Tech Kettle

I have always wanted to share an opinion regarding remote working, in contrast to being present in office, working among peers. An overlooked aspect that remote worker will never benefit from is the instant feedback that corrects his knowledge or makes him learn new one. In office space there are less to no constraint to communicate with co-workers, you don't have to schedule or check for your peer's availability, he is just their in his box or office. In a physical space, we have a wealth of opportunities where interactions between peers bring instant feedback and just-in-time feedback with career experience. These however, are not achievable in a remote virtual work environment. The lack of immediate feedback results in a slowdown in experience development or may bring about questionable qualities in terms of applied knowledge. As matter of fact, office environment remains the natural place for continued education for both technical and soft skills. Professionals don't ...

I was reading an article about cybersecurity strategy and how some principles could be brought on table for a business to hold a stable cybersecurity posture, like having global policy with all its procedures, guidelines and baselines, maintaining a disaster recovery plan for potential cybersecurity incidents and adhering to reknown security frameworks and standards like NIST 800-53a and ISO 27001. In that article there was one principle mentioned however, that doesn't flow nice with the best practices as far as my experience has taught me, that principle is "apply update as soon as it is available... or .. update promptly.." As matter of fact, when we operate critical systems we are so cautious that when an update is available, we set a delay period to observe and inspect potential feedback, so in case a reported bug or misconfiguration was originated by the applied update we would have kept our systems safe until a secure update has been released. A well respected busi...

I passed the CISSP exam on the first try at the 125th question, Thanks to GOD. I'm relieved as I don't have take this exam again. This is the most significant experience in my career, acquiring new knowledge in information security while studying for the exam, was a wonderful journey.   https://commons.wikimedia.org/wiki/File:Certified_Information_Systems_Security_Professional_logo.png   This is indeed the most satisfactory personal achievement in my career, as matter of fact I'm more keen then ever before, to springboard my career to new roles in cybersecurity. Study resources I used The CISSP community on Reddit is a gold mine for CISSP exam takers. Used the official study guide OSG (8th edition) as reference, but never read it cover to cover. Multiple videos form "Thor", "Certification destination", "Inside cloud and security" and many others. Boson CISSP, this practice exams goes deeper in details (more technical), which may help to reinfo...

When running Kobotoolbox on your own server, you probably get shown the message above, however the returned message doesn't always reflect the actual issue. I had tried multiple setup but I was never able to get rid of this message and KBT never started. KBT Docker containers communicate between them using their hostnames, and if you are not using public DNS for Internet access, then you must be using local server, in this case you have to bind localhost names of Docker servers with the local IP address. This can be achieved by adding the following line to /etc/hosts : 127.0.0.1 hostname kc.hostname kf.hostname ee.hostname hostname could be 'kobo.local'. If you access KBT from another machine then you must add the same line with the machine's IP address instead of the loop-back address.

When classified data are disclosed or lost, an organization could experience tremendous unrest that impacts their business, like facing a bad reputation and loss in income. Classified data could be critical or sensitive to a business, but what is the difference between the two ? Sensitive data are meant to be confidential. When sensitive data are disclosed, the competitiveness stance of the business could be weakened or brutally shattered. An organization could also be put liable on a data breach if it hasn't shown due care and due diligence in managing its security. Critical data are meant to ensure availability, in this case when data are lost, the service that relies on it will not be available, in some cases a whole business could be impacted. Critical data can range from configuration files to a set of business data.  

  Threat and vulnerability are two tightly coupled aspects . There is no point to focus on a vulnerability if the threat doesn’t exist, similarly you can’t stress on a threat, if your asset is not concerned with the vulnerability (or weakness).   The question one should ask is “What are the risks to my asset ?” , and to answer this we need to run a whole Business Impact Analysis (BIA), which involves qualitative and quantitative risk assessment. As a general equation:  Risk = Vulnerability x Threat On the basis of the above equation, we can conclude that if an asset has a Vulnerability and that Vulnerability is exposed to a known Threat, then the asset is at Risk.  Now that the two elements exist you need to tackle just one of the two not both, to eliminate the risk. originally posted here

2025 Update: Check a security note below! One way to use a Python variable in an external Javascript is to declare the JS variable in the HTML template through context object, then pass this variable to the external script code : <script type="text/javascript"> js_var_from_dj = "{{ django_var }}" </script> <script src="{% static "js/js_file.js" %}" type="text/javascript"></script>   js_file.js : function functionA(){ // using the variable declared outside this js file inner_js_var = js_var_from_dj ; }   What if  instead of using HTML template to pass the Django context variable, we inject the variable directly into the external Javascript code ?  This is actually possible, the trick here is to to wrap the original JS file in a View, and use that view to render the JS file as a Django template. O ur js_file become : function functionA(){    //using the Django context variable    inner_js_var = {{django_var}} ; ...