For those of you that now me, you know that I am very paranoid about security. I feel that while I know how to make a secure system, it very easy to get it wrong and very hard to get it right. One of the things that always concerns me is having a lot of…
High intensity port sharing with haproxy
As I am sure you already know, IPv4 addresses are in limited supply right now. The solution to this is IPv6 which greatly enlarges the available address space. The problem is that IPv6 is not yet deployed everywhere, so there is still a need to figure out how to maximize the usage of your existing…
Monitoring Google Contacts for changes – are you losing contacts?
Have you ever thought you are losing contacts stored in Google? That wonderful moment when you are trying to dial your phone – and the person you want is not in your address book. Then you think about it and realize that you definitely have had them in there before……….how frustrating. I believe that your…
Securing Cloudflare’s FlexibleSSL even farther with UFW
In previous posts, I have mentioned how I am using CloudFlare\’s Flexible SSL to help secure this site. From those posts you will remember that Flexible SSL means that your browsing session is encrypted between your browser and CloudFlare but possibly not encrypted between CloudFlare and the actual server which holds the data. This causes the data flow to look like: In the case…
Preventing file changes on Linux
Today’s tip will be short – but it can be very useful. Simply put, if you want to prevent a file from being changed on a Linux file system I have just learned that there is an immutable options. All you have to do is type (as root) chattr +i <filename> Now, of course, you…
Web Knocking – an HTTP(S) based equivalent of Port Knocking
A few weeks ago, I was trying to figure out a way that I could remotely trigger a computer in my home to perform an automated task. For those that know me, you already know that I am extremely paranoid about providing remote access to anything, since it is very easy to misconfigure remote access and create…
Virtualbox host and virtual machine clock gets out of sync
I ran into a very interesting problem recently, which had me stumped for a while. I had a VirtualBox (version 5.0.10) host with 2 virtual machines running on it. For some reason the guests clocks would get out of sync with the host. While this might not seem like an annoying problem, some of the…
Job scheduling on Linux with randomization
You might immediately wonder why I would write baout job scheduling and randomization. I understand that this does appear to be two entirely opposite ideas – and in a lot of cases you would be completely correct. However, there are also some very valid use cases for having a scheduled job that happens at a…
Using autofs to automatically mount Linux filesystems
Mounting a remote file system automatically In today’s connected world, it is hard to imagine a computer that does not connect to another one remotely. Just consider the simple example of having a file server in your home. This is a pretty common situation where you want to have 1 copy of your files but…
Road Warrier Remote Access – Control a PC from Android or iOS
How many times do you have to travel in a given year? When you start packing your bags, do you dread having to bring along a laptop and all of the related accessories – including that power supply that is larger than the laptop? Don\’t you wish that you could bring something more portable –…