security – Pervasive Code

Why security is hard, and why it’s not going to get easier

Bruce Schneier summed it up well: the good guys have to secure all the doors and windows; the bad guys only have to find one. In a nutshell, that’s why security is hard. Real-world security has to deal with that problem all the time.

If you think of writing software as filling a feature space, sometimes you accidentally provide functionality that you didn’t intend to, while providing what you meant to. You meant to provide an exhaust port but you also created a vulnerability.
Continue reading

Managing autossh via monit

SSH port forwarding is so useful that sometimes you want to daemonize it, to create encrypted tunnels that never go away. But it’s not trivial to do this. Fortunately it is possible with a little fiddling, and I did it using monit.
Continue reading “Managing autossh via monit”

Proper Error Handling in Rails Controllers

Rails controllers can get out of hand if you’re not very careful. Skinny Controller Fat Model is a great start. But what about handling errors? Isn’t it enough to just let Rails catch your exception and show a 500 Server Error page?

No, it’s not. Falling back on 500 Server Error for everything outside of the “happy path” through your code is sloppy coding.
Continue reading “Proper Error Handling in Rails Controllers”

Silencing pointless reverse DNS warnings from OpenSSH

If you’ve been using SSH for long you’ve probably seen this at least once: Address 11.22.33.44 maps to www.foobar.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

Sometimes this is helpful. Sometimes this is really annoying and incorrect. Assuming you are a moderately well informed sysadmin and know that this message can safely be ignored, you might have been stumped trying to silence it. You may have tried every option in man ssh_options and even some of your own ( STFU on?) I think I may be able to help.
Continue reading “Silencing pointless reverse DNS warnings from OpenSSH”