background preloader

NSA-proof your e-mail in 2 hours

NSA-proof your e-mail in 2 hours
You may be concerned that the NSA is reading your e-mail. Is there really anything you can do about it though? After all, you don’t really want to move off of GMail / Google Apps. And no place you would host is any better. Except, you know, hosting it yourself. The way that e-mail was originally designed to work. Today we kill your excuses. Now fair warning: it took me about two days to figure the stuff out you’re going to see in this blogpost, starting from knowing basically nothing about modern e-mail servers. So bookmark this blog post, block off a Saturday next month, and get it done. Edit Some people are complaining that the NSA is pulling all the e-mail over the wire anyway, so encrypting your own server is stupid. In the next two hours, we’re going to fix this. You’re going to host your own mail.It’s going to be encrypted on the server, locked-on-boot, SSH on reboots to unlockWhile we’re at it, let’s fix some things that annoy me about GMail:Better SPAM detection. OpSec OpenDKIM

You Are the Network Linux and Open source An Intro to Linux Distros and Live CDs or Try before you “Buy” With over 600 GNU/Linux distributions available, 300 of which are under active development, what’s the best? How do you choose? Why are there so many Distros anyway? This isn’t written in stone but probably the best Distro for you will be one of the 300 odd Distros still under active development. Complicating this dilemma of choice is the broad differences in Distros. There are others like the ones Banking Institutions have developed where security is King and other Distros can hack your windows passwords or WiFi security. Even though most Distros are free, the time involved in installing a Distro onto a PC or laptop can be costly because “Time is money”. Enter the Live CD… Live CD: “A Linux Distro that boots from a CD (or DVD) and runs in your computer’s memory without being installed is a Live CD. ” Rumor has it that Linux Live CDs have been around since 1998, so the concept isn’t new. Live CDs are simple to obtain and use. Some suggestions for narrowing the field:

Email with Postfix, Dovecot, and MySQL Dovecot allows users to log in and check their email using POP3 and IMAP. In this section, you'll configure Dovecot to force users to use SSL when they connect so that their passwords are never sent to the server in plain text. Users will have to connect using the standard SSL ports - 993 for IMAP and 995 for POP3 - and only those ports. Dovecot 2 uses a number of different configuration files. You'll modify a total of 7 Dovecot configuration files. Congratulations!

Single Sign-On with SAML on Force.com Abstract With the proliferation of SaaS and other web-based applications, identity management is becoming a major concern for businesses. Just think about the number of usernames and password you regularly type each day. You probably log into your company's network, portal, webmail, benefits system, Google Apps, bespoke applications and of course Force.com applications. Now multiply this by the number of users in your company and think about the support and security implications. You need dedicated resources to manage your identity store, respond to password reset requests, provision new users for each system and deactivate users that no longer need access. Implementing a Single Sign-On (SSO) infrastructure enables users to sign in once and have access to all authorized resources. Benefits of Implementing SSO Implementing SSO provides not only time-saving benefits for end users but financial benefits for your company. In other words, there are substantial benefits to implementing SSO.

Sovereign Peer-to-Peer Linux and Open source Linux Security: How to hide processes from other users Small and at the same time great article from Steve on If you run a multi-user system it can increase security if you hide the display of running processes, and their arguments, which belong to other users. This helps avoid problems if users enter passwords on the command-line, and similar. If you’re running a recent Kernel, (version 3.2 or higher), you can achieve this benefit by mounting the /proc filesystem with the new hidepid option: It is worth noting that with the secure values set (“1″, or “2”) all processes remain visible to the root user. If you decide you wish to enable this protection you can change the mount option interactively by running: # mount -o remount /proc -o hidepid=2 To ensure this happens automatically at boot-time you can update your /etc/fstab file to read something like this: proc /proc proc defaults,hidepid=2 0 0 With this in place a user will only see their own processes in the output of top, ps, & etc: Popular Posts:

s3ql - a full-featured file system for online data storage The S3QL project has moved to BitBucket - please update your links! About S3QL S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3 or OpenStack. S3QL effectively provides a hard disk of dynamic, infinite capacity that can be accessed from any computer with internet access running Linux, FreeBSD or OS-X. S3QL is a standard conforming, full featured UNIX file system that is conceptually indistinguishable from any local file system. S3QL is designed to favor simplicity and elegance over performance and feature-creep. S3QL was written and is currently maintained by Nikolaus Rath. Features Transparency. Development Status After two years of beta-testing by about 93 users did not reveal any data-critical bugs, S3QL was declared stable with the release of version 1.0 on May 13th, 2011. Please report any problems on the mailing list or the issue tracker. Typical Usage mkfs.s3ql umount.s3ql /mnt/s3ql

DEMETOLE-TICS: Cuadros de Mando Pentaho Con la ultima versión estable de la plataforma BI descargada de la web de Pentaho (la 3.5.2), y siguiendo las instrucciones de Prashant Raju para esta versión en la plataforma Windows utilizando MySql, realizamos la instalación y configuración de nuestro sistema realizando los siguientes pasos:1) Requisitos previos: maquina virtual Java y la base de datos MySQL (u otra de las soportadas). Para poder ejecutar la plataforma de BI de Pentaho es necesario disponer de una máquina virtual Java instalada en el equipo donde vamos a trabajar. Pentaho recomienda la versión 1.5 de Sun JRE. Con versiones anteriores no funciona y la 1.6 no esta oficialmente soportada (es la que tengo instalada yo), aunque si funciona. Para ver la versión instalada, ejecutaremos el comando: java -version. En el caso de no disponer de la máquina, podemos descargarla en la web de Sun. JAVA_HOME c:\Program Files\Java\jdk1.6.0_17 PATH c:\Program Files\Java\jdk1.6.0_17\bin;..... jdbc.driver=com.mysql.jdbc.Driver

Related: