 | Jeroen Wiert Pluimer… on Does Odido (the old T-Mobile N… |
 | Lars Fosdal on Security alarm provider Woonve… |
 | Thomas Mueller on Question got closed in May 202… |
 | Thaddy de Koning on Formulier voor bewindvoerders… |
| Thaddy de Koning on Formulier voor bewindvoerders… |
Posted by jpluimers on 2022/08/05
I tried the solution in [Wayback/Archive.is] Fritz!box 7590 interface extremely slow : fritzbox (remove the some 30-40 unused machines from the network overview), but it didn’t matter: since Fritz!OS 7.x, the Fritz!Box 7490 UI is just very very slow: each page takes 10+ seconds to load.
Hopefully I can get rid of these and move to pfSense based hardware eventually.
–jeroen
Posted in Fritz!, Fritz!Box, Hardware, Network-and-equipment, pfSense, Power User, routers | Leave a Comment »
Posted by jpluimers on 2022/08/04
Rob Gongrijp has this nice repository [Wayback/Archive.is] ropg/ipocalypse: FreeBSD jails with web servers on a single IPv4 address:
…
To deal with web servers (which all need to be reached at ports 80 (http) and 443 (https), I describe a convenient Apache reverse proxy setup in its own jail, and the management script I wrote to make things super-easy.
…
Via [Archive.is] ᖇ⦿ᖘ Gonggrijp on Twitter: “HOWTO for setting up a FreeBSD host with multiple jails running web servers on a single IPv4 address. (No rocket science: just a general HOWTO plus an easy certificate management / reverse proxy script which also works on other systems with adaptation.) … “
With an interesting response [Archive.is] corbosman on Twitter: “I use kubernetes/traefik pretty much like that, and before that docker/traefik. It’s getting more and more difficult to get IP space at all.… “
–jeroen
Posted in *nix, BSD, Development, Power User, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2022/08/02
Last year in OWASP top rated security “feature” A01:2021 – Broken Access Control, I promised to write more about how learn about OWASP documented and rated security vulnerabilities.
Today is the day you should start learning from [Wayback/Archive.is] Github: OWASP WebGoat:
Deliberately insecure JavaEE application to teach application security
It is a Java backend with a JavaScript/HTML frontend, but the vulnerabilities just as easily apply to other back-end stacks.
Repositories:
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.
WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat’s default configuration binds to localhost to minimize the exposure.
WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.
This repository contains all the lessons for the WebGoat container. Every lesson is packaged as a separate jar file which can be placed into a running WebGoat server.
This is the WebGoat Legacy version which is essentially the WebGoat 5 with a new UI.This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application penetration testing techniques.
WebGoat 5.4 releases and older
POC to demonstrate dynamic lessons with groovy controller/thymeleaf templates
They are by OWASP:
The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.[4][5]The Open Web Application Security Project (OWASP) provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 – 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.
Very important is the [Wayback/Archive.is] OWASP Top Ten Web Application Security Risks | OWASP:
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.Globally recognized by developers as the first step towards more secure coding.
Companies should adopt this document and start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.
More OWASP repositories (including the [Wayback/Archive.is] OWASP/Top10: Official OWASP Top 10 Document Repository and [Wayback/Archive.is] OWASP/www-project-top-ten: OWASP Foundation Web Respository which seem to be at a 4-year update interval got updated in 2021) are at [Wayback/Archive.is] Github: OWASP.
Related: [Archive.is] Jeroen Wiert Pluimers on Twitter: “This so much sounds like German government IT-projects: …”
Via:
–jeroen
Posted in Authentication, CSS, Development, Encryption, HTML, Java Platform, JavaScript/ECMAScript, Pen Testing, Scripting, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2022/08/01
Via [Wayback/Archive.is] S07E15 – Digitale festivalbeleving en betalingsinnovatie met Ibo Orgut – Met Nerds om Tafel:
de Burrito Truc (dekbed in je overtrek stoppen)
De burritotruc om je dekbed in de hoes te stoppen.
–jeroen
Posted in LifeHacker, Power User | Leave a Comment »
Posted by jpluimers on 2022/07/29
More than 10 years ago, I wrote about 7 screens; 3 computers; 1 keyboard/mouse to direct them all: Input Director and started with
At home, I have 7 screens on 3 computers on the same desk. That sounds like a clutter, but all these keyboards and mice hooked up to them add even more clutter. Until I found out about Input Direct…
In the mean time, I’ve mainly used a Mac with MacOS as a front-end to virtually logon to remote machines using both the internal display and one or two external monitors.
Especially when doing video (think Covid-19 and especially on-line meetings!) in addition to software development work, this is far from ideal.
So here are some things on my list of potential enhancements to this situation:
tl;dr:
- Windows machines give [Wayback/Archive.is] Garage Mouse without Borders a try
- Windows and Mac try [Wayback/Archive.is] ShareMouse
- Windows, Mac and Linux try [Wayback/Archive.is] Synergy, which requires one computer to act as host (Only host can control mouse/kb across multiple devices).
- Linux try [Wayback/Archive.is] x2x
- Mouse Without Borders: Free and Easy for Windows
- Synergy & Barrier: Smooth and Cross-Platform
- Input Director: Mouse Without Borders Alternative
- Sharemouse: Synergy Alternative
- KVM Switch: The Hardware Option
- (Chrome & Microsoft) Remote Desktop
–jeroen
Posted in Apple, Hardware, Keyboards and Keyboard Shortcuts, KVM keyboard/video/mouse, Mac OS X / OS X / MacOS, Power User, Uncategorized, Windows | Leave a Comment »
Posted by jpluimers on 2022/07/28
Easiest way to video call from your PC via WhatsApp is to use [Wayback/Archive] WhatsApp: Download – Mac or Windows PC.
This should be an alternative for Hangouts Video Calling as Hangouts is yet another product killed by Google as mentioned in many places for instance:
Posted in About, Conference Topics, Conferences, Event, Google, GoogleHangouts, LifeHacker, Personal, Power User, SocialMedia, WhatsApp | Leave a Comment »
Posted by jpluimers on 2022/07/27
A finger print as authentication factor: be sure it is not the only factor, and devise a way to delete it just in case some party wants to force you to use it as an authentication factor.
Some links for my archive:
[Archive.is] Cabel on Twitter: “(Important caveat/warning: if you SSH into that machine, you will NOT be able to sudo, as your fingerprint cannot travel through SSH. 😜)”
sudo … “
–jeroen
Posted in *nix, Apple, Mac OS X / OS X / MacOS, Power User | Leave a Comment »
Posted by jpluimers on 2022/07/25
Last year, I wrote about Low cost remote IP KVM and control, is it possible?, mentioned [Wayback/Archive.is] Pi-KVM – Open and cheap DIY IP-KVM on Raspberry Pi and pledged for the [Wayback – OpenSSH 8.0 release notes/Archive.is] Pi-KVM v3 kickstarter project.
From their updates a few notes and a few of my own on PoE, HDMI/VGA, video passthrough, and a short of shopping list.
First the entries from the PiKVM Kickstarter updates::
Posted in Hardware, KVM keyboard/video/mouse, PiKVM / Pi-KVM, Power User | Leave a Comment »
Posted by jpluimers on 2022/07/22
Onze WTW moet geregeld van het net af voor onderhoud aan de filters.
Dat is niet heel goed voor het Perilex stopcontact in de muur, dus ik zocht een andere manier om het apparaat af te schakelen.
Ik ben er nog niet helemaal achter (behalve de hele groep waar diverse andere delen van de keuken en het trappenhuis aan hangen), maar hieronder het aansluitdiagram zodat ik het in ieder geval terug kan vinden.
Hier iets meer over Perilex aansluitingen en onderhoud aan WTW / balansventilatie / mechanische ventilatie:
–jeroen
Posted in DIY, Hardware, Power User | Leave a Comment »
Posted by jpluimers on 2022/07/21
Over the last years, Microsoft has been retiring a lot of KB articles that in some situations can be of great value, not just when using legacy systems: sometimes they are the only source of accurate information on current systems as well.
I was glad to find that many of the retired articles made it to the [Wayback/Archive.is] Microsoft KB Archive – BetaArchive Wiki.
From that page:
Posted in Development, Power User, Software Development, Windows, Windows Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 