Links for 2014-02-11

  • Trousseau

    ‘an interesting approach to a common problem, that of securely passing secrets around an infrastructure. It uses GPG signed files under the hood and nicely integrates with both version control systems and S3.’ I like this as an approach to securely distributing secrets across a stack of services during deployment. Check in the file of keys, gpg keygen on the server, and add it to the keyfile’s ACL during deployment. To simplify, shared or pre-generated GPG keys could also be used. (via the Devops Weekly newsletter)

    (tags: gpg encryption crypto secrets key-distribution pki devops deployment)

  • java – Why not use Double or Float to represent currency?

    A good canonical URL for this piece of coding guidance.

    For example, suppose you have $1.03 and you spend 42c. How much money do you have left? System.out.println(1.03 – .42); => prints out 0.6100000000000001.

    (tags: coding tips floating-point float java money currency bugs)

  • “I’m Sorry for what I said when I was Hungry” tee-shirt

    I can relate to this

    (tags: tee-shirts apparel etsy hangry)

  • “IMSI Catcher” used in London

    ‘One case involved Julian Assange’s current home at the Ecuadorian Embassy in London, where visitors were surprised to receive welcome messages from a Ugandan telephone company. It turned out the messages were coming from a foreign base station device installed on the roof, masquerading as a cell tower for surveillance purposes. Appelbaum suspects the GCHQ simply forgot to reformat the device from an earlier Ugandan operation.’
    via T.J. McIntyre.

    (tags: surveillance nsa privacy imsi-catchers gchq london uganda mobile-phones julian-assange ecuador embassies)

  • The Spyware That Enables Mobile-Phone Snooping – Bloomberg

    More background on IMSI catchers — looking likely to have been the “government-level technology” used to snoop on the Garda Ombudsman’s offices, particularly given the ‘detection of an unexpected UK 3G network near the GSOC offices’:

    The technology involved is called cellular interception. The active variety of this, the “IMSI catcher,” is a portable device that masquerades as a mobile phone tower. Any phone within range (a mile for a low-grade IMSI catcher; as much as 100 miles for a passive interception device with a very large antenna, such as those used in India) automatically checks to see if the device is a tower operated by its carrier, and the false “tower” indicates that it is. It then logs the phone’s International Mobile Subscriber Identity number — and begins listening in on its calls, texts and data communications. No assistance from any wireless carrier is needed; the phone has been tricked. […] “network extender” devices — personal mobile-phone towers — sold by the carriers themselves, often called femtocells, can be turned into IMSI catchers.
    Via T.J. McIntyre

    (tags: via:tjmcintyre imsi-catchers surveillance privacy gsocgate mobile-phones spying imsi)

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.