Använd minst 12 tecken långa lösenord. Ha olika lösenord för varje tjänst. Låt en lösenordshanterare komma ihåg dem så du slipper. Tre råd som löser de flesta lösenordsproblem för användare. Läs vidare för mer information om lösenord för både användare och utvecklare.

I recently added a Content Security Policy header to my web servers. I found a number of issues around getting analytics and embedded videos and maps working. Other sites will have more issues but I suspects these are among the most common.

With Debian 10 (buster) the default firewall is nftables so it’s time to convert my iptables rules. Since Debian stable is never first with anything I was surprised to see how relative few articles and blogs there are about nftables compered to iptables.

I have been watching the WireGuard project with interest for a couple of years. I like how WireGuard is constructed. A small code base that focus on the core functionality. The use of standard Linux networking tools and simple public/private keys.

Some tulips eating animals gave rise to the need of a security camera system. One could have bought a ready made system but that’s boring and as recent events show, their security is often abysmal. Much better to build my own system and I have been mening to play with the Raspberry Pi computers.

After reading articles like My First 5 Minutes On A Server by Bryan Kennedy and My First 10 Minutes On a Server by Cody Littlewood I was inspired to write up how I setup a new server. There are no special tricks in the way I setup servers to make them secure.

Let’s Encrypt is a project that offer free domain validated SSL/TLS certificates. The organisations and companies behind it includes EFF, Mozilla, Akamai and Cisco as well as many other. EFF has long been working for HTTPS Everywhere and Let’s Encrypt is a big step in this direction.

To have a good password manager that can sync between my Mac and my iOS devices is essential for me. I have for some time been looking for a new solution and are now using pwSafe for OS X and iOS.

Here follows a solution for a convenient and secure way of allowing other machines to connect to the Bazaar repository on my server via SSH and key authentication. I only want to allow Bazaar commands and not any other. This setup should be easy to adapt for Git and Mercurial (hg) or any other application that sends command via SSH.