When it comes to guarantee data confidentiality on the wire or on the disk we cannot be exempt to know how to use cryptography: this post provides a quick guide of both symmetric and asymmetric cryptography along with an overview of their bricks: RSA and DSA keys, Elliptic Curves keys, PGP Keys, Message Digest, HMAC, digital signature and encipherment. The aim is to provide the necessary terms and concepts to understand how to operate with cryptographic tools, providing examples with openssl.
Category: Blog
Don’t be tempted to skip this post: you would miss something valuable. Of course most of us know how to operate a filesystem, but the underlying details of POSIX filesystems are not broadly known by most of the people. In this post I describe them quite accurately, trying to keep at a level that may intrigue, but avoiding to be too theoretical. Having such an expertise is certainly one of the things that make the difference from a technician and a skilled professional. In addition to that, this skill may really save your life when facing weird things that sometimes may arise.
Clustered file systems are powerful but they should be carefully implemented to avoid split brains, since it is very likely that these lead to data corruption. A very effective way to cope with this risk is SCSI fencing: this trick denies access to the shared disks from nodes that are considered failed by the majority of the nodes of the cluster. The only requisite to implement SCSI fencing is that the shared storage should support SPC-3 Persistent Reservations. This post talks about this topic and explains how to configure a stonith device that exploits SCSI fencing.
JWT provides a convenient and standard way to securely transport claims from an issuer to its audience over HTTP. It can be used for authentication and authorization purposes, as well as non repudiable information exchange. It's easiness of setup along with the pros of being transportable over a simple and plain-text protocol such as HTTP and of being stateless (session data can simply be put inside the claims) made it be broadly adopted by developers, whenever it does not worth to implement more cumbersome frameworks such as OpenID or OAuth. In this post we explore JWT and its related standards JWS and JWE.
Infrastructures are the foundations used to provide services: since services are subjected to confidentiality and availability requirements, infrastructures must be designed so to provide several confidentiality and availability tiers. This way a service can be placed on the part of the infrastructure that meets the availability and confidentiality requirements for its use case. This means that one of the very first things to do when designing infrastructures is defining the corporate's standard tiers.
Vagrant is a personal tool to automatically provision virtual machine environments. It comes for free along with VirtualBox plugin, although there are commercial plugins for other virtualization engines such as VMWare. It is a very handy tool, especially for developers: it enables them to quickly mock-up or destroy even complex virtual machine environments by executing just one command. Within this post we'll see how easily it can be installed, and how easy it is operating with it.