Mario – Page 13 – Welcome to my world

apache HTTP Strict Transport Security with long duration

Posted on 09.04.201415.03.2018 by mario

HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.
How to achieve apache with a bullet proof SSL config and HTTP Strict Transport Security (HSTS) with long duration
Here is goes

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15553000; includeSubDomains"
</IfModule>
SSLUseStapling on
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS

This gives a A+ at Qualys SSL Labs SSL Test.

Find the largest files on your linux system

Posted on 20.01.2014 by mario

Find the largest files on your linux system

cd /
du -k | sort -n | perl -ne 'if ( /^(\d+)\s+(.*$)/){$l=log($1+.1);$m=int($l/log(1024)); printf  ("%6.1f\t%s\t%25s  %s\n",($1/(2**(10*$m))),(("K","M","G","T","P")[$m]),"*"x (1.5*$l),$2);}'

current 2013 bullet proof SSL config

Posted on 10.12.201315.03.2018 by mario

Now in December 2013 the best available SSL config with a 4096 bit RSA Key and httpd Apache 2.4.7 with OpenSSL/1.0.1e.

SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS

YES Windows XP is no longer supported with this. But for me there is no more need to do so.

The SSL Test Lap Test shows a very good result. The Cipher Strength is at 100%. So any browser will use a 256 bit encrypted connection to that server.

For female geeks

Posted on 18.08.2013 by mario

001101010011011000110011001100100011011000111000001101110011011000110100001110010011010000111000001101100011010000110110001110000011011000110010001101100100010100110101001100100011011101000001001101000011100100110100001110000011010100110010001101110011011000110100001110010011010000110111001101100011010000110111001101100011010000111001001101000011011100110011001110010011011100110101001101000011100100110100001101110011010000110101001101100011011100110101010000010011010000110111001101000011011000110011001100000011010101000001001101010011001100110100001100100011001100110011001101100011000100110101001110000011010100110010001101100100011000110100001110010011010000110111001100110011000100110110010000110011010100110000001101110011011100110011010001000011001101000100

Good bye spam!

Posted on 11.08.2013 by mario

Since the spam increased that much up to 10k spam each week I searched for a solution. It came out that the combination of Akismet and Stop Spammer Registrations Plugin made it possible to have only 1 or 2 spam comments in the queue. I love it!

Good bye de@r spam!

Subversion (svn) 1.8 on Debian 7 wheezy

Posted on 04.08.2013 by mario

Just installed a brand new debian and than I can’t use my working copies cause the svn version is still 1.6.x
So an upgraded is required!

wget http://opensource.wandisco.com/wandisco-debian.gpg -O /tmp/wd-deb.gpg
apt-key add /tmp/wd-deb.gpg
rm /tmp/wd-deb.gpg
sudo nano /etc/apt/sources.list

deb http://opensource.wandisco.com/debian wheezy svn18

So now I can have fun again! Why not git? Cause the company repos are still in svn and I had some troubles with git-svn.

Spam is increasing … alot!

Posted on 19.07.2013 by mario

Well since the last years the spam comments in this blog have increased.

2009   114
2010   970
2011   3013
2012   4537
2013   12916 and this year is not over yet. US gouverment talked about they took down some large bot nets. I’m not sure they were that successful as they say. How many bot nets might be in public cloud like ämäzön or so? It is hard to guess, but the massive flood of spam comments and even larger flood of spam email has increased. Also the scum mail in Real Life (TM) has increased. D’oh!

MySQL not in other table

Posted on 18.07.201311.01.2019 by mario

SELECT *
FROM `a`
WHERE NOT EXISTS
(SELECT *
FROM `b`
WHERE `b`.`id` = `a`.`id`)

Sicheres Password

Posted on 08.07.2013 by mario

Es tut uns leid, Ihr Passwort muss mindestens einen Großbuchstaben, zwei Ziffern, ein Symbol, eine inspirierende Nachricht, einen Zauberspruch, ein Gang-Logo, eine Hieroglyphe und das Blut einer Jungfrau enthalten.

__toString() must not throw an exception

Posted on 26.06.201326.06.2013 by mario

__toString() must not throw an exception.

If you an exception handler even that seems fail (in itself) with __toString() must not throw an exception. There is no nice safe way to handle it. The easiest solution is to catch that error as well. It might seems to be odd, but on the other hand the exception hanler shall not fail ;)

/**
* String representation of this object
* @return string
*/
public function __toString()
{
try {
return (string) $this->name;
} catch (Exception $exception) {
return '';
}
}