Now that everybody can push CA to websites, so does the bad guys.

One unfortunate (albeit entirely predictable) consequence of making HTTPS certificates “fast, open, automated, and free” is that both good guys and bad guys alike will take advantage of the offer and obtain HTTPS certificates for their websites. Continue reading Now that everybody can push CA to websites, so does the bad guys.

blockloop on “Mastering Bash and Terminal”

If there is one tool that every developer uses regardless of language, platform, or framework it’s the terminal. If we are not compiling code, executing git commands, or scp-ing ssl certificates to some remote server, we are finding a new version of cowsay to entertain ourselves while we wait on one of the former. As much as we use the terminal it is important that we are efficient with it. Here are some ways I make my time in the terminal efficient and effective.

Source: Mastering Bash and Terminal

Adobe Acrobat Reader update installs extension to Chrome, without informing users, and sends data

Adobe released yesterday Acrobat Reader DC 15.023.20053 that included fixes for 29 security issues. Along with the security fixes, this update package also silently installs the Adobe Acrobat extension into the user’s Chrome web browser, without informing users at all about the secret install. And the extension sends data back to Adobe…. Continue reading Adobe Acrobat Reader update installs extension to Chrome, without informing users, and sends data

Why you should NOT be using your browsers autofill feature!

Finnish web developer Viljami Kuosmanen has published a demo on GitHub that shows how an attacker could take advantage of browsers that support autofill profiles and leaves you exposed to leaking unwanted information!

This is a simple demonstration of form fields hidden from the user, but will be filled anyways when using the browser form autofill feature, which poses a security risk for users, unaware of giving their information to the website.


Source: Github

Apparently Bach wrote a piece about coffee?

Father sir, but do not be so harsh!
If I couldn’t, three times a day,
be allowed to drink my little cup of coffee,
in my anguish I will turn into
a shriveled-up roast goat.

Ah! How sweet coffee tastes,
more delicious than a thousand kisses,
milder than muscatel wine.
Coffee, I have to have coffee,
and, if someone wants to pamper me,
ah, then bring me coffee as a gift!

Written in 1735, the opera tells the story of a young woman named Aria who loves coffee against the wishes of her father Schlendrian – which literally translates to “stick in the mud” according to Wikipedia – who tries to wean her off of her caffeinated delight. Schlendrian tells Aria that she cannot marry unless she stops drinking coffee, to which his precocious daughter agrees. But when he goes looking for a husband for his daughter, Aria secretly tells suitors she must be allowed to drink coffee if they are to marry her. In the end, Schlendrian and Aria come to an agreement, with a guaranteed three cups of coffee a day written into Aria’s marriage contract. The story concludes with them singing the moral: that drinking coffee is natural.

A selection of good usb-c cables, recommended by Nathan K

The mess that currently is USB-C and manufacturers cutting corners, including some well known manufactures makes it is extremely hard knowing what to purchase. Fortunately we have volunteers making the job for us and hopefully putting shame to manufactures cutting corners, something that is dangerous.

Recommended C to C cables by Nathan K

Recommended A to C cables by Nathan K

Rest of the list can be viewed here: Suggested Peripherals [Curated by Nathan K.] – Google Sheets

You should check out his review of chargers, the state of chargers is even more horrible.

Nokia Android Nokia D1/Nokia 6 launching exclusively in China, available early 2017

Welcome back Nokia, you have been missed.

Nokia D1/Nokia 6 Specs

  • Aluminium unibody with the highest level of visual and structural quality.
  • Delivering quality to the core, the Nokia 6 display has a bright hybrid in-cell 5.5” screen with full HD resolution and incredible colour reproduction wrapped in 2.5D Gorilla Glass. The display stack is laminated together with a polarizer layer enabling excellent sunlight readability and slim form.
  • Qualcomm Snapdragon™ 430 processor with X6 LTE modem designed for excellent battery life and superior graphics performance.
  • The Nokia 6 has 4GB RAM and 64GB storage
  • Latest version of Android Nougat
  • Dual amplifiers deliver a 6dB louder sound than a regular amp, giving higher voice, deeper bass and unmatched clarity.
  • Dolby Atmos creates powerful, moving audio that seems to flow all around users.
  • 16MP phase detection auto focus rear camera for sharp detailed pictures, and an 8MP front camera. The f/2.0 aperture lenses and exclusive camera UI with automatic scene detection

Let’s Encrypt review of 2016 and on their amazing progress and important work

Let’s Encrypt allows everybody to set up a secure web page or server, including this one. Let’s Encrypt have reviewed their work last year and the stats are amazing!

Donate if you can

Review of 2016

At the start of 2016, Let’s Encrypt certificates had been available to the public for less than a month and we were supporting approximately 240,000 active (unexpired) certificates. That seemed like a lot at the time! Now we’re frequently issuing that many new certificates in a single day while supporting more than 20,000,000 active certificates in total. We’ve issued more than a million certificates in a single day a few times recently. We’re currently serving an average of 6,700 OCSP responses per second. We’ve done a lot of optimization work, we’ve had to add some hardware, and there have been some long nights for our staff, but we’ve been able to keep up and we’re ready for another year of strong growth.

We added a number of new features during the past year, including support for the ACME DNS challenge, ECDSA signing, IPv6, and Internationalized Domain Names.

When 2016 started, our root certificate had not been accepted into any major root programs. Today we’ve been accepted into the Mozilla, Apple, and Google root programs. We’re close to announcing acceptance into another major root program. These are major steps towards being able to operate as an independent CA. You can read more about why here.

The ACME protocol for issuing and managing certificates is at the heart of how Let’s Encrypt works. Having a well-defined and heavily audited specification developed in public on a standards track has been a major contributor to our growth and the growth of our client ecosystem. Great progress was made in 2016 towards standardizing ACME in the IETF ACME working group. We’re hoping for a final document around the end of Q2 2017, and we’ll announce plans for implementation of the updated protocol around that time as well.

Supporting the kind of growth we saw in 2016 meant adding staff, and during the past year Internet Security Research Group (ISRG), the non-profit entity behind Let’s Encrypt, went from four full-time employees to nine. We’re still a pretty small crew given that we’re now one of the largest CAs in the world (if not the largest), but it works because of our intense focus on automation, the fact that we’ve been able to hire great people, and because of the incredible support we receive from the Let’s Encrypt community.

Let’s Encrypt exists in order to help create a 100% encrypted Web. Our own metrics can be interesting, but they’re only really meaningful in terms of the impact they have on progress towards a more secure and privacy-respecting Web. The metric we use to track progress towards that goal is the percentage of page loads using HTTPS, as seen by browsers. According to Firefox Telemetry, the Web has gone from approximately 39% of page loads using HTTPS each day to just about 49% during the past year. We’re incredibly close to a Web that is more encrypted than not. We’re proud to have been a big part of that, but we can’t take credit for all of it. Many people and organizations around the globe have come to realize that we need to invest in a more secure and privacy-respecting Web, and have taken steps to secure their own sites as well as their customers’. Thank you to everyone that has advocated for HTTPS this year, or helped to make it easier for people to make the switch.