Automating deployment of Let's Encrypt certificates.

  howto lets_encrypt linux ssl sysadmin tls web

A couple of weeks back, somebody I know asked me how I went about deploying SSL certificates from the Let's Encrypt project across all of my stuff.  Without going into too much detail about what SSL and TLS are (but here's a good introduction to them), the Let's Encrypt project will issue SSL certificates to anyone who wants one, provided that they can prove somehow that they control what they're cutting a certificate for.  You can't use Let's Encrypt to generate a certificate for because they'd try to communicate with the server (there isn't any such thing but …


An interesting discovery about Dreamhost.

  dreamhost lets_encrypt ssl undocumented web_hosting ip_addresses

As you may or may not be aware, I've been a customer of Dreamhost for many years now (if you want to give them a try, here's my referral link).  Both professionally and personally, I've been hosting stuff with them without many complaints (their grousing about my websites being too large is entirely reasonable given that I'm on their shared hosting plan).  Something always got me about their SSL support, though, was that you had to buy a unique IP address from them if you wanted to use it.  That cost a pretty penny, almost as much as I pay …


Canonical Wikileaks URLs and SSL certificate fingerprints.

  certificates cryptography fingerprints hashes important ssl wikileaks

Official Wikileaks document submission URLs:
http://suw74isz7wqzpmgu.onion/ (Tor only)

Source: /pictures/the_next_hope-2010/img_1624.jpg, taken 17 July 2010 at the keynote address. Image taken of Jacob Appelbaum's presentation slide.

Official SHA-256, SHA-1, and MD5 fingerprints of the Wikileaks document submission URLs:



MD5 …


"MD5 considered harmful today"... but why?

  algorithms certificates collisions digital_signature_forgery digital_signatures hashes massively_parallel_computation md5 message_digests pki public_key_cryptography ssl

If you've been following in the past twenty-four to forty-eight hours you heard about what went down at the Chaos Computer Congress yesterday - a group of security researchers figured out how to exploit the flaws in the MD5 hash algorithm to forge CA certificates, thus placing SSL encryption as we know it in jeopardy.

...right? Breaking SSL is bad, yeah?

Like many things in life (and nearly everything in cryptography) it's not that simple or that straightforward. Yes, this is bad, but it's not "go back to punchcards" bad.

Let's take it step by step. First of all …


Firefox plug-ins I have known and loved.

  privacy addons browser google javascript mozilla plugins proxy security ssl tor warnings web_bugs

It's been said that the killer app that made the Net as ubiquitous as it is today is the web browser, with e-mail running a close second. Just about everyone uses a browser in some capacity or another to access news, information, and e-mail, possibly moreso than dedicated applications (such as e-mail readers, RSS readers, or database searching applications). As great as they are, web browsers have their own unique sets of problems and vulnerabilities that have to be taken into account, especially if privacy is of concern to you.

Firefox, in my considered opinion, is an excellent web browser …


Helllllooooooooo.... Philadelphia!

  wtf pennsylvania philadelphia sitrep ssh ssl travel wireless work

Well, I'm the field again, back in Philadelphia, Pennsylvania to fight the good fight.

Or get myself so worked up that I'll blow through an incarnation, I'm not sure which. It's too early to tell.

My cow-orkers picked me up around 1000 EST5EDT on Monday morning (so written because it'll be well after midnight when I get around to posting this) - apparently my vehicle is distinctive enough that they found my apartment building without too much trouble. Apparently they like the magnets on my car, something that I find endlessly amusing because so few people mention them. After a quick …