Originally posted on TechCrunch:
At their event this morning in Cupertino, Apple’s Craig Federighi announced that iOS 7 will be available to everyone beginning on September 18th. iOS 7 was first announced back at WWDC in June, and has spent the last three months in a developer-only (wink, wink) Beta testing mode.
As expected, the update will be available for the iPhone 4 and later, the iPad 2 and later, the iPad mini, and the 5th gen iPod touch.
“Since we make updates easy, and available to as many customers as possible,” Apple CEO Tim Cook said. “iOS 7 will quickly become the world’s most popular mobile operating system.”
Those are some bold words, considering how dramatic a shift iOS 7 is away from the norm. If you’ve somehow missed it, iOS 7 is a pretty massive departure from iOS’ past iterations. Almost every core visual of the OS — from the icons, to…
View original 240 more words
Originally posted on TechCrunch:
The Dell deal is now all but done, according to Bloomberg who today reported that there are enough yes votes to ice the Michael Dell-Silver Lake proposal that will see the firm taken private for $24.9 billion.
This news comes on the heels of the withdrawal of the rival Icahn bid that would have seen a tender offer for the majority of Dell shares at a higher per-share price. However, that deal would have left Dell a public company, albeit one with an odd liquidity structure.
Michael Dell and Silver Lake are using a few billion Microsoft dollars — tapped from Redmond’s overseas cash hoard — to finance the shebang. Bloomberg notes that “[h]olders of two-thirds of the voting shares have indicated their support for the proposed transaction.” So, that’s that.
It has been a long, often comical road. First, Dell was said to be dramatically undervalued by its founder…
View original 128 more words
Originally posted on TechCrunch:
Today at Apple’s iPhone event, Apple unveiled a cheaper iPhone, the iPhone 5C, as well as the iPhone 5S. While the devices in themselves are not really a surprise after countless of leaks, the price of the iPhone 5C was still an outstanding question. The 16GB iPhone 5C will be released for $99 with a two-year contract. A 32GB model will cost $199. The iPhone 5S will cost $199, $299 or $399 for 16GB, 32GB and 64GB.
The iPhone 5C will greatly help Apple in many markets. While most phones come with a 2-year contract in the U.S., it’s not the case in the rest of the world. A new cheaper iPhone was highly anticipated as it could become a best-selling device in Europe and Asia. In these countries, customers can opt for cheaper plans but have to purchase unsubsidized phones. While it’s a great deal over…
View original 111 more words
En el caso que tengamos múltiples clientes conectados a un servidor con OpenVPN con TUN, deberemos configurar la rutas.
Los modos de funcionamiento de OpenVPN puede ser mediante TUN o TAP:
- TAP: Modo de funcionamiento de capa 2, por lo tanto, los equipos se ven como si estubieran conectados al mismo segmento de red. Por lo tanto, ven el tráfico broadcast que se genere en el segmento como si estuvieran directamente conectados.
- TUN: Modo de funcionamiento de capa 3, por lo tanto, deberemos configurar routing.
Usando TAP podemos comunicar clientes entre sí directamente.
En el caso de TUN, si intentamos hacer un ping entre dos equipos conectados al mismo servidor OpenVPN podemos recibir un ICMP de “Packet filtered“:
# ping 172.16.101.16 PING 172.16.101.16 (172.16.101.16) 56(84) bytes of data. From 22.214.171.124 icmp_seq=1 Packet filtered From 126.96.36.199 icmp_seq=2 Packet filtered
Esto se debe a las rutas que hace que el paquete a otro equipo conectado al servidor se vaya por la default gateway. En el siguiente ejemplo podemos ver que todo paquete que no vaya al servidor (172.16.101.1) ni sea de ninguna de las otras redes irá por el default gateway, que en este caso será hacia Internet:
# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface <strong>172.16.101.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0</strong> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.254.1 0.0.0.0 UG 0 0 0 eth0
Por lo tanto, en todos los clientes (con la directiva client-config-dir) que queramos que se comuniquen entre sí deberemos añadir una ruta para la red que queramos configurar. En dicha configuración de cliente, forzamos una IP fija a cada cliente, que su gateway sea 172.16.101.1 y publicamos una ruta para que el segmento 172.16.101.0/24 vaya por dicho gateway:
# cat cliente.systemadmin.es ifconfig-push 172.16.101.12 172.16.101.1 push "route 172.16.101.0 255.255.255.0 172.16.101.1"
Las rutas de los clientes quedarán como las siguientes:
# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface <strong>172.16.101.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 172.16.101.0 172.16.101.1 255.255.255.0 UG 0 0 0 tun0</strong> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.254.1 0.0.0.0 UG 0 0 0 eth0
Por lo tanto, ahora deberemos hacer que los paquetes que se entregan por la interfaz tun del servidor se entreguen al cliente destino. Por defecto tendremos el forwarding desactivado, por lo tanto deberemos activarlo mediante el fichero /etc/sysctl.conf modificando la directiva net.ipv4.ip_forward a 1. Aplicamos los cambios mediante sysctl -p
# sysctl -p (...) net.ipv4.ip_forward = 1
A continuación definiremos dos reglas de iptables:
- Una regla que permita el forwarding en las interfaces tun:
iptables -A FORWARD -i tun+ -j ACCEPT
- Otra regla que lo deniegue en las interfaces eth:
iptables -A FORWARD -i eth+ -j DROP
En lugar de cambiar la política por defecto de FORWARD, añado el DROP para tener el contador de paquetes para dicha regla.
Si lanzamos un ping entre dos clientes conectados veremos como aumentan los contadores y ya se ven entre sí:
# iptables -L -nv (...) Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 6 504 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- eth+ * 0.0.0.0/0 0.0.0.0/0
- Usar chroot en OpenVPN
- Seguridad en redes wireless mediante OpenVPN (II)
- Seguridad en redes wireless mediante OpenVPN (I)
- Instalar un cliente OpenVPN en Windows
- Instalar un cliente OpenVPN en Linux
Comunicación entre clientes OpenVPN con tun (routing) was first posted on September 10, 2013 at 12:22 pm.
Originally posted on TechCrunch:
Human is a newcomer in the crowded fitness space, but its take is different. Instead of being a stat-heavy activity app like RunKeeper or a life tracker gadget like Withings, Fitbit or Jawbone, Human is a passive iOS app designed to help you stay healthy. The goal is to move for 30 minutes every day, and to keep up with this simple habit. The company calls it the ‘Daily 30′. As it is extremely simple, keeping up with Human is easier than with competitive fitness systems.
“The basic premise of the app is very simple. Human tracks all of your activity and we put the focus on how many minutes you moved today and how many minutes you need to move,” co-founder and CEO Renato Valdés Olmos told me in a phone interview. “Each day of the week that you reach your Daily 30, we send out a push notifications,”…
View original 388 more words
Part of my job these days is convincing people to get out of the password business and start “Federating”; that is to say, outsource the login mechanics to an “Identity Provider” (IDP) like Facebook or Google or Microsoft or Twitter (and there are lots more). I’ve given the sales pitch quite a few times now; here it is.
You’re putting up a new app and need to sign in users, so you use whatever’s popular with the package you’re using: On Rails, typically Devise, on NodeJS Drywall or Passport, on PHP Usercake, and so on.
These things will take care of storing and checking usernames and passwords for you. But storing and checking passwords is a bad thing to do.
There are too many passwords. When someone rolls up to your app for the first time and you ask him or her to pick a password, here are some typical reactions:
- She says “Oh, not another damn password” and closes the browser tab. Kiss a customer goodbye. This is a very common reaction and if you’re Mr Yet-another-password, it’s happening to you right now.
Oh, and if she’s on a mobile device, the chances that she’ll be willing to put up with Password Pain are dramatically reduced.
- He picks a short, simple, easy-to-remember password, thereby making life easier for the bad guys.
- She uses a complex high-quality password, and doesn’t have to actually pick it because it’s the same one she uses on all the sites she visits, including dog-grooming tips and money management. Thereby making life easier for the bad guys.
- He types some random gibberish into the password field and doesn’t bother to remember it; the site will keep the session active for a few days, and when it asks him to log in again, he’ll hit “Forgot password” and get a password-reset email. Beats trying to remember. (This is the best outcome so far).
- She uses a password manager like 1Password or LastPass or KeePass. It works pretty well for her — well, maybe a little awkward on mobile devices. But she’s had no luck at all getting her nontechnical friends and family to use it.
Which is to say, by playing the yet-another-password game, you’re decreasing the security of the whole Internet. You’re peeing in the swimming pool. It’s bad for your business, and Google’s business, and for the people using the Internet. So stop doing it.
That should be enough.
You still think you might want to do the password thing… so, you better make sure people pick goodpasswords. For an example, type “password rules” into Google and up comes Intel Password Rules, from which I could quote but let’s just screenshot instead.
When you impose something like this on human beings, you’re being mean to them. Which is not only evil, and bad for business, it just doesn’t work. So stop doing it.
Still Not Convinced?
Maybe these will help.
Are you smarter than those guys; the BBC, DropBox, LinkedIn, and so on? Are you sure? This could be you, very easily. The bad guys are out there, and they are probing your defenses every day. So once again: Get out of the password business, start federating, and don’t let this be you.
It’s That Easy?
Um, well, no. There are issues around federation: business, technology, and policy. I’ll write some follow-ups about them. The cost and effort is non-zero. But it’s something you’re going to have to do anyhow, so you might as well get started.