The Brits have all the fun

0 comments


Chocolate mixed with pop rocks candy and shaped like frogs... so cool!

UK only  :(

Tutorial: wildcard domain SSL/TLS certificates

0 comments


Subject alternate domain (a.k.a. wildcard) TLS certificates are an efficient way to protect multiple domains without having to purchase multiple certificates.  Unfortunately, I had to dig quite a bit to figure out how to generate/update one using OpenSSL:

Generate a new key and cert:

Download myconfig.cnf and configure lines 127-150 and 224-230, install OpenSSL and then run:

openssl req -new -newkey rsa:4096 -keyout myprivate.key -nodes -extensions v3_req -config myconfig.cnf -out mycert.csr



Update cert (using an existing key):

openssl req -new -key myprivate.key -config myconfig_updated.cnf -out mycert_updated.csr


P.S. The wildcard domain is only single level (e.g. you can't do *.*.example.com)

P.P.S. If you set up your config file with your desired defaults, you can avoid hitting Enter for each prompt by including -batch in your openssl commands above.

Finally... a decent security tool for Docker

0 comments


For all of Docker's benefits and success, there has always remained an inconvenient truth: container security.  Like most set-it-and-forget-it solutions, many Docker users forget to implement an ongoing and regular security plan for keeping their containers patched.  The problem is that most Docker users simply download an "NGINX container" or "Ruby container" and they get their runtime or stack of choice but then don't consider that container comes with its own full-blown OS with many other components that need to be patched and upgraded frequently.  The result: many Docker containers are insecure.

That sad reality may be changing, though, with the introduction of CoreOS' Clair -- an open source security scanner and alerting tool that efficiently monitors your containers and notifies you when they need to be patched.  Sweet!

The reality of Git

0 comments


Courtesy of xkcd