Most of the image manipulation and media organization applications that I’m using do not have great support for meta data. Sure, they can display and edit relevant meta data. But they’re not great at filtering, bulk-editing, etc. So I’m using the exiftool CLI to get some of the basic image meta-data straight, before uploading images …
Tag Archives: computing
XSS Demo [en]
Finally some good use for my new infrastructure. I’ve had this small Angular app lying around, which I wrote for a presentation/demo on XSS a couple of years ago. So far, I’ve run it locally to demonstrate XSS vulnerabilities and how to exploit them. Now I have a place to put it and share it …
The B in BYOK stands for Bullshit [en]
I’ve recently encountered someone, who insisted on a Bring-Your-Own-Key (BYOK) setup for compliance reason. I’ve always been skeptical about that and I didn’t have to search long for confirmation. This is what the Wikipedia article on BYOK has to say: […] a cloud computing security marketing model […] […] gives the enterprise the perceived control …
Let’s Revoke! [en]
Getting TLS certificates from Let’s Encrypt is easy, but that’s just part of the story. It may sound paranoid, but being able to revoke certs is almost equally important. The premise is that there’s always a chance that your private keys will leak. Maybe it will never happen to me, but it will eventually happen …
Let’s Encrypt! [en]
… is where I’m getting the TLS certificates for this blog nowadays (after moving away from CAcert). I’ve been using Let’s Encrypt at work now and then. Many colleagues in my department are heavy users and my employer is a sponsor. So I knew what to expect and how to get started. Nevertheless, here’s a …
Goodbye CAcert [en]
When I started this blog back in 2010, I wanted HTTPS, but I didn’t want to pay extra for it. Back then that wasn’t as easy as it is today. So I compromised and got my TLS certificates from CAcert. Problem was that almost no OS or browser vendor trusted their certs. Debian and Ubuntu …
OK, Boomer [en]
Looking for a web security challenge? I recommend this XSS Game. Frankly, I’ve even struggled with some of the “easy” warmups. Let alone the challenges. Luckily, they’ve published solutions, too. Kudos to Pwn()!
Biting my style [en]
So I’m working at a huge software company and in my department we have this nice tradition of lunch-talks. The company buys pizza and we all eat it, while one hungry person gives ~1h talk. (Well, that was before the pandemic, now everything is remote and we have to fend for ourselves.) Most of the …
It’s been a while [en]
My last post here has been over 4 years ago. I’ve really neglected this blog. Let’s see, if I can change that… Part of the problem was the rotten technology underneath. Even apart from WordPress. It was running on some weird virtual server at a local hosting provider. Weird, because it was neither full virtualization …
The xkcd guy nails it again [en]
This time, at the intersection of computer science (my occupation) and biology (my hobby): According to Randall, we’re still 2 years ahead of the hype cycle. Anyone willing to join me in switching to CRISPR/Cas9 by then? Update: Thinking about it, told you so.