Breaking Encryption Won't Make Us Safer

The British government wants to build backdoors into standard encryption libraries. This means the technology that protects your financial transactions could have a backdoor. These same backdoors were just exploited in the WannaCry outbreak that just took down the NHS. Who created that backdoor? The NSA, whose incompetence allowed this “tool” to fall into the hands of a Russian government-affiliated hacking group. Sign up for DevOps'ish! DevOps'ish is a weekly newsletter covering DevOps, Cloud Native, Open Source, and the 'ish between. [Read More]

Ansible lineinfile be damned

The Ansible lineinfile module is designed to search a file for a line, and ensure that it is present or absent. lineinfile is very effective at that particular task. However, when the line has to be in a certain place or before or after a certain line, lineinfile becomes a hassle to manage. Sign up for DevOps'ish! DevOps'ish is a weekly newsletter covering DevOps, Cloud Native, Open Source, and the 'ish between. [Read More]

Got Badlock? Ansible Can Help

Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command). Sign up for DevOps'ish! DevOps'ish is a weekly newsletter covering DevOps, Cloud Native, Open Source, and the 'ish between. For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all [Read More]

Using Ansible Vault Effectively

Ansible is a great orchestration tool. The low barrier to entry and simplicity of Ansible are why so many people that start using it love it. But there is one feature in Ansible that probably should be used more often. That feature is Ansible Vault. Sign up for DevOps'ish! DevOps'ish is a weekly newsletter covering DevOps, Cloud Native, Open Source, and the 'ish between. “Vault” is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles. [Read More]

Disabling Mac OS X El Capitan System Integrity Protection

Apple has introduced a new security feature in Mac OS X El Capitan (10.11) called System Integrity Protection (sometimes referred to as rootless). Sign up for DevOps'ish! DevOps'ish is a weekly newsletter covering DevOps, Cloud Native, Open Source, and the 'ish between. What is System Integrity Protection? According to Apple’s documentation: A new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. [Read More]

LastPass Sells Out to LogMeIn

If you have not heard, the phenomenal cloud base SaaS password manager, LastPass has agreed to be acquired be the not so customer friendly LogMeIn. The IT world immediately panned the anti-idea as anti-consumer and the security world agreed and raised all sorts of red flags as well. (adsbygoogle = window.adsbygoogle || []).push({}); People dislike LogMeIn for a variety of reasons but the main one is that they pulled the rugs out from under a lot of folks who were using LogMeIn to help administer remote computers (I was one of these people). [Read More]

IE Unsecure for Over 9 Months in 2006, Firefox, Nine Days

Most of us probably knew this already but Internet Explorer (IE) is one of the most unsecured browsers on the planet. Last year alone, it was unsecure for 284 according to a Washington Post article by Brian Krebs. Sign up for DevOps'ish! DevOps'ish is a weekly newsletter covering DevOps, Cloud Native, Open Source, and the 'ish between. Washington Post: “Internet Explorer unsafe for 284 days in 2006” (Ars Technica) [Read More]