Hacker News new | ask | show | jobs
by noir_lord 2826 days ago
Ingenious, Have you considered a blog post on this approach?

It would be interesting to deploy a few of them in different places and check that they all see the same as well maybe.

Also did you do this as a belts and braces thing or is the system you are auditing particularly high security/risk in some way?
2 comments
reaperducer 2826 days ago
It would be interesting to deploy a few of them in different places and check that they all see the same as well maybe.

That's a great idea. And since they're only $5 each (I think I spent $15 with the power shield), it's not a big deal.

Also did you do this as a belts and braces thing or is the system you are auditing particularly high security/risk in some way?

When I got here, most of the web sites were riddled with worms and trojans and spambots other bad stuff. One by one I just nuked them and started over. This was a deliberate isolation to keep an eye on things in case the sites or the dev machines ever got compromised.

link
ams6110 2826 days ago
You can just set up Tripwire to do this sort of thing. It's in most distro package managers.

https://github.com/Tripwire/tripwire-open-source/#open-sourc...

What that won't do is save you from malicious code inserted into 3rd party content (script libraries, etc.) that you load from a CDN. If you're worried about that, you should make a copy of a verified version and serve it yourself.

link
reaperducer 2826 days ago
You can just set up Tripwire to do this sort of thing

I wanted something that was completely independent of the machine. Separate box, separate network, separate architecture, etc...

What that won't do is save you from malicious code inserted into 3rd party content (script libraries, etc.) that you load from a CDN. If you're worried about that, you should make a copy of a verified version and serve it yourself.

I don't CDN on work projects. It's not worth the risk. If something goes wrong, I'd rather it be my fault and something I can understand and fix, whenever possible. Farming stuff out just leads to layers of things that can break, be compromised, or simply go wrong.

Again, it works at my scale (about 15 sites). It won't work for everyone.

link