2020

Feb 26

Finding malicious WebAssembly with yara

tl;dr: I wrote a pattern matcher in rust which runs in Wasm to detect 👻 Wasm. WebAssembly (Wasm) is the new cool, but we’re running pre-compiled binaries in the browser now. What does that mean for detecting and responding to bad stuff? Wasm does a great job of using a sandboxed environment. But what if the malicious code executes happily within the constraints of the sandbox, such as …

more

2019

Sep 30

How I use Nix

One of the frustrations of Nix is that it’s so difficult to search for. No I didn’t mean *nix, or unix-like systems. This post is about the functional package manager, Nix. Over the past 6 months or so I’ve been using Nix for a few different use cases with varying degrees of success. NixOS I’m lucky to have a spare x200 ThinkPad which has excellent compatibility with …

more

Jun 27

Visiting Parliament

This morning I decided to visit the public gallery in the houses of parliament. Part of me was hoping it may help with my current disillusionment at British politics. Sadly it hasn’t, so far at least, but I do highly recommend visiting if you have the opportunity. Thursday morning seems to be generally quiet but I thought I’d go and see oral questions to the department for exiting the …

more

Jun 7

Dev laptop - Ubuntu on the XPS 13 9380

Updated: 27⁄06 with some additional notes on using fscrypt Not cut out to be a Mac owner Recently I started some contract software development work. As my ThinkPad x200 is getting a bit long in the tooth I was in the market for a laptop for work. After working on Mac’s for the past 5 years I initially bought a new MacBook Pro 13 inch (with touchbar) however the purchase experience all …

more

2018

Jul 13

Building a tool to improve our Github security

This post was originally published on the GDS technology blog. GitHub plays a major role in the software supply chain at GDS. All our source code is stored in GitHub - mainly in Alphagov - and we work hard to make sure our repositories are secure. At GDS, we strengthen username and password authentication by requiring users to set up 2-factor authentication. Here’s why the Security Engineering …

more

2017

Apr 3

Disclosing a security issue upstream

This post was originally published on the GDS technology blog. Building services using open source software makes you part of the open source community. As a community member, you are responsible for handling any security issues you identify. This post provides an example of a security issue we encountered and resolved by working with the project security team. Discovering an issue On the GOV.UK …

more

© Dave King 2020 - using Charaka Hugo theme