TOTP, OTP, OATH, LXC, LXD, Ubuntu, Telegram, HD reliability, uWSGI, HL7 / FHIR
Post date: Jun 12, 2016 6:41:58 AM
- Once again used TOTP for one project, it's great, it's dead simple to implement. Very nice addition to password, allows quick banning of IP after a few invalid attempts. Lovely. Of course it's completely free, and doesn't require any third party services to be trusted. Almost perfection in that sense.
- Added OATH (TOTP) additional OTP authentication to two different projects. (SSH & web login), it was a breeze and wonderfully trivial to get done. The login process was designed so that the login token and OATH token is given simultaneously. Which means that if either of the tokens is invalid, the login fails. This means that OATH adds even (a bit) extra security to the 128 bit login token. For APIs I don't prefer OATH, I prefer usually signed messages with timestamp or counter or both. But in this case and for end users this is great. Yes, the SSH also uses of course the key + password + oath. So it's triple secure login for a security demanding customer.
- Re-installed all of my virtual machines. With latest Ubuntu. Played a lot with uWSGI, Python 3.5.1 and LXC & LXD. Haven't yet decided if I'm going to use LXC / LXD for one project or not. Probably not (due to the fact that the system got only single public IP) and it's not so powerful. If it would have multiple IPs and or it would be more powerful then I could share it for several projects using LXC.
- Finally service provided did start to provide clean 16.04 setup, so it came just when I thought I'll order 15.04 and do distribution upgrade. This is great. Made a long document about every configuration parameter which needs to be configured so the system will run smoothly. Yay. Ton of stuff to do, but it's all fun. And actually tried and tested on local test server(s) before actual production setup so that shouldn't be hard. It's just interesting and fun, I guess.
- Added an option to deliver low priority notices over Telegram Bot API as 'silent alarm', because the selected alarm tone for Telegram alerts is horribly blaring air raid siren so I would notice it for sure.
- More excellent Hard drive reliability statistics from Backblaze.
- Refreshed my memory about uWSGI options and made notes about options which are actually needed. The list is still ahem, awesome!
- Made some HL7 / FHIR stuff. Unfortunately no more details available. (HTTPS / RESTful / JSON) + User Interface design.
- Checked out one more cheap European server provider. Aruba Cloud - Nice. I might move my small low priority personal stuff to one 1€ / mo server. It's much sweeter deal than paying for more to someone to host your email.
- Ubuntu 14.04 -> 16.04 upgrade not yet available. I've got one more system to upgrade, which was using 14.04 earlier. I thought I would do it today, but nope. Update not yet available. Well, I'll keep checking monthly when it will happen. I'm secretly hoping it would solve my display adapter problems, but I'm not too optimistic.
- Moar Emojis, sigh. Unicode9.
- Multiple discussions with friends about routing, server locations, server types, storage, ram, cpu, application optimization, back end & front end design etc.
- Sigh, wget as attack vector? Yeah, why not? It seems that Unicode urls happily crash wget with Segmentation fault (core dumped). - Yay! No unicode urs for wget it seems to be.