kdmurray.com Just another WordPress site Thu, 13 Apr 2017 01:00:00 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.4 Book Report – Little Brother Thu, 13 Apr 2017 01:00:00 +0000 /?p=17 Title: Little Brother Author: Cory Doctorow

Set in mid-2000s San Francisco, Cory Doctorow's Little Brother brings a tale of what can go wrong when yuo have a society that values compliance over independence.

A story of technology innovation, hacker culture, information sharing and data freedom all set against the backdrop of a modern-day terrorism nightmare. Cory Doctorow highlights a number of different things in our everyday world that allow other people to learn more about you, to track you and build a profile about you. These are extended to the next level in Little Brother talking about some of the what-ifs and could-bes that today's technology could allow.

You can get a copy of the book online for free, that's how the author has always released his material. Doctorow has been a strong believer in the Creative Commons and has managed to work out deals with publishers that allow that to happen. But if you do, and if you enjoyed it, buy a copy for a library or a school in your neighbourhood. Give someone else a chance to read a paper copy of the book.

Server Hardening Strategies Fri, 31 Mar 2017 16:00:00 +0000 /?p=44 Staying secure is a full-time gig. It doesn't matter whether we're talking a datacentre or your smartphone, there are always steps to be taken to keep your machines and your data as safe as possible. With the increasing popularity of virtualization for applications and services and the ability for people to "roll your own" cloud comes the need to secure those machines. This becomes increasingly challenging when you consider the fact that by their very nature these machines are constantly exposed to the Internet.

Minimize Your Attack Surface

Don't install it unless you need it One of the best things you can do to harden a server environment is to take a minimalistic approach. Don't install components that you think you "might need" somewhere down the road, or things that are optional or unnecessary.

Do you need a database? Do you need to install PHP or ASP.NET? What do you need for your project? Take stock of all the components you need to have to implement your solution or your project and install just those pieces.

Uninstall it when you're done with it If you have components that are no longer needed, remove them. Old versions of tools or frameworks, services or server components that are no longer required, or documentation and information which no longer needs to be published, are all examples of things that can be removed.

Understand how to secure it Know your tools. Become a professional. If you're going to install something, take a few minutes and just search for "how to secure [insert application name here]." This will inevitably give you a ton of solutions and options for securing tools.

Secure Remote Access

Being able to access your server or environment remotely is key, particularly in this age of cloud-based virtual environments. To that end there are three things you can do to help secure that remote access and reduce the attack surface.

Change SSH port Security by obscurity. On its own this isn't a valid strategy, but as one more measure for helping to secure the machine it is certainly helpful. By changing away from the default SSH port you make it that much harder for attakers to determine what services are exposed on your server and where they might be hiding.

Disable root SSH access The root account does not need to access your server over SSH. Period.

Require key-based access Securing access over SSH with a public/private key pair makes accessing an account over ssh much more challenging. Only the best passwords are even remotely secure, but those strong complex passwords are frustrating to use and often lead to insecure shortcuts to make data entry easier.

If you go the extra step of also requiring a passphrase for that key you have, for all intents and purposes created two-factor authentication for your server without having to implement any third part token systems or have a complicated keying setup.

Read Your Logs

Your system will log a whole bunch of information day in and day out. There is potentially a lot of information in these logs that just goes unnoticed unless someone actually reads it. Think of it as Schroedinger's logs -- the data about problems or possible attacks both exists and doesn't simultaneously. We won't know for sure until we look.

Some key log files to monitor are: * /var/log/auth.log or /var/log/secure * /var/log/faillog * /var/log/boot.log * /var/log/httpd/*

Go forth. Secure your server(s). Look after yourself.

Image credit: Blue Coat Photos on Flickr

Vivaldi – Chrome Reimagined Thu, 30 Mar 2017 00:00:00 +0000 /?p=72 For several years I've been wanting to make the switch to Chrome from Firefox, but the lack of a couple of key plugins has held me back. One of these was the way that windowed plugins were handled initially (the popup for LastPass in Chrome was hideous, but that's no longer an issue.)

The bigger issue for me was the lack of a good vertical tabs plugin for Chrome. I've tried several tabs but none of them seem to work the way I've gotten used to with the venerable Tree Style Tabs in Firefox.

Enter, Vivaldi. This is a Chromium-based browser that offers a lot in terms of UI customization over the stock Chrome implementation.

With tab handling in particular there's a lot to like about Vivaldi. The vertical tab bar allows you to take advantage of the vast amount of horizontal real estate modern wide-screen monitors provide. By placing your Windows Taskbar or MacOS Dock on one edge of the screen and your browser tabs on the other you give yourself the maximum amount of vertical space for your browser to display content.

Vivaldi also offers "tiled" tabs which give a much larger surface area and a live preview of tab content. This is useful for quickly locating what you need in a more visual way.

The biggest drawback to Vivaldi compared to its more established counterparts is the lack of synchronization for settings and extensions. Not being able to quickly establish the same browser environment across multiple machines (never mind mobile) is a pretty substantial stumbling block. Add to that the lack of a mobile browser and the platform just seems incomplete.

I really enjoyed using Vivaldi for the time that I had it installed. Being able to take advantage of Chrome/Chromium features was a big plus, but ultimately the lack of a good sync option was a deal breaker for me and I've had to return to using Firefox for the time being.

Think Different(ly) Sun, 26 Feb 2017 23:38:00 +0000 /?p=62 In a recent conversation with Knightwise we were musing that it doesn't seem that it's very long since we were both ragging on Dave to get off Windows and get a Mac. Today we're both seriously entertaining the possibility that our next primary computing device might be running an OS from Redmond. What changed? Has Windows gotten that much better?

Yes. It's undeniably better.

But we're also different.

And Apple is different.

I think when we switched to the Mac we saw it as the Valhalla of everything we were looking for. A better system with a unix terminal which would give us the best of both worlds: open source, and a first-class GUI driven OS.

In a lot of ways the Mac hasn't progressed since the Intel transition. Sure there have been feature additions, and if you use iOS regularly there is a lot to help you work with those devices and in that ecosystem.But for switchers and sliders there hasn't been significant change in the Mac operating system for the better part of a decade.

Long in the Tooth

And the hardware? Well as of this writing, the best rating for the "when to buy" page for Macs is a neutral rating for the Macbook Pro.

  • iMac: 16 months since last refresh
  • Mac Mini: 28 months since last refresh
  • Mac Pro: 38 months since last refresh

These machines need some love if you expect knowledgable people to buy them. And if you don't well then I guess that'll be where we part ways.

  • Mac Pro
    • Ships with a CPU released in September 2013
    • Costs the same as it did when it was new
    • Pretty much every component is outdated
  • Mac Mini
    • The best CPU option was released in July 2014 -- there have been 3 generations of i7 CPUs since then
    • The max RAM is 16GB
    • Costs the same as it did when it was new

And Windows? Well you can get BASH on Windows now, on reasonably inexpensive and current hardware.

Book Report – Hamlet’s Blackberry Tue, 14 Feb 2017 22:00:00 +0000 /?p=16 Title: Hamlet's Blackberry Author: William Powers

I've been trying to get this book read for about the last 18 months. It had come highly recommended by a friend who found the book to be a good look into the technological overload of our modern times, and the inherent constant connectivity to the crowds provided by the Internet.

It took me quite a while to get into this book. Powers' continual assertion that the technology that we have come to rely on is disconnecting us from ourselves, and our reality. The same technology that we use to keep us connected and allow us to collaborate and communicate with people all around the globe was, in turn, not allowing us to actually experience and enjoy that connection because it's giving us the attention span of a squirrel on speed.

Ultimately there's more to it than that. Unfortunately Powers doesn't get into most of the rest of the minutiae and the possibilities for managing the technology that tries to take over. It feels like 80-90% of the book is spent framing the problem and drilling it into your head over and over again without offering much in the way of strategies or tactics to deal with it.

Overall, this book is ok. It raises some valid points and will make you think about just how critical it is to have your phone on your bedside table (I use mine for an alarm clock, so I left it where it is) but it does little to help address these challenges.

Creating Spaces in MacOS Sun, 18 Dec 2016 18:25:05 +0000 /?p=22 Virtual desktops are an extremely useful feature of modern operating systems. It's a feature that provides some of the benefits of multiple monitors without the extra space or expense of adding more displays to your computer. Generally speaking the feature allows you to group together windows on one or more additional logical desktops without the need for multiple monitors.

Preference pane for Mission ControlOn the Mac this feature is known as "Spaces" and was originally introduced way back in OS X 10.5 "Leopard", and was integrated into the Mission Control preference pane a couple of years later. This merge into Mission Control works very well, as long as you know where to look — because the preference pane doesn't really tell you where it is or how to find it.

Mission Control view of spacesTo create a new space, or desktop you need to launch the Mission Control interface. This can be done either by pressing F3 on a modern Mac (or fn-F3 if you have your function keys enabled by default), pressing ctrl-Up or by doing a 4-finger swipe up on a trackpad. Once you open up Mission Control you can see a plus sign on the far-right hand side of the screen. Clicking that will allow you to add a new Space to your Mac. You can add up to 15 new virtual desktops, to your system.

Once they're created you can switch between spaces a few different ways: 1. Four-finger Swipe: performing this swipe left or right will move you between desktops. 1. Ctrl-arrows: Holding down the ctrl key, and pressing the left or right arrow will move you between desktops. 1. Cmd-tab: Using the regular application switcher will move you to the first space where that application is open. 1. Mission Control: You can select a space directly from Mission Control to activate it.

Once you find it, this is a very useful feature, and can make operating on a smaller screen (like my 11" Macbook Air) a lot easier by allowing quick and easy context switches to move from browsers to text editors to terminal windows. It's something I definitely recommend if you've never tried it before.

Hash-based Diff for Directories Thu, 20 Oct 2016 01:43:05 +0000 /?p=31 Recently I was working on a project where I needed to quickly and reliably detect changes to the contents of a directory, and when a change was detected run a series of commands.

There are any number of file differential tools, the venerable diff chief among them, and I think they would certainly do the job. They would certainly do a very complete job allowing for a comparison of every line of every file and be able to show exactly what changed where. But for what I needed to do, this seemed overkill.

Ultimately what I needed to know was if something had changed, not specifically what had changed. To that end, I realized what I needed was a view of the directory, not a view of the files themselves. I needed to know if a file had been changed, added or removed. Looking at a directory listing, I could easily see that something had been changed compared to an earlier listing sample. And then it donned on me -- I could solve this with a hash.

The MD5 hash is a fairly simple and very quick to execute hashing function which takes any input it is given and generates a hash value. Most POSIX systems include an md5 command that can be run from the command line which will output the hash value as a string. By capturing the hash value of the directory and comparing it each time the script is run, it becomes fairly easy to see when something has changed.

To make this work, I just needed to pipe the contents of the my directory using ls -la into the MD5 command and save the resulting string to a file.

lang:bash ls -la | bash

The final logic for the script looked something like this. I've done this extract to remove the bulk of the script which is all of the actions being run.

``` lang:bash


hashfile="/path/to/lastrunhash.md5" postdir="/path/to/source/directory/"

lasthash=cat $hashfile thishash=ls -la $postdir | md5

echo "Last Hash: $lasthash" echo "This Hash: $thishash"

if [ "$lasthash" != "$thishash" ] then echo "Directory value has changed" echo "Do your actions here..." echo "$thishash" > "$hashfile" else echo "Match!" fi ```

Grand Plans Sat, 31 Oct 2015 04:51:30 +0000 /?p=30 I have a habit of coming up with (grandiose) ideas for things I want to do. Be they small things or large things, or amorphous life goals, I talk a lot and tend to be rather stingy on the follow through. Sometimes these goals are stopped by other projects, sometimes they're stopped by my "better judgement" when I talk myself out of them, sometimes is exhaustion, sometimes it's pure laziness. Whatever the reason or excuse I don't do nearly as much doing as I feel that I should, or that I want to.

Tonight I was mulling these things over as I proceeded about my cleaning and folding of laundry and had a minor brainwave about a couple of the projects that seem, on the surface, to be complementary but were leaving me in a loop of "I want to do x, but I really should do y first. But y is hard and will take a long time, I can't take that on right now."

So I'm not going to do y — probably ever — and I'm ok with that. I can move on with x, and if I break x up into reasonable size pieces, I might be able to do some other things in between those pieces.

I've started on piece #1, and really don't want to stop. It pays to know my own tendencies and make the decisions that can capitalize on some and minimize the effect of others.

Intentionality and the Struggle with Perfectionism Sun, 15 Mar 2015 01:30:19 +0000 /?p=37 Wow. It's been a while since I posted something. Not the first time there's been a big gap, and probably not the last, so let's not dwell on that.

Something that's been on my mind for a while now and kind of relates to me not getting blog posts written is the idea of not being organized to get done what you want to get done when you want to get it done. Part of it is organization and part of it is motivation. However in my case another part of it is my constant struggle with perfectionism and over-planning.

This may sound surprising to anyone who's ever seen my office (or my car) but it's a real challenge for me on anything that I'm trying to create. I tend to get sucked into the constant battle of doing things "right", following all the best practices, and most dangerously, trying to get all of that done before I begin work on the project. The ultimate result of which is that the projects never get started.

I also struggle with this in my day job, but since those nice folks are paying me I end up having to start before I feel things are ready to avoid missing deadlines. This means I get things done, and people are typically happy with them, but I always feel like there could have been a better way and ultimately I'm not happy with the results.

I had a conversation with a friend of mine and that resulted in his creating a podcast about getting things done. I'm glad I was able to inspire someone, and it sort of inspired me. I listened to that show about four times over the next couple of weeks trying to figure out the magic, the secret, the hidden gem of wisdom. I didn't find one.

Yesterday it hit me as I was out for a rather long late-night drive. The podcast itself was the answer to my question. The secret wasn't a secret at all. The truth was so simple I completely missed the point. What is the secret? Intentionality. Simple intentionality. He said he was going to do a thing, and he did it. Simple. Uncomplicated. Why couldn't I do that?

So here we go, my first crack at intentionality.

I leave you with these words, attributed to Voltaire: "Perfect is the enemy of good."

30 Podcasts You Should Be Listening To (part 3) Thu, 24 Apr 2014 01:00:34 +0000 /?p=3 flickr-abletoven-rss-headphonesIn part 1 and part 2 of this series I highlighted the first block of 30 podcasts I listen to very regularly. I have listened to many of these since they began (often retroactively) and very much enjoy them. There are a lot of tech shows in here with a mix of science, food, history and popular culture mixed in for good measure.

Today I bring you the final round of podcasts. I highly recommend you check out any of these great shows and subscribe to them if you're interested.

Mac OS Ken

This show is my day starter. Ken Ray brings together a concise short 10-20 minute podcast with a dose of "Apple news and news related to Apple news." Every weekday he rounds up the latest in news and information surrounding Apple.

Many shows touch on the technical side of Apple either in a little or in a big way. Few of them touch on the financial side of Apple with any regularity and even less consistency. Mac OS Ken on the other hand follows a number of prominent Apple watchers and uses that group to compare and contrast the various Wall Street views of the Cupertino company.

The show has been going 5 days a week pretty near every week since January 2006. The show is very well produced, professionally hosted and a great example of how to deliver a great podcast. I wish I could get a show like this about a great many other topics.

Mac Power Users

Hosted by Katie Floyd and David Sparks the Mac Power Users podcast is a great way to learn more about the tips and techniques that other Mac enthusiasts use to get the most out of their Macs.

The duo varies their format between topical deep-dives and "workflow" episodes which focus on how a given member of the Mac-wielding community gets the most out of his or her Mac setup. These workflow shows provide some great insight into just how varied the Mac experience can be, while at the same time demonstrating that the reason most people love their Macs is that they "just work." Occasionally the guest will be someone like Brett Terpstra who makes a habit (and a living) out of making the Mac do things Apple may never have intended.

The show is loosely affiliated with the 5by5 network and does have space on their site, but the show format is consistent with it's pre-5by5 format and doesn't have some of the other tendencies of 5by5 shows like the strange episode titles. If you want to learn about getting more out of your Mac, this is the place.

The Memory Palace

Hosted by Nate DiMeo and a member of the MaximumFun podcast network, The Memory Palace tells the stories of places and people from history, often american history, and these are almost always very interesting little factoids.

These stories delve into the stories behind the stories that you may already know. As an illustrative example, I point to the case of the bomber that crashed into the side of the Empire State Building. That episode told the story from the perspective of one of the women who worked a few floors above the impact site. She and her office-mates were trapped, scared and didn't know if they would make it home that night. One of them did and DiMeo was able to capture her story.

Though it isn't produced often, it is produced very well and it's another show I look forward to.

Mission Log

Hosts Ken Ray and John Champion are on a mission. To review every episode of Star Trek, from every series, and discuss the messages, morals and meanings therein. This is a crazy undertaking but it's a very fun podcast.

I very much enjoyed their exploration of TOS, a series which I was not very familiar with prior to the series. Being able to explore the characters behind the scenes also proved very entertaining. John Champion's companion blog series "Discovered Documents" which he posts in conjunction with most episodes of Mission Log provide a fascinating look at what goes in to making television work.

If you're a star trek fan you owe it to yourself to check this show out. Each of the very well produced episodes runs about an hour.

The Nosillacast

Hosted at podfeet.com, it's a technology geek podcast with an ever so slight Macintosh bias. This is the signature description that host Allison Sheridan provides for her show. Lots of product and app reviews that focus on "the problem to be solved "make this a go-to source for me each week, and the rotating cast of interviewees on the back-half of the show provide some very interesting deep-dives into everything from learning the Bash shell, to photography.

Allison also focuses quite regularly on accessibility in computing, usually from an Apple perspective. Her quest to constantly seek out better technology and tools to help those with vision or other physical challenges is inspiring. She is also an advocate of accessibility on the software side regularly encouraging developers to think about a wider audience for their products and getting them to make use of the tools provided to make their apps accessible.

Each very well produced episode of the Nosillacast runs about 60-75 minutes. The show is often recorded on Sundays as a live recording. Fun to check out!


Radiolab is a radio show produced out of WNYC in New York. It's also a podcast. Hosts Jad Abumrad and Robert Krulwich supported by a cast of producers and journalists bring stories that explore very diverse topics and often take unexpected directions.

Unlike some similar shows like 99% Invisible or The Memory Palace, RadioLab's shows try to get you to think deeply about your preconceptions of a given topic. They will also push your comfort zone on occasion. One example of this is the exploration of how the Adoption laws in some US states can cause unintended consequences for the children involved. My opinion flip-flopped a couple times during this episode and by the end I couldn't take a side.

Professionally produced the show sounds fantastic. The episodes range from full-length episodes about an hour each down to Radiolab Shorts which are generally 15-30 minutes.

RunAs Radio

This show is decidedly outside the realm of FOSS; usually. Hosted by Richard Campbell, RunAs Radio is a podcast directed at IT pros, those who spend the majority of their time worrying about things like federated security, 5-9's uptime, and how to effectively replicate an active directory server. The show focuses primarily on the Microsoft tech stack, which I deal with at work, but goes deep into lots of very technical topics.

Campbell also co-hosts a more developer focused show called .NET Rocks with Carl Franklin. This is also geared mostly toward the Microsoft development stack, but occasionally features panel discussions and geek-out episodes where the topic could be anything from self-driving cars to alternative energy.

RunAs Radio is part of the PWOP network and shows usually run about 30 minutes.

Security Now

Hosted by Leo Laporte and Steve Gibson and a member of the TWiT network, Security Now provides a no-nonsense soup-to-nuts view of current security news interspersed with deep dives on the technologies we use every day to help protect our security and privacy.

Gibson's career as an Assembly programmer and software consultant has left him with a very deep knowledge of the low-level internals of today's modern computers. Diving back through the archives of this show will provide a great deal of knowledge about how computers work (from the registers up) and how the Internet works (from the copper up).

The content is great, the production is excellent, and the episodes typically run 90-minutes to 2 hours.


Hosted by Nora Young and produced out of the offices of the CBC in Toronto Spark looks at the world of technology and the Internet and how it impacts us little ol' humans and our societies.

There are occasionally segments which push the show in directions which might be considered politically-leaning -- many of the net-neutrality discussions come to mind -- but for the most part the focus is on the technology and how people use it. This is definitely about exploring how people and technology interact.

Produced from a Canadian perspective the weekly show runs about an hour and gives a Canadian perspective on the technological issues that affect society and culture.

StarTalk Radio

Dr. Neil DeGrasse-Tyson hosts StarTalk Radio a show dedicated to all things space (and occasionally other sciences.) This is a fun and entertaining approach to science topics and is often co-hosted by Chuck Nice or or another comic to provide a foil for Dr. Tyson.

This show is targeted at a more mainstream audience than something like Astronomy Cast. The topics explored are a bit less pop-quiz and a bit more pop-culture. This definitely makes the show more accessible to the masses and doesn't presume any knowledge whatsoever.

If you are enjoying the new Cosmos series hosted by Tyson, check out StarTalk Radio. Episodes typically run about 45 minutes.