Backdoor password in Juniper's firewall code

Via Ars Technica:

On December 17, Juniper Networks issued an urgent security advisory about “unauthorized code” found within the operating system used by some of the company’s NetScreen firewalls and Secure Service Gateway (SSG) appliances. The vulnerability, which may have been in place in some firewalls as far back as 2012 and which shipped with systems to customers until late 2013, allows an attacker to gain remote administrative access to systems with telnet or ssh access enabled.

This is exactly why creating back doors in to encryption is a really bad thing. We don’t need a ‘Manhattan-like project’ to create more security holes like this one — if you create backdoors, even for legitimate purposes, you’ll simply be increasing the likelihood that incidents like this will continue to happen.

A Cadillac for Your Thoughts (2015 in music)

EL VY at The Independent in San Francisco.

2015 has been a genuinely fantastic year for music (both live and recorded). That’s very much a personal assessment of the year but music is an inherently personal thing. There’s been a number of albums released or that I’ve discovered that I see myself listening to for a long time to come and I’ve attended a number of shows that left a lasting impression on me (for good reasons and bad).

My wife and I saw EL VY play a beautifully rehearsed set at The Independent in front of what was, easily, the most obnoxious crowd we’ve been in (leave it to the other audience members from LA to earn that distinction). We saw our shared favorite band, The National, play a significant undersell for charity at The Troubadour in West Hollywood and we saw Sufjan Stevens perform a devastating rendition of Carrie and Lowell in downtown.

I spent the year taking deep dives in to EL VY’s Return to the Moon, Turnover’s Peripheral Vision, The Hotelier’s Home, Like No Place Is There and, strangely, Brand New’s Deja Entendu (this was spurred by their stellar performance at Coachella more than anything). Seinabo Sey and Courtney Barnett both released exceptional albums as well (they’re also both outstanding live performers).

I’m curious to see what 2016 holds for music but this year has been one of my favorite’s in recent memory.

Scotch Box for local LAMP development

Scotch Box is a preconfigured Vagrant Box with a full array of LAMP Stack features to get you up and running with Vagrant in no time.

If you spend any amount of time working on LAMP stack development projects you should take a look at Scotch Box. It’s a full-featured Vagrant Box and is far easier than fiddling with setting up a server directly on your dev machine.

Update OS X from the command line

If you don’t want to bother dealing with the Mac App Store you can check for any recent updates for OS X from the command:

sudo softwareupdate -i -a

You can also combine this with commands to run Homebrew and Cask updates (allowing you to quickly update things quickly and efficiently):

sudo softwareupdate -i -a && brew update && brew upgrade brew-cask && brew cleanup && brew cask cleanup

Moving to Bitbucket

I recently moved all of the repositories for my personal and client development projects to Bitbucket. I had been paying for Github’s micro plan to manage a few projects that I didn’t want public, but made the decision to switch after exploring a bit more and seeing that, well, Bitbucket provides the functionality I was paying Github for for free.

Making the switch itself was painless. I added a key to my Bitbucket account, switched the remotes out on my repos and pushed each repo to its new home on Bitbucket. Switching remotes out is as simple as:

git remote set-url origin REPO-URL

Github is, of course, an incredible resource but, for my purposes, the switch made too much sense not to carry out.