This is a short article to clarify few things on sockets. I had to do some research to work with those classes, especially when you do some more advance uses. Lets start with some basic.Continue reading “Socket Families”
This is a small guide to clarify the setup needed to debug Go code running in a container in docker-compose using Delve debugger . Basically lets suppose that you have 3 service running in three different containers:Continue reading “Debugging Go Code in docker-compose”
Have you ever needed to launch a GUI program that run at startup and goes directly into full screen mode? Probably not.. but if you do, just continue reading this post..Continue reading “Run a GUI program at Startup on LXDE”
WordPress requires an SQL like database. On RPI there is no MySQL database, but there is an equivalent fully compatible DB called MariaDB. After a fresh install there’s no password set up initially for the user root, so is very important to fix that. You should use the secure installation script that come along.Continue reading “Unable to Grant Privileges on MariaDB”
Microsoft has done two things which are really good and neither of those is Windows or Office. The first one is a software called “Paint” that everyone is familiar with (Not the shitty 3D version). The second one is a paper that they wrote back in 2011 titled “Ten Immutable Laws of Security.” So this quick article is about those laws.
The laws are quite self explanatory, so i will re-post them here:
- 1. If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
- 2. If a bad guy can alter the operating system on your computer, it’s not your computer anymore
- 3. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
- 4. If you allow a bad guy to upload programs to your website, it’s not your website any more
- 5. Weak passwords trump strong security
- 6. A computer is only as secure as the administrator is trustworthy
- 7. Encrypted data is only as secure as the decryption key
- 8. An out of date virus scanner is only marginally better than no virus scanner at all
- 9. Absolute anonymity isn’t practical, in real life or on the Web
- 10. Technology is not a panacea
Despite the laws are quite clear, i want to add a quick discussion for clarify some points. The first 3 laws, withhold similar concept: if someone can tamper with your pc either by running some software or by accessing the hardware, than is not your pc anymore. The implication of these law are quite deep. These law cover obvious cases, where you click on that unknown exe .. or when your trusted technician install hardware keylogger in your pc or a network sniffers on your card. . But the cases does not necessary stop there.. What if a bad guy works at Microsoft, then potentially can tamper with your OS, thus, owning all your pc. Same concept with hardware producers. If you think that this is impossible, than think again because has already happened in the past (for example tampered Supermicro motherboards or Lenovo Superfish malware).
Law 6 remarks the power of Sys admin that can change the back-end code, access directly databases, passwords (changing back-end to store it in clear!) and so on. They hold the ultimate power, since usually clients have no overview of the back-end code.
Law 5 and 7 are also quite important. They clarify some concept of security. Indeed is useless to have a 512 bit AES key if then the password set is 1234. Easily guessable keys (or reusing compromised passwords) are the weak link in breaking hard encryption.
Law 8 is still very valid, with the viruses spreading over the internet quickly, it is important to include newest AV signatures as soon as possible. No-one is trying to break in your system with a 2 years old virus! This is also true for Software Updates. So Together with antivirus you should patch asap all your software, since exploiting known vulnerability are the easiest way in a system.
Law 9 may come with a little disappointment. Yes you could use Tails, Tor, Qubes, etc, but still..if someone want to really control you (and have enough resources), they could exploit timing, traffic correlations, forge fake certificate, control tor exit nodes, control backbones, install spywares, dns leakages, etc. So many potential weakness that over a long period, something will go wrong and you will loose your anonymity.
Rule number 10 is just thrown there to remind that for many problems, technology may not be the best solution after all..
So whenever you click on something or ask someone to fix your pc, keep in mind those simple rules!
Lets talk about variables in bash scripts. Nothing super technical, but this is just a small clarification article for a such useful features. But lets start from the beginning. .. What are bash variable and why a user or developer should care about it? Continue reading “Variables in Bash”
In the last article we discussed some basic git concept. Now I want to introduce some GIT workflows to be used while developing code in teams, that uses Pull Requests and code reviewers. In particular I want to explain how to keep the master history clean and how to avoid all those ugly merges and unnecessary commits that a lot of teams have in their master history.Continue reading “GIT_2 : Workflows: branch and fork”
If you are a programmer and if your team consist of more than 1 person, then you are probably using GIT. There are two ways to use git: the wrong way and the right way. If you never used “rebase” command or if you never squashed any of your commits or if you never heard about forks, then you are probably using it wrong. Ah before we start, I assume that you are familiar with basic git terminology.Continue reading “GIT_1 : (not so) Basic Concepts”
Humans are, social animals, and because of that, they need to feel accepted (apart from engineers). Acceptance is so important, that people will end up denying the reality just to “fit in” a specific group. Seems absurd right? Continue reading “Conformity”