Current_Issue.tar.gz

Everything Is Data, Data Is Everything

Shawn Powers

Issue #274, February 2017

It doesn't take more than a glance at the current headlines to see data security is a vital part of almost everything we do. Whether it's concern over election hacking or user accounts being publicized after a website compromise, our data integrity is more important than ever. Although there's little we can do individually to stop hackers from attacking websites we don't personally control, we always can be more conscious of how we manage our data and credentials for our own accounts. As is becoming more and more common, this month, we look at a lot of security issues.

Although not exactly security-related, Dave Taylor starts off on another scripting quest. We've been learning how to land on Mars, but this month, we look at how to play rock scissors paper with the command line. It sounds like a simple endeavor, but the programmatic side can become complicated quickly. As is always the case with Dave's column, the objective is fun, but the learning experience along the way is priceless.

This month, Kyle Rankin helps us all sleep a little better at night—not due to better security measures, but rather by helping us configure on-call alerts. Being woken up at 3am because a bird flew into the server room window is not a great way to catch 40 winks. Kyle shows how to avoid false positives, but also how to make more intelligent alerts in general. Because servers seldom misbehave during regular business hours, his column is invaluable.

A while back I wrote an article on how to pick smart passwords. I think it was only last year, but in IT time, that was eons ago. Thanks to a recent attempt at compromising my cell phone, security has been on the top of my list recently. Kyle Rankin helped me identify some ways to secure my identity, and I figured it was a good time to elaborate on some general tips on how to keep your credentials and accounts safe. Also, for the record, it's incredibly awesome to have Kyle as a personal friend—just saying.

Susan Sons teaches us to learn from our mistakes and avoid repeating unpleasant history. Specifically, she explains how to go about doing a postmortem on a security issue. Whether it's a practice run, a server-level compromise or even leaked account credentials, the lessons we learn from past problems are only as good as how detailed our postmortem procedures are. Thankfully, Susan is willing to share her expertise, and we can all benefit.

We go into a fairly scary world with Ash Wilson this month. It wasn't very long ago that cellular data services were rather difficult to attack. We've all been conditioned not to trust open Wi-Fi networks, but the cellular connection on our mobile devices isn't something most of us think about. Those times are changing, and Ash helps us learn to detect man-in-the-middle attacks on cellular networks. If you use a mobile device (and if you're reading Linux Journal, we all know you are), this article will both inform and scare you. I know it did me!

And finally, Todd A. Jacobs provides a great look into the current DevOps world with his article on managing Docker instances with Puppet. In one of those peanut-butter-in-my-chocolate situations, combining multiple DevOps tools tends to make something better than the sum of its parts. This article builds on Todd's December 2016 article about provisioning Docker with Puppet, and here he describes how to manage Docker images and containers.

This issue certainly has a lot of security-related content, which is great if you live in the current data-centric world. Thankfully, it also contains other tech tips, product announcements and insight on our current technology-rich world. Whether you're looking for a way to deploy a more secure application or just want to learn about the latest cool mobile game, this issue should do the trick. Enjoy!

Shawn Powers is the Associate Editor for Linux Journal. He's also the Gadget Guy for LinuxJournal.com, and he has an interesting collection of vintage Garfield coffee mugs. Don't let his silly hairdo fool you, he's a pretty ordinary guy and can be reached via email at info@linuxjournal.com. Or, swing by the #linuxjournal IRC channel on Freenode.net.