Ishibei-koji Lane

Ishibei-koji Lane, Kyoto, Japan

Besides doing the usual things while traveling through Japan I also enjoyed playing with my new camera. This one is taken at the end (or beginning depending how you approach) of what is called the most beautiful part of Kyoto, Ishibei-koji Lane.

Japan

Near Amsterdam Airport

Back from what might be the most beautiful country on earth, Japan! Without doubt you can find more gorgeous looking landscapes, buildings, waterfalls or whatever you are looking for elsewhere but it is the sum of all things we have seen and experienced, the bizarreness of the country and the kindness of the Japanese people that really does it.

Apache privilege separation – Security vs Performance

Maintaining a single website on a dedicated machine is pretty straightforward. A common setup would be an Apache instance probably running a dynamic scripting language like PHP, a MySQL databse, and a FTP daemon to get your files were you want them. Probably all configured as a single user setup for a personal website which automatically puts control into your own hands.

Things get a bit more tricky as soon as you decide to host more then one site on that same machine for say a friend, work college or maybe even a complete stranger. In control shifts towards out of control by the lack of privilege separation. Of course there are multiple solutions to deal with that but they all come with a trade of, in either security or performance.

Securing phpMyAdmin

phpMyAdmin can be a really useful tool to maintain your site. Unfortunately a default install will leave you with less then secure access to your database. For starters it will run on the default HTTP port transporting username en password clear text across the internet. Furthermore literally anyone in the world can reach the logon page with nothing standing in their way to launch a brute force attack.

GnuPG – Creating a GPG keypair

GnuPG or GPG for short, is an complete and free implementation of the OpenPGP standard as defined by RFC4880. It relies on public-private key pairing to make it impossible for someone other then the intended receiver to read the encrypted message. In short; the sender uses your public key to encrypt the message before sending it. Now, as a private key owner only you are able to decrypt the received message.