speech - Dave's Blog

Search
My timeline on Mastodon

Let's Encrypt NearlyFreeSpeech.net Update

2016 Nov 5, 8:59

Since I had last posted about using Let's Encrypt with NearlyFreeSpeech, NFS has changed their process for setting TLS info. Instead of putting the various files in /home/protected/ssl and submitting an assistance request, now there is a command to submit the certificate info and a webpage for submitting the certificate info.

The webpage is https://members.nearlyfreespeech.net/{username}/sites/{sitename}/add_tls and has a textbox for you to paste in all the cert info in PEM form into the textbox. The domain key, the domain certificate, and the Let's Encrypt intermediate cert must be pasted into the textbox and submitted.

Alternatively, that same info may be provided as standard input to nfsn -i set-tls

To renew my certificate with the updated NFS process I followed the commands from Andrei Damian-Fekete's script which depends on acme_tiny.py:

python acme_tiny.py --account-key account.key --csr domain.csr --acme-dir /home/public/.well-known/acme-challenge/ > signed.crt
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
cat domain.key signed.crt intermediate.pem > chained.pem
nfsn -i set-tls < chained.pem
Because my certificate had already expired I needed to comment out the section in acme_tiny.py that validates the challenge file. The filenames in the above map to the following:
  • signed.crt is the Let's Encrypt provided certificate
  • account.key is the user private key registered with LE
  • domain.csr is the cert request
  • domain.key is the key for the domain cert
PermalinkCommentscertificate lets-encrypt nearlyfreespeech.net

Tweet from David Risney

2016 Sep 8, 3:21
Trump's speech writing staff must consist solely of Andrey Markov. https://twitter.com/JoyAnnReid/status/773892852673814529 
PermalinkComments

Tweet from David_Risney

2016 Feb 4, 10:16
My notes and experience with LetEncrypt on my NearlyFreeSpeech hosted blog: https://deletethis.net/dave/2016-02/Let%27s+Encrypt+NearlyFreeSpeech.net+Setup …. TLDR:difficulty 4/10
PermalinkComments

Let's Encrypt NearlyFreeSpeech.net Setup

2016 Feb 4, 2:48

2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

Microsoft Research make breakthrough in audio speech recognition (technet.com)

2012 Jun 22, 2:33

MAVIS indexes audio and video so you can do text search over the contents. For example search for ‘metro’ in all of the BUILD conference talks.

PermalinkCommentstechnical voice-recognition microsoft research mavis search

Kickstarter's exciting 24 hours

2012 Feb 10, 8:51

“Two million-dollar projects, a major political speech involving Kickstarter, an amazing band launching a project for a comeback 20 years in the making… the list goes on. Here’s a minute-by-minute breakdown of the day’s events.”

PermalinkCommentskickstarter video humor game video-game

Copyright King: Why the "I Have a Dream" Speech Still Isn't Free (vice.com)

2012 Jan 17, 9:37

There’s weird stuff you’d think is public domain but isn’t including Martin Luther King Jr.‘s “I Have a Dream” speech. FTA: ”If you want to watch the whole thing, legally, you’ll need to get the $20 DVD.

That’s because the King estate, and, as of 2009, the British music publishing conglomerate EMI Publishing, owns the copyright of the speech and its recorded performance.”

PermalinkCommentscopyright mlk speech public-domain

A true American Patriot recites Bill Pullman’s Independence Day speech around New York City  | Great Job, Internet! | The A.V. Club

2011 Jul 6, 7:28"Over this past Fourth Of July weekend, we neglected to note that it was the 15th anniversary of Roland Emmerich’s 1996 blockbuster Independence Day. New York comedian Sean Kleier remembered, and decided to make his own tribute, going to various locations around New York City—Times Square, the Brooklyn Bridge, the subway, and inside a Victoria’s Secret—reciting Bill Pullman’s rousing speech before the movie's final battle sequence, megaphone and all."
PermalinkCommentshumor video bill-pullman independence-day new-york

Seth Meyers & Barack Obama at White House Correspondents’ Dinner

2011 May 1, 7:51"The hilarious speeches by Seth Meyers and Barack Obama at the 2011 White House Correspondents’ Dinner. Seth and Obama really let Trump have it in their speechs. Trump’s reaction in the audience is priceless."PermalinkCommentshumor politics barack-obama seth-meyers video white-house-correspondents-dinner

Goddard Memorial Dinner Keynote | Neil deGrasse Tyson

2010 Jul 29, 3:33PermalinkCommentsneil-degrasse-tyson video speech space mars humor

Speech Recognition with Javascript; speechapi.com

2010 May 17, 5:05"With speechapi.com's javascript API, it is possible to build interesting speech-web mashups that include both speech-to-text as well as text-to-speech."PermalinkCommentsapi javascript speech speech-to-text technical

Official Google Blog: Automatic captions in YouTube

2009 Nov 20, 2:31YouTube now does automatic captioning in some cases and automatic timing in all cases. Automatic timing lets you upload a transcript with a video and YouTube will do speech to text and figure out when the various parts of the transcript need to be displayed.PermalinkCommentsyoutube video caption accessibility audio subtitles technical

Setting Up AWStats

2009 Jun 26, 5:44A person with nearlyfreespeech.net hosting their web content recalls how they setup awstatsPermalinkCommentsawstats statistics nearlyfreespeech.net linux howto tutorial technical

LDC Catalog - Web 1T 5-gram Version 1

2009 Mar 16, 4:22"This data set, contributed by Google Inc., contains English word n-grams and their observed frequency counts. The length of the n-grams ranges from unigrams (single words) to five-grams. We expect this data will be useful for statistical language modeling, e.g., for machine translation or speech recognition, as well as for other uses." 6 DVDs for only $150 with licensing restri... ok nm.PermalinkCommentslanguage google statistics database text

DeleteThis.net on NearlyFreeSpeech.NET Update

2008 Mar 23, 12:38

The move of my website to NearlyFreeSpeech.NET is mostly complete except for a few server side things not working yet: RandomGrammar and parts of Vizicious. I'm still very happy with the NearlyFreeSpeech.NET hosting and so far I've only spent a few cents on hosting. At this rate I'll only spend a few dollars a year.

I've moved all my pages to use the same CSS and hooked it up with cookies to my Kuler color options so now changes to the color theme will stick and apply to all my pages. I haven't figured out the caching for this yet so you may have to refresh to see changes to color applied.

PermalinkCommentsnearlyfreespeech.net technical webhosting kuler homepage

NearlyFreeSpeech.NET FAQ

2008 Mar 17, 5:54NearlyFreeSpeech's FAQ about what their webhosting includes.PermalinkCommentsweb webhosting hosting faq

Now using NearlyFreeSpeech.NET to host deletethis.net

2008 Mar 17, 1:25

I've switched from using my own home web server of which one of the harddrives died, to using NearlyFreeSpeech.NET, an actual real live web hosting service. So far I'm very happy with them and they give me almost exactly what I had on my own home server: ssh access, vim, php, java, etc. etc. The only notable things they don't do are (1) cron jobs which I use currently and (2) SSL which I don't use currently. I can replace my cron job usage and I suppose I'll have to reevaluate my web hosting if I ever need SSL. At the moment many of the server side things like Vizicious will be unavailable. I'll work on getting those working again at some point.

PermalinkCommentstechnical webhosting webserver server homepage

Religious Speech Sensor

2007 Feb 2, 2:41This tool searches text for biblical quotes or text suspected to be inspired by biblical quotes. That's sensor not censor.PermalinkCommentsperl religion software politics language tool propaganda download

Shii’s Rocky Middle Path » Goatse now illegal in the United States

2006 Jul 26, 10:03PermalinkCommentslaw legal politics free-speech

Vacation Starts

2003 Mar 23, 4:39My finals are finished and I'm on vacation! Yay! The past two weeks have been killer. I got very little sleep during dead week with various speeches and projects due. But that's all over with now. Presently, I'm enjoying sitting and doing nothing. Perhaps I'll even work on my long neglected tetris game. Yay again!PermalinkComments
Older Entries Creative Commons License Some rights reserved.