How I fixed WSL 2 filesystem performance issues

In my development workflow (DevOps and scripting, mainly – I’m a security practitioner, not a programmer) I frequently switch between Windows and WSL. I work a lot with Ansible, and I love the fact that with WSL, I can enable full Ansible linting support in Visual Studio Code. The problem is that there are known filesystem performance issues with WSL 2. At the moment, Microsoft recommends that if…

View On WordPress

Introduction to AI image generation (Stable Diffusion)

For saying that I work in technology, I feel embarrassingly late to this party. I was recently transfixed by posts on Mastodon that showed images generated by Midjourney. I’d never heard of Midjourney. This started me off down a rabbit hole. A few metres down the rabbit hole, I read about InvokeAI, an open-source alternative to Midjourney. A few metres more and I discovered that I would be able…

View On WordPress

Querying GitHub Projects V2 with GraphQL in Laravel

GitHub's new Projects are not accessible via the older REST API. Working with them programmatically involves learning some GraphQL, which can be a headache, the first time you encounter it. Here's my approach, using Laravel.

Note: I previously wrote about using plain PHP to query GitHub Projects V2. In this post I offer some tips for querying using Laravel. GitHub’s new Projects are not accessible via the older REST API. Working with them programmatically involves learning some GraphQL, which can be a headache, the first time you encounter it. Here’s my approach, using Laravel. Authentication Get a GitHub personal…

View On WordPress

Non-alcoholic dairy-free syllabub recipe

At last, thanks to @Oatly, we can have a dairy-free syllabub that’s just as delicious! This version went down well with my son James. 😀

At last, thanks to Oatly, we can have a dairy-free syllabub that’s just as delicious! This version went down well with my son James. 😀 Serves: 6 (or can stretch to 8) Ingredients 250ml Whippable Creamy Oat by Oatly 55g white sugar Juice of one lemon Juice of two oranges 100ml sparkling grape juice Method Add the sugar to the juices and warm until the sugar is dissolved completely Allow…

View On WordPress

Querying GitHub Projects v2 with GraphQL in PHP

Querying GitHub Projects v2 with GraphQL in PHP

GitHub’s new Projects are not accessible via the older REST API. Working with them programmatically involves learning some GraphQL, which can be a headache, the first time you encounter it. Here’s my approach, using PHP. Set up cURL You can certainly use an HTTP request library, but sometimes it’s easiest to get your hands dirty with cURL. Here’s the setup: $ch = curl_init(); curl_setopt($ch,…

View On WordPress

Excel - correctly sort IP addresses

Excel – correctly sort IP addresses

This post is probably for pedants only, who care passionately about correctly sorting IP addresses in an Excel spreadsheet. This approach uses pure functions – no VBA. I prefer it to some other approaches because, frankly, they sail right over my head. Let’s start with a column of IP addresses – like this one: Excel tables are lovely, for working with data like this. If you convert your data to…

View On WordPress

Script to clone a VM with free VMware ESXi

Here's how to clone a VM with free VMware ESXi (PowerShell script).

Many people run free versions of ESXi, particularly in lab environments. Unfortunately with the free version of ESXi, the VMware API is read-only. This limits (or complicates) automation. I was looking for a way to clone guest VMs with the minimum of effort. This script, which took inspiration from many sources on the internet, is the result. It takes advantage of the fact that although the API…

View On WordPress

Using a Canon EOS 60D as a webcam

Using a Canon EOS 60D as a webcam

Necessity is the mother of invention. In the midst of the trauma and struggles of coronavirus, one positive theme has consistently emerged: innovation. In particular, the explosive rise of home working, podcasting and vlogging has resulted in significant improvements in associated technology. So when I recently started researching ways to raise my webcam game (for conference calls and church…

View On WordPress

SOLVED: first-time login problems when enforcing MFA with AWS

SOLVED: first-time login problems when enforcing MFA with AWS

AWS has a tutorial about enforcing MFA for all users. The general thrust of the article is to create a policy that allows users without MFA to do nothing other than log in and set up MFA. Having enabled and logged in using MFA, other permissions become available to the user (according to whatever other permissions are assigned).

This works well apart from one snag: having created a user, and…

View On WordPress

Solved: Windows 10 forbidden port bind

Solved: Windows 10 forbidden port bind

Ever have this problem, launching a Docker container (in this case, Nginx on port 8000)?

Error: Unable to start container: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:8000: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

or maybe this problem, trying to run PHP’s built-in webserver?

php -S localhost:8080[Fri Sep 11…

View On WordPress

Hyper-V virtual switch creation woes

Hyper-V virtual switch creation woes

High-end workstation hardware does not approach enterprise-grade server quality. That’s my takeaway.

I’ve been wrangling with Hyper-V on a very nice ultrabook that has 32GB of RAM and a Core i7 processor (quad-core). Highly portable and useful for running multiple VMs, which indeed was the idea.

This ultrabook is also now sporting the 2004 release of Windows 10. Security-obsessed folks like…

View On WordPress

How to recruit the perfect employee (with free resources)

How to recruit the perfect employee (with free resources)

You may have arrived at this page thinking, “Okay, this is a clickbait article, but I’ll bite.” Clickbaity, because you’d say there’s no such thing as a perfect employee. And I confess, I’d half agree with you. That said, when hiring new people for a role, we’re usually looking not simply for someone who can just do the work but who also will be a good fit. When you get someone with both…

View On WordPress

Better than a risk matrix - part 1

Better than a risk matrix – part 1

There’s something better than a risk matrix? It’s a bold claim. But risk matrices have significant weaknesses, as I have discussed elsewhere.

In information security, we know (I hope) that our role is primarily concerned with the control of risk. We may agree that’s what we’re doing – but unless we can measure risk and show how our efforts change our risk exposure, where’s our credibility?

View On WordPress

How a risk matrix can kill you

How a risk matrix can kill you

As a security professional, unless you work for an MSSP (Managed Security Service Provider), security is simply a cost to the business. Fitting a swipe card door entry system will not in itself generate more revenue. Increased password complexity rules are unlikely to result in increased sales.

How then do we justify our existence? By the way we reduce risk.

If you work in penetration…

View On WordPress

Free CTF and Digital Forensics Resources

Free CTF and Digital Forensics Resources

Are you interested in the forensic side of information security? Want to hone your pen testing skills but not sure where to start? Heard of reverse engineering, but it seems like a black art?

This article is a link dump (so it might go out of date, sorry) of freetools and resources to help you along the way. It started from an email I sent to a security analyst who was interested in learning…

View On WordPress

Be careful adopting IoT - seriously

Be careful adopting IoT – seriously

Those who know me well have probably heard me grumbling about IoT devices – things like Next, Google Homehub, Alexa Echo, etc. 🙂 That’s for a very good reason – you are surrendering your privacy and opening your home up to potential cyber invasion.

There’s a lot of technobable in the following articles, but the short versions are that there was a major security breach in relation to Samsung’s…

View On WordPress

GDPR: Do we need a Data Protection Officer? If so, who?

With “GDPR go-live” just around the corner, one of the questions businesses need to be asking themselves is “Do we need to appoint a Data Protection Officer (DPO)?” Similarly, if your business asks you to act as its DPO, you should be asking what this involves, and whether you should accept the appointment.

Under GDPR, a business must accept considerable responsibilities towards its DPO. And the…

View On WordPress