export their configuration and data on …

Read More

Keep SSH Sessions From Disconnecting

by

With the installation of new firewalls at work I’ve been getting disconnected a lot from hosts I SSH to, due to changes in the inactivity timeouts. It’s particularly inconvenient when I’m tailing a log that hasn’t changed in a while… and then the connection dies, and I don’t notice. Oops. It also happens in various other situations, like NAT through a home router, too. Let the connection sit for a while and you’ll have to recreate it. I could ask our network guys to change the timeouts, but it turns out there’s a better fix from the client side. SSH protocol version 2 supports server keepalive, essentially NOOPs sent to the server to keep the connection up. You can do …

Read More

Why I Don't Use Third-Party Binary Packages

by

There are a number of third-party package repositories out there for Linux distributions. For example, Fedora runs the Extra Packages for Enterprise Linux (EPEL) repository, which contains builds of open source software that isn’t supplied with Fedora or Red Hat Enterprise Linux. Similarly, a lot of projects have their own repositories that supply builds of software for OpenSUSE, Debian, Ubuntu, etc. Maybe it’s just because I’m old-school, and maybe it’s because I enjoy compiling things, but I really don’t like the idea of using binaries found on the Internet. I never have. As an aside, I really tried hard to make the rest of this post not be critical, or seem like criticism, but instead just be a reflection of …

Read More

LSI Security Question Fail

by

I was trying to register for access to the LSI download center and in the process I ran across a very interesting security question: Gee, guys, if I knew what my password was I wouldn’t need the security question. I also enjoy “What is your mother’s last name?” Consider that a disproportionate number of IT staff are men, and that, at least in the USA, women of my mother’s era usually took their husband’s last name. It’s highly probable that my mother’s last name is the same as mine… This is all on top of the fact that it’s asking for passwords and such without SSL. I think it’s safe to say that your security is not their priority.

Why "Bring Your Own Device" Is Seriously Flawed

by

I was reading Larry Dignan’s ZDNet article (link at the end) on the security implications of Bring Your Own Device (BYOD), and thought I’d take it a bit further. For a while now I’ve been thinking that BYOD has some serious issues in general, and is specifically a symptom of the ongoing war between risk-averse IT and personal productivity in the enterprise. 1. A company still has to provide computing equipment to everybody who doesn’t BYOD. Lots of people aren’t going to bring their own device, because they don’t have one, or aren’t paid enough to buy one. As such, a company is going to have to provide them one anyhow. 2. Everybody is going to buy all sorts of …

Read More

+ More Posts +