When getting started with Linux and open source software, running websites was one of the first things I learned how to do. Of course with the way software evolves, I’m still learning new ways to better secure, encrypt and protect web assests. Recently I wanted to build a new project and decided I wanted to use OpenBSD, arguably the most secure operating system out of the box. While years ago I switched to FreeBSD for web and mailserver handling, OpenBSD is just more stringent about how it presents things. There’s more to learn, sure, but that’s all part of the fun. Now, if you look around at normal VPS options like DigitalOcean and Linode won’t allow you to run OpenBSD, but with Vultr (affilate link) you can use any ISO you can point to. They have a $5/month option, but they give you 768M RAM versus the 512M that you get from most other VPS providers for that price. With that decided I ran through the install using their console and was up and running in no time. Now for the fun part, let’s
ssh to the server and setup a very setup a secure webserver!
I’ve wanted to get into tube audio amplifiers for my stereo systems for a long time, so years ago I bought my first ones, a pair of Antique Sound Lab AV-25 monoblocks. One thing that was a bit tricky was to bias the amps, and the units didn’t come with directions, so I eventually got info directly from the company, but could’t find it anywhere online. I’m transcribing them here for my reference and for others, in case they have the same, or similar, amps from Antique Sound Labs.
This is a previously unpublished sketch written on 2007-04-18 of two people talking about the constant state of fear in a nation controlled by the media. Strangely it’s still relevant today.
“But what about them; what’s the difference?”
“With their outlook on things, everything is just so negative, have we evolved that way?”
“You’re telling me you mean we became more negative as a species over 50 years?
Metz (photo from radio1190 ) Another year, another batch of new toons to love. As always, discovering new music never gets old, the endless digging for new sounds continues to be one of my favorite things. Let’s rock!
Courtney Barnett “Sometimes I Sit and Think, Sometimes I Just Sit” Built To Spill “Untethered Moon” Deerhunter “Fading Frontier” Hop Along “Painted Shut” Jason Isbell “Something More Than Free” Jamie xx “In Colour” Metz “II” Refused “Freedom” Sleater-Kinney “No Cities To Love” Supersuckers “Holding the bag” Waxahatchee “Ivy Tripp”
UPDATE 02-29-2016 a reader had issues getting this working, and after reproducing his issue I found that the
ssl_cipers HIGH:!aNULL:!MD5; no longer works. Apparently sometime after I wrote this, the HTTP/2 specs were updated, and browsers followed suit. This blog post tells us, “According to the HTTP/2 specification, over TLS 1.2 HTTP/2 SHOULD NOT use any of the cipher suites that are listed in the cipher suite black list, found here” So now, we have to call out another cipher before the blacklisted ones
ssl_ciphers AESGCM:HIGH:!aNULL:!MD5 Thanks for the note Elias!
Last week nginx relased mainline version 1.9.5 which features experimental HTTP/2 module. According to the Internet Engineering Task Force “HTTP/2 enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients. This specification is an alternative to, but does not obsolete, the HTTP/1.1 message syntax. HTTP’s existing semantics remain unchanged.” You can get an idea of how HTTP/2 is better and faster on this demo page which shows the multiple connections making a significant difference.
TL;DR it’s faster, backwards compatible and the new hotness (obviously).
I’ve written about Bruce Schnier many times before, but this recent comment perfectly captures why we all need to be concerned about our only privacy
In a recent article, the magazine Rolling Stone tries to list the 100 Greatest Songwriters of All Time, and while any list that a
audacious will have it’s detractors (and there is much to criticize in this one), it’s refreshing to see the songwriting tandem of Morrissey and Marr getting the props they deserve. Breaking in at #67, the post features some very nice quotes from Marr about Morrissey, and a photo of the pair of key Smiths that I’ve never seen before. Here are both, for review.
I’m a big fan of science fiction writing, and with humor it’s even better! Here’s a great one I found online, first a note from the author Terry Bisson, “I’m honored that this often shows up on the internet. Here’s the correct version, as published in Omni, 1990. Thanks for your interest in my work. If you enjoyed this little piece, please give a dollar to a homeless person.”
Working at $big_company is not without its challenges, but the least of which should be network access, right? No, of course not. Installed “security appliances” (see the SSL MiTM post for more on that) on the network always limit access from within the corporate firewall out to the Iernet at large to protect from security vulurables. This is all great and fine, but that kind of protection always errs on blocking, so working with open source projects that are easy to install and run out in the real world become a nightmare when you’re inside the coporate firewall.
TL;DR companies are buying appliances that run SSL MiTM (Man in The Middle) attacks against their users, decrypting sessions on the fly without the user’s knowledge. You should find out if this is happening to you.
As a self described privacy advocate, I consider myself pretty cognizant of when I might be under some sort of network surveillance; I know what to look for, and enjoy understanding ways to avoid it (often by not visiting certain sites from certain networks), but one day I hit something that surprised me.