I've been running for a decade a self-built NAS at home, so I thought I'd write down my experience so that others might gloat over my many failures and gasp in awe at my few triumphs. The NAS is perfect because it is simple, safe, modular and extensible and it is cheap because it is … Continue reading Building the perfect, cheap DIY NAS
Category: security
Azure diaries: can’t access KeyVault
Context: as a tenant administrator you can't inspect KeyVault contents created by other people ("you are unauthorized to view these contents"). Solution: assign yourself appropriate permissions like this: Locate the KeyVault in the Azure portal: go to "Access policies"click "+Add Access Policy"Key permissions: everything under "Key Management Operations" and "Cryptographic Operations"Accordingly for key and certificate … Continue reading Azure diaries: can’t access KeyVault
Case study: scalable, extensible identity provider
Slides for a scalable, robust OIDC identity provider with an extensible architecture.
A comprehensive security enterprise architecture
I obtained permission to publish my presentation for an internal gig of a security enterprise architecture. When setting up a security architecture in the enterprise context topics like business continuity, people and processes, governance, services and technology are relevant. https://www.slideshare.net/GeorgeGeorgovassilis/security-architecture-127061728
Unlocking a password-protected hard disk
TL;DR: Recovering data from a password-protected SATA hard disk that was locked by a Thinkpad I wish this post would be as generally valid as the title suggests; at this hour I'm just unspeakably glad to have unlocked a hard disk I didn't even know I had locked and can finally go to bed. What … Continue reading Unlocking a password-protected hard disk
Secure messaging in the browser
By observing news and public discussions I feel that there is a growing awareness of data privacy and an increasing demand for secure person-to-person communication. In order to address my communication needs, I plugged together a few Javascript libraries and started the Webencryption [1] project on Github. What is Webencryption? Webencryption is a rather crude … Continue reading Secure messaging in the browser
RSA is partially cryptographically homomorphic
Homomorphic cryptography [1], should it ever become available as a product, will have an intriguing property: computers will be able to operate on encrypted data without either having to- or being able to decrypt it. Competitive or regulatory pressure leads many organisations to distrust public (or private) clouds with their data and algorithms, so they … Continue reading RSA is partially cryptographically homomorphic
Advanced web security topics
(Updated 22 May 2020) This post discusses web security issues that I come across - so far thankfully mostly by reading about them. It is a work in progress which I'll keep updating. The post title includes "advanced" because the topics discussed here involve clever, non-trivial hacks, are novel at the time of their publication … Continue reading Advanced web security topics
Securing a development server
In this post I talk about setting up and securely operating development tools like Jenkins and Gitlab on a server connected to the internet. All applications run behind a firewall and a reverse HTTP proxy which allows only HTTP requests from selected users through who authenticate themselves with client certificates. Putting web-facing software on the … Continue reading Securing a development server
Running a website on ip6
I started quite a while ago moving a pet project to ip6. While it doesn't involve any programming per se, it turned out to be quite a complicated process involving multiple configuration steps. Thus, for your enjoyment I present: running a website on ip6 with Ubuntu 14.04 (older versions won't work because their kernel doesn't … Continue reading Running a website on ip6
