The gitlab-markup supply chain vulnerability…

Posted on January 11, 2017 in Security • Tagged with security, GitLab, GitHub, ReStructuredText, business, software, source, code, supplychain • 9 min read

…or how I stubbed my toe on the keys to a few dozen kingdoms

NOTE: this content originally appeared on the Taos blog

I’m authoring this security writeup in ReStructuredText. An odd way to start this off, I know. But bear with me, I promise that ReStructuredText is relevant …

Continue reading

Slavish adherence to guidelines considered…inadvisable?

Posted on November 20, 2015 in Security • Tagged with security, logging, linux, audit, breach, IT, business, CIS, guidelines • 7 min read

Industry “best practices” are STILL no substitute for expert help. Yes, this is one of ‘those’ stories.

Recently I was going over some logs trying to track down a mysterious ‘disappearing’ directory. Situations like this are typically not mysterious in the least, since directories don’t disappear. Either they’re …

Continue reading

The NOGAPPS Project for Android

Posted on December 15, 2014 in Privacy • Tagged with privacy, security, freedom, android, google • 5 min read

One of the fundamental difficulties of working in the mobile ecosystem is that, unlike the PC ecosystem, there is not a strong history of catering to a consumer’s desire for customization. The long history of “feature phones” that predates the modern smartphone has fixed mobile carriers in the mindset …

Continue reading


Posted on December 09, 2014 in IT • Tagged with remote access, vnc, security, tls, linux, windows • 2 min read

I started using TigerVNC about two months ago, when a M$ update destroyed the remote desktop server that I had got running on my system. Historically, I’d preferred RDP to VNC due to the fact that the connection is encrypted, and the performance and responsiveness is much better. Additionally …

Continue reading

Privacy-centric Communications

Posted on August 06, 2014 in Privacy • Tagged with privacy, security, democracy, freedom, facebook, microsoft, apple • 7 min read

Paranoia, some smart people like to say, is not retroactive. What I mean by this is not that you should start being paranoid now, because you never know when you’ll need it. Rather I mean that, at whatever point in time you actually need to start being paranoid, you …

Continue reading

Dealing With Breaches

Posted on July 31, 2014 in Security • Tagged with security, breach, IT, business • 6 min read

Security is hard. Much too hard to treat effectively in any one blog post or even one book. It’s a complicated, multifarious discipline that combines a host of observational and technical sub-disciplines. The same is true, to a lesser degree, for breach management. On the one hand, a large …

Continue reading

Moving to Pelican

Posted on July 22, 2014 in Security • Tagged with security, meta, pelican, web, blogging • 4 min read

Obviously there’s a new look here, and a distinct lack of wordpress. also a distinct lack of old posts. That’s fine, there weren’t that many of them lying around anyways, and they were mostly just getting in the way. So we’ve done away with wordpress and …

Continue reading