About Me

I, Craig Balding, am a recovering Security Wannabe.

For the official, self-styled 3rd person voice promo, visit www.craigbalding.com.

About the blog

Primarily it’s about the technical aspects of IT security with occasional opinion pieces thrown in for good measure.

Whilst its not a definitive list, this should give you an idea about the technology areas I’m involved with:

I’m also very interested in the security aspects of cloudsecurity.org computing, but don’t blog about that here.

Tech behind the blog

This site used to be powered by a self-hosted Wordpress install. I migrated away due to security concerns. Whilst I think Wordpress is easy-to-use blogging software with plenty of features, I don’t feel the Wordpress developers “get” security. I don’t recommend self-hosted Wordpress for security professionals – after all, if you get hacked, you’re going to look kind of stupid. I’m also not a fan of exposing PHP to the web (i.e. its primary design goal) without significant hardening.

The blog is now powered by Webby – an excellent PHP-less static website generator. No more impromptu Wordpress upgrades. It also means the site is blazingly fast as the webserver only needs to serve static content.

Commenting is powered by Disqus and thus requires javascript. If you block javascript you’ll still be able to surf the site just fine and instead of seeing the in-line Disqus comment box, you’ll get a clickable link instead.

The website design is primarily thanks to Aaron Qian (aka AQ) who made some terrific improvements to the very basic, default Webby design. I made some minor tweaks to the layout/design.

The VPS this blog runs on is expertly hosted by slicehost – I’ve been with them since Spring ’08 and have no compliants. Excellent experience to date.