Rafe Hart

Thoughts on security, privacy, and building software.

Due Diligence

27 May 2016

Checking things at part of due diligence is rarely the most fun activity in the world, but it does have a habit of turning up some surprising things. I've been doing some compliance checking for PCI DSS recently, and it turns out a lot of the providers I thought were PCIDSS compliant (and claimed to be) aren't.

Read More

securityheaders.io

07 February 2016

According to Verizon, 9.4% of breaches last year occurred through vulnerabilities in web applications. A lot of these vulnerabilities were SQL injections and the like, which really shouldn't happen these days, especially when you consider that most professional companies should be using a framework for development. However, many of the other potential vulnerabilities can be reduced by tightening the scope of your server config.

Read More

Let's Encrypt

08 January 2016

This isn’t really a cygwin post, but this site has now been given an encryption certificate via letsencrypt. The whole process on debian, from investigating what had to be done, cloning the git repo, and running the single command to create, retrieve and install 5 security certificates took about 3 minutes. Easily the most impressive security service I’ve seen.

Read More

.minttyrc colour schemes & fonts

12 July 2015

Mintty is a fantastic terminal program; it’s now the default with Cygwin for some time. There are a range of others such as xterm and rxvt, but mintty does the trick for me. You can change all the settings by right-clicking on the window and going into ‘options’, but that modifies a file called .minttyrc in your home directory, so you have the alternative of using a text editor if you wish. Mine goes like so:

Read More

.bashrc

05 July 2015

Of all the configuration files, .bashrc is the one that will most affect the command line environment. The .bashrc file controls the configuration options for the bash shell, and for the most part it is the same as it would be in linux. My full .bashrc is here.

Read More

mysql on Cygwin

28 June 2015

MySQL is a well known database, which you will need if you plan on setting up a locally hosted site for web development, or similar. MariaDB, a fork of the project which came into existence after Oracle purchased MySQL, is not yet available on Cygwin as of 2015 or on Cygwin Ports, but watch this space.

Read More