This is the last post I’ll be posting on this blog, as all the posts have now been migrated to my new site
Look forward to seeing you there!
This is the last post I’ll be posting on this blog, as all the posts have now been migrated to my new site
Look forward to seeing you there!
In light of recent events (heartbleed and *cough* NSA *cough*), we now live in a world where the people you thought you could trust aren’t as trustworthy as we expect them to be.
One of the things that we lay our trust in every day are Certificate Authorities. These are the people with the power to issue SSL certificates, which are used when you use online banking, search google, access your email and other sensitive information over the internet. It can be identified with a either a padlock symbol, or simply ‘https’. You’ll notice that my blog is encrypted, and you can get details of this by clicking the padlock in the top right in Chrome and Firefox, or the padlock at the end of the address bar in internet explorer.
For this example I will use Firefox:
You can see that the connection is secure. Wonderful!
What good is it however to have an encrypted connection, when it could be anyone in the world.
That’s where the trust part comes into it.
You can see that the certificate has been verified by GoDaddy.com, Inc. Clicking ‘More Information…’, ‘View Certificate’ and going to the ‘Details’ tab will take you to this screen:
Here you can see the trust tree. This is the chain that lets firefox know that the certificate is one that it can trust.
Think of it this way, you’re having a party, and a guy enters. You don’t know him, and therefore don’t want him in your house, but he says he is friends with another guy, who you don’t know and ring up, but he says he’s friends with another guy, who you don’t know and ring up, who says he’s friends with one of your close friends, who confirms that he is indeed his friend, and he can vouch for his friend, his friend’s friends, and his friend’s friend’s friend who is at your front door.
From this you can trust all of his friends into your house. If one of them steals/breaks/otherwise vandalises your house, you can go back to your friend and either say ‘these guys did bad things to my house’, and he will revoke their friendship, or you can choose not to be friends with this guy who let idiots into your house anymore.
In this case, the guy at your door is ‘*.wordpress.com’, his unknown friends are ‘Go Daddy Secure Certificate Authority – G2’ and ‘Go Daddy Root Certificate Authority – G2’, and the friend you trust is ‘Go Daddy Class 2 CA’
This root level of trust is built into the web browser (or in the case of Internet Explorer, Windows itself), and you can choose to revoke or add authorities at your will, but be warned: revocation is a drastic measure which will limit access to a number of sites and compromise your security at the same time. If a website does something bad, the best course of action is to take it up with the certificate authority which issued that website’s certificate and let them revoke it. Details for this can usually be found under the page linked in the ‘Subject’ field
Visiting the site will usually give details on what to do if you suspect a certificate has been compromised or if the legitimate owner is performing malicious activity with it
Next up will be how to run your own certificate authority!
Let’s say you’ve turned your old laptop into a server. Great choice! It’s smaller than a full size tower, uses less power, is quieter (most of the time) and if you can’t access it you can tab right in on the physical keyboard and screen.
However, open laptops take up more space, so you’ll want to close the lid, right? On Ubuntu Server, closing the lid will put your server in standby, which is… unhelpful, to say the least.
Well, here’s how to stop that from happening, for all version of Ubuntu from 13.10 onwards (13.10, 14.04 LTS, 14.10 as of January 2015)
/etc/systemd/logind.conf with a text editor
sudo vim /etc/systemd/logind.conf
Find the line with
HandleLidSwitch and change it to
Save, exit and restart the daemon
sudo service systemd-logind restart
Et Voila! Your server is now happy about running with its lid closed!
I like security. There’s a fact for you
Imagine you’re going to sleep, and you suddenly realised you’ve left the front door wide open, with the keys still in the lock.
How would you react? Anyone with the right state of mind (and who doesn’t have a fully trustworthy 24/7 security team to pry the keys from that lock, close the door and secure the premises for you) would get up, go to the front door, close it and lock it, before proceeding back to bed with the confidence that an unwanted person won’t be getting in.
Your computer wide open like that proverbial front door, and even so if you use your administrator account for your day-to-day, and let’s face it, who doesn’t these days when you can have a computer each?
I decided to write this article after I read about a tool which claims to break bitlocker drive encryption, and one of the described methods was to get a hold of the computer whilst it was unlocked on an administrator account, install the software, then do evil.
This is done by using the default UAC (User Account Control) settings to gain applications privileged access without the need for actual administrator input.
Not on my computer, heres how:
In this part we will fiddle with some of the darkest depths of security settings available to make administrator privilege requests (UAC elevations) much harder for an evil person to make a computer do evil stuff
Open up the Local Security Policy by going to Run and typing
Hit enter and it should open up the local security policy
(if you are requested to allow it privileges, click yes. Notice how you just get a yes or no, and anybody with access to your computer can click ‘yes’ or ‘no’ for you (to do very evil things)).Turns out that by default you don’t get this prompt. Evil people could be changing them for you!
Local Policies/Security Options and scroll to the bottom of what should be a long list of stuff
Find these three entries entitled User Account Control, and check they are set to the following, if not set it to them by double clicking the option and selecting it from the drop down menu:
User Account Control: Admin Approval Mode for the Built-in Administrator account Default: Disabled Setting: Enabled User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode Default: Prompt for consent for non-Windows binaries Setting: Prompt for credentials on the secure desktop User Account Control: Behaviour of the elevation prompt for standard users Default: Prompt for credentials Setting: Prompt for credentials on the secure desktop
Now that we have prevented evil people breaking past privilege requests without an administrator present, we need to make it so that the computer calls for an administrator more often. Doing this also prevents an evil person undoing all the good we did in part one.
Go to Start, open up Control Panel and in the search box, type ‘UAC’ and click ‘Change User Account Control Settings’
Click ‘yes’ to the UAC prompt (the last time you’ll ever click yes) and set the slider to ‘Always Notify’, as seen below
Your computer is now protected from evil people at the cost of you having to enter your password every time you do something administrative, which shouldn’t happen with average day-to-day computer usage.
If you do get the UAC prompt, before you enter your password, think: Why am I doing this?
The UAC is there to tell you that you are doing something that is potentially dangerous, so take the time to take a step back and ensure that you are making the right decision
Stay Safe and have a Merry Christmas everyone!
I stopped procrastinating for once and went through my list of things to do, and one of those was to put my school timetable into my calendar.
Sounds simple, right?
Not quite so, we’re talking a total of six periods a day, each week (30 periods) for a two week timetable (60 periods). Some of those are single periods, and some doubles. Oh, and some after school stuff as well.
It’s actually quite complicated when you look at it. Each period needs to be added, and contains:
There’s a lot to it, and in the past I’d to go through each period inputting each of these variables myself. Fancy User Interfaces are great n’ all, but when you need to do mass data input, they can be somewhat… limiting. At least until now
Spreadsheets are great for mass data input because of the speed you can input large amounts of data, however you need to know what goes where without a handy label telling you. UIs are great because they show you what goes where, but try to enter more than a dozen entries and it’s really, really boring. Like really, really, really boring. Like listening to politicians giving us false promises sort of boring.
The trick to this is that many calendar clients allow you to import csv (comma separated values) files which contain event details and import them into your calendar.
Start out with a new excel document and insert this header row:1
From there, start by entering all of the subjects. If you have an event which has a break in the middle, i.e. I have a double period of Chemistry, with a period of lunch in the middle, then enter the subject twice – this can be seen on lines 5, 6, 9, 10, 14 and 15 of the image below
Next, add their descriptions and locations. In this case, I want to keep my classes, teachers and classrooms anonymous (to protect me from fellow students and my teachers from you), so they’re blurred :)
After that, insert the start dates, start times, end dates and end times. I do one day, copy and paste it into the appropriate start dates and end dates, increment it and do it for the next and so on. After that, I go back and do the start times, then go back again and do the end times. It’s not as complex as it sounds
The last step for this document is to add the reminder. In this case, I want a reminder to go off at the end of a lesson to tell me where I want to go next, so that makes the reminder really simple to set up. For each one, we need to set Reminder to 1, the date to the date it happens, and the time to the time it starts. This can be done by setting every cell in the reminder column to ‘1’ and copy/paste the start dates and start times into the reminder dates and reminder times:
So, first set the entire column to 1. Do this by setting the first two cells to ‘1’, selecting those two cells, then double clicking the little square in the bottom right of the selection (we do the first two cells to stop it doing a number increment, i.e. 1,2,3,4,etc.)
Save that file as a comma delimited CSV (and as an xlsx if you have multiple worksheets)
N.B. If you have various holidays you want to work around, copy/paste the work you have already done and do a find/replace on the two weeks for the first two weeks of that ‘non-holiday block’. You will then end up with a bunch of events with dates just after the last holiday
Make sure you have closed Excel before continuing, or Outlook will complain it can’t open your csv
Click ‘Import from another program or file’, click next, then click ‘Comma Seperated Values’ and click next again
You will then be presented with a window asking you to check the actions to be performed. Check the Checkbox next to ‘Import “yourcalendar.csv” into folder: yourcalendar’. When you click the checkbox, a window will open allowing you to map the fields. If a window doesn’t open, click the ‘Map Custom Fields’ button on the right. This is the window you’ll be presented with:
Next, click and drag the items from the left box to their appropriate partners on the right. If you used my template, it should look like this, albeit your box won’t be so tall (this image took so long to construct in paint!)
Notice that they only appear once, and don’t repeat bi-weekly? Neither Outlook imported calendars or CSV calendars support recurring events, so we have to do that bit ourselves, but it’s easy, really.
First, find the date you want the calendar to repeat to, like the next holiday. In my case for the june calendar, that half term ends on Wednesday, 22nd July 2014. Open notepad, word, or even the start menu and type in the date you finish that set on, then select it with Ctrl+A and hit Ctrl+C to copy it
Afterwards, go to through each event in your calendar (I use work week view, because it spaces them not too close, but not too far) and set up the recurrence using the recurrence button. You can’t select them all and do the recurrence at one! I wish you could, but Outlook doesn’t support that.
Set it to recur every two weeks, and paste the end date into the ‘End By’ Box. Once you get into the swing, use shortcut keys to get around further, specifically: Alt+C, 2, Alt+B, Tab, Tab, Ctrl+V, Return.
Today I spent the better part of two hours setting up a BIND9 nameserver on my raspberry pi server, and I quickly ran into an issue:
The DNS cache on OS X was not updating. There are two methods circulating of solving these, which are:
dscacheutil -flushcache sudo discoveryutil udnsflushcaches
So, I had to find another way.
And I found one. The super easy way of fixing this is to lower your TTL in your zone file, do the ping, and set it back again (or leave it)
e.g. take this here:
ben.local. IN SOA server.ben.local. hostmaster.ben.local. ( 1 ; serial 5H ; refresh 4H ; retry 4W ; expire 1D ; minimum )
In this case, the TTL (refresh) is set to 5 hours. You won’t be able to get a lot of work done in that time, so set it to
5 to force a refresh every 5 seconds, i.e.
ben.local. IN SOA server.ben.local. hostmaster.ben.local. ( 1 ; serial 5 ; refresh 4H ; retry 4W ; expire 1D ; minimum )
Oh, and you don’t need to change the serial unless you have slaves waiting for an update. Make the changes, then run
sudo service bind9 restart to restart the nameserver, and voilà! You can get back to work.
In future, if this is a private nameserver which only receives a few queries a second, then feel free to set it to something reasonable, like a minute. or five. or ten. Keep the five hour TTLs for high load servers where you need to cater for tens of thousands of DNS requests a second
I am bored, and therefore I intend to transfer my boredom to the internet.
Whilst looking from my spam folder (I really was that bored), I noticed that there were a bunch of messages at the top which had been there since I last looked (a long while ago)
At first, I dismissed it as my spam filter not working, but upon closer inspection, it appears that they were sent in October…
October 2018, that is. 4 years from now.
I therefore conclude that a type of spam designed to bug you to open it is what I have dubbed ‘floating spam’. That is, spam which was sent to you from the future. It will appear in your inbox if you perhaps run a small business, and are using a cheap mailserver to server you mail without a built in spam-filter and you only access your mail through webmail. If it’s all poorly put together, you will theoretically end up with these spam messages stuck at the top, hiding your other mail.
Of course, for me, the fact it was sent 4 years from now indicates to my spam filter that I am either involved in some Doctor Who plotline involving complicated timey-wimey stuff and email, or I have been sent some spam. It’s pretty obvious which one it is.
BE WARNED! FLOATING SPAM IS AMONG US!