The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,919 other followers

Archive for May 22nd, 2020

draw.io: the only way to remove shape waypoints is all of them via the context menu (via Tutorial 3 … draw.io Support)

Posted by jpluimers on 2020/05/22

Via [WayBack] Tutorial 3 – Connectors, Waypoints, and Altering Shapes – draw.io Online – draw.io Support: this is the only way to remove waypoints on a shape:

  1. context menu
  2. clear all

–jeroen

Posted in Cloud Apps, draw.io, Internet, Power User | Leave a Comment »

Expect your sites to be accessed over https and ensure your certificates match

Posted by jpluimers on 2020/05/22

igOver the last lustrum, there has been a steady increase in https usage. It crossed the 30% mark early 2016, crossing the 50% mark early 2017 and 80% mark early 2018, even the https-by-default configuration is now pretty large:

Ever since 2012, but especially with the increased HTTPS adoption, you can expect more and more users to run plugins like HTTPS Everywhere – Wikipedia which switch a request from insecure http to secure https.

Users are right: http is a thing from the past and https is the way to go forward.

This means you need to ensure your web sites to serve https well, which starts with servicing https at all and includes serving a correct https certificate for them.

Often, IT departments are not even aware that when serving http for a domain, the endpoint also answers https requests for that domain.

WordPress.com was really bad at this when servicing custom domains ordered from their premium plans. Which was odd, as customers payed for those domains. They solved this in spring 2016, they started to use LetsEncrypt (which started in 2015) for their certificates: [WayBack] HTTPS Everywhere: Encryption for All WordPress.com Sites — The WordPress.com Blog.

So this is what you need to do for all your subdomains:

  1. check if they are serviced by http
  2. contemplate (in fact urge to) servicing https for them
  3. when an endpoint services https, ensure the certificates for it are correct
  4. do not mix https and http in the same site
  5. avoid redirecting from https to http

Adopting https can be tedious, but many sites have already done this and wrote down their experiences, even back in 2016:

Many sites still get their https configuration wrong though, and this post is a reminder to myself for one of them.

Read the rest of this entry »

Posted in Encryption, HTTPS/TLS security, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

Authssh from Windows

Posted by jpluimers on 2020/05/22

Running autossh from Windows is still on my list, so here are a few links:

–jeroen

Posted in Communications Development, Development, Internet protocol suite, Power User, SSH, TCP, Windows | Leave a Comment »

 
%d bloggers like this: