Please Google, Don't shame HTTP (yet)
February 1, 2016
Last week there was a big hubub around the revelation that “Google Will Soon Shame All Websites That Are Unencrypted". People were freaking out and cats and dogs were running loose in the streets. Sheer pandemonium. The reality was that Google didn’t announce it, but someone talking at a conference had the feature flag turned on in Chrome. Google did explain that they wanted to do this eventually for “security” reasons, which makes sense when you dive into the topic. At first as a security conscious person I thought this was a great idea, after all HTTP is inherently not secure. However engineers need to step back and think about this from a user perspective. There is one truly key problem with a red-lock for all HTTP: Alarm Fatigue.
Migrating Apache SSL Certs to IIS 6.0
November 24, 2014
You probably think I’m crazy to mention IIS 6 in this day in age; you’d be right. Unfortunately legacy systems are legacy systems till they get replaced (hopefully soon). This weekend I had the joy of figuring out how to migrate a valid Apache SSL cert over to an old Windows 2003 box running IIS 6.
Using Cloudflare to keep sites fast & secure
May 1, 2012
Cloudflare is a <a href="https://en.wikipedia.org/wiki/Content_delivery_network” title=[wiki] Content delivery network">CDN, site optimizer, and security product all rolled into one. The main feature that is of use to me (and most people, I presume) is the CDN portion which some have called a “poor man’s Akamai". Cloudflare sits in front of your website and acts like a caching layer spread out across 14 global edge nodes. This means your site should be “fast” everywhere in the world, rather than just within 3,000 miles of your server. I’ve been using it for a few sites over the last couple of years and so far I’ve had good experiences with the service. It being free (with a premium option) has definitely helped.
Samba and LDAP DO NOT MIX
August 18, 2010
Recently I was tasked with helping a company implement a centralized authentication system, and they wanted to go all open source. This isn’t unreasonable in my book, though it is a little unusual. Of course the words “Open Source Authentication” directly translates to LDAP, the only question is which LDAP software you’re going to use. There are a number of options including OpenLDAP (slapd), Fedora Directory Server (389), OpenDS, Apache Directory Server, and a handful of smaller projects. On top of the LDAP directory they wanted me to add a number of services including email and file sharing. This is the story of how Samba sucks…
WordPress: Enabling SSH/SFTP Updates
June 29, 2010
The first time I dealt with WordPress was when I first started doing IT administration for FanHistory. At that point in time I knew nothing about it and it was breaking horribly. Luckily I managed to fix the issues (which turned out to be Varnish proxy related) and get it standing mostly on its own two feet. One of “minor annoyances” I ran into then and absolutely had to figure out during my migration, was the lack of SSH or SFTP based updates. By default when you go into add or update the plugins (or the software itself) you have only two options FTP and FTPS (SSL). I run neither of these, FTP is majorly old and very insecure. FTPS is just not common. I thought I was stuck doing things manually, until I found out…. You can enable SSH2 based updates in WordPress. Better yet, it is SUPER easy.