cl page 8 - Dave's Blog

Search
My timeline on Mastodon

Tweet from David_Risney

2016 Feb 16, 2:06
OK Go's beef with YouTube led to latest video release on Facebook: http://www.adweek.com/news/technology/why-ok-go-went-facebook-only-debut-its-buzzy-zero-gravity-music-video-169599 …
PermalinkComments

Retweet of FakeUnicode

2016 Feb 12, 7:25
> typeof NaN 'number' > (╯°□°)╯︵ ┻━┻) ...
PermalinkComments

Retweet of BetaHorton

2016 Feb 12, 1:52
I want to live in a world where coding is as awesome as it appears in the movies #Hackers #NeedASkateboard pic.twitter.com/ai1JkrarTH
PermalinkComments

Retweet of CNNnewsroom

2016 Feb 11, 11:54
That time @BernieSanders & @realDonaldTrump joined @BrookeBCNN live on her set (kinda) h/t @TonyAtamanuik @JAdomian
PermalinkComments

Retweet of Ghostbusters

2016 Feb 11, 11:08
Whether you have a date or not, the world ends on Valentine's Day. Bummer. #Ghostbusters
PermalinkComments

Retweet of amirrajan

2016 Feb 11, 6:46
Somebody please make this text based game a reality. https://medium.com/@pistacchio/i-m-a-web-developer-and-i-ve-been-stuck-with-the-simplest-app-for-the-last-10-days-fb5c50917df#.7bbx2ziut … pic.twitter.com/NbcuQukO1T
PermalinkComments

Retweet of AndyPavia

2016 Feb 11, 1:33
@k_seks @jarennert Using FaceDetect on a Raspberry Pi #WebOnPi #IoT #windows10 @MSEdgeDev pic.twitter.com/Qk2PyoedBP
PermalinkComments

Retweet of SwiftOnSecurity

2016 Feb 10, 11:21
The speed of light suuuuuucks
PermalinkComments

Tweet from David_Risney

2016 Feb 10, 9:56
OK Go is in vomit comet for new video: http://boingboing.net/2016/02/11/ok-gos-new-video-was-shot-in.html …. Looks amazing but I'm constantly worried plane is about to pull up.
PermalinkComments

Retweet of stevefaulkner

2016 Feb 10, 4:57
Chrome change breaks the visual viewport http://www.quirksmode.org/blog/archives/2016/02/chrome_change_b.html … by @ppk via @powrsurg
PermalinkComments

Tweet from David_Risney

2016 Feb 10, 10:20
Internet Archive adds Win3.1 software. http://blog.archive.org/2016/02/11/internet-archive-does-windows-hundreds-of-windows-3-1-programs-join-the-collection/ … Ah the memories. Makes me want to edit my win.ini & config.sys
PermalinkComments

Retweet of mayabielinski

2016 Feb 9, 9:20
Gender bias on GitHub: women's contributions accepted more often than men's - except when gender is identifiable. https://peerj.com/preprints/1733/ 
PermalinkComments

Retweet of SaraGamerKitty

2016 Feb 8, 5:09
The reason Spider-Man was not in Civil War teaser. pic.twitter.com/vcqCviurYj
PermalinkComments

Retweet of doctorow

2016 Feb 8, 5:08
A digital, 3D printed sundial whose precise holes cast a shadow displaying the current time https://boingboing.net/2016/02/09/a-digital-3d-printed-sundial.html … pic.twitter.com/zTSRoXL9a7
PermalinkComments

Tweet from David_Risney

2016 Feb 7, 9:13
Pretty shredded polygons in html & js https://www.clicktorelease.com/code/polygon-shredder/ …
PermalinkComments

Tweet from David_Risney

2016 Feb 4, 10:16
My notes and experience with LetEncrypt on my NearlyFreeSpeech hosted blog: https://deletethis.net/dave/2016-02/Let%27s+Encrypt+NearlyFreeSpeech.net+Setup …. TLDR:difficulty 4/10
PermalinkComments

Retweet of securinti

2016 Feb 4, 6:11
[WRITE-UP] A tale of two offline @google Chrome UXSS vulns!http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/ … pic.twitter.com/USZmlbVy2M
PermalinkComments

Let's Encrypt NearlyFreeSpeech.net Setup

2016 Feb 4, 2:48

2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

Retweet of NiemanLab

2016 Feb 3, 4:30
Public radio staffers across the U.S. lay out new guidelines for the "Wild West” of podcast audience measurement http://www.niemanlab.org/2016/02/public-radio-staffers-across-the-u-s-lay-out-new-guidelines-for-podcast-audience-measurement/ …
PermalinkComments

Tweet from David_Risney

2016 Feb 2, 11:15
Epic ‘Frinkiac’ Search Engine Matches Any Simpsons Quote With Its Still http://www.wired.com/2016/02/ultimate-simpsons-search-engine-pairs-quotes-with-stills/ … via @WIRED
PermalinkComments
Older EntriesNewer Entries Creative Commons License Some rights reserved.