Armin's blog

This is a carbon copy of Jian Ghomeshi's original post on Facebook which I originally saw via a post by Jeff Jarvis. So why have this post? For one it is easier to read for me and it will act as a kind of archive.

After Heartbleed we now have Poodle as a viable attack on secured SSL/TLS communication. The vulnerability, as I understand it, allows an attacker to trick client and server in re-negotiating the encryption protocol to use. The goal is to get the connection downgraded from a TLS 1.x to a SSL 3.0 connection. As a side note, I dearly hope you don't have a server running that still offers SSL v2 - turn it off together with SSL v3, will you? The reason why server and client are still speaking SSL v3 is often compatibility, but to have reasonably secured communication we need to start using modern protocols and algorithm and abandon old stuff even if it causes some inconvenience. Let's be honest, do you want to connect to a bank website that still allows Windows XP IE6 clients? I don't want to and I hope you don't buy into the FUD that some people put out.

The goal of this post is to give a quick overview of how I generate SSL/TLS keys and talk about why I do things a certain way.

This is a quick overview of how I install ODK on our servers mainly to document this process internally and make it easier to reproduce. This is not a detailed documentation nor do I talk about system requirments since this is described better by the ODK site for Tomcat and AWS instances.

A while ago I started working on a very interesting side project called CHAT which is short for Community Health worker Assistive Technologies. Goal of the project is to develop and use tablet based software that supports health education in Sub-Saharan Africa. One of the technologies we use to collect data is the OpenData Kit (ODK).