The Yubikey Guide for Newbs

Seriously.. What can this do?

What is a Yubikey? A Yubikey is a hardware cryptographic engine and secret key storage device that is designed at the hardware level to prevent (if not just uncapable) to export the secrets it contains. It is most commonly used as a second factor in MFA authentication schemes. TL:DR - The Yubikey is a write only device with built in crypographic silicon. What are the use cases for the Yubikey? [Read More]

Deploying a blog using Gitlab Pages and Hugo

Easier than ghost.

Honestly, it is pretty easy, just use the built-in template from gitlab.com, You can redirect your DNS entry for your website to the yourusername.gitlab.io and it will load the proper pages, it is also free of cost. so its a quick way to save 5 bucks a month! Although as someone who has not used hugo before, that was a bit of a learning curve. Another part that is a bit awkward is SSL certificates, soon I will have this website under HTTPS, but since all content here is static and public knowledge. [Read More]
Hugo  Gitlab  Meta 

TFTP is NOT a secure protocol… but it was never designed to be.

TFTP, or Trivial File Transfer Protocol is designed to be… trivial. It has no authentication, authorization, or any fancy abilities such as listing the directory of files you are looking at. TFTP was created as a “streamlined” way to send and receive files from devices, especially devices with little to “no” compute resources. For example; one common use is to load firmware and software packages to Cisco devices using an internally managed repository on a TFTP server. [Read More]

FTP is NOT secure software.

FTP is a protocol created in 1980 (RFC959) to transfer files to different servers and networks. typically over a WAN connection. However, it is not a service you should use to host sensitive information. The following is why, FTP does not perform encryption on transit; Anyone between you and the FTP server can, will, and most likely have been monitoring and logging traffic. FTP does not securely communicate credentials; FTP does not encrypt authentication, this means that passwords are in plain text and can be READ BY ANYONE monitoring your network. [Read More]

GitHub acquired from Microsoft

Fellow Open Source Enthusiasts. I regret to inform you that Github has recently been bought by Microsoft. Some of you will no longer desire to place your code on github, but where can you place your code now? Thankfully, Open Source culture prevails with multiple options! Gitlab is feature-wise identical (if not more featured) to github, You can host either your own instance or use theirs. What freedom! My employer uses this software for in house code, their features are paramount and their self hosting option allows those with even the tightest security policies to have their cake and eat it too with Gitlab’s advance CI/CD pipelines! [Read More]