Posts in category Technology

Digital Ocean now has separation for different projects

November 6, 2018 Leave a Comment Written by r3d_f0x

The VM hosting service Digital Ocean started offering separation for hosting resources into different projects.  This is a feature I wanted to see for a long time because I host many different servers for different purposes and different people.  Digital Ocean has gone a step above just separating cloud servers and they allow projects to have all of their self contained resources.  This makes it much easier to manage servers, domain names using Digital Ocean’s name servers, firewalls and any other components needed for a project.  Before this feature all hosting resources were combined together and it could be hard to keep track of resources for different projects when you had multiple projects you manage and you host projects for other people.

When Digital Ocean added this feature I created multiple projects for each of things I’m doing on Digital Ocean including the various projects that I’m hosting for other people.  This is a very exciting feature that I’ve been waiting for since I started using the service several years ago.  They’ve done a good job adding features since then but this is one of the best that I’ve seen so far.  The other best feature they added recently was doubling the server resources and now their minimum $5 plan includes 1GB of memory making it useful for any non-intensive hosting project.

This is not a paid promotion.  This is my thought.

Internet Culture, Programming, Technology

Use multiple if statements without else if even else

January 7, 2018 Leave a Comment Written by r3d_f0x

It’s possible to use multiple if statements in a row without chaining them with else if statements or a concluding else statement as the default condition.  When you have multiple if conditions without any other control flow, multiple code blocks can be triggered by different conditions.  In a normal if, else if, and else control flow, only one action will be triggered by the first condition that is satisfied.  This is the most common control flow for simple programs and programming is taught this way because a chain of if blocks can result in multiple condition triggers.  Sometimes multiple condition triggers are desirable and this is when you can use multiple if conditions.  Since you aren’t limited to keeping the control flow unbroken with only if statements, you can add additional code between the statements, but for readability you should only do this if you need to.

Programming, Technology

Certbot from Let’s Encrypt is making it easier to secure criminal websites

July 18, 2017 Leave a Comment Written by r3d_f0x

This article points out an apparent vulnerability with the Let’s Encrypt certificate authority for requesting free SSL encryption certificates.  The process of securing websites is automated by using their Certbot application that automatically installs certificates and configures web servers when a new site is added.  FOXDEV uses this service.  The asserted vulnerability with LE certificates is the ability to get a certificate for a phishing or scam website.  This isn’t a true vulnerability and LE isn’t giving criminals much more then they had before.

When a criminal orders a free SSL certificate from LE to use for a website, all they’re getting is an encryption certificate from a trusted authority that won’t alert browsers.  It displays a green padlock in the browser, but this is a problem with user behavior, not a problem with the service itself.  The problem can come up if a criminal makes a sub domain like this to use for a scam site: user-authentication.paypal.com.4433.service.example.com or paypal.com.4433.service.example.com.  It appears to be a subdomain of paypal.com.  Sub domains like this have already been in use by criminals to make websites look legitimate by including a real domain within a sub domain.  These domains can be used with unencrypted websites.  Most websites have been unencrypted until recently.  Before LE was available, criminals could still buy a certificate from one of the authorities.  They could even buy a wild card certificate and make an unlimited number of fraudulent sub domains.  The only advantage that criminals have now is the ability to request certificates for free.  Since they could still buy a wild card certificate before, this isn’t much of an advantage.

The solution to this problem is in reeducating user behavior.  Big businesses have bragged on their websites about the security of their websites and directed users to look for the padlock icon to verify that the site they were accessing was real.  Even before LE, any criminal could have bought a certificate for a fraudulent domain and used it to generate the same padlock icon.  We need to educate users that HTTPS only encrypts their access and they still need to verify the last levels of the domain properly.

Internet Culture, Security, Technology, Vulnerabilities, Web encryption

Discourse allows topics to be embedded as comments

May 26, 2017 Leave a Comment Written by r3d_f0x

It can be configured to generate new topics automatically so comments will always appear each time you create a new page.  This is exciting because it offers a way to embed comments with a single account for commenting without any need to rely on a third party system like Disqus.  Using Disqus has been awesome for certain sites I’ve assisted where they have limitations on what they can set up.  It gives you embedded comments that you can include on any page and users with a Disqus account can comment on any of your sites and every site that has Disqus.  Having a unified account for commenting makes it much easier to users to engage with the site because they don’t need to register a new account to leave comments on every particular site that you run.  For example, without embedding comments, users who want to comment need to register a new account on every WordPress site or wiki.  They can’t even register if the site doesn’t have that feature.  There are a small number of self hosted comment scripts that are designed to be embedded but none of them allow user registration so there is no way to know exactly who is posting, so the community can’t build up any reputation among members.

Even though Disqus is great, it’s a necessary evil.  Everyone who uses it is reliant on it as a third party system.  If the providers ever decide to stop serving, all the webmasters who use it are screwed.  If the service were still offered but changes to it made it very undesirable, all the users would be stuck deciding whether to abandon it or continue with all the new problems.  Here’s the biggest problem with using Disqus: they can track users of every site that it’s used on.  That’s why many of the services are free.  It’s very bad for the internet to have trackers on every site.  The necessity of comments to a web page makes it worse.  I don’t have much problem with adblockers, but blocking Disqus comments interferes with the content of the page.

Having the ability to embed forum topics as comments and to have new topics generated automatically per-page solves all of the problems I’ve had with online commenting systems.

Discourse, Discussion software, Online comments, Technology

Links

  • Wiki
  • Forum
  • Gitlab
  • Chat - discord.me/r3df0x

    • Recent Comments