Featured Articles

WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Introducing BusKill: A Kill Cord for your Laptop
WordPress Multisite on the Darknet (Mercator .onion alias)
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Crowdfunding on Crowd Supply (Review of my experience)
Detecting (Malicious) Unicode in GitHub PRs
Hardening Guide for phpList
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
previous arrow
next arrow

Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)

Continuous Documentation with Read the Docs (2/2)

This post will describe how add translations (i18n), pdf/epub builds, and branch-specific versioned documentation to a Read-the-Docs-themed sphinx site hosted with GitHub Pages and built with GitHub's free CI/CD tools.

This is part two of a two-part series. Before reading this, you should already be familiar with Continuous Documentation: Hosting Read the Docs on GitHub Pages (1/2).

ⓘ Note: If you don't care about how this works and you just want to make a functional repo, you can just fork my 'rtd-github-pages' GitHub repo.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)

Continuous Documentation: Hosting Read the Docs on GitHub Pages (1/2)

Continuous Documentation with Read the Docs (1/2)

This post will describe how to host a sphinx-powered site (using the Read the Docs theme) on your own GitHub Pages site, built with GitHub's free CI/CD tools.

ⓘ Note: If you don't care about how this works and you just want to make a functional repo, you can just fork my 'rtd-github-pages' GitHub repo.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Continuous Documentation: Hosting Read the Docs on GitHub Pages (1/2)

Ephemeral Firefox as a Site-Specific Browser (3/3)

Site-Specific Ephemeral Firefox featured image showing a firewall between the facebook and firefox icons

This article is a part 3/3 of a series describing how to setup an Ephemeral Firefox session as a Site-Specific Browser. The ultimate goal is to be able to have a self-destructing browsing session that can only access a single company's services, such as Google or Facebook.

Part 1/3: Ephemeral Firefox in Ubuntu Part 2/3: Ephemeral Firefox with Extensions Part 3/3: Ephemeral Firefox as a Site-Specific Browser

After setting up the Site-Specific Ephemeral Firefox Browser, you can then blacklist services designated to your Site-Specific browser(s) (such as Google or Facebook) from your main browser. This significantly improves your ability to browse the internet without your activity being tracked by these companies -- leaving your sensitive data vulnerable to being stolen by hackers.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Ephemeral Firefox as a Site-Specific Browser (3/3)

Ephemeral Firefox with Extensions (2/3)

icon of ephemeral firefox with icons of popular extensions below it

I recently posted about how to create a sandboxed firefox profile to compartmentalize (and shred) your firefox browsing history in an Ephemeral Firefox session. But so far I've only covered how to create a simple vanilla firefox profile. What if you want your Ephemeral Firefox to include a few basic extensions?

This post will cover how to add extensions to your Ephemeral Firefox profile.

Part 1/3: Ephemeral Firefox in Ubuntu Part 2/3: Ephemeral Firefox with Extensions Part 3/3: Ephemeral Firefox as a Site-Specific Browser Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Ephemeral Firefox with Extensions (2/3)

Ephemeral Firefox in Ubuntu (1/3)

ephemeral firefox

This post will describe how to create an Ephemeral Firefox session. The ultimate goal of an Ephemeral Firefox session is to unlink your browsing sessions day-to-day and reduce tracking via fingerprinting.

Part 1/3: Ephemeral Firefox in Ubuntu Part 2/3: Ephemeral Firefox with Extensions Part 3/3: Ephemeral Firefox as a Site-Specific Browser

This technique can also be used to compartmentalize your internet activity by using the Ephemeral Firefox session as a Site Specific Browser. This can be especially useful for websites that are infamous for tracking users across the internet and selling the data they collect. For example, you can blacklist all facebook domains in your main browser and only use Ephemeral Firefox sessions that have been whitelisted exclusively for facebook domains--effectively compartmentalizing your facebook activity from the rest of your internet activity.

Another great use-case for an Ephemeral Firefox is for public access computers such as those at libraries, hotels, and printing shops.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Ephemeral Firefox in Ubuntu (1/3)

HPKP Best Practices for Let's Encrypt

This post describes how to generate a few backup public key hashes to add to your HTTP Public Key Pinning (HPKP) config that might save you from bricking your domain if Let's Encrypt ever gets untrusted like StartCom did.

If you have a healthy distrust of the X.509 PKI trust model, then you've probably heard of HPKP (and probably also HSTS & CAA). Website certificate pinning was a trend first started by google, who hard-coded a pin of their certificates in their Chrome browser. Eventually, google helped build a more standardized pinning method under RFC 7469. And today, it's supported by Chrome, Firefox, and Opera.

Pinning is a great TOFU improvement to https, but--if misconfigured--you could "brick" your domain--making it so that your client's browsers will refuse to let them access your site for months or years (interestingly, this has also caused some security experts to think of how HPKP could be abused in ransom-ware). Therefore, it's a good idea to follow a few HPKP Best Practices.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: HPKP Best Practices for Let's Encrypt