Using systemd Timers to Renew Let’s Encrypt Certificates

This is a quick blog post to share the systemd timers that I use to automate the renewal of my Let’s Encrypt certificates. I prefer systemd timers to cron jobs for task scheduling because they are more flexible and easier to debug. I assume that you know what Let’s Encrypt is and that you already […]

Update Hosts via Ansible to Mitigate Bash “Shellshock” Vulnerability

On September 24, 2014 someone posted on the oss-sec mailing list about a bash vulnerability that likely affects several decades of bash versions (something like 1.14 – 4.3!). The vulnerability — aptly named “Shellshock” — can lead to remote code execution on un-patched hosts, for example web servers parsing HTTP environment variables via CGI GET […]

Force PHPMyAdmin to use HTTPS

You want to use PHPMyAdmin. You want to force HTTPS so you don’t send plain-text MySQL credentials over the wire/air. You start fiddling with mod_rewrite and troubleshooting your Apache’s myriad of virtual hosts and included config files. There’s a better way! In /etc/phpMyAdmin/, add this to the bottom: $cfg[‘ForceSSL’] = true; I like mod_rewrite and […]

Alan opts out of TSA scan at Portland PDX

I flew from Portland (PDX) -> San Diego (SAN) this week. I was greeted by one of the controversial full-body millimeter wave scanners. Unsure of the privacy and health implications of the scanners, I decided to opt out, and get a manual pat down instead. I was somewhat surprised when my mom whipped out her […]