Ben Tasker's Blog

Thoughts on Mailpile

I was quite excited when Mailpile was released as a beta, and it made it onto my list of 'must have a play with'. Life being life though, I didn't get chance to give it a proper go until recently.

Sadly, it was somewhat anti-climactic and I've been left feeling more than a little underwhelmed. Mailpile shows a lot of potential, but it's definitely not ready for production yet. 

I ran my testing on a CentOS 6 VM, and in this post will summarise the good and the bad.

Read more ...

Shop section closing 31 December 2014

The shop section of my site will be closing for business on 31 December 2014 and I'll be withdrawing all digital downloads from sale.

It's not something I actually wanted to have to do, but as the changes to the EU VAT rules come into effect on the 1 January 2015 (HMRC at least are calling it VAT MOSS), the additional overhead involved in compliance means that running the shop will likely no longer be financially feasible.

The closure will include everything in my (somewhat small) shop, so

  • Joomla Extensions
  • Ebooks
  • Credlocker Extensions
  • Photos

Read more ...

ON-Networks PL500 Powerline Adapters

Quite some time ago, I played around with some Computrend 902 Powerline adapters and found a number of different security issues - here and here

Those devices are long gone, but whilst the issues I found were relatively minor (if nothing else, proximity was required) it left me a little concerned about the security of any devices that might replace them. For quite some time, I didn't need to use any powerline adapters, but eventually the need arose again (no practical way to run CAT-5 to the location and the Wifi reception is too spotty).

So I bought 2 pairs of On-Networks' PL500S Powerline adapters. Depending where you buy them from, the model number may be PL500P, PL500-UKS, or even the Netgear part number - Netgear ON NETWORKS PL500-199UKS.

I've not got as far as giving them a serious hammering from a security perspective as yet, however there doesn't seem to be much information about these devices available on the net (and what is there is potentially misleading), so I thought I'd post the information I've pulled together from prodding the devices, as well as a few common sense facts that might be being missed. As I'd have found some of the information helpful had it been available prior to purchase, I suspect others might find it of use too.

Read more ...

Virtualisation: Google Play Music Manager cannot identify your computer

Although there seem to be an increasing number of things which irritate me about Google's Play Music, there's no denying that it's an incredibly convenient way to listen to music when not at home. Whether using the Android App, or playing in a browser, it makes your library available wherever you are.

It's a pity then, that Google have decided to make it such a royal PITA to upload music (I'm also not too happy about the requirement to have card details on file, even if you plan on using the free version - you should only ever need to provide card details when the plan is to actually use them, it reduces the likelihood of them being compromised).

As Google's Play Music Manager now won't run on my desktop (something I need more introduces a conflicting dependency , I figured I'd run Music Manager in a virtual machine and just point it at the right NFS share.

Turns out it wasn't quite so simple, as Music Manager returns the error 'Login failed. Could not identify your computer'.

After some digging, it's incredibly easy to resolve though.

Read more ...

Understanding Password Storage

I occasionally receive emails from people who have come across PHPCredlocker, and the question is usually the same - "Why are you storing passwords using reversible encryption?". Most emails are polite, some not so much, but they all have one thing in common - assuming that a commonly stated fact applies to all scenarios, and failing to apply a bit of simple logic that would tell them the answer - because that's the only way the system would work.

In this post, we'll be briefly looking at some of the ways in which you can store credentials, and which of them are appropriate to use (and when), in the context of building an application (web or otherwise).

Read more ...