General, Security

Cómo desactivar SSL3: Poodle amenaza la red.

10.16.14 | Juan Miguel Taboada Godoy | Permalink | Comments Off

Poodle se convierte en una amenaza para la red, se recomienda desactivar SSL3 del navegador.

Hace tan sólo 2 días Google reveló una nueva vulnerabilidad que afecta a la mayoría de las comunicaciones en Internet y que a pesar de tener un bonito nombre oculta efectos potencialmente desastrosos. POODLE (Padding Oracle On Downgraded Legacy Encryption) permite a un atacante romper la seguridad de SSL 3.0 (protocolo usado mundialmente para comunicaciones seguras pero que tiene más de 14 años). Este protocolo aún se utiliza como método de conexión en muchas conexiones seguras (incluídas bancos) cuando los protocolos más nuevos no parecen negociar bien la conexión, en tal caso los navegadores cambian a SSL 3.0 (también conocido como SSLv3). Debido a este bug un atacante puede provocar errores en la conexión con nuevos protocolos a fin de que el navegador cambie a SSL 3.0  y por lo tanto comenzarían a usar este viejo protocolo y ahora demostrado que es completamente ineficaz. Los investigadores concluyen que “para lograr un cifrado seguro, SSL 3.0 debe evitarse por completo.

Al igual que con Heartbleed y Shellshock, hay millones de usuarios finales que no pueden hacer nada al respecto. No obstante las compañías de todo el mundo están luchando para publicar parches para sus servidores y dispositivos embebidos para que estos no usen bajo ningún concepto el protocolo SSL 3.0. Google descubrió la vulnerabilidad hace un mes (en septiembre), y, como se hace comúnmente con tales cuestiones generalizadas, primero se alertó a los desarrolladores de software y hardware previa publicación al resto del mundo.

Si bien la mayoría de navegadores actuales están preparados para usar TLS y es el protocolo preferido por defecto, desde Centrologic os recomendamos preventivamente deshabilitar SSL3 del navegador y también activar TLS_FALLBACK_SCSV lo que mitigaría la parte del downgrade.

Para más información sobre cómo desabilitar SSL3:

Article, General, Programming

Sanción por instalar cookies de Google Analytics (y otras)

09.16.14 | Juan Miguel Taboada Godoy | Permalink | Comments Off

¿Cómo añadir el mensaje típico a tu web sin complicarte la vida?:

Ya existen casos reales de sanción por instalar cookies de Google Analitycs. Efectivamente la AGPD (Agencia Española de Protección de Datos) ya está persiguiendo a la mayoría de webs que no cumplen con la normativa vigente. Sí, me refiero a la nefasta ley por la cual todas las webs tienen que pedir consentimiento a sus usuarios para el uso de las cookies.

1.- Bájate de nuestra web los ficheros: cookies.js y cookies.txt, son de uso general y sólo con tenerlos ya valen para tu web porque el contenido es genérico, colócalos en el directorio raiz de tu sitio web de modo que sean accesibles con las rutas http://www.tusitioweb.dom/cookies.js y http://www.tusitioweb.dom/cookies.txt donde cambies “tusitioweb.dom” por la dirección de tu web. Una vez funcionando instala el siguiente código y listo.

2.- Añade a tu web el siguiente código justo antes del </body> (si tu web no usa JQUERY):

3.- Si tu web ya usa JQUERY añade antes del </body> el siguiente código:

Existen casos de sanciones ya impuestas que rondan entre los: 3.000€ y 500€. La Ley de Cookies sí se aplica.


Django 1.7 Review

09.08.14 | Juan Miguel Taboada Godoy | Permalink | Comments Off

Finally Django 1.7 is out, and it is great. Even if it broke some of my oldest Django projects I love their philosophy, they just focus on doing things in the right way. It took me few minutes to get my oldest websites back to life but it helped me to get them updated. The first project I made was in Django 0.96 it has been the easiest to keep updated from all the projects I made from then. Here you have some quick details from it:

  1. Python version support is now from 2.7 till 3.4 (so no more support for Python 2.6 or earlier)
  2. South became part of the Django’s core (I believe they took too long to make this great decision), so Django 1.7 comes with easy migrations, just in case you change a model, it will be “easy” for you to keep your database updated.
  3. Startup has changed, this is one gave some some pain with the errors “ugettext_lazy gets translated too early” or “AppRegistryNotReady“, get ready because your scripts you execute from the shell will fail to.
  4. WSGI script no longer support “django.core.handlers.wsgi.WSGIHandler()” instead you have to use “get_wsgi_application()
  5. ALLOWED_HOSTS is not optional anymore.
  6. Django is timezone aware, so “today” and “now” are now operating in the current time zone
  7. I highly recommended to use TZ=True and install pytz support.
  8. Unittest module is deprecated, so “django.utils.unittest” is old and you should use “unittest” instead.
  9. Simplejson module is deprecated,  so “django.utils.simplejson” is old and you should use “json” instead.

We haven’t found so far any problem in this version that would prevent us from using it. If you are a Django developer be aware I wrote the most basic and common details we found during our websites migrations, but you should check the release notes just in case your project is doing some more weird things we do in ours. :-)

My final summary is: what are you waiting for having it?

Article, General, Ideas, Programming, Projects, Realizations

Clouds are beautiful until comes the rain!

11.20.12 | Juan Miguel Taboada Godoy | Permalink | 1 Comment

During the last weeks I’ve got several interesting news about Cloud computing. Most of them show that many users are not ready yet to put their personal documents online. Are you?

What is a Cloud?

Cloud Computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet).

Let’s see some statistics:

Here are some statistics (source) showing worries about the usage of applications in the “Cloud”. This statistics show that the adoption of the Cloud by companies is still far. The most common reasons are security, privacy, storage and law. The result shows that 66% of the companies reported that this kind of worries have delayed or stopped them from deploying projects in the Cloud.


Article, Fun, General, Ideas, Realizations

New Year’s Eve in Málaga

10.24.12 | Juan Miguel Taboada Godoy | Permalink | Comments Off

If you are Málaga (or if you plan to come here) we have great news for you. Both our offices spent some time to prepare for you a catalog of new year’s eve parties. Our lists consist of clubs, retaurants and hotels, and are beeing constantly updated.

For Málaga Nochevieja:

For Málaga New Year’s Ever:

We hope you enjoy it!

Programming, Realizations

The day I met Erlang

07.15.11 | Juan Miguel Taboada Godoy | Permalink | Comments Off

It happened some time (years) while I was thinking about the problem of the nowadays programming languajes. I mean, I was making questions to my self like:

– Is there some program that is able to write an if? (“if” is a very simple construction inside a programming language)

– Or maybe a program that is able to decide that it needs a loop somewhere when you ask about something that is looping?

– Is there some programming language that is able to write itself? We human are not able yet (for those with quick thoughts, cloning is copying, but a simple “write your name…hello <name>” program maybe there are some)


Programming, Projects


09.06.08 | Juan Miguel Taboada Godoy | Permalink | Comments Off

Likindoy logo

Also we keep working in Likindoy, right now the project moved quite forward and started working on new targets:

  • All the projects has been re-shaped to become more easy to expand and contribute.
  • We included a new set of commands and support for users and profiles per user to make all configuration more scalable.
  • All the project moved to Bazaar Version Control System.
  • The library MODBUS_TCP was upgraded for a newer version 600 times faster.
  • Also we published the results of the non-finished project Likindoy-RTU (Remote Terminal Unit) over Advantech ADAM 5510.


General, Graphical design, Projects, Realizations

Centrologic Design

08.05.08 | Karol Fabjańczuk | Permalink | Comments Off

We are currently working on separate Centrologic website dedicated to our design services. The main idea behind this project is to show that we can adjust to client’s needs – on every subpage colors will match shown project. Here’s the first screenshot:

Centrologic design small


Site is already working: Centrologic Design

General, Graphical design, Projects, Realizations

Gabinet ortodontyczny “Ortos”

06.27.08 | Karol Fabjańczuk | Permalink | Comments Off

Another day, another layout


And here’s the link: Gabinet ortodontyczny “Ortos” Szczecin – Pokaż swój zdrowy uśmiech

Graphical design, Projects, Realizations

Federación Internacional de Pádel website

06.18.08 | Karol Fabjańczuk | Permalink | Comments Off

Another day, another design:

Padel FIP

« Previous Entries