A quick and easy way to install YubiKey PAM for Ubuntu. There is also a Bash installer for Debian in the same GitHub repo.
Tuesday, February 26, 2013
<cfquery name="foo" datasource="foo">
SELECT SQL_CALC_FOUND_ROWS * FROM foo
WHERE id > 2 LIMIT 2
<cfquery name="bar" datasource="foo">
SELECT FOUND_ROWS() AS numRows
Monday, February 18, 2013
Friday, February 15, 2013
I've decided I'm going to live blog the sessions that I attend at PyCon using Google Drive. This means you'll be able to even watch me take my notes as the session goes on. So I'll be blogging the live Google Doc links in a future blog post. I'm so excited! Watch this space...
Thursday, February 14, 2013
pyMNtos - February Meeting Agenda - David Goodger on The Zen of Python Revisited and 3 Lightning Talks
Our next meeting on Thursday 2/21 (pizza at 7p / meeting at 7:30p -- Please RSVP) includes three Lightning Talks:
- MyHDL -- Chris Felton
- Docopt -- Andrew Carter
- Building Web UIs with Twitter Bootstrap -- Peter Farrell
David Goodger will be presenting a longer talk on The Zen of Python Revisited -- A fresh look at the meaning of Python's Zen. Does it mean what you think it means?
David is best known in the Python world for Docutils / reStructuredText and for chairing the 2008 & 2009 PyCons in Chicago.
We might broadcast this as a Google+ Hangout for those interested in attending remotely or out of state. Let me know if you are interested as I don't want to setup all the mics and camera if nobody is going to come.
Wednesday, February 13, 2013
Continuing on with my year of digital security ideas, I wanted to share a few short thoughts on some lessons I learned using LastPass and YubiKey.
- Before I committed to switching to LastPass, I tried it out. LastPass uses a Master Password and I generated it in my KeePass. However, I didn't save my KeePass vault for some reason. Never forget your LastPass Master Password or you will be sorry.
- Always generate a few one-time passwords (OTP) to get into your LastPass vault just in case.
- After you receive your YubiKey, be sure to sign up for the Yubico Revoke Service and add your key. This allows you to revoke your YubiKey in the YubiCloud authentication service in case your key is lost or stolen. You have to physically have your key to add it to the revoke service -- you cannot add a key if you do not have it (like after you lost it).
- Be sure to add your YubiKey to your LastPass profile and enable two-factor authentication.
Tuesday, February 12, 2013
This year I'm focusing on something entirely different: Security. Actually, I did a lot of small security stuff at the end of 2012 so I'd say I started 2013 with a "very good" rating. Instead of a tutorial on how to implement security in your digital life, I'm just going to share some of things I've already done and where I'm going from here.
I was already doing a lot of good things that I started in 2012:
- I was user of a password manager / password vault. I've been using KeePassX (available on many platforms like Linux, MacOS, Android, Windows, etc.) on both my laptop, desktop and Android phone. I kept my single password vault file in sync between devices using DropBox.
- Stopped sharing similar or the same passwords between sites. I was pretty good about this, but sometimes I would order something from a company that I knew I would rarely use. I became lazy and didn't always setup a new profile in KeePassX. For example, I was one of the 24 million accounts that were hacked at Zappos in January of 2012. Also, my credit card information was stolen (see sample letter in PDF) from Altrec -- an outdoor outfitter where I made a purchase almost two years ago.
- After reading Matt Honan's tail of how he got his entire digital life wiped out by hackers in Wired last August, I turned on Google Authenticator (two-factor authentication) on all my GMail accounts (even DropBox can utilize Google Authenticator).
So, you're probably thinking what more can you do? Well, there a few more items that I've already working on or done in 2013:
- I decided to switch from KeePassX to LastPass for my password management. I switched for three reasons:
- #1 - LastPass has tighter integration with the browser and the cloud. LastPass has a pretty good web browser plugin for Chrome and Firefox. KeePassX I would have to find the profile and use the clipboard to copy my password. LastPass just reminders my profiles.
- #2 - My LastPass password vault is encrypted locally and stored in the LassPass cloud. This takes the pain of synchronization with KeePassX and Dropbox out the equation.
- #3 - Two-factor authentication support. For those that don't know what this is, this means you need both the password and some physical item (that usually emits unique codes) in order to login. If you don't have both items, you cannot login.
- Two-factor authentication using YubiKey. These are amazing little USB devices that emits an one-time password (OTP). For example, to login into my LastPass vault I use my master password and then I have to authenticate using the OTP emitted from my YubiKey. They even offer a YubiKey that has NFC built-in so you can use it with NFC enabled devices like my Google Nexus 7 tablet.
- I now encrypt my home directory data on my HD (via Ubuntu) on both my laptop and desktop. So even if you steal my computer -- you cannot get my HD contents unless you know my password. (Note: Yubico offers a PAM for Linux so I could even require my YubiKey login).
I hope this inspires you to do more for your security of your digital life. I'm planning on writing up a nice quick start soon for getting started with LastPass and some of the things I did or things you shouldn't do like I did. Let me know if you have any questions. Until then, may the security deities be with you!
Saturday, February 9, 2013
Could not verify datasource: java.lang.VerifyError: (class: com/mysql/jdbc/DatabaseMetaData, method: supportsRefCursors signature: ()Z) Illegal use of nonvirtual function call
No matter the amount of Googling did anything turn up useful. After reinstalling MySQL, I realized that my Aqua DataStudio could still connect and query the MySQL databases. I tried a new MySQL J/Connector which did not help.
In the end, the fix was that Tomcat was using Java8 weekly (via a .deb) and something in Java8 must be broken. I downgraded Tomcat to use Java7 and everything worked. I found out that there was an update to my system to Java8 on 2/13 and the restart made it effective because Tomcat had been running for at least a week.
The fix: Check your Java version and downgrade from Java8