Raspberry Pi Line Status Display Instructions Updated

I have just updated my instructions on how to create a TfL Underground Line Status Display with more information. I have also included links to additional TfL Data sources.



Linux Shell Scripting Cookbook available Free – Today Only

For the next 18 hours Packtpub Linux Shell Scripting eBook is available for free.

Get it here.


Free IT eBooks from Packpub until 5th March

Packtpub have a great offer on at the moment. They are giving away a different eBook everyday until the 5th March.

Today’s book is on Selenium 2



Configuring HSTS & OCSP Stapling

There are a couple of new technologies that are becoming more widely used that you may what to think about using. I have written a couple of pages explaining what they are and how to use them. They are definitely worth a look if you are a web server administrator.

How to Configure OCSP Stapling on Apache HTTP Server

How to Configure HTTP Strict Transport Security on Apache & NGINX

David Cameron wants new laws to restrict terrorists communication

David Cameron the UK Prime Minister has stated in an event in the East Midlands that new online data laws are required to remove the safe places that Terrorists communicate with each other. He also stated that he would push this if re-elected as Prime Minister.


One particular statement is of concern to me. David Cameron said, “There should be no means of communication which we cannot read”. This statement worries me. It implies that the use of encryption will be restricted in some way. Maybe by restricting the levels of encryption is use or by inserting backdoors into software or hardware. Can you imagine the notion of a backdoor? This means intentionally adding an alternative way of gaining access. What if the bad guys found this too.

On one hand I am patriotic and want to make sure that the police and security services can do their job. Mainly to protect me and my family from terrorists and other criminals. On the other hand I am a security professional and understand the continual and ongoing threat from criminals that try to attack and abscond with our data, or worse in some cases.

Because of this I want to make sure that my data and the services that I use are protected in the best ways possible. This is an ongoing struggle, and something that needs to evolve as time goes on.

An example of this is the recent issues with OpenSSL (Poodle & Heartbleed). I have had to make various changes to the security settings I use of the past year. If my Government had mandated that I need to use a maximum of SSLv3, then suddenly I would have a problem. I could not go to TLSv1.0 because I would be breaking the law, and I could not stay with SSLv3 because my data would be at risk. The nature of politics does not allow for law changes over night. Suddenly I am between a rock and a hard place. What do you do?

I would like to draw your attention to Moore’s Law, that stated “Computing performance doubles every 18 months”. Computing is by its very nature dynamic. Put simply… Things can change very quickly, in sometimes unpredictable ways. I truly hope that the people in power that make these kinds of laws recognise that.

The last thing I would like to draw your attention too, is Edward Snowden. He recognised that the American government had too much power and that this needed reigning in, so they are held accountable for their actions . We need the same in the UK. We need to make sure that our government is held responsible for their actions and that they are not allowed to do anything stupid.

In closing, terrorists and criminals are clever. What is to stop them from using services outside the UK without restricting our right to a free and open Internet?

*Update 14th January 2015 @ 07:55

Since I wrote this The European Union Agency for Network and Information Security (ENISA) has published a report stating at more security and encryption and privacy is needed, not less.




How to secure SSH

I found this article today that goes into a lot of depth on how to properly secure SSH. It is definitely worth a read.


What is good about this article is that it covers all the various Cipher Suites available to SSH and which are secure and how to disable those that are of lower quality.

One thing to note. This article was written on 4th January 2015. This is great for now, but be aware that in 1 year, 6 months or even next week, things could have changed.


Plusberry Pi – Ultimate Raspberry Pi Case

The Plusberry Pi is a special case for the Raspberry Pi. The most important thing about it is that it has enough space of a dedicated 2.5″ HDD.

It looks like a fabulous case. Just what I am looking for.

The only issue is that it is a Indiegogo project looking for funding.

Plusberry Pi Media Case on Indiegogo

As of writing it has 91% of the funding required ($35,350 out of $39,000). So not far to go, but only 4 days to go.

If you have any interest in the Raspberry Pi then this project would make a great investment, especially as it is the only case I have found that is designed specifically to house a 2.5″ HDD. It would be particularly useful for a home media server.

Take a look and see what you think.

Netflix Logo

Ubuntu 14.04 LTS to get Native Netflix support

In a recent discussion with Ubuntu developers, it seems that Netflix will soon work natively on Ubuntu 14.04 LTS in the Google Chrome browser.

This has become possible because of the development of the HTML5 player.

The only prerequisite is for the NSS security package to be upgraded to at least version 3.17. This is planned to occur in the next couple of weeks as a standard security enhancement.

At the moment it is possible to watch Netflix on Linux, but only if you adjust the User-Agent string in Google Chrome.

Update 23rd September 2014

I can now confirm that the NSS package has been updated to version 3.17 and that Netflix is now working in Google Chrome.






OpenSSL SHA256 Certificate Migration

Over the last week Google announced that they were going to stop supporting the SHA-1 algorithm for signing certificates.

Google’s SHA-1 deprecation announcement

Because of this I have created a couple of posts explaining how to migrate to SHA-256 based signatures.

Generate an OpenSSL Certificate Request with SHA-256 Signature

Change OpenSSL Default Signature algorithm

Since I wrote those pages other security companies have started to post their own migration strategies.

Qualys SHA1 Migration: What you need to know

In addition, all the major Certificate Authorities (CA) have started providing customers information specific to their services. So if you have certificates already, then contact your CA for further migration help.


Raspberry Pi – London Tube Status

I just added a new Raspberry Pi section.

Complete with details on how to make a London Underground Status Board.

London Underground Tube Status Display