Life

2017: A Retrospective

Last year I wrote a retrospective and was interesting to read it at the end of this year so I've decided to do it again. What can I say about 2017?

From a work perspective, this was a crazy year. The vulnerabilities we had to deal with this year were pretty significant, things like Blueborne and KRACKS and others that created a lot of work for the team. To say it was ...

Read More

Life

Working Remotely

I've read a few articles lately about working from home and some best practices for working remotely, and other topical guidance around the subject of working from home. I always find these articles fascinating because I want to see if there's something I am missing or doing wrong. Maybe there's a way I can boost my own productivity. Some insight. Something.

Inevitably I finish the article, sigh, and carry on. The ...

Read More

Linux

Red Hat Container Health Index

Today is the first day of Red Hat Summit 2017, this year in Boston. I'm not there, but am thoroughly enjoying watching the keynotes and other interviews via TheCube on Summit. One of the big things that we've been working on for a while that was announced today is the Container Health Index within our Red Hat Container Catalog. I'm not going to go into detail here as I've already ...

Read More

BSD

Virtualized Linux guest in FreeNAS 9.10 using iohyve

During the day I'm a manager of one of the greatest security teams on the planet (in my biased estimation), but at night (and random times throughout the day), I'm a sysadmin tinkerer. There's just something about goofing off with operating systems that appeals to me; this is likely what caused me to devote five years of my life to working on Annvix back in the day.

I've been running a local IPA install ...

Read More

Life

Replaced GPG Key

Quick note to indicate that I've revoked my old GPG key (key id 0x94BE833CE8B86CAB) and replaced it with my new one (key id 0xBD51CB9670DF9DE7). My new key's fingerprint is:

1810 81E8 178E 4692 03F6 BFD0 BD51 CB96 70DF 9DE7

and it is signed with the old (revoked) key. You can download the key directly from me or from pgp.mit.edu which is where you can also see the old key is revoked.

Read More

macOS

Figuring out GPG, SSH and U2F with YubiKey 4

You know your wife is a keeper when she gets you a YubiKey 4 for your birthday! I was really excited about this YubiKey because of its support for storing your GPG private keys and also for an SSH private key, in addition to the U2F (Universal 2nd Factor) support. I've been using earlier versions of the YubiKey for OTP (one-time password) and U2F, but the new version was especially interesting to me because of ...

Read More

Life

2016: A Retrospective

I've been spending a lot of time thinking about this past year and all of its challenges and accomplishments, the moments of growth and clarity, the opportunities taken and the opportunities missed. I'm not one to get deeply personal in public, and won't get into a lot of the nitty gritty as I write this, but the end of a year is an opportunity to look back and do some self-reflection. I'm a ...

Read More

Linux

Using GitLab CI to deploy to remote host over ssh

I've been using GitLab for a while now and I really like it. I can't objectively say whether it's better than GitHub or not (I have a few projects on GitHub but I rarely make any changes to them and even more rarely use the web UI), but one of the things I appreciate about GitLab is the fact that I can run my own copy of it and store my own stuff in ...

Read More

Linux

Countdown to SHA1-based HTTPS Doom

So it's been noted in a few places that 2017 is the year that SHA1 for HTTPS is doomed. Microsoft has deprecated SHA1 in Edge and Internet Explorer browsers and in February 2017 will be blocking them entirely. Google is doing the same thing with Chrome starting January 2017, as is Firefox.

Most sites today don't use SHA1-based SSL certificates (which is good) and there are sites you can go ...

Read More