The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,277 other followers

Archive for the ‘Security’ Category

Evil environment variables….

Posted by jpluimers on 2021/02/11

I totally agree with Nick Craver “I absolutely hate environmental variables for configuration. They’re brittle, they’re ambient, they can be changed and FUBAR any known state underneath you, they’re an attack vector, just…”.

A little event in the early 1990s made me cautious whenever I see environment variables in use.

One of my clients had a network that had to be separated into three logical areas: one for workstations communicating with a certain server and some equipment, and another for a different server and other equipment, and finally a bunch of semi-local workstations that did some peer-to-peer and specialised equipment communication.

For that era, this was a LOT of stuff to manage.

Since users always were working from the same computers, and there was very little overlap between the areas, I created a bunch of login scripts. Since this was Novell NetWare 3.x era, you only had default, system and user login scripts (see [WayBack] NetWare 3 Login Script Fundamentals), of which only system+default or system+user could be combined. No groups scripts yet (:

So I introduced an environment variable NETWORK that would hold the kind of logical network.

Boy was I surprised that a few days later, the head of administration came to me with a problem: one of his administration programs – despite no documentation mentioning anything about such a feature – suddenly asked for a license!

A few hours of phone calls and trying later, we found the culprit: that software had an undocumented feature: when the NETWORK environment variable was set, it assumed a large corporate, with a very special license feature.

That was the day, I started to be wary of environment variables.

The workaround was simple: have the program being started with a batch file, temporarily clean the NETWORK environment variable, then run the application, and finally restore the environment variable.

Inspired by two tweets I got within a few days time:

–jeroen

Read the rest of this entry »

Posted in History, Power User, Security | Leave a Comment »

Deciphering the Messages of Apple’s T2 Coprocessor | Duo Security

Posted by jpluimers on 2021/01/28

Interesting read: [WayBack] Deciphering the Messages of Apple’s T2 Coprocessor | Duo Security.

Via:

–jeroen

Posted in Development, Security, Software Development | Leave a Comment »

NDC 2019 Keynote: Welcome to the Machine – Hadi Hariri – YouTube

Posted by jpluimers on 2021/01/27

I am really glad this keynote got recorded. Still very relevant, it is as much about software development as it is about society.

Go watch it, as it gives you reason to think about your role in the software development process, and in the information fire hose at large.

Back in the days, David Intersimone was right when he created the regular blog post “Sip from the Firehose” (for early materials, see [WayBack] GetPublished – Author Information: Firehose).

The talk main thread is about current and ever growing overload of information which basically makes it disinformation, combined with the abundance of “AI” recording devices around you that basically make you the product.

Basically we reached all the tick marks of these books:

The session is not just about “how bad is the situation” (it is very), but also provides directions on how to get out of it for both people in the development process, as well as consumers, producers and sharers of information.

via:

–jeroen

Read the rest of this entry »

Posted in .NET, Development, Opinions, Power User, Security, Software Development | Leave a Comment »

PassProtect – Chrome Web Store

Posted by jpluimers on 2021/01/25

[Archive.is] PassProtect – Chrome Web Store:

Stop using bad passwords. PassProtect alerts you about breached credentials. Powered by “Have I Been Pwned?”.

Interesting plugin. Will try this soon.

Via:

–jeroen

 

Posted in Authentication, Chrome, Firefox, LifeHacker, Power User, Security, Web Browsers | Leave a Comment »

Ga met een gerust hart op vakantie met WoonVeilig beveiligingsset – CooleSuggesties

Posted by jpluimers on 2021/01/22

Ik had al eerder over woonveilig geschreven (Ik ben wat verward over de @WoonVeilig site. https://t.co/ui8agTkgM9 heeft het bijvoorbeeld over GATE-03 en GATE-02, maar…), nu iets meer over de installatie handleidingen van GATE-03:

De aanmeldprocedure brengt je naar [Archive.isalarmsysteem.woonveilig.nl/nl_NL_woonveilig/registratie, die voor registratie nog verwijst naar:

Een paar tips tijdens de registratie en gebruik:

–jeroen

 

Posted in LifeHacker, Power User, Security | Leave a Comment »

 
%d bloggers like this: