This is a small guide to clarify the setup needed to debug Go code running in a container in docker-compose using Delve debugger . Basically lets suppose that you have 3 service running in three different containers:
Continue reading “Debugging Go Code in docker-compose”Whatsapp vs Signal vs Telegram
The recent privacy policy changes by Whatsapp has triggered a big migration towards similar platforms such as Signal and Telegram. But are those really better? Why? In this article we will see what are the strong and weak points of each of them from a privacy prospective.
Continue reading “Whatsapp vs Signal vs Telegram”Run a GUI program at Startup on LXDE
Have you ever needed to launch a GUI program that run at startup and goes directly into full screen mode? Probably not.. but if you do, just continue reading this post..
Continue reading “Run a GUI program at Startup on LXDE”Unable to Grant Privileges on MariaDB
WordPress requires an SQL like database. On RPI there is no MySQL database, but there is an equivalent fully compatible DB called MariaDB. After a fresh install there’s no password set up initially for the user root, so is very important to fix that. You should use the secure installation script that come along.
Continue reading “Unable to Grant Privileges on MariaDB”10 Immutable Laws of Security
Microsoft has done two things which are really good and neither of those is Windows or Office. The first one is a software called “Paint” that everyone is familiar with (Not the shitty 3D version). The second one is a paper that they wrote back in 2011 titled “Ten Immutable Laws of Security.” So this quick article is about those laws.
The laws are quite self explanatory, so i will re-post them here:
- 1. If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
- 2. If a bad guy can alter the operating system on your computer, it’s not your computer anymore
- 3. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
- 4. If you allow a bad guy to upload programs to your website, it’s not your website any more
- 5. Weak passwords trump strong security
- 6. A computer is only as secure as the administrator is trustworthy
- 7. Encrypted data is only as secure as the decryption key
- 8. An out of date virus scanner is only marginally better than no virus scanner at all
- 9. Absolute anonymity isn’t practical, in real life or on the Web
- 10. Technology is not a panacea
Despite the laws are quite clear, i want to add a quick discussion for clarify some points. The first 3 laws, withhold similar concept: if someone can tamper with your pc either by running some software or by accessing the hardware, than is not your pc anymore. The implication of these law are quite deep. These law cover obvious cases, where you click on that unknown exe .. or when your trusted technician install hardware keylogger in your pc or a network sniffers on your card. . But the cases does not necessary stop there.. What if a bad guy works at Microsoft, then potentially can tamper with your OS, thus, owning all your pc. Same concept with hardware producers. If you think that this is impossible, than think again because has already happened in the past (for example tampered Supermicro motherboards or Lenovo Superfish malware).
Law n.4 is just a slight extension of the other 3 but with reference to website. So if you use Libraries, add-ons and so on, is always a good idea to have a look at the source code (and make sure that the installed version actually contains the same code), to avoid problem like the “event-stream” javascript library that got infected by cryptoshit stealing code.
Law 6 remarks the power of Sys admin that can change the back-end code, access directly databases, passwords (changing back-end to store it in clear!) and so on. They hold the ultimate power, since usually clients have no overview of the back-end code.
Law 5 and 7 are also quite important. They clarify some concept of security. Indeed is useless to have a 512 bit AES key if then the password set is 1234. Easily guessable keys (or reusing compromised passwords) are the weak link in breaking hard encryption.
Law 8 is still very valid, with the viruses spreading over the internet quickly, it is important to include newest AV signatures as soon as possible. No-one is trying to break in your system with a 2 years old virus! This is also true for Software Updates. So Together with antivirus you should patch asap all your software, since exploiting known vulnerability are the easiest way in a system.
Law 9 may come with a little disappointment. Yes you could use Tails, Tor, Qubes, etc, but still..if someone want to really control you (and have enough resources), they could exploit timing, traffic correlations, forge fake certificate, control tor exit nodes, control backbones, install spywares, dns leakages, etc. So many potential weakness that over a long period, something will go wrong and you will loose your anonymity.
Rule number 10 is just thrown there to remind that for many problems, technology may not be the best solution after all..
So whenever you click on something or ask someone to fix your pc, keep in mind those simple rules!
Happy clicking!
Variables in Bash
Lets talk about variables in bash scripts. Nothing super technical, but this is just a small clarification article for a such useful features. But lets start from the beginning. .. What are bash variable and why a user or developer should care about it? Continue reading “Variables in Bash”
GIT_2 : Workflows: branch and fork
In the last article we discussed some basic git concept. Now I want to introduce some GIT workflows to be used while developing code in teams, that uses Pull Requests and code reviewers. In particular I want to explain how to keep the master history clean and how to avoid all those ugly merges and unnecessary commits that a lot of teams have in their master history.
Continue reading “GIT_2 : Workflows: branch and fork”GIT_1 : (not so) Basic Concepts
If you are a programmer and if your team consist of more than 1 person, then you are probably using GIT. There are two ways to use git: the wrong way and the right way. If you never used “rebase” command or if you never squashed any of your commits or if you never heard about forks, then you are probably using it wrong. Ah before we start, I assume that you are familiar with basic git terminology.
Continue reading “GIT_1 : (not so) Basic Concepts”Conformity
Humans are, social animals, and because of that, they need to feel accepted (apart from engineers). Acceptance is so important, that people will end up denying the reality just to “fit in” a specific group. Seems absurd right? Continue reading “Conformity”
Climate change
Climate change is an hot topic. It is so real that we even convinced Trump, so is time to find real solutions. Are the effort that we are doing helping the environment? Are they even going to the right direction? In this small article i will try to report few numbers about the climate change that you will probably not like it. Continue reading “Climate change”