Andreas Happe: Everything
Encrypted S3 storage filesystems
This is part two of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. This post tries some filesystems that directly access S3. I’ll focus on Amazon’s S3 offering, but there should be many alternatives, i.
Secure Online Data Backup using Duplicity
This is part two of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. Duplicity is a command-line tool similar to rsync: you give it two locations and it synchronizes the first location to the second.
Penetration testing
I am a RoR-developer gone pen-testing for the last couple of months. Clients range from smallish web portals to large multi-national financial institutions. So far I’ve a success rate well above 85%. This post reflects upon my modus operandi. It contains a high-level view of how I work: while specific techniques change the overall frame-of-mind stays the same, so I consider the latter more important than the former. Also I hope for feedback regarding techniques and tools.
Avoiding Internet/Network Surveillance
Last week’s World Conference on International Telecommunications (WCIT) brought internet surveillance into public news: one outcome of the conference was standardization of DPI technology. This infrastructure standard will make it easier for governments to implement large-scale surveillance and/or filtering. Funny thing is that governments are already having those capabilities, they only want to standardize it. The public outrage came too late. So let’s protect you from governments at home or abroad, the RIAA, MPAA, random eavesdroppers and anyone else that want to listen in on your secrets while you’re surfing the Internet.
Linux: How to encrypt your data on hard drives, USB sticks, etc.
Imagine your Laptop (or Desktop Computer) being stolen. How long will it take and how much will it cost you to get back on track? Hardware will be easy: the cost for a new premium desktop is around $1000, for a new Laptop around $2000. Your data “should” be always be back-uped somewhere anyways. But this neglects a hidden cost: some thief has all your data, including all your online identities, photos, source for software projects and private notes/pictures that you do not want to be published.
Linux: How to forward port 3000 to port 80
Another small tip: to locally forward port 80 to port 3000 use the following Linux iptables command: 1 $ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000 You can use this command to allow customers to connect to your locally run Ruby on Rails setup (as long as you have some port forwarding set up on your local router). I am using this to develop facebook open graph apps as the application URL (that is configured within facebook’s app controll page) cannot include a custom port (like 3000).
Postgres: Howto change owner for all tables
Just a small tip for today: when moving an RoR-application between servers the database user often changes. While it is easy to dump and restore database dums using pg_dump and pg_restore this might lead to invalid table ownerships on the new host. I’m using the following bash snippet for fixing this problem
Moving OctoPress to Amazon S3 and CloudFront
OctoPress is embraced for its simplicity: write blog posts, save them, generate HTML pages and move those upon a web server. As no code is executed server-side every page can be cached and security risks are low. So far I’m hosting my blog on a rented hetzner root-server in Germany. While there’s no server-side security problem I’m still using a full blown server which imposes maintenance overhead on me. No peace of mind.
A full-powered shoebox-sized Desktop
After three or four years it became time to replce my Desktop Computer with newer technology. I’ve got a first generation Intel Core i7-920 Octo-core processor: it still packs more than enough power but sadly gets too hot and thus the cooling system got too loud for my taste. So time for a new Desktop! I decided to go the miniITX route. The main idea was to pack as much power-efficient technology in an as-small-as-possible case.
The Lazy Engineer
Recently I’ve switched my working day to a more enjoyable pace – and noticed that my productivity rose too. Too many friends claimed that I’m just plain lazily so this post tries to clarify my mode of operation. The basic idea is to reduce procrastination and improve my attention span through voluntary self-censorship. Some caveat beforehands: I am working as self-employed independent software contractor, thus my work has some unique properties: