Jamie Scaife - United Kingdom 🇬🇧 

A Look at PureDarwin - an OS based on the open source core of macOS

Wednesday 27th November 2019

PureDarwin is a community project to make Darwin, the open source operating system developed by Apple Inc. that macOS is built upon, more usable by providing bootable ISOs and documentation.

The puredarwin.org homepage, showing the Hexley the Platypus mascot.

The project was founded in 2007, and is seen as the informal successor to the OpenDarwin project (which closed down in 2006). PureDarwin is a downstream project of Darwinbuild, combining the open source Darwin base with other FOSS tools (such as X.org) to produce a usable system. Continue reading...

Apple Virtualisation

Understanding PGP/GPG Key Server Output

Saturday 26th October 2019

I was recently investigating a suspicious GPG key for one of my domains that had shown some activity on the key servers after been dormant for nearly 10 years. The key wasn't mine, and since anybody can create a key with any name and email address, this wasn't indicative of a breach or imposter. However, it was intriguing to see what this automated system, spammer, or whoever they may be, was trying to do with the key.

PGP/GPG key server output can sometimes be quite confusing, especially if a key has multiple subkeys, user IDs and signatures. This prompted me to create a reference guide for PGP/GPG key server output, to help anyone else who may be in a similar situation. Continue reading...

Security Guide

Deploying a Tor Onion v3 Hidden Service Using Ansible

Monday 16th September 2019

As part of an ongoing project to implement version control and configuration management for all aspects of my infrastructure, I have recently moved the hosting for my Tor Hidden Services onto my main web infrastructure, rather than using a separate dedicated machine. Both of my web servers are set up and managed entirely using Ansible, so I had to put together a new Ansible playbook to install and configure Tor. I've documented it here if anyone else may find it useful.

The configuration described in this article is intended for use on Debian/Ubuntu-based systems, however with minor modifications it should be usable on other systems as well. Continue reading...

Security Tor Guide

Serving security.txt Using a Cloudflare Worker

Wednesday 31st July 2019

One of the most common implementation challenges of security.txt is Content Management Systems or managed hosting providers that don't allow you to set the file correctly. For example, they may disallow writing to the /.well-known directory, or it may not be possible to serve files as the text/plain MIME type.

If this is the case, and you also happen to be fronting your website using Cloudflare, you can use Cloudflare Serverless Workers to serve the file directly from Cloudflare, instead of passing the request through to your origin server/hosting provider.

Serverless, also known as functions-as-a-service (FaaS), allow you to run your code in the cloud, without having to rent individual virtual machines or use traditional shared hosting. Instead, your code runs in short lived and isolated sandboxes on a machine with potentially hundreds of other customers' sandboxed code. Deployment, scaling, resilience and system security is all managed by the serverless provider. You are generally billed per execution or for the amount of CPU time used, making serverless much more cost efficient than other cloud computing models in many cases. Continue reading...

Security Guide