Jamie Scaife - United Kingdom 🇬🇧
No Ads, No Tracking, No JavaScript
This website does not serve any adverts, tracking cookies or other internet annoyances.
It's also 100% JavaScript free.
Tor Hidden Services
This site is available through Tor at:
-
Onion v2:
-
Onion v3:
Serving security.txt Using a Cloudflare Worker
Wednesday 31st July 2019
One of the most common implementation challenges of security.txt is Content Management Systems or managed hosting providers that don't allow you to set the file correctly. For example, they may disallow writing to the /.well-known directory, or it may not be possible to serve files as the text/plain MIME type.
If this is the case, and you also happen to be fronting your website using Cloudflare, you can use Cloudflare Serverless Workers to serve the file directly from Cloudflare, instead of passing the request through to your origin server/hosting provider.
Serverless, also known as functions-as-a-service (FaaS), allow you to run your code in the cloud, without having to rent individual virtual machines or use traditional shared hosting. Instead, your code runs in short lived and isolated sandboxes on a machine with potentially hundreds of other customers' sandboxed code. Deployment, scaling, resilience and system security is all managed by the serverless provider. You are generally billed per execution or for the amount of CPU time used, making serverless much more cost efficient than other cloud computing models in many cases. Continue reading...
Automating the Integrity Verification Process for Downloaded Software
Wednesday 19th June 2019
I've developed a Bash script that can automatically download and perform integrity verifications for various pieces of software, including Ubuntu ISOs, Kali Linux and some Windows software.
The reason for creating this is to make it significantly easier, more reliable and faster to acquire integrity-checked versions of the software that I regularly use. Previously, downloading and updating this software was a manual process, which is naturally slow and unnecessarily prone to human error.
I've released the script under the MIT license, and it's available on my GitLab profile: https://gitlab.com/jamieweb/dl-integrity-verify Continue reading...
My Interview With Giulio D'Agostino
Saturday 11th May 2019
Earlier this year, I was interviewed by Giulio D'Agostino for his new book and podcast 'Conversations in Cyberspace'. My podcast episode has now been released - if you'd like to listen, it is available on Anchor.fm, and various other platforms:
During the interview, I was asked about multiple topics including reverse engineering, Tor Onion v3 services, Linux and the browser extension ecosystem. I hope you enjoy, and thank you again to Giulio for having me on the show!
Please note that I have no commercial affiliation with Giulio or any of his projects. Continue reading...
Managing Your SSH known_hosts Using Git
Tuesday 23rd April 2019
One of the largest challenges with infrastructure deployment and automation is managing and verifying the SSH server key fingerprints for your servers and devices. Each new server will have its own unique SSH fingerprint that needs to be verified and accepted before your devices (e.g. Ansible control machine, log collector) can securely connect via SSH.
Often, verifying and distributing the fingerprints is a manual process, involving connecting to machines to check and accept the fingerprint, or manually copying lines to your ~/.ssh/known_hosts file. In some cases, people also unfortunately bypass the warnings and accept the fingerprint without checking it, which fundamentally breaks the security model of SSH host authenticity checking.
I have recently solved all of these challenges by implementing a new solution for managing my saved SSH server key fingerprints (known_hosts). I'm storing a verified copy of each fingerprint centrally in a public Git repository, and I can then pull from the repository on all of my machines/devices whenever the key changes. This allows me to securely and semi-automatically distribute the fingerprints with minimal manual work required. Continue reading...
Subscribe
Popular Pages
Raspberry Pi + BOINC Stats
Stats from my RPi cluster + BOINC.
Updated Every 10 Minutes
Exploitable Web Content Blocking Test
Test whether exploitable web content is blocked in your web browser.
Tor Onion v3 Hidden Service
Testing the new Onion v3 Hidden Services.
Saturday 21st October 2017
Namecoin .bit Domain
Guide to registering a Namecoin .bit domain.
Tuesday 16th January 2018