Written by: Robert R. Russell on Friday, September 11, 2020.
I use SSH keys to protect all of my SSH logins. The following shell code starts
only one ssh-agent and adds all ssh-keys to that agent. I recommend adding it
to your ~/.bashrc file, so the proper environment variables are set up.
if [ `ps -C ssh-agent | wc -l` -ne 2 ]; then ssh-agent -a $HOME/.ssh/agent.sock > $HOME/.ssh/agent.env
for key in $HOME/.ssh/*.pub; dopkey=`basename -s .pub $key` ssh-add $HOME/.ssh/$pkeydonefi
Written by: Robert R. Russell on Thursday, September 10, 2020.
For these last two weeks, I have posted eight days out of ten applicable days.
I am running out of ideas that don’t involve politics, and training for my
new job has impacted my free time. Most of the problem is finding nonpolitical
Written by: Robert R. Russell on Thursday, September 3, 2020.
WordPress and several other pieces of web software written in PHP are notorious
for using old and broken algorithms for securing passwords. If you are using
a PHP version of 5.5 or newer, you should get okay security by default.
However, even phpass’ developers recommend not using their software if you
can use PHP 5.5 or newer. I strongly suggest installing and enabling the
PHP Native password hash plugin,
especially if your WordPress install was ever run on any of the PHP 5 family.
The plugin’s two most significant advantages are it actually gets updated to
include new, more robust algorithms, and it automatically migrates passwords to
the newer algorithms on login.
Written by: Robert R. Russell on Tuesday, September 1, 2020.
I have been dealing with the issue of many people wanting one year of
experience with tool A, but they won’t train you on the differences between
tool A and tool B, which I do have experience on. But they need someone with
experience? A person with one year of experience in a tool isn’t an expert on
the tool. They are a moderately experienced beginner. Also, since Tool A and
Tool B do the same job, the differences in how those tools work is maybe a week
or two of adjustment, not a whole year of adjustment.
Written by: Robert R. Russell on Monday, August 31, 2020.
I moved this site to TLS 1.3 a few weeks ago.
So far, it has been working great if I use a web browser. Unfortunately, no
one has updated Curl to work with TLS 1.3. The is a major issue because Curl
is the HTTP client library du jour for C or languages that use C’s Foreign
Function Interface. Unfortunately, TLS 1.3 only breaks nearly all applications
that use a web callback or WordPress’ APIs.
To add TLS 1.2 back as an option
#Add below the SSLCipherSuite for TLSv1.3SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
#Add +TLSv1.2 to the end of the SSLProtocol lineSSLProtocol -all +TLSv1.3 +TLSv1.2