fix phplist 500 error due to random_compat

So you’ve just done a fresh install of phplist, but when you attempt to load it in your browser, you get a 500 Internal Server Error. But the error log is empty! It’s possible that phplist is suppressing the errors produced by the included library random_compat. This blog post will describe this possible issue, and how to resolve it.

. . . → Read More: fix phplist 500 error due to random_compat

HPKP Best Practices for Let’s Encrypt

This post describes how to generate a few backup public key hashes to add to your HTTP Public Key Pinning (HPKP) config that might save you from bricking your domain if Let’s Encrypt ever gets untrusted like StartCom did.

If you have a healthy distrust of the X.509 PKI trust model, then you’ve probably heard of HPKP (and probably also HSTS & CAA). Website certificate pinning was a trend first started by google, who hard-coded a pin of their certificates in their Chrome browser. Eventually, google helped build a more standardized pinning method under RFC 7469. And today, it’s supported by Chrome, Firefox, and Opera.

Pinning is a great TOFU improvement to https, but–if misconfigured–you could “brick” your domain–making it so that your client’s browsers will refuse to let them access your site for months or years (interestingly, this has also caused some security experts to think of how HPKP could be abused in ransom-ware). Therefore, it’s a good idea to follow a few HPKP Best Practices.

. . . → Read More: HPKP Best Practices for Let’s Encrypt

FreeBSD Perils

As stated in my last post, my server died several months ago, and I decided to take that unfortunate opportunity to gain some Unix experience by installing FreeBSD on its replacement. Although this server has been installed for several months, the main reason that this weblog has been down is because of multiple configuration issues with FreeBSD that, frankly, I think should have worked Out Of The Box.

A friend of mine who is adamant about FreeBSD told me to name this inevitable post “FreeBSD from a gentoo user’s perspective.” It’s true that my desktop’s distro of choice has been gentoo for several years, but I’m no ricer. I love gentoo because I love portage–the gentoo package manager which is, in fact, a derivative of FreeBSD’s ports package manager. I don’t care much for any package manager that doesn’t give you the option to change compile-time options. Anyway, I’m going to try my best to leave any bias-ness I may have behind me as I work through the multitude of flaws that I encountered with setting up a FreeBSD webserver.

As a gentoo user, I can understand the expected perils of using a system that is designed to have both
. . . → Read More: FreeBSD Perils

Re: The problem with wikipedia

Alright, I’ve been working on my research paper (an attempt to document the history and differences, and an overall comparison between the Microsoft DirectX API and the SGI OpenGL API), so I’ve been caught in the inevitable wikipedia trap. Here was my path:

. . . → Read More: Re: The problem with wikipedia