Guus Bosman

I successfully completed a certification for Azure, the cloud offering from Microsoft.

I took the exam in our basement; it was strange to be on video all the time. But the process was nice and smooth.

A script I wrote a few years ago to help me with pictures on the website stopped working... It assumed every year started with 201, haha.

FoundPos := RegExMatch(clipboard, "^201[0-9][0-9][0-9][0-9][0-9].*\.[jJ][pP][gG]", FoundFileName)

I moved my blog to EC2 last weekend and last night the instance stopped working for the first time.

"Design for failure", is the mantra, and I'll do some work on automated reboots when monitoring fails.

Seems like the httpd server went ran out of memory last night.

Dec 15 00:26:49 ip-172-31-60-46 kernel: Out of memory: Kill process 8250 (httpd) score 37 or sacrifice child
Dec 15 00:26:49 ip-172-31-60-46 kernel: Killed process 8250 (httpd) total-vm:526616kB,...
Dec 15 00:26:53 ip-172-31-60-46 kernel: httpd invoked oom-killer...

I just completed the exam for AWS Certified Cloud Practitioner, a certificate that shows I have basic knowledge about the different Amazon Web Service offerings.

The exam was relatively easy. I've been preparing for this conference for a while, and done quite a bit of studying on the various AWS products. I did study a few trial exams from Udemy.com, and those were helpful for questions on more basic stuff like the Billing and Support models -- the less technical topics.

Still, it's been a while since I had done an official test and I was a little nervous, and now I'm very happy I passed the test. "Certified individuals" also get access to a special area here at the re:Invent 2018 conference.

Hmmm, I'm not very proud of this but it looks like my site has had an open redirect for a good while. Years, in fact.

It's a custom script that I wrote 15 years ago and somehow survived the migration from the various CMS that I've used.

The original script had a reference to Php-Nuke from 2002. I've now removed it, finally.

Today I switched from Firefox to Chrome.

I've been using Firefox since the mid 2000's, when it came out to replace the bulky Mozilla suite. It's with some nostalgia that I'm making the switch, but I've ran into several bugs in Firefox that weren't getting resolved.

(While typing this, I did discover that Chrome does not have auto-recover for text areas, which is annoying but thankfully there is a browser extension Typio that helps).

The nail in the coffin was the release of Firefox Quantum last year, when they stopped supporting XUL plugins. I understand the rationale -- but it broke several important plugins, including all those for mass-password reset. In the six months since the switch there haven't been any new plugins written that allow me to change all my 100+ work logins at once.

Firefox also did not work when I was presenting something under WebEx. That might have been WebEx's problem -- but it's annoying enough since I screen-share at least once a day.

So here we are, in a brave new world,

For our college recruitment I gave a tech talk at Carnegie Mellon University last week. It was fun talking with students. They were younger than I remember. It seems like my talk went over quite well, and at the end I gave them my three pieces of advice for looking for jobs: 1. Work where the firm makes its money, 2. Your supervisor is very important. When looking for a job, try to interview her/him as much as possible, 3. Do the hard things. In college: take the hard courses. At work: investigate the hard problems. Be the go-to-person.

The next morning I went for a run downtown, crossing all three rivers. Pittsburgh is a beautiful city.

I drove to Pittsburgh from Arlington -- about 4 hours clean driving time.

Monday and Tuesday I attended WOOT, a series of presentations on computer security attacks. It is part of the USENIX Security 2015 conference.

Two years ago I attended the same conference, and like two years ago, TLS and Android were favorite topics.

The keynote session by Adam Langley on TLS v1.3 was quite interesting. He also spoke about his practical experiences in disclosing vulnerabilities, and how difficult is is to 'manage' that process. He tried several approaches, including telling a small group of trusted companies first, only to be criticized by those outside of the "nice list". Later he tried to expand that circle but then the information started leaking out. His main conclusion was that there's just no good, clean, result you can expect.

I always like approaches like FLEXTLS. They created a framework that made it easy to test the state-machine in TLS. That way, the were able to systematically test which implementations allow the skipping of important steps. It ended up getting a price for the best paper at WOOT.

A presentation that stood out on the second day was about weaknesses in the routers provided by Dutch ISPs. They did some old-school reverse engineering to be able to crack the WPA2 passwords.

Very interesting new approach to attack is to abuse voice recognition.

During the lunches and breaks I spoke with several people. It was nice to meet Dr Lorenzo Cavallaro, the teacher of the online course I took a while ago.

We've been cleaning up the basement and I put some things for sale on Craigslist. Every time I tried to log in to the site with Firefox, I'd get a 404 error. I have Internet Explorer installed for situations like these, but it's not ideal.

Tonight, I discovered the culprit: Craigslist really wants the referer header to be set. I had switched it off in Firefox a while ago (with network.http.sendRefererHeader = 0); switching it back on fixed things.

After many years I said goodbye to Blackberry today. Yesterday the charging port of my Blackberry Storm 2 fell out of the phone.

Today I went to the Verizon reseller in the mall at my work and got the HTC One M8, an Android phone.

I am looking forward to installing apps I haven't been able to use, such as Waze, Uber and Anki SRS, and the phone has been nice to play with so far. My corporate email hasn't switched over yet, hopefully tomorrow.

It's been six years since my first smartphone, a BlackBerry Pearl.