Author Archives: Jared

KeyCzar: Encryption made easy

Encrypting sensitive data-at-rest (i.e. in a database) is a good idea, but how does one manage the encryption keys, and rotate keys or start using a new algorithm down the road without orphaning or migrating the old data? Use KeyCzar Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, […]

Gotcha’s of command-line tools

I came across this recently, and I think it’s worth sharing. It outlines gotchas of commonly used commandline tools and arguments such as when ‘rm -rf’ doesn’t remove a directory, and how to get around it, or when ‘wc -l’ fails to count the last line in a file. http://www.pixelbeat.org/docs/coreutils-gotchas.html

RabbitMQ, memcache, and too many socket connections

What happens when you have hundreds of services connected to RabbitMQ and memcache, and those services have a bug that causes them to keep their previous socket connections open, and repeatedly reconnect to RabbitMQ and memcache? They crash. It occurred to me that one can prevent too many connections using iptables on the RabbitMQ and […]

Great tools: ag and rlwrap

It’s fun to learn about new command line tools from coworkers. Here are two. rlwrap can be used to wrap anything in a realine command history. It’s useful to preserve command history, including the commands typed in remote ssh sessions. Just wrap ssh in rlwrap. ag, the silver searcher, is a super-fast recursive grep tool. […]

LWN.net: “Changes in the TLS certificate ecosystem”

I was glad to come up to speed with what has been happening with TLS in the last couple of years, and I highly recommend reading these articles. https://lwn.net/Articles/663875/ https://lwn.net/Articles/664385/ I learned about HTTP Public Key Pinning, Certificate Transparency, and STARTTLS stripping, among other things. Here’s one of many good quotes: The core problem of […]

Unsatisfactory Freedompop cellular experience

In September, my son started junior high, and he craved having a smartphone. His lawn-mowing money was burning a hole in his self-made duct-tape wallet. So I googled for inexpensive options. Freedompop sounded like a great deal — free phone service (500 MB data per month), based on VoIP over cellular data. Too good to […]

MongoDB: Pre-splitting a sharded collection

When suddenly writing high volumes of data to a MongoDB collection that’s had little or no data previously, it’s important to pre-split the collection so that there’s good write performance — we don’t want to write all data to a single shard while waiting for the MongoDB balancer to figure things out. While it’s possible to […]

Python: There’s more than one way to format a string

LWN.net has an interesting article about Easier Python string formatting. Summary: For Python 3.6, they’re going to introduce yet another way to format strings, called f-strings.   answer = 42   f’The answer is {answer}’ They also have a proposal of how to make it secure, so that untrusted input contained in variables doesn’t introduce problems.

Virtual hosting: Why don’t they support SSL?

My website is powered by justhost.com, and it would be super nice if they supported SSL. SNI makes this possible, but they haven’t implemented it. https://en.wikipedia.org/wiki/Server_Name_Indication Is it time to start shopping for a new web hosting provider?

Data security can only be achieved by those empowered

Users of online services don’t have the ability (i.e. aren’t empowered) to secure the data stored by those services. Only the engineers and the companies that build the services can do that. So I agree with Cindy Cohn, who says: …we need to ensure that companies to whom we entrust our data have clear, enforceable obligations to keep […]