Posts

Lately I have had a few requests for my thoughts on using Ubuntu Server. For me the real question at that point is why use Ubuntu server over Debian? ———- I have used Ubuntu server a good bit and while I appreciate the effort, I am not sure I agree with it. What I mean by this is that Ubuntu is based on Debian testing/unstable. Every LTS (Long-term Support) release is guaranteed to be supported for 3 years on the desktop/5 for the server. Knowing that is in essence just Debian under the hood, why go with Ubuntu? ...

Shameless exploit of meme I know... I can’t take it anymore! I lurk on irc.freenode.net and /r/netsec and have seen a few too many mornings now that some person is safe, they used Tor. There is a big misunderstanding in what Tor actually does and protects. Here is my log in the fire to help explain the technology. Lets start with the basics… ...

OMG THIS DUDE IS AT THINK COFFEE! Sometimes we get a little too focused in on what the root of a vulnerability is. I find myself thinking this a good bit with the advent of geolocation tagging and “check-ins” as the security world runs around with hair on fire. Rather than accept that our tools and users will be GPS connected and tracked, we take the extreme of labeling it all bad. By doing so we have removed what is a valuable tool to our folks. We can all agree that geolocation unfettered is a bad idea, but can’t we agree that geolocation in and of itself is not? ...

I would argue it is pretty sad that the tools needed to abstract the OS from hardware are tied to specific platforms. Companies that pride themselves on delivering “cloud services” without the constraints of operating system force us admin types to have machines we wouldn’t otherwise. Take for example my ESXi cluster in the basement. I have a single XP Virtual Machine who’s sole purpose is to admin vSphere. A company with such a rich history of Linux and OSS support drives me crazy at times. (see also PCoIP support from VMware with their Linux/Mac Client) ...

I am not one to get on the blog and add to the argument over some stupid post from another tech pundit, but this one is too much to pass on. The reason I am tossing my hat in here is that I am now seeing SECURITY PROFESSIONALS adding to the crowd with the death knell of OpenID. Seriously? Let me start with this example from my morning routine. I logged into my Facebook account with ClavID instead of the standard Facebook authentication mechanism. A little known Facebook feature is the ability to use OpenID providers to login instead of the email+password. I do this because ClavID supports secure multifactor authentication so instead of a simple user+pass, I have user+pass+token. Many of the websites I frequent support OpenID and in all of those cases I remove their ability to store my authentication information. ...