Mozilla's Server Side TLS 5.0
8 Jul 2019
I got distracted into yak-shaving about TLS cipher suites today when I noticed that Mozilla’s Server Side TLS document had been updated – just 10 days ago, it turns out – so I figured I’d try and write down some of what I learnt.
TLS has this negotiation between the server and client about which set of ciphers should be used for the connection. Picking what ought to be on this list, and in what order, can get a little complicated when there are something like 200-300 cipher suites!
Roadtripping in the U.S.
2 Jun 2019
I recently spent 12 days on a road trip through Utah and Arizona. More details on that in another post, but here’s a brain dump of what I learnt (or was surprised by!) about road tripping in the U.S. It’s just the one trip so it’s not exactly distilled wisdom, and I don’t know if anyone will ever find this useful, but I know I will want to remind myself about some of these things before any future road trips, so I might as well post it.
Default AWS Systems Manager IAM policy may grant unexpected S3 permissions
28 Oct 2018
If you use S3 buckets and the AWS Systems Manager agent with the suggested AWS-managed SSM IAM policy for EC2 instances, you should take a careful look at the effective S3 permissions on your SSM-managed instances. Depending on how you’re managing your S3 bucket/object permissions, your instances may have more access than expected.
I’ve been testing out AWS Systems Manager (SSM), ever since the new Session Manager features got announced a few weeks ago.
New CMS (II)
1 Sep 2018
tl;dr – this is Hugo published on Netlify.
From Anchor Couple years down the road, it’s time for a new CMS! I last wrote about moving from Anchor to Bolt in 2015.
The motivation? I have to go around patching things at work, I really do not want to spend my weekend patching my own services as far as possible, especially when it’s not as simple as bumping the version on a Docker image spec and seeing what breaks.
MikroTik RouterOS on tagged M1 Fibre
8 Jun 2016
If you have a recently-connected M1 fibre connection, you should be using the black Huawei ONT, with optional voice port for digital voice, and an untagged internet port on port 1. This guide is not for you.
If you’re on an older M1 fibre connection on the white Nucleus Connect ONT, with a tagged port, typically issued with a white Huawei Residential Gateway or something like the Asus RT-N56U, and you want to connect a MikroTik RouterOS device to the WAN – this guide is for you.
Live packet captures using MikroTik RouterOS and Wireshark
26 Jul 2015
This is a quick post to let Google pick it up. You know how the MikroTik wiki and forums are, plus how Stack Overflow is.. very confusing.
This was tested on RouterOS v6.27 (mipsbe) and v6.28 (smips), but it should work mostly the same everywhere. I was using Windows 7 (64-bit) and Wireshark 1.12.6, on a Thinkpad X220 using the onboard gigabit ethernet port and Intel 6205 802.11n card.
30 May 2015
(This is a very old post that’s ported over just for kicks.)
If you’re wondering why things look different, I’ve switched from Anchor to Bolt, and didn’t want to move the old template over. (I might still do that at some point; I quite liked it.)
I’ve had trying Bolt out on my very long Trello backlog for nearly 6 months; have been looking for a CMS that’s not WordPress and yet able to handle custom post types well.