security

Container processes shouldn't run as root!
2020-08-18 4 minutes #self-hosting #security #containers

Docker containers, and containers as a whole, are really just a regular program wrapped in some extra protections provided by the kernel (namely cgroups etc) to create isolation, and other interesting features. Unlike VMs, containers run closer to the host operating system, so close they use the same kernel, meaning it’s even more important to protect it.…

How to store passwords
2020-05-28 8 minutes #security #programming

Storing passwords is a pretty simple problem in software development, right? Wrong! Storing passwords correctly is pretty complicated. With that said, it’s very simple to just lean on work someone else has done, and the libraries available for your language of choice.…

Wireguard HAProxy Gateway
2020-03-21 5 minutes #self-hosting #security

Last year, I wrote a post on setting up OpenVPN-AS as a gateway to a private network. I ran this network setup for quite a while with a lot of success, exposing services on my home network to the public internet, securely.…

Why Wireguard
2020-03-06 4 minutes #self-hosting #security

# What is Wireguard? The website defines it as “… extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.”. Which basically means it’s a VPN, but sane. The point of a VPN is to allow two machines to talk to eachother, no matter how the network inbetween is set up.…

nologin vs false
2020-03-05 3 minutes #linux #security

When disabling a user account on a Linux box, it is good practice to also change the shell to something which, well, isn’t a shell. The point of these shells is rather than presenting the user with a prompt to execute further commands, it returns a failure code, and log out the user.…

CVE-2019-19844
2019-12-18 10 minutes #security #programming

Yesterday, an email was sent to django-announce, informing of an upcoming security update, labelled “high” severity. Previous notifications like this have been one week before the actual disclosure; This email, just 12 hours. The updates were scheduled to be released 12:00 UTC the next day (today).…

Getting started with Wireguard
2019-09-15 5 minutes #security

Wireguard is taking the VPN world by storm, coming very close to the current champion OpenVPN in simple, small-scale deployments. It’s just unfortunate few people know about it, and quite how incredible it is! # What is wireguard? WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.…

Creating a fast, secure WordPress site
2018-10-08 6 minutes #security #self-hosting

In terms of security, WordPress, and PHP in general for that matter, have become a bit of a joke. If you want a site to be secure, people tend to steer clear of WordPress and PHP. That being said, nothing stands even close to WordPress in plugin support, community size, and documentation.…

VPN Gateway - Opening ports the safe way
2018-06-21 6 minutes #self-hosting #security

VPNs are a way of accessing application which sit on a separate network using an encrypted tunnel. Contrary to popular belief, they are not designed to anonymize your internet habits. Whilst VPNs are designed to enable a client to access the servers network, it’s possible to use them to provide a server to access to its client’s network.…

KeePassXC 2.3 Migration Guide
2018-03-03 5 minutes #security

I’ve been using KeePassXC since not long after it’s initial split from KeePassX in late 2016. I’ve bounced around many password managers, but KeePassXC looked to fill all the boxes: It’s actively maintained, unfortunately unlike KeePassX It’s open source, and easy to contribute to, as I have It’s got all the features I need, like TOTP and Browser Integration Cross platform (not KeePassXC specific) 2.…

Opening Port 22
2018-01-23 #security

My university has a development sever, which it uses to host our coursework without the need to set up a development environment locally. It also enables lecturers to mark our work in a controlled environment, without needing to spin up an environment, and run untrusted code on their machines, a security hole I’m more than likely to take advantage of!…

Cyber Security Month 2016
2016-10-01 #security

As it is Cyber Security Month, now is the perfect time to work on improving the security on my websites, projects, and servers. But, upgrading them for now isn’t good enough for me, I wanted to add a way of scanning projects automatically, to check for any new issues.…

ProtonMail - Can it replace your email provider?
2016-06-28 3 minutes #security

Throughout my life, I’ve had numerous email providers, starting with Hotmail almost 10 years ago. Recently, I’ve been focusing more on ways I can secure my emails. No, I may not have anything to hide, but that doesn’t matter! Originally I thought the best way to keep things secure, and out of the hands of any government body was to host it all myself.…