We've been experimenting with with the use of user certificates for VPN access to the lab. Issuing, and using them isn't the problem. The problem is that there's no way of enforcing a password on the use of the private key. You can use private key protection on the certificate template, but that still doesn't enforce a password requirement. The user still has the option to choosing for the notification instead of a password.
Certificate Template - Request Handling OptionsThere's an option to enforce a password, but that's system wide for the Microsoft Cryptographic Service Provider, and we don't want to enforce passwords for ALL certificates. We just want to enforce passwords for this specific template.
Going on holiday is fun, but it's also a time of concessions on several levels. Especially if you can't bring every lens you own or (in theory) might need. Since the awesome Nikon 5-500mm f/1.8G VR ED N (small, <€1000, <1kg) isn't widely available. This means deciding what to bring in your camera bag.
In my case, I wanted to experiment with primes during my holiday. this also means that you have to use the foot-zoom, and on several occasions that won't work because of certain limitation (walls, buildings, ravines, etc.). In those cases you have 3 options;
- Don't make the photo
- Make a photo, but know immediately that it will end in /dev/null when you get home (a just-for-the-record photo).
- Improvise
So as you might have guessed, I ran into such a situation in Toledo, Spain. They have this great cathedral in the middle of an old town with narrow streets. You need a ultra-wide angle lens for almost anything there.
My area of expertise in the professional world is Network Security. This includes protecting network from intrusions, but also delivering reports about the network status. For the latter we use SIEM(like) environments like the Cisco CS-MARS and the Juniper STRM.
The 'problem' with these devices is that they are great in reporting incidents and creating awesome reports about everything, but they lack the functionality to do some serious investigating.
I have several customers with a SIEM, and most of them still use (Linux) commandline tools like awk, grep, etc. these tools work, but you need to scrape everything together yourself, and building queries can be quite challenging. This is where Splunk> comes in.
Ever since I've been playing with my Mac mini with OS X server 10.6.4 I have had on-and-off problems in the authentication/Open Directory area.
- Some accounts authenticate really quick, while others take minutes to authenticate.
- Accessing the Open Directory through the Workgroup Manager is as slow as a slow boat to China. Changing users (just by selecting them) takes another boat along the Pacific.
So it was time to start digging into the phenomenon called 'Open Directory'.
The manual from Apple isn't much help in troubleshooting a slow Open Directory, so it was time to search the interwebs and start experimenting. If it didn't work, I can always reinstall the entire server from scratch.
It has finally been done. I've switched off the old Windows 2003 server at home and officially replaced it with an Apple Mac mini server. For now... And with 'for now' I really mean for now. It turns out that Apple OS X Server doesn't resemble its client counterpart at all. Where the client is stable and intuitive, the server edition lacks both.
I'll try to explain why I think there's lots of room for improvement. Mainly stuff I ran into while configuring the server/services.
Since the Windows fulfilled several functions, I needed these functions to be available on the OS X server as well. These were;
- Networking services like DNS and DHCP
- Webserver
- Mailserver
- MySQL Database
- SSH Server
- File sharing on the internal network
- Public Key Infrastructure for issuing certificates
- Download station
Evaluating these functions, one would think that this shouldn't be a problem. Well it actually is.... At least some of those features.
As promised, the second part of the Billingham 225 Camera Bag review. This part will be more on the experiences I had during my 2.5 week driving around in Spain (~5500km in total).
The bag is roomier than expected. There were roughly two configurations that I carries around;
- Nikon D300, Nikon 17-55 f/2.8 and a Nikon 85 f/1.8, Panasonic Lumix LX-3
This was the 'easy-way-out' configuration.
- Nikon D300, Voigtlander 20mm, Nikon 35mm f/2, Nikon 50mm f/1.8, Nikon, Nikon 85mm f/1.8 and a Lensbaby Composer
I used this configuration about 80% of the time, since those primes force you to think about composition etc. There's not always room to change lenses. The best example of this is an 'almost' Gigapixel creation I made of the cathedral in Toledo with my 35mm lens. To completely capture the cathedral I had to take 72 photos (result can soon be found in the Panoramas section of my website).
The bag is pretty safe in regards to pick-pockets, and prying fingers. All the zippers etc. protect your gear very well. Downside is that you need to open a lot of things before you get to your gear (every advantage has its disadvantage....)
;)
Certificate Template - Request Handling OptionsThere's an option to enforce a password, but that's system wide for the Microsoft Cryptographic Service Provider, and we don't want to enforce passwords for ALL certificates. We just want to enforce passwords for this specific template.