Archive for November 2015

DNSSEC Your Domain or Else...

So last weekend I competed in TNW's Hack Battle in NYC which is very very rare for me since I usually serve as mentor/sponsor or judge at most of the hackathons that I attend.  I actually enjoy competing in hackathons & this time was no different. I enjoy being able to meet people with similar interests & sharing our creative ideas with the goal of just building shit to at the very least, flesh out these ideas.

My colleague affectionately A.K.A Martin "The Pullova" & I formed a team with no actual idea when we arrived but we quickly connected with some ppl that were sitting across from us at our table.  We pitched ideas back & forth before the sponsor talks/demos but after all of that I was inspired & an idea formed.  The Verisign sponsors pitched their Get DNS API project which basically has functionality to validate if domains are DNSSEC enabled.  For those of you who are asking WTF is DNSSEC bone up on it here

My idea basically consisted of a public shaming tool to build awareness around non-DNSSEC domains & engage the domain owners in securing their DNS in order to address privacy issues that are a result of non-secure DNS.  I believe in building awareness but also 100% believe in giving opportunities to resolve issues when discovered.  So the hack would shame ppl on social media but would also create a vehicle for the shamed to publicly make things right in full transparency. We would also provide some corrective recommendations for the offending domain based on the DNSViz tool also provided by Verisign.

We quickly found that the Get DNS API project already had a public shaming hack posted but all it did was shame the domains with no offer of redemption or recommendations on how to secure their DNS.  So we formed a team of 5 with some ppl that were sitting across the table.

Martin & I are primary living in devops roles these days our new teammates consisted of a very green developer, a business student & a pure graphical designer.   So the idea evolved into this hack:

  • Create a Chrome extension that validates the DNSSEC of visited domains
  • Get the Organization/Owner information for the domain via Whois
  • Post a shaming message to Twitter calling out their in-secure DNS
  • Send them a link to a todoist project that has some resources & actions they can perform to resolve the issue
  • Post some praise on social media addressing their willingness to fix the issue
We started working on the project & collaborated through the night building servers (on Linode props!!!), logo's, api's, landing pages, twitter accounts etc....  Everyone was passionately contributing & crushing the tasks at hand & the collective synergy was very truly inspiring.

At the end of it all we had most of the pieces for the hack prepared & functional but in true hackathon fashion integrating all the moving parts proved to be very difficult.  Our cloud server melted down because of overwritten dependency issue, the Chrome extension wasn't firing correctly on browse & last but not least we ran out of time!  Even with all this ruckus we were still able to band together & build a solid functional demo that clearly conveyed our concept & idea.

We proudly pitched our hack to the judges & shortly after I departed the event on a 2 hour drive home.  Upon arriving home I saw an msg from our teammate Sarah telling us that our hack won the Verisign sponsor prize for best use of their stuff!  It felt great but after reflecting on the win the biggest reward & gratification I got from the whole experience was actually collaborating with my teammates/peers. I was satisfied in working together to build out & demo the project no matter how fucked or incomplete we perceived it to be.

So to my teammates thank you for the experience & big ups to the TNWeb team for organizing a great weekend.  I had lots of fun competing in your event.  You should do it again next year!

Me & Windows 10

I've been using open source for most of my professional career & recently I've switched to Windows 10 to quell my curiosity.  I've been known to openly shit on closed proprietary software & those opinions haven't changed much.  My preference is Linux but these days I find my self hacking on OSX due to my current gig's work load & the nature of my current projects.

I just purchased a "new" used Dell laptop & decided to throw Windows 10 on it & give it a try.  I've been using it exclusively for about 2 weeks now and have to say that I like it so far.

It def has a much better feel regarding UX  than Windows 8 & I find myself not really bothered by annoying things I experienced in prev versions of the OS.

Having said this I've had to hack the shit out of Windows 10 in order to get it to a usable state where I can function in my normal day to day capacity.

Some of the things that I did to make using Windows 10 bearable were:

Overall Windows 10 is better than it's predecessors but really is still a non open sourced OS and that is still a HUGE problem for me.  Even if Microsoft gave it to me for free I still have issues with it being closed & proprietary.

 As for using it as a day to day OS it is usable but it still is Windows & not Linux which is where I'm most comfortable. So YMMV when using Windows 10 but it functions just fine for the moment.

Why No Posts for a Year

I am very disappointed in myself.  I just noticed that I haven't posted something in over a year.  I've had lots of ideas for posts over the last year that sat as drafts because I either didn't think they were relevant or not complete & I didn't know how to finish them.

During this period I've been reading other people's blogs & I realized that it doesn't matter.  Most of these blogs we more incomplete then my drafts but they were still set free into the world.  So my new goal is to write a new blog at least once a week.

Wish me luck

yep don't use it unless you ask ;-). Powered by Blogger.