How did they manage to get that?

May 3, 2016 | Comment

So I received the above message to my phone last week. There were several things that were interesting about it:

it was supposedly from Apple (it isn’t)
whoever sent it had my full name
they also had my mobile number.

This was obviously a scam as Apple a) wouldn’t send notifications like this and b) definitely wouldn’t send you to a site called “applewarning.co.uk”.

I’m pretty careful about who has my mobile number although getting my name is pretty easy so I’m left wondering just who or what has been compromised to allow this information to become available to spammers. … Read the rest

Accessing an AWS EC2 Instance via Macfusion

April 19, 2016 | 2 comments

As part of a drive to improve security we are moving more of our AWS EC2 development instances behind a VPN. This is fine for most things but the code editor we use, ShiftEdit, won’t see the servers behind the VPN as they are not publicly assessable over SSH. This means I was looking for a different solution. Ideally I wanted a code editor that had native SSH support using private keys or agent forwarding and had a tabbed interface. Unfortunately none of major players seemed to have what I was looking for.

There are a number of free editors … Read the rest

Raspberry Pi GPS tracker – Connecting Without a Network

February 24, 2016 | Comment

All articles to date have been about getting the GPS working with the Raspberry Pi and converting the original Python code to PHP. All of this works well (for me) but what if you want to make changes to the settings or download the log file while you are out and about and away from your home network?

Normally what happens is that you configure your device to connect to a known network but as you are going to be using the GPS/Pi combination away from known networks you need a way to access anywhere without having to connect a … Read the rest

Raspberry Pi GPS tracker – Converting Code to PHP – Part 2

February 16, 2016 | Comment

In the last post I looked at converting the original Python code to PHP. This all ran without issue but I quickly found that because the Pi wasn’t connected to the internet the date and time of the device never got updated. This meant that the log files always had the wrong timestamp when they were created making it difficult to find the one I needed.

Turns out that there is a simple answer to this problem. As the GPS satellites include the current date and time as part of the detail that is sent along with the location we … Read the rest

Raspberry Pi GPS tracker – Converting Code to PHP – Part 1

February 9, 2016 | Comment

Last week I looked at getting the hardware up and running for a Raspberry Pi GPS tracker. However, as I said I was using some Python code and I don’t speak Python so I wanted to convert it to PHP. So this week I am going to look at what I did.

Before I could even begin to look at the converting the code I had to see if it was even possible for PHP to access the serial port. Turns out this is exactly what Direct IO (dio) is for but it isn’t included as standard so you … Read the rest

Well Played The Guardian

February 3, 2016 | Comment

If you want to get noticed by curious developers I guess that this is one way of doing it!

… Read the rest

Raspberry Pi GPS tracker – Getting it Together

February 2, 2016 | 8 comments

Having secured a Pi Zero from the cover of a the magazine MagPi I thought I would start out simple by trying one of the projects shown there. The one that caught my eye and required no soldering was to build a GPS tracker.

Getting hold of a cheap USB unit was pretty easy but make sure it is Linux compatible. I bought this one from eBay.

The first thing I did when I got the unit was to try it out on the Pi and while it was working I could see that it had got a satellite … Read the rest

Kickstarter is a stock market not a super market

January 26, 2016 | 1 comment

It’s no secret that I am a big fan of Kickstarter having backed many, many, many projects but, as you can see from the above screen grab, not everyone is of the same opinion and I believe that stems from a fundamental misunderstand about just what exactly a crowd funding site is.

The reason for the ire shown by the commenters above is that the project delivery end date is slipping and so people are becoming unhappy. In this particular project’s case the delivery date has slipped by approximately one month – in Kickstarter terms that is nothing, … Read the rest

Now that Microsoft is Shutting Sunrise

January 5, 2016 | 2 comments

I have been a big fan of Sunrise but there was always a danger when it was taken over by Microsoft that they would eventually shut it down and that is now on the cards. I really like the way that Sunrise allows me to see in my calendar information other than my diary entries such as Tripit travel plans and Foursquare checkins and I didn’t want to lose that.

My initial thought was to do something through IFTTT but not all services were covered and I couldn’t get the options I wanted to change the entry colour, for … Read the rest

Installing ModSecurity & OWASP Core Rule Set on an Amazon EC2 Linux (CentOS) Instance

December 29, 2015 | Comment

NOTE: This post has been updated to include the requirement of mod_unique_id.

As part of some investigations at work I have been playing around with ModSecurity, the open source web application firewall (WAF), and the standard set of rules provided by OWASP. All our infrastructure is hosted with Amazon AWS so I thought that it would be useful to drop down the steps I took to get this working on a bare bones Amazon Linux box.

Install ModSecurity

You can, of course, compile ModSecurity from the sources but it is easier to install via yum, however, it is part … Read the rest