Using Qubes OS for Fun and Profit

Note: This review assumes the reader has a basic understanding of what Qubes OS is and how it works. Please refer to their site for introductory information.

I have been using Qubes OS full time for about six months. The design and architecture have intrigued me for much longer than I have been using it. One of the main hurdles to using Qubes OS is the hardware compatibility needs. My old computer had some issues, so I bought a Dell XPS with i7 Intel processor and 16+GB RAM. My chance had come to give Qubes OS a real try.

Being that I am a full-time consultant for DevOps, Information Security, and Cloud Architecture my needs were a bit different from your average user. With multiple clients with many logins and VPNs, it can be tricky using one main OS (Linux) with VMs.

Read more

Challenges and Solutions for Tech Companies Doing Business in China

China is a unique challenge for building infrastructure for SaaS or App based services. Unlike other (or most other) countries in the world, China has additional hurdles to overcome to offer services to Mainland China effectively.

From the legal standpoint, there is the ICP license is required for every domain name used in China. So it is a challenge for outside companies to get a license since they are outside of China. Many must partner with 3rd parties to obtain this license. Cloud providers like Tencent or AliCloud help users to gain use their license. So once you have your ICP taken care of you must now build cloud infrastructure.

One big issue with trying to work from outside China to service providers inside is what referred to as “The Great Firewall of China” is a state-run firewall that filters content and ports used for services the Chinese government has an issue. A recent example is their crackdown on the use of VPN (Virtual Private Networks) which are frequently used to circumvent the content blocking. However, for administrators are used to connect to cloud providers to manage services securely.

Read more

Decentralizing the Internet Is Only the Start to Reclaiming Privacy

There is much backlash going on over Facebook’s revelations of user data being in the hands of Cambridge Analytica and perhaps many more. Not much of a surprise to more technical users who are more familiar with the surveillance economy as it is now known. People for going on decades have given away their digital identities in exchange for some free services. It is a somewhat timely moment of clarity for Internet users as a whole since it coincides with the explosion of blockchain and other decentralized services and projects.

Now is the time to seize on the backlash and reclaim our privacy online as not just a country but as the Internet as a whole.

There are many good open source and decentralized projects for social media and Facebook equivalents. The real issue comes down to user adoption and supporting the developers.

Read more

Anonymous Smart Contract Driven Orgs and Funds

One of the biggest things that first came out of Bitcoin and blockchain was initially Decentralized Autonomous Organizations (DAOs).  This concept has evolved with Colored Coins, Counterparty, and Ethereum since then.  Of course there have been (big!) bumps in the road. The Ethereum DAO being seen as securities by the SEC is one good example.  Along with the DAO hack which wreaked havoc and caused a lot of drama.

But in hindsight these were all just growing pains of a young technology. Not to say these were not big issues. But with any new technologies there are some casualties. When real world money is involved this can make things more painful for those affected.

Read more

Blockchains for Immutable Infrastructure

Yes, we’ve all heard the hype around ICOs (Initial Coin Offerings) and the Bitcoin/Ethereum price explosion. People are scrambling to make any BS product as an excuse to do an ICO. But let’s not overlook the real use and value of blockchains. To put it simply a blockchain is a cryptographic ledger (or database) that stores data in a P2P fashion. With consensus between them to write the data to the blockchain.

The blockchain can help alleviate the issues of configuration management, file integrity checking, and help build immutable cloud infrastructures with less complexity.

This can help to secure the Internet of Things (IoT) among others things like server configurations. The blockchain is much more than just for currency. Being only the tip of the iceberg in terms of what can be done using them. Not to say that everything should be on the blockchain. One of the biggest issues in past implementations of File Integrity Checking (FIC) is the obvious attack vector was via the database, the hashes were written to verify/monitor file integrity. Compromise the database and it renders the FIC moot. Blockchain based FIC you do not need this worry since that hash is stored across many thousands of nodes across the globe. So even if the local copy is compromised it will be detected by the network as a whole. There would be no central control or access to compromise the signature “database”. With the rise of Infrastructure as Code and Containers there is a bigger need to be able to verify the integrity of systems.

This can be done by generating a token on existing chain like Ethereum (ETH). But the speed of “transactions” is paramount to using a blockchain in this way. So a custom chain would need to be built.