free - Dave's Blog

Search
My timeline on Mastodon

Tweet from David Risney

2017 Jan 13, 12:54
Free startup idea: Legally binding "but you have to survive a night in a haunted house" clauses and infrastructure for hillarious wills.
PermalinkComments

Tweet from kottke.org

2016 Nov 20, 10:41
A free album of Beastie Boys remixes using Daft Punk samples http://kottke.org/16/11/beastie-boys-daft-punk-mashup 
PermalinkComments

Let's Encrypt NearlyFreeSpeech.net Update

2016 Nov 5, 8:59

Since I had last posted about using Let's Encrypt with NearlyFreeSpeech, NFS has changed their process for setting TLS info. Instead of putting the various files in /home/protected/ssl and submitting an assistance request, now there is a command to submit the certificate info and a webpage for submitting the certificate info.

The webpage is https://members.nearlyfreespeech.net/{username}/sites/{sitename}/add_tls and has a textbox for you to paste in all the cert info in PEM form into the textbox. The domain key, the domain certificate, and the Let's Encrypt intermediate cert must be pasted into the textbox and submitted.

Alternatively, that same info may be provided as standard input to nfsn -i set-tls

To renew my certificate with the updated NFS process I followed the commands from Andrei Damian-Fekete's script which depends on acme_tiny.py:

python acme_tiny.py --account-key account.key --csr domain.csr --acme-dir /home/public/.well-known/acme-challenge/ > signed.crt
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
cat domain.key signed.crt intermediate.pem > chained.pem
nfsn -i set-tls < chained.pem
Because my certificate had already expired I needed to comment out the section in acme_tiny.py that validates the challenge file. The filenames in the above map to the following:
  • signed.crt is the Let's Encrypt provided certificate
  • account.key is the user private key registered with LE
  • domain.csr is the cert request
  • domain.key is the key for the domain cert
PermalinkCommentscertificate lets-encrypt nearlyfreespeech.net

Tweet from Anil Before Zod

2016 Aug 18, 5:42
More than 2000 kids' lives were ruined by the "kids for cash" bribery scandal, including some suicides; the CEO who did it is already free.
PermalinkComments

Retweet of erewok

2016 Feb 16, 5:22
This guy sped by me on the freeway. Had a strong feeling this was a Unicode codepoint. In my gut I knew what it was. pic.twitter.com/4B3oHSXXAi
PermalinkComments

Tweet from David_Risney

2016 Feb 4, 10:16
My notes and experience with LetEncrypt on my NearlyFreeSpeech hosted blog: https://deletethis.net/dave/2016-02/Let%27s+Encrypt+NearlyFreeSpeech.net+Setup …. TLDR:difficulty 4/10
PermalinkComments

Let's Encrypt NearlyFreeSpeech.net Setup

2016 Feb 4, 2:48

2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

Tweet from David_Risney

2016 Jan 27, 10:28
Identify coder from binary based on code style. https://freedom-to-tinker.com/blog/aylin/when-coding-style-survives-compilation-de-anonymizing-programmers-from-executable-binaries/ … Following company style guidelines is now a privacy issue.
PermalinkComments

Retweet of BoingBoing

2016 Jan 19, 8:50
We'll probably never "Free Mickey." #copyfight http://boingboing.net/2016/01/19/well-probably-never-free-m.html … pic.twitter.com/Z4nQfGRfvm
PermalinkComments

Retweet of Grathio

2015 Dec 4, 8:02
Good news! the patent on the Space Shuttle has expired. Go and build, royalty free! https://patents.google.com/patent/US3866863A/en … pic.twitter.com/1QliSmbnaM
PermalinkComments

Tweet from David_Risney

2015 Nov 19, 11:04
Finished Breaking Bad finale last night. As last person to do so, feel free to now discuss spoilers. Thank you for your patience.
PermalinkComments

Retweet of zeynep

2015 Oct 14, 6:11
Ran into Alex Halderman recently. He casually said "we found a weakness in Diffie-Hellman." My jaw dropped. GO READ. https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ …
PermalinkComments

Tweet from David_Risney

2015 Apr 14, 9:51
Time of year we're reminded that Intuit spends millions to ensure we have to do our own taxes - for sake of freedom! http://www.nytimes.com/2015/04/16/technology/personaltech/turbotax-or-irs-as-tax-preparer-intuit-has-a-favorite.html …
PermalinkComments

Retweet of NSA_PR

2015 Apr 1, 2:23
#FreeSnowden #WithThePurchaseOfAMediumOrLargeDataCenter
PermalinkComments

Retweet of billcox

2015 Mar 3, 1:54
Marketing pro tip: punch up your artisanal PPTs with idiotic Vince Vaughn stock photos. http://www.adweek.com/adfreak/vince-vaughn-and-costars-pose-idiotic-stock-photos-you-can-have-free-163239 … pic.twitter.com/AZVCfIFN9T
PermalinkComments

freebsdgirl: If there is one thing movies have taught me, it's that hacking the Gibson requires accessorizing.

2015 Jan 22, 11:54
[NPC] Randi Harper @freebsdgirl :
If there is one thing movies have taught me, it's that hacking the Gibson requires accessorizing. pic.twitter.com/Q9VcXmGzLn
PermalinkComments

Morgan Freeman’s unboxing videos. This episode: unboxing...

2014 Jun 1, 1:57


Morgan Freeman’s unboxing videos. This episode: unboxing Gwyneth Paltrow’s head.

PermalinkCommentshumor seven movie film unboxing

CodePlex - Virtual Router - Wifi Hot Spot for Windows 8, Windows 7 and 2008 R2

2014 May 21, 2:30

The original open source Wifi Hotpot for Windows 7, Windows 8 and Windows Server 2012!

Free open source software based router you can run on Windows to wirelessly share your Internet connection with other devices

PermalinkCommentstechnical tool wifi router free open-source windows

The Doritos origin story: Repurposed garbage from Disneyland

2014 May 6, 7:16

shortformblog:

A reminder that those Doritos you love are trash:

Shortly after Disneyland opened in 1955, the founder of Frito-Lay got permission from Walt Disney to open a restaurant in Frontierland with a Mexican-ish theme. “Casa de Fritos” was, unsurprisingly, all about the Fritos. Customers got free Fritos, and Fritos were incorporated into many of the dishes. Fritos were dispensed by an animatronic vending machine that featured the terrifying “Frito Kid”asking his assistant “Klondike” to bring the bag up from a mineshaft. I guess the conceit is that Fritos were mined by Forty-Niners?

Casa de Fritos contracted their tortilla production to a company called Alex Foods. One of the salesmen from Alex Foods, making a delivery to Casa de Fritos, noticed stale tortillas in the garbage and gave the cook a little tip: fry them and sell them as chips instead of throwing them away. Casa de Fritos began making these fried, seasoned chips to enormous success, but didn’t report this new menu item to the Frito-Lay company.

Eventually Frito-Lay found out what they were doing with the chips, packaged them, and sold them by the truckload. See, dumpster diving works out sometimes!

PermalinkComments

Where the best designers go to find photos and graphics

2014 Jan 5, 3:09

List of useful free or CC licensed photography and icon sites.

PermalinkCommentsfree cc photo photography icon
Older Entries Creative Commons License Some rights reserved.