macOS Sierra SSH “Permission Denied”

Saturday 2016-11-12

keychain-mac-tutoIf you used DSA keys to log in to your SSH server and have upgraded your client machine to macOS Sierra (or OSX Sierra if you like), you probably ran into this problem:

client$ ssh -p 8123 george@ -i ~/.ssh/id_dsa 
Permission denied (publickey).

The answer to this problem is replacing the DSA key with an RSA key, but how do you do on the server when your only means for connecting is the OSX client machine you just upgraded? Here’s how:

Read the rest of this entry »

Open a port in OSX Mavericks’ Firewall

Saturday 2014-05-10

FirewallThe new firewall in Mavericks is great. For the common user. For a developer, not so much. If you are a Java developer like me, and you just need to open one port (say, 8080) so that the web application you’re working on is accessable from another computer, you can’t. I disabled the Firewall altogether for a few days, but it didn’t feel right.

I googled around and to make a long story short, here’s how to open port 8080 on any interface to any application on your OSX Mavericks installation in 3 steps:

sudo vim /etc/pf.conf

Then add the following lines at the end of the file:

# Open port 8080 for TCP on all interfaces
pass in proto tcp from any to any port 8080

Test (and, according to the documentation, load) your edits with:

sudo pfctl -vnf /etc/pf.conf


(I have found at least 5 pieces of voodoo to make the Firewall restart and reload, but none of them seemed to work reliably, so pardon the reboot)

You can close it by commenting out the lines in pf.conf and reboot again. If anybody knows of an easier way to do this, preferably in one terminal command, and without rebooting, let me know.

Hope this helps.

There’s life without Google. Or iCloud. Or Facebook.

Saturday 2014-03-08

Threema, the secure Whatsapp alternativeRegular readers of this blog already know that I am not using dropbox, and I was an Evernote user, but recently decided it became to dangerous and replaced it with my own scripts. I had an interesting discussion on Twitter which made me decide to show you how I run my digital life without the help of Google, Facebook, Dropbox, Whatsapp or iCloud, and still be able to have all the functionality these services offer.

The search was hard and sometimes I need to reconsider some of the choices, but the last few years the selection of products was very stable and the setup has worked flawlessly. Searching for a secure replacement for Whatsapp or Google? It’s in here.
Read the rest of this entry »

Replace Evernote with Spidernote

Sunday 2014-03-02

Resistance is futile

In the past I have used Evernote extensively, it really helped me in my research for this blog and keeping track of meeting notes, todo lists and even making pictures of whiteboards at work searchable. As a product, there is no note taking app that can beat Evernote. But there is a little problem that has become a deal breaker for me, and that is basically the NSA and the way Americans, and particularly the American government seems to think about people’s privacy and online security.

Evernote is an American company, which sadly has to comply with whatever ridiculous request by the U.S. government to turn over data of innocent people all over the world (yes, even outside the U.S. border, I know, it’s amazing). This, combined with the fact that Evernote clearly can not use zero-knowledge encryption because of the services it provides, makes that all the data you and I put into Evernote are at NSA’s fingertips at all times. If you find that as scary as I do, and you have a Mac, there is a way to solve this. Read the rest of this entry »

Anonimatron: Quick Start

Sunday 2013-11-03

Anonymous customerAfter reading my last blogpost on Anonimatron, you must have asked yourself “Great, but how do I actually use Anonimatron to de-personalize my database”? I tried my best to make basic Anonimatron configuration as self-explanatory as possible, just start it without any command line arguments and it will tell you.

Less adventurous or in a big hurry? This blogpost will show how simple it is to install and configure Anonimatron on an example MySQL database.

Read the rest of this entry »

Anonimatron: Overview

Thursday 2013-10-31

It's the LawIn every software project, there comes a time where a bug pops up, nobody knows how to reproduce it, and somebody says “I know, let’s test this against a copy of the production database”. Even with the best intentions, once production data leaves the production machine with all its safeguards it becomes really hard to do access control on that data.

Most of the time, it’s not even needed to have that data. Developers just need a data set which resembles the production scenario close enough. Some brave souls have mixed succes with data generators, but those generators usually are tedious to maintain and die a slow death under the pressure of the daily grind.

In some ambitious projects automated integration testcases are built on top of the data which was inserted by the data generators. As the generators die, so die the tests. If you recognize this pattern, Anonimatron might be the answer for you.

Read the rest of this entry »

How big is 5 Zettabyte?

Sunday 2013-06-23

Spy vs SpySince the interview of Edward Snowden with the Guardian, the discussion about privacy and companies storing and sharing unencrypted private data is picking up. Particularly Americans are worried about what it does for their National security and their private data. But that’s actually a naive thought, given the NSA stores worldwide data.

In a recent coverage on (a rather tabloid-looking news station in the U.S.), the interviewers are shocked to see that the NSA spies on “every American”.

This is a limited view of the world and failing to see the importance of spying on people outside the U.S., but lets start with technical side of things first. What data are they storing and how big is their hard-disk?

Read the rest of this entry »