Jan-Philipp Litza

Blog - Page 3

Sandboxing processes

Yesterday, my interest in sandboxing a program I didn’t fully trust finally surpassed my laziness to look at namespaces again. And after a few hours of coding, I created a small script that uses unshare to encapsulate the newly launched process in new namespaces of all kinds (not much work there) and hardens the filesystem so that effectively, (hopefully) the only writable persistent directory is $PWD, the process sees a minimal /dev and fresh copies of temporary filesystems. In case you are interested in the script, here it is:

Chicago – das Musical… auf Deutsch!?

Der Grund für unseren bereits im letzten Blogpost erwähnten Kurzurlaub in Berlin war – ebenfalls am Dienstag – der Besuch des Musicals „Chicago“. Der stand eigentlich schon sehr lange an, schon als das Musical noch in Stuttgart aufgeführt wurde, aber irgendwie hat es nie geklappt. Da es Mitte Januar wieder weiterziehen sollte, und diesmal leider ziemlich weit weg (München), war der Urlaub um den Jahreswechsel herum also quasi unsere letzte Chance. Und was soll ich sagen: Es war toll!

Der Teufelsberg und die Berlin Field Station

Während unseres kurzen Urlaubs in Berlin in den letzten Tagen haben wir bei eisigen Minusgraden und recht ordentlichem Schneefall den berühmt-berüchtigten Teufelsberg besichtigt – was gar nicht mal so einfach war.

Yubikey, GPG and SSH

Today a small letter from Great Britain arrived: My new Yubikey NEO! ☺ When Yubico announced that they would be giving a 20% discount for Github users a few weeks ago, I decided to finally order this hardware token capable of (among other cool things) acting as a GPG smartcard via USB or NFC. Advantages of a hardware security token are obvious: The keys cannot be extracted and it can be used with whatever device has a USB port or NFC module.

Moving my blog to Jekyll

For a long time now, my primary webpage was based on Jekyll, a great little Ruby template system. Now, I finally decided to abandon Wordpress altogether and move my blog posts to Jekyll as well. The primary reasons were that I didn’t like the old layout and title of the blog, and now everything integrates nicely. Also, either my browser configuration or some change in my hoster’s configuration seemed to prevent various images (including the header image) from loading, which made the page really ugly.