9 minutes read

A Year in Review: South Bound and Down

The last year or so has been… busy. Around this time last year the company I work for got acquired by Kaseya and it was a reasonably smooth transition. I went from being the Identity Guy to Lead Member of Technical Staff, and from a small engineering team to, well, a…

2 minutes read

What is Code?

Source: http://www.bloomberg.com/graphics/2015-paul-ford-what-is-code/ One of the lessons that TMitTB [The Man in the Taupe Blazer] has tried to get across to you, the big message that matters most to him, is that code is never done; after shipping the new platform (no longer a website, this is a platform), with all…

78 minutes read

Going Nuclear: Modeling Threats to Distributed Systems

Another Brief Look (at our Data) The data collected by our agents drives this whole project. At worst, we need the raw counter data from the Geiger counter, otherwise this whole project is a non-starter. At best, we can collect other pieces of data that provide better insight into the surrounding environment. The…

11 minutes read

IoT is Weird: Or Why I now have a Network Connected Geiger Counter

Update I have a page of data here: http://syfuhs.net/my-rad-monitor/. It’s a bit weird to imagine everything with an IP address. I’m not entirely sure how I feel about this idea. My feelings about this aside though, this is becoming more and more prevalent with the advent of cheap and powerful processors available to anyone…

1 minute read

Ptr: Azure Pack UserVoice Feedback

Ptr: http://feedback.azure.com/forums/255259-azure-pack Looks like Microsoft just launched a public UserVoice site for Azure Pack! You can submit or vote for your most wanted features for upcoming releases. Cool! Like all feedback sites not all features or requests can be met, but it’s still a great way for customers to tell…

1 minute read

Ptr: Authentication Scenarios in Azure AD

Came across a great article on MSDN recently that outlines the various authentication scenarios in Azure AD. Azure Active Directory (Azure AD) simplifies authentication for developers by providing identity as a service, with support for industry-standard protocols such as OAuth 2.0 and OpenID Connect, as well as open source libraries…

14 minutes read

Windows Azure Pack Tenant Public API Authentication Options

Web services, as we’ve learned throughout this series, are integral to the workings of Windows Azure Pack. Every UI exposed to the user connects to the backend via web service, every resource provider is managed by Windows Azure Pack through their own web services, and 3rd party functionality can be…

2 minutes read

Windows Azure Pack at TechEd 2014

It looks like Windows Azure Pack is starting to become my new favorite thing — so much so that I was excited to see that there were a number of presentations on it at TechEd this year. What makes this even better is that the presentations were recorded and you…

13 minutes read

Web Service Authentication in Windows Azure Pack

It’s been a couple months since we last looked at Windows Azure Pack so before we jump into the thick of it lets recap. Windows Azure Pack is an awesome on-premise private cloud platform The interactive portions are broken down into two sections: admin areas and tenant areas It relies…

2 minutes read

Covert Redirect in OAuth 2.0 and OpenID — or yeah, and?

Earlier today a news story broke claiming the sky is falling because OAuth 2.0 and OpenID are vulnerable to “Covert Redirect” attacks — or as the rest of the world calls them — open redirects. This class of vulnerability has been around for quite a while and frankly is already mentioned…