I changed job last week. The new employer is a bank card issuer. I picked up the term of issuer, when sitting in an internal development team meeting. Before this training session, I would have said the company does back-end processing for banks. Now I know ‘back-end processing’ is certainly an ambiguous and simplistic description. Read the rest of this entry »
Last night when I pointed my Mozilla Firefox 2.0.0.2 browser to ADP’s self-service portal at https://portal.adp.com, a code segment was returned on the top of the page. Internet explorer didn’t show these code. Both has the code segment in the source (’view source’ option under Tools) though. It shocked me very much, considering how much corporate payroll and benefits are now serviced by ADP’s self-service portal. This, by the way, also helps to approve that HTTPS (HTTP+SSL/TLS) alone won’t secure your server as I wrote earlier.
Read the rest of this entry »
A packager could opt to sign a RPM package. If a RPM is signed, the RPM package would contain a digital signature ready to be used to verify the integrity and authenticity of the RPM package. To be effective, the signing should be done by a different user on a separate server and both the signing user account and the signing server are secure. Once such a RPM package is downloaded, you can verify its digital signature using the rpm command itself. The key itself may need to be verified with GnuPG or PGP command.
Read the rest of this entry »
This blog (www.supportsmb.com) received a bunch of spam comments recently. The commenter’s URL looks normal. When you click on the URL, however, it redirects to a search engine to query for ’sex’. To counter comment spam, I initially tried to install secureimage plugin and had trouble forcing it to behave. This stream of spam is difference, since it is by trackback.
When it first started, I changed the URL to some neutral URL such as www.google.com. Once I realized that the commenter’s name itself is tainted & loaded as well, I ended up deleting or marking them as spams. This routine got old really quick. I took a look at the web server log and found a common pattern for these spam comments.
I was setting up my Google RSS reader when I noticed on slashdot, a blurb on RHEL5 (Redhat Enterprise Linux) release today. I went on to Redhat’s official website. Sure enough, it is on the main page.
The updates and feature list, aka, the technical aspect of the release is much anticipated, if not predictable from the feature list for its beta, FC6 (Fedora Core Linux 6). Two main things are full integration of Xen virtualization and advanced management for SELinux. Read the rest of this entry »
