January 31, 2017
by sjvn01
0 comments
By its very nature, open source — and its most famous creation, Linux — relies upon the open exchange of ideas. While that happens largely on a free, net-neutral internet, it also needs face-to-face meetings. President Trump’s ill-considered, anti-immigration executive order is completely contrary to the spirit of open-source software.
Linux leadership stands against Trump immigration ban. More >
January 31, 2017
by sjvn01
0 comments
I recently bashed Windows for being too darn snoopy, but you know what? It’s not just Windows. Ever since Yosemite came out, Apple’s macOS has been just as untrustworthy. As for Chrome OS, Android and iOS, come on! They’re all built around cloud services; by design, they share everything you do with third-party services. What’s the answer? Desktop Linux.
January 26, 2017
by sjvn01
0 comments
NTP’s maintenance has slowed to a crawl and it’s been the subject of numerous DDoS attacks. It’s time to consider a change.
Doesn’t anyone really know what time it is? Does anyone really care? It made a fine song lyric for the band Chicago, but it’s no way to run the internet. On the net, everything needs to know the precise time to within a microsecond and the tool we use to do that with is Network Time Protocol (NTP).
NTP provides the internet’s heartbeat. Without it, servers and PCs wouldn’t know what time it is. That, in turn, would mean backups would fail, financial transactions would go awry, and many fundamental network services wouldn’t work. The primary time-keepers of the net are stratum-0 devices, i.e., atomic clocks. NTP connects these to other devices, which in turn set the time for everything online.
January 24, 2017
by sjvn01
0 comments
Some people are still a little cloudy about the cloud. They shouldn’t be.
Let’s go over the basics again. The National Institute of Standards and Technology spelled out cloud computing for us years ago: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Clouds must have five essential characteristics: On-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, and measured service. On these fundamentals, cloud designers have created a whole new IT approach.
Everything you need to know about clouds and hybrid IT. More>
January 12, 2017
by sjvn01
0 comments
Security isn’t an option on today’s websites. It’s a necessity. Google confers on sites that use HTTPS a higher search ranking. And who doesn’t want a higher PageRank?
But, wait there’s even more reason to lock down your site. Google will soon start marking websites that don’t use HTTPS first as insecure, then as broken. You so don’t want to go there.
To be exact, Google stated: “To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labeled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”
Then, as 2017 progresses Google will increase the severity of its HTTP warnings, beginning with labeling HTTP pages as “not secure” in Incognito mode. Eventually, Google will label all HTTP pages as non-secure and change the HTTP security indicator to the red triangle that it uses for broken HTTPS.
Besides, even if you bristle at the idea of Google being the boss of you, securing your website just makes good common sense. We’ve known since 2010 when Firesheep showed your login could be stolen over Wi-Fi that the only way to have reliable security is for every website to have an encrypted connection.
To do that you need to add Secure Sockets Layer (SSL), and its far safer successor, TLS (Transport Layer Security), to your site. Both encrypt communications with public key encryption between your server and your end-users’ devices.
To make this happen, you need an X.509 Digital Certificate — generically called an SSL certificate — on your server. A digital signature from a trusted third party, a Certificate Authority (CA), guarantees the Digital Certificate’s authenticity so that your site’s visitors know the server is really the site it purports to be.
There are many CAs. Some of the best commercial ones are Network Solutions; Symantec, now owners of Verisign; and Thawte. Prices for certificates from a major provider range from $50 to $200. You can also get a free certificate, that’s every bit as good if you’re not doing e-commerce, from the non-profit Internet Security Research Group’s Let’s Encrypt.
The big difference between the commercial CAs and Let’s Encrypt is that the commercial businesses back up their security with a warranty of between five-hundred thousand and a million dollars. With Let’s Encrypt, you’re on your own.
You can also self-sign your own certificate. This is fine if it’s just you connecting to your site, but your visitors won’t be certain your site is really the one they intended to visit. As a stopgap security method, self-signed certificates are fine, but no one thinks self-signed certificates are really that secure.
Before deploying any certificate, you must know there are three different kinds of SSL certificates. These are, in order of least to most secure: Domain Validation (DV) SSL Certificates; Organization Validation (OV) SSL Certificates; and Extended Validation (EV) SSL Certificates.
A DV states that the domain is registered by someone with admin rights to the website. If the certificate is valid and signed by a trusted CA, a web browser connecting to the site will inform you that it has successfully secured an HTTPS connection. A DV would be all you’d need to secure a blog or simple website. Typically, self-signed certificates are DVs.
An OV validates the domain ownership and includes related information like the site owner’s name, city, state, and country. It’s the middle tier of certificates, but it’s not often used.
Anyone staging an e-commerce website needs to use an EV SSL certificate. It validates not only the domain ownership and organization information, but the site’s legal existence as well. Sites with an SV SSL certificate can be identified by their green address bar.
So, now that you know why you should do it and some of the technology behind what you’re doing, how do you add SSL/TLS to your site? Cloud host Linode has the answers in a series of useful articles:
Nowadays, the internet can be a dire place. Fortunately, you can make your website a safe and trusted port in the storm for your users while improving your Google PageRank. So, without further ado, secure your website with TLS and start enjoying the benefits today.
December 28, 2016
by sjvn01
0 comments
WordFence, the WordPress security plugin company, tells me that unsophisticated brute-force attacks have doubled in the past three weeks. While WordFence can help keep your WordPress instances up and running, your server is still getting mauled. What can you do about it? You can use Fail2Ban to patch your firewall against blunt attackers in real time.
It’s a shame that many of you haven’t heard of, never mind use, Fail2Ban. I’ve found it to be a very useful and easy way to protect servers that is just as easy to install and deploy.