What is it about the Australian government and technology?

Pot of pickled peppers

So this government Covid 19 tracking app is an interesting idea – they even said that they would release the source code…. all very good, I’m thinking I may even install the thing… but then today I read this!

https://www.innovationaus.com/sovereign-capability-and-that-shocking-aws-deal/

To sum up it’s yet another govenment SNAFU…
From the article…

“You really have to wonder what kind of crisis would be needed for the Australian Government to use Australian technology providers for jobs that are well within their capability. “

Update 18 May 2020
Some interesting reading hear. The app it’s self seems reasonable but without the back end code questions still remain.
https://www.qte.am/reading-room

Update 14 May 2020
https://www.theage.com.au/politics/federal/security-report-reveals-some-covidsafe-information-could-go-overseas-20200514-p54t2o.html

https://www.theguardian.com/law/2020/may/14/questions-remain-over-whether-data-collected-by-covidsafe-app-could-be-accessed-by-us-law-enforcement

Update May 24
https://www.theguardian.com/world/2020/may/24/how-did-the-covidsafe-app-go-from-being-vital-to-almost-irrelevant

Terminal escape injection techniques

It’s interesting in that shell scripts (small one’s) seem just like friendly bits of code that you can run. That’s not always the case, it’s probably never a good idea to just download a script and run it (esp using curl or wget). I discovered this very interesting article the other day about terminal escape injection and it works on pretty much every platform – mac, windows linux and even within python!

When in dought use cat -v in fact cat -v may be my new default for viewing code!

https://www.infosecmatter.com/terminal-escape-injection/

Beta testers needed!

Hi I’m very proud to announce that my application (which I still haven’t found a name for!) is ready for beta release. It’s a very light command line app that uses log data for security hardening, so if you use Ubuntu, debian or linux (and or nginx or apache2) and are comfortable with the command line then please do get in touch. At this stage it’s a fairly simple app and in effect a security tool for those of us who can not afford thousands of dollars towards their own IDS.

This application will probably be most useful for smb running their own sites (small aws installs for example) for people who want extra security, and to stop a lot of the “noise” that hits the average web server.
If you want more information, have a look at the intro vid I made that is put up on youtube..
All I ask is that you supply the version of ubuntu / linux that you’re using and that after looking at the app take the time to fill in a short survey.

Look forward to hearing from you
Regards Steve Abrahall
PS if your interested email me at

steveabrahall AT gmail DOT comm

To find out what version of the os your using
lsb_release -a