The systemd projecct is an interesting concept for replacing init and related code . There have been a few attempts to replace the old init system, upstart is getting some market share in Linux distributions and Solaris has made some interesting changes too.
But systemd is more radical and offers more benefits. While it’s nice [...]
Debian/Squeeze (the next release of Debian) will be released some time later this year. Many people are already upgrading test servers, and development systems and workstations that are used to develop code that will be deployed next year. Also there are some significant new features in Squeeze that compel some people to upgrade [...]
Some time ago Yubico were kind enough to send me an evaluation copy of their Yubikey device. I’ve finally got around to reviewing it and making deployment plans for buying some more. Above is a picture of my Yubikey on the keyboard of my Thinkpad T61 for scale. The newer keys apparently have a [...]
The Security Token Wikipedia page doesn’t seem to clearly describe the types of token.
Categories of Security Token
It seems to me that the following categories encompass all security tokens:
Biometric tokens – which seems rather pointless to me. Having a device I control verify my biometric data doesn’t seem to provide a benefit. The [...]
Bruce Schneier’s blog post about the Mariposa Botnet has an interesting discussion in the comments about how to make a secure system . Note that the threat is considered to be remote attackers, that means viruses and trojan horses – which includes infected files run from USB devices (IE you aren’t safe just [...]
The Opera-Mini Dispute
I have just read an interesting article about the Opera browser . The article is very critical of Opera-Mini on the iPhone for many reasons – most of which don’t interest me greatly. There are lots of technical trade-offs that you can make when designing an application for a constrained environment (EG [...]
I have returned from the US and my SE Linux Play Machine  is online again.
It was unfortunate that I forgot to pack one of my Play machine shirts, I ended up attending a meeting of the SDForum  on the topic of Cloud Security (it was a joint meeting of the Cloud Services [...]
I’m about to leave for San Francisco, so my SE Linux Play Machine is turned off and will remain off until after I return.
Lenny Play Machine Online As Debian/Lenny has been released and the temperatures in my… Play Machine Update My Play Machine  was offline for most of the… Trust and My SE Linux Play Machine When discussing the machine there are two common comments I…
New SE Linux Play Machine Online After over a year I have finally got a SE…
New Play Machine Update: Thanks to Sven Joachim and Andrew Pollock for informing…
I have just filed Debian bug report #556644 against the version of openssh-server in Debian/Unstable (Squeeze). It has a patch that moves the code to set the SE Linux context for the child process before calling chroot. Without this a chroot environment on a SE Linux system can only work correctly if /proc and /selinux [...]
Update: Thanks to Sven Joachim and Andrew Pollock for informing me about /etc/init.d/mountoverflowtmp which exists to mount a tmpfs named overflow if /tmp is full at boot time. It appears that the system was not compromised. But regular reinstalls are always a good thing.
On the 24th of August this year I noticed the following [...]