Multizone | All our technotes
If we've published it, you can find it here.
Multiple projects, one set of consistent tools, one roadmap?
A client wants to consider standardising on Jira and Confluence across their entire portfolio so I thought I'd implement these tools from Atlassian for all my projects first as a proving exercise. Previously I've used Assembla (really great tools but clunky and unloved) and GitHub (really great tools and community but questions over ownership intentions amplified by copilot) so I'm no stranger to these kinds of tools. I thought my write up might be interesting even though Atlassian was crowned "a very boring software company" in The New York Times for its focus on development and management software.
Atlassian has around 7,000 employees, almost a quarter of a million customers and around 10 million monthly active users. It is famous for Jira and Confluence and acquired Trello, Bitbucket and a host of other organisations. So its a pretty safe bet. Jira has a generous free tier too, which is welcome.
TL:DR If you like ticket tools, feature prioritisation, software product roadmaps, software assurance and devops tools you might find this interesting.
- Details
Sprints
In the first article, Project setup in Jira, I got started with Jira for multiple projects, setting up boards for them and a Cross Project Board to give an overview of Everything, Everywhere in one place. I noted Jira has automatic unique numbering of issues which is vital! I set up my project to use the same Issue type scheme so that all my projects are identical and any future changes I make apply to all these projects.
Theres just one problem. Theres nothing in Jira to manage yet! So lets create sprints and issues for each project in order that we can then use the Jira Dashboard and the Cross Project Board to make sense of everything.
TL:DR: – If you like issue management tools, sprints and work prioritisation, and software product roadmaps you might find this interesting.
- Details
Installing Flutter 3.0 on a Mac Mini (2018) running macOS Ventura
Running the flutter 3.0 based 'Hello, world' app on a macOS computer with an Intel processor.
Flutter 3.0 can now create macOS desktop apps which run on Mac computers. This is the hello world example app.
TL:DR— Getting this running took around a dozen commands, and a bit of default question answering and installer clicking for Flutter, Xcode and Android Studio, both of which you have to launch at least once after installation. It took about 15 minutes to set it up. I use a folder called 'Development' in my home directory but you can choose whatever name makes sense for you.
- Details
Read more: Flutter on Intel Mac, and first app, in about 15 mins
Kali Linux: A Robust Platform for Security Professionals
Kali Linux is a versatile, open-source Linux distribution based on Debian, designed specifically for advanced information security tasks. Its key applications include penetration testing, security research, computer forensics, and reverse engineering. For cloud-based environments, a Kali Linux Amazon Machine Image (AMI) is available for deployment on Amazon EC2 within Amazon Web Services (AWS). This setup is ideal for organisations requiring an internal penetration testing environment. To quote the developers of Kali Linux: “Try harder!”
What Sets Kali Linux Apart?
Kali Linux is meticulously crafted with penetration testers in mind, but adapting it to your specific requirements may involve a learning curve. Below are some considerations highlighted by the developers:
- Specialised Design: Tailored for professional pentesting, Kali Linux might not align perfectly with all use cases out of the box. Adjustments and configurations may be required.
- Learning Curve: Users new to Linux or unfamiliar with command-line interfaces might find the system challenging, despite efforts to enhance usability.
- Hardware Compatibility: While designed to support a wide range of hardware, some components may exhibit compatibility issues. Researching hardware requirements prior to installation is strongly advised to avoid potential issues.
- First-Time Installation: For beginners, installing Kali Linux on a virtual machine is recommended as a preliminary step. This approach allows users to familiarise themselves with the system before committing to a physical installation.
For further details, refer to the comprehensive guide: "Should I Use Kali Linux?"
TL:DR – If you’ve decided to deploy Kali Linux in AWS, the following sections will provide a detailed, step-by-step guide to get you started.
- Details
Read more: Kali Linux on EC2 in AWS for Pen Testing (Part 1)
Installing Kali Linux on EC2 in AWS for Pen Testing
TL:DR In part one a Kali Linux instance was created in AWS what follows is a step by step guide to getting remote desktop working with Apache Guacamole™ so that the Kali Linux graphical tools can be used.
- Details
Read more: Kali Linux on EC2 in AWS for Pen Testing (Part 2)
Installing Kali Linux on EC2 in AWS for Pen Testing
TL:DR In part one a Kali Linux instance was created in AWS and in part two the dependencies and web services required were added to that instance. What follows is a step by step guide to getting remote desktop working with Apache Guacamole™ so that the Kali Linux graphical tools can be used.
- Details
Read more: Kali Linux on EC2 in AWS for Pen Testing (Part 3)
Making sure software apps function as intended and are free from known vulnerabilities and implementation flaws
Recently, I was asked to examine an acquired Software as a service (SaaS) app to see if it needed updating because the acquirer felt it was based on some older technology and needed to understand that more fully. This was for a very mature system with little or no new feature development planned. My task was to make whatever recommendations were necessary without planning new product features.
There's quite a bit to unpack there. So lets try to get to the bottom of it and come up with a plan.
TL:DR — Some steps I took, and all the gory details of how I thought it through using the principles of "Software Assurance" to provide recommendations to bring an acquired SaaS app to a state where security and service can be assured by the acquiring organisation.
- Details