Very cool! We use Jenkins to check when our SSL certificates are approaching 30 days until expiration. A simple call to openssl(1) works great!

Good stuff!

These systems are usually windows machines - typically "hardened" to various degrees (lock out USB keys etc) and protected by enterprise anti-virus solutions (mcafee, etc)

The windows build is typically a single "golden image" with a known checksum that can be blasted down to machines over wan/lan during the evening.

Source: I used build and deploy the image to many thousands of POS systems at Dixons Store Groups retail chains (UK)

Doesn't DSG use their own custom made EPOS system? Eclipse? Do you have any experience with it and their security policies?

I've had quite a few experiences as a customer at PC World when they've had "till failures" - ironic for a computer store. They often blame head office for overnight updates gone wrong.

Well, didn't work as it should then.

"Enterprise anti-virus" what a joke. Put the lawyers to work

Also, they apparently forgot to firewall it to only their internal network.

I wonder if:

A) The author is using a load balancer that can do centralised logging in a sane fashion perhaps they can turn off end logging on nginx all together.

B) The author has looked in to the Lua nginx scripting capabilities for direct logging without touching disk.

C) Place a greater emphasis on SaaS logging with javascript on the client side.

It sounds as if their architecture needs a massive re-think.

Seemed mildly interesting, compared to say: http://toolbar.netcraft.com/netblock?q=linode-us,72.14.176.0...