Things I Learned Last Week: 12/27/2010 – 01/01/2011

by kriggins on January 3, 2011

in TILLW

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else ๐Ÿ™‚

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

"It is not necessary to change. Survival is not mandatory.โ€Zombie Survival Guide
- W. Edwards Deming

I'm going to go a step further than Mr. Deming and say that flourishing is not mandatory. The issue at stake is often not one of survival, but one of taking that next step that can lead to new knowledge, new experience, new growth...flourishing.

We've talked about courage and failure already. Both are part and parcel of change. Not every change is going to be successful or even good, but, in many cases, maintaining the status quo results in stagnation or just isn't an option.

Some embrace change. They thrive on it. The allure of the new is irresistible to them.

Some don't.

If you fall into the second category you might get something out of the book Who Moved my Cheese?.

Don't avoid change. It is going to happen whether you want it to or not. Being ready to deal with it and making the best of it will go a long way towards making it a whole lot easier when said change does happen.

Infosec Stuffs

Not a lot caught my eye last week. Probably due to the number of folks that were on vacation or just general year-end slow-downs, like me not paying much attention ๐Ÿ™‚ However, I do have a couple things for you.

OWASP Secure Coding Practices Quick Reference Guide

This is a handy 17 page document that boils down the OWASP Secure Coding Practices to the nitty gritty. Definitely a reference to keep close by.

OWASP_SCP_Quick_Reference_Guide (PDF)

PC in a Plug

This is very very nifty project, particularly if you happen to be performing a physical penetration test. It doesn't appear that the actual hardware is available yet. When it is, it will be fun to play with.

Covert Penetration

Non-Infosec Stuffs

I don't have much to talk about here this week either. The only thing I want to mention relates to the architecture that I use for the different blogs and websites I manage.

I use a combination of WordPress or Drupal served by a Nginx web server/PHP/PHP-FPM/MySQL stack. Recently, I needed to increase the maximum file size that could be uploaded to one of my sites.

Should have been simple.

Wasn't.

Actually, it was. I was just a bit dense.

Turns out that some of the settings in the php.ini file are updated when you restart Nginx and some require you to restart PHP-FPM. The Nginx restart script doesn't do that bit for you. Oops.

The specific setting I was trying to modify was upload_max_filesize. I finally a) remembered about PHP-FPM and b) restarted it and, after a bunch of silliness, wah-lah, uploads of large files worked. Sheesh.

Keep it Simple StupidMoral of the story? If you aren't getting the result you expect when making changes to your web publishing stack, make sure you have restarted the whole mess before looking for other culprits.

Closing

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

Photo Atribution:
KISS: Jegi
Zombie Survival Guide: jronaldlee
http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: