Tom's Tips

If, like me, you've got a scrappy Linux host lying around to run a few websites you're probably interested in taking its security up a notch from the standard install. Assuming you're running the highly common apache2 and iptables, see the links below for some surprisingly straightforward configuration tweaks to improve the security of your webserver. Add HTTPS with Let's Encrypt If it's been a while since you've looked into certificates, you may be surprised to learn you can get them for free from Let's Encrypt. There are many guides around, but it is well and truly time to join the HTTPS-only movement: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04 SSH Cipher gardening You're probably already using SSH keys, have disabled password login and are using denyhosts or failtoban. However, have you ever considered reducing the number of ciphers your server accepts to just the most secure? Te...

So, this brash American dude who ran a relay race event decided to go fancy. None of this using phones to manually scan NFC chips for race timing. He was going to have chips in bibs. He convinced another organisation that also ran races to chip in some funding ... and then went online. He found an RFID reader system. The kind of ground mats that you run over, that connects to a box that goes beep. It was from China. It was insanely cheap. Like fall-off-the-back-of-a-truck cheap. It was delivered, hardware checks out. It came with no software. Last time , we'd figured out that it also provided RFID tag information using a proprietary binary protocol and were trying to lock down exactly what that was. It was one of the most arduous Google sessions I've had for a while. Trawling the entire web for some document or code that probably only existed inside an office in Shenzhen. But I found something! It was amazing, because of the source, and how perfectly it fit my n...

So, this brash American dude who ran a relay race event decided to go fancy. None of this using phones to manually scan NFC chips for race timing. He was going to have chips in bibs. He convinced another organisation that also ran races to chip in some funding ... and then went online. He found an RFID reader system. The kind of ground mats that you run over, that connects to a box that goes beep. It was from China. It was insanely cheap. Like fall-off-the-back-of-a-truck cheap. It was delivered, hardware checks out. It came with no software. Commence epic yak shaving side project! The reader is a Hopeland (previously Clou) CL7206C4 . Basically an ARM9 box running (amazingly) Familiar Linux v0.8.3 with a 2 2-port UHF transceivers . The transceivers are based on the Impinj R2000 platform, which is a popular platform for race timing. I pulled a venerable Thinkpad out of a draw and plugged it into the ethernet jack and fired up wireshark. No DHCP requests, but some documentat...

The Netgear GS116Ev2 is a managed 16-port Gigabit switch with a 32Gbps backplane. If there's DHCP on the network, it will request an IP from that (look for MAC B0:7F:B9). If not, the default IP address is 192.168.0.239. The default password in the web interface is "password".