A small interesting video on how to build your own Mac computer (not sure it’s cheaper, and a bit difficult, but interesting for technical part). Assembling and hardware section is not the most important, but I retain MacOS installation on the computer (and its drivers).
TrueCrypt, software known or to be known to keep security about personal informations.
Principe is simple, encrypt our data. Several methods for this: encrypt an entire hard disk (which contains the OS then you will have to enter a password at boot, or contains only data), or a virtual partition saved in a file which will contain all your confidential informations.
A first audit has been done, and it confirms reliability and trust with this software, there is no backdoor inside TrueCrypt! Therefore we can store our data with it, unless you keep your password or private key visible or reachable, no one will access to it, and even under torment (I know your hidden data are so precious, we have to get them!) you have to give your password, you can configure encrypted storage to reveal another storage location with a fake password!
However problems have been found, lack of comments or obsolete functions for example, but really nothing serious about that our data are normally secured.
Stay tuned and to be used (available on every OS).
Cloudflare published a very interesting page for curious people about Heartbleed with a website available to try to get the private key with this bug.
Don’t hesitate to look at it, for knowledge about security server.
with GitHub specify this article, but while reading it, I would say how to develop better, and that’s all.
Indeed an interesting article I recommend reading it, because it speaks about obvious notions but unfortunately not often respected. We should always have at least 2 git branches by example (master = prod, develop = in progress…). This article has also a passage about tests.
Link about philosophy to have when working with branches on a workspace (about git but can work with any versioning system).
So tests… how many time I had to repeat and to mention the importance of them (unit and functional tests) in development. How many times it happened after adding a new function, that an old one doesn’t work anymore because we didn’t test functions of the application. Do tests and execute them! You will save time, and more your application will grow, more you will have to save time on tests of previous functions of your development. You mustn’t to click, write, submit a form, you must to automatise it first time you want to test your application. One your test is written, these actions won’t be manual, and you will get results in few seconds.
This is it today.
That’s Leslie Lamport’s feeling, Microsoft director of research, and I share his point of view. We learn analysis, thinking, logic at school before learning a language and programming, so why a student, when he develops for himself or a company, forgets everything and goes to program before writing on paper things?
A developer save time to analyse a project or application first. I like image of an architect, it sums up it well. Before building a house, he has a plan, and does not put his brick first. He respects it or not, but he has a good idea of final things. It must be the same with developing programs.
Developers, analyse it, think it, and then program it! And you will have a good code.
With this data privacy period (see previous article), it is recommended, when you have private data, to delete them securely (no! move to trash is not how to delete a file, and empty the trash is not how to delete securely a file).
I give a simple but effective example on how to delete a file on Linux with shred command installed on Debian (certainly available with other Linux OS).
shred -n 7 -u -z <file name>
Yes, so simple, so why do not do that?
-n 7 : rewrite 7 times data in the file (default 3, but we are not too careful, 7 seems a good compromise)
-u : delete the file after rewriting
-z : fill 0 to hide shredding before deleting the file
This command take less than 10 minutes for a 7.4 Gb file and 7 pass, so nothing should stop you to do that without losing your day.
You can add -v option to show progress if you are curious.
An exploit (it seems to be a very critical one) endanger our informations transmitted on Internet. If you have servers and you administer them, you have risks to be vulnerable with SSL/TLS service.
To explain brievely, a buffer overflow attack (send data in specifical size and format) can give access to data that have been transmitted encrypted to the server.
You can fix it in a simple way, an apt-get update && apt-get upgrade or yum update should do it. Restart services using this library or reboot your server in a doubt with reboot command.
Finally test your server at this address to check you have fixed it.
More informations on Heartbleed bug.
If you decide to use Piwik for you website statistics, here is a procedure to enhance the accuracy of geolocation.
We will configure our Linux server (Debian or Ubuntu) with PECL that is recommended method (only if you have a dedicated server and you can configure it as you want, for a shared one, use PHP method instead).
Connect to it with SSH et install libraries and tools :
apt-get install php-pear php5-geoip php5-dev libgeoip-dev
pecl install geoip
We are going to install the database. When libraries are installed, go to Piwik > Settings > Geolocation, and at the bottom of the page, you can download the free database. If you have an error message, you can download it mannually at this address, you will have to use wget in SSH by example, then move the file in <piwik path>/misc. Think to rename it from GeoLiteCity.dat to GeoIPCity.dat.
Last step is enable it in the server. Library installation probably configured PHP automatically. Modify the needed file (/etc/php5/fpm/conf.d/20-geoip.ini or /etc/php5/conf.d/geoip.ini by example) to get :
extension=geoip.so
geoip.custom_directory=<chemin piwik>/misc
Restart apache, or fpm, or anything else, and go back to Piwik administration, et check PECL that should mention installed in green text.
Think to setup automatic updates (monthly by example) in adding the link above in URL field.
If you want to test update, force Piwik cron in going to http://<PIWIK URL>/misc/cron/archive.php?token_auth=<TOKEN> address replacing <TOKEN> by your super user token you will find in Users page.
Here it is, sold out, notthing to see, go! You can read the announce on official blog.
Ubuntu One closes (finally?) his doors. I never bet on it so I am not surprised, or maybe yes, but my only surprise is it lasted as long. Big services as Dropbox, Google Drive, MEGA or my favourite hubiC had the last word.
For years, storage services increased a lot, and I was very surprised to see Ubuntu release one, because you have to run Ubuntu to have a chance to hear it, and even if you knew it, not a lot used it (I was one of them). Why didn’t I use it? Because I was afraid of believing in its sustainability , Ubuntu was for me an OS, and it was (is?) difficult for it to be lucrative, so entrust my data to a service that doesn’t know where to go, not for me.
Then if you have data there, remember to keep them back before July 31.
I will probably explain why I choose hubiC.