A better, safer admin user for AWS

Posted on 2017/01/31 by kauer

If you use AWS, you probably have a root user and one or more administrator users. If you are following best practice you have secured all logins with MFA, and you rarely if ever use the root user. Instead, you log in as one of the administrator users. The problem with that is that as long as you are logged in, you can do anything – including make disastrous mistakes. Wouldn’t it be nice to have all the power of an administrator at your fingertips, but only when you actually need it?

Continue reading →

Two-factor authentication – do it now.

Posted on 2016/12/19 by kauer

The online world has become too dangerous for us to keep protecting ourselves with no more than a username and a password. Especially when most of us choose stupidly simple passwords. Even if you choose a good one – upper and lower case, special characters, letters and numbers – you now need such a long one that no human can remember it. Tools like LastPass are great, but only if you also use ridiculously long passwords. Pretty much the best protection you can give yourself is a simple thing called two factor authentication. It’s simple, it’s free, and it’s very effective.

Continue reading →

The cure for darkness is light. Not more darkness.

Posted on 2016/09/26 by kauer

The matter of data centre security was raised recently on a network mailing list I subscribe to. Someone was wondering if data centres checked incoming equipment for “bad stuff” – explosives and what-not.

The reaction from some was “don’t talk about that, we don’t want to give people ideas”. What a muddle-headed response!

Continue reading →

Making ssh even more secure

Posted on 2016/08/28 by kauer

ssh is just about the most secure way you can provide access to a system. But even ssh is subject to attacks. You can reduce the likelihood of a breach even further with a few fairly simple steps. The specifics below are for Ubuntu 16.04, but the principles are the same for any modern Unix.

Continue reading →

Electric toothbrush yuk nope nope nope

Posted on 2016/07/05 by kauer

After using my electric toothbrush I always rinse the whole detachable head, dry the bristles, remove the head and tap out any water. Yesterday when I tapped out the water (from the open end that sockets onto the handle) a tiny black speck appeared on the white porcelain of the basin. Hm, I thought.

Continue reading →

AWS Hardware VPN and MikroTik

Posted on 2016/06/26 by kauer

Recently a client decided to set up an AWS Hardware VPN to their site. The simplest way to research this seemed to be to set up a test VPN to my own router – a MikroTik 951G-2HnD running RouterOS 6.30.2. Here’s how I did it.

Continue reading →

Good error messages

Posted on 2016/06/15 by kauer

I recall our little team getting into trouble many moons ago. We were writing a creditor system, and one of the requirements was for comments to be attachable to individual invoice lines. In COBOL every data structure has to be predefined. One of us thought that surely, surely, 400 comment lines would be enough for any one invoice line. This turned out not to be the case. Continue reading →

Custom window management in Ubuntu/Unity/Compiz

Posted on 2016/04/22 by kauer

Someone asked on the Ubuntu users mailing list how they could set up a keypress that would resize the currently active window to 75% of its present width. It took a little thought, but eventually the tools were found…

Continue reading →

Lenovo E560 and Ubuntu UEFI dual boot

Posted on 2016/02/29 by kauer

My old Dell Vostro 1720 is on the way out, after giving sterling service for over six years. The replacement is a Lenovo E560. I just spent a day trying to get it to dual boot the installed Windows 7 and Ubuntu.

Continue reading →

APC BR900GI UPS tips

Posted on 2016/02/29 by kauer

As the proud owner of a Synology DS415+ NAS (network attached storage) device, I thought I had better protect the large amount of data accumulating on it by also becoming the proud owner of a suitable UPS (uninterruptible power supply). That way, when the power fluctuates or goes off unexpectedly (as is quite common in rural Australia, where I live) the NAS is protected and will have time to shut itself down in an orderly fashion. So I purchased a Schneider (APC) BR900GI UPS. This article is about how I set things up.

Continue reading →

Karl Auer's Blog

musings on IPv6, privacy

Category Archives: Technical

A better, safer admin user for AWS

Two-factor authentication – do it now.

The cure for darkness is light. Not more darkness.

Making ssh even more secure

Electric toothbrush yuk nope nope nope

AWS Hardware VPN and MikroTik

Good error messages

Custom window management in Ubuntu/Unity/Compiz

Lenovo E560 and Ubuntu UEFI dual boot

APC BR900GI UPS tips