The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,732 other followers

Archive for the ‘HTTP’ Category

« Previous Entries

Setting up a GitHub project so it is served over https as a github.io and a custom subdomain

Posted by jpluimers on 2022/04/27

Some links that helped me getting this working:

The goal is to have a githubstatus.wiert.me plain html (or maybe markdown) page that eventually will show some status information (kind of like githubstatus.com, but for different things).

Note that for free accounts, private repositories cannot publish pages: [Wayback] Troubleshooting custom domains and GitHub Pages – GitHub Docs:

GitHub Pages is available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see “GitHub’s products.”

[Wayback] GitHub’s products contradicts this by limiting GitHub Pages to only GitHub Pro and GitHub Team and higher levels.

Steps I did

Since there are quite a few links above, here are the steps I took from my github.com/jpluimers account:

  1. For  jpluimers.github.io/jpluimers (steps 1, 3, 4 and 5 were the key ones):
    1. Created a new GitHub repository github.com/jpluimers/jpluimers with license (in my case MIT license) and README.md (which by default is filled like this).
    2. Amended the README.md from my StackExchange profile.
    3. Enabled Pages publishing by switching the source from None to the main branch.
    4. GitHub automagically published it at jpluimers.github.io/jpluimers.
    5. Verified it was running at jpluimers.github.io/jpluimers (note there is no site at jpluimers.github.io yet – it shows a 404 error as in this archived version, see below why).
    6. Fixed the Twitter profile link so it is easier to find back my surviving rectal cancer story.
    7. Fixed the link to my www.race-checker.com running results as by now that is a Chinese Porn site because the underlying company 4Athletes Sports GmbH went belly up in 2019 (and still owns the race-checker trademark) and  updated the half marathon results as well.
    8. I verified the deployment actions at github.com/jpluimers/jpluimers/deployments/activity_log?environment=github-pages.
  2. For jpluimers.github.io (step 1 and 3 were the key ones):
    1. Created a new GitHub repository github.com/jpluimers/jpluimers.github.io with license (in my case MIT license) and README.md (which by default is filled like this: only one heading 1 line with the name of the repository).
    2. GitHub automagically set the source to the main branch, then published it at jpluimers.github.io.
    3. Verified it was running at jpluimers.github.io.
    4. I verified the deployment action at github.com/jpluimers/jpluimers.github.io/deployments/activity_log?environment=github-pages.
  3. For githubstatus.wiert.me :
    1. Created a new GitHub repository github.com/jpluimers/jpluimers.github.io with license (in my case MIT license) and README.md (which by default is filled like this: only one heading 1 line with the name of the repository).
    2. Enabled Pages publishing by switching the source from None to the main branch.
    3. I verified the jpluimers.github.io/githubstatus.wiert.me page existed (it will be gone soon).
    4. Set the custom domain to githubstatus.wiert.me.
    5. Now GitHub, after the DNS check, complained rightly that “githubstatus.wiert.me is improperly configured”, as it needs to be “set up with a correct CNAME record … We recommend you change this to a CNAME record pointing to jpluimers.github.io.”.
    6. So in the DNS settings panel of my wiert.me domain, I added a DNS record of type CNAME, with name githubstatus.wiert.me pointing to jpluimers.github.io.
      CNAME githubstatus.wiert.me Alias of jpluimers.github.io

      CNAME githubstatus.wiert.me Alias of jpluimers.github.io

      1. In retrospect, I should have reversed steps 6. and 4, as now this was the order of events, with a lot of waiting for the DNS to time-out.

        The DNS timeout was because githubstatus.wiert.me originally pointed via the DNS CNAME entry *.wiert.me to the blog at wiert.me, the timeouts were set by the domain provider (in this case WordPress.com), see the DNS nslookup information for *.wiert.me [Wayback/Archive.is].

        If I had set the DNS CNAME first, then the below list would have been much shorter.

        This was the order of events waiting for the DNS to timeout and the CNAME entry to take effect:

          1. Before entering the githubstatus.wiert.me custom domain “Your site is ready to be published at https://jpluimers.github.io/githubstatus.wiert.me/
          2. After entering the githubstatus.wiert.me custom domain:

            Your site is published at http://githubstatus.wiert.me/

            and a “Check Again” button preceded with:

            githubstatus.wiert.me is improperly configured
            Your site’s DNS settings are using a custom subdomain, githubstatus.wiert.me, that’s not set up with a correct CNAME record.

            We recommend you change this to a CNAME record pointing to
            jpluimers.github.io.

            and an “☐ Enforce HTTPS” checkbox followed by:

            Unavailable for your site because your domain is not properly configured to support HTTPS (githubstatus.wiert.me)

          3. After configuring the DNS information, and pressing the “Check Again” button the text briefly shows

            githubstatus.wiert.me DNS check is in progress.
            Please wait for the DNS check to complete.

            and an “☐ Enforce HTTPS” checkbox followed by:

            Unavailable for your site because your domain is not properly configured to support HTTPS (githubstatus.wiert.me)

          4. After a few minutes at the top of the page:

            Domain githubstatus.wiert,me is not eligible for HTTPS at this time.

            followed by the same “Check Again” button preceded with:

            githubstatus.wiert.me is improperly configured
            Your site’s DNS settings are using a custom subdomain, githubstatus.wiert.me, that’s not set up with a correct CNAME record.

            We recommend you change this to a CNAME record pointing to
            jpluimers.github.io.

          5. A few more minutes later:

            Requesting a certificate for githubstatus.wiert.me. It can take up to an hour to propagate.

            followed again by the above “Check Again” button.

          6. More than an hour later:

            Certificate already exists for githubstatus.wriert.me and is usable.

            followed again by the above “Check Again” button.

          7. The next morning, a green checkmark () had appeared behind the githubstatus.wiert.me custom domain and the text following the “☐ Enforce HTTPS” had by:

            HTTPS provides a layer of encryption that prevents others from snooping on or tampering with traffic to your site.

          8. Both these URLs now function correctly (so I can test a page both with and without TLS):

        The above order is typical for DNS timeouts on a distributed computing system like GitHub: some parts of the system are waiting for the DNS time out and therefore list failure, while some other parts already have had the updated DNS CNAME entry and therefore list success

    7. After waiting for the DNS timeout (this was a long wait, I probably should have reversed steps 6. and 4.), verified that https://githubstatus.wiert.me/ was loading fine.
    8. I verified the deployment actions at github.com/jpluimers/githubstatus.wiert.me/deployments/activity_log?environment=github-pages

Note: I saved the TLS information – including certificates here:

–jeroen

Posted in Cloud, Communications Development, Development, Encryption, GitHub, HTML, HTTP, HTTPS/TLS security, Infrastructure, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, Source Code Management, TCP, TLS, Web Development | Leave a Comment »

Bash functions to encode and decode the ‘Basic’ HTTP Authentication Scheme

Posted by jpluimers on 2022/02/24

IoT devices still often use the ‘Basic’ HTTP Authentication Scheme for authorisation, see [Wayback] RFC7617: The ‘Basic’ HTTP Authentication Scheme (RFC ) and [Wayback] RFC2617: HTTP Authentication: Basic and Digest Access Authentication (RFC ).

Often this authentication is used even over http instead of over https, for instance the Egardia/Woonveilig alarm devices I wrote about yesterday at  Egardia/Woonveilig: some notes about logging on a local gateway to see more detailed information on the security system. This is contrary to guidance in:

  • RFC7617:
       This scheme is not considered to be a secure method of user
   authentication unless used in conjunction with some external secure
   system such as TLS (Transport Layer Security, [RFC5246]), as the
   user-id and password are passed over the network as cleartext.
  • RFC2617:
       "HTTP/1.0", includes the specification for a Basic Access
   Authentication scheme. This scheme is not considered to be a secure
   method of user authentication (unless used in conjunction with some
   external secure system such as SSL [5]), as the user name and
   password are passed over the network as cleartext.

Fiddling with those alarm devices, I wrote these two little bash functions (with a few notes) that work both on MacOS and in Linux:

# `base64 --decode` is platform neutral (as MacOS uses `-D` and Linux uses `-d`)
# `$1` is the encoded username:password
function decode_http_Basic_Authorization(){
  echo $1 | base64 --decode
  echo
}

# `base64` without parameters encodes
# `echo -n` does not output a new-line
# `$1` is the username; `$2` is the password
function encode_http_Basic_Authorization(){
  echo $1:$2 | base64
}

The first decodes the <credentials> from a Authorization: Basic <credentials> header into a username:password clean text followed by a newline.

The second one encodes a pair of username and password parameters into such a <credentials> string.

They are based on these initial posts that were not cross platform or explanatory:

  1. [Wayback] Decode HTTP Basic Access Authentication – Stack Pointer
  2. [Wayback] Create Authorization Basic Header | MJ’s Web Log

–jeroen

Posted in *nix, *nix-tools, Apple, Authentication, bash, bash, Communications Development, Development, HTTP, Internet protocol suite, Linux, Mac OS X / OS X / MacOS, Power User, Scripting, Security, Software Development, TCP, Web Development | Leave a Comment »

GitHub – TimeToogo/tunshell: Remote shell into ephemeral environments 🐚 🦀

Posted by jpluimers on 2021/11/25

Cool: [Wayback/Archive.is] GitHub – TimeToogo/tunshell: Remote shell into ephemeral environments 🐚 🦀

Via: [Archive.is] Jan Schaumann on Twitter: “This looks neat: on-demand remote shell into ephemeral environments, e.g. CI/CD pipeline container. Both sides fetch a client, use rendezvous server to negotiate session info, then establish connection or fall back to proxy through rendezvous. “

Read the rest of this entry »

Posted in Communications Development, Development, DevOps, HTTP, Infrastructure, Internet protocol suite, Power User, Software Development, TCP, WebSockets | Leave a Comment »

Random User Generator | Home

Posted by jpluimers on 2021/11/23

Cool tool for when you ever need random users to test a system [Wayback] Random User Generator | Home:

Random user generator is a FREE API for generating placeholder user information. Get profile photos, names, and more. It’s like Lorem Ipsum, for people.

This was used when extracting Parler data to substantiate evidence around the 20210106 USA Capitol riots.

You can even use a simple HTTP GET like [Wayback] randomuser.me/api and get a JSON result like this.

{"results":[{"gender":"female","name":{"title":"Miss","first":"Malou","last":"Mortensen"},"location":{"street":{"number":2669,"name":"Lyngbyvej"},"city":"Sundby","state":"Syddanmark","country":"Denmark","postcode":48047,"coordinates":{"latitude":"-35.1307","longitude":"113.7480"},"timezone":{"offset":"+1:00","description":"Brussels, Copenhagen, Madrid, Paris"}},"email":"malou.mortensen@example.com","login":{"uuid":"981747de-66fe-40b0-87ea-adfe403fe1be","username":"purpleostrich871","password":"sweets","salt":"x86aQbIB","md5":"55497ac53530b428f98b9d36267ceeef","sha1":"358b94ffabe7d827c34da15791e5d6717c594428","sha256":"6e357e887877e29b7e6d53073f648174382c53c24f83479e25fed9c82075ed32"},"dob":{"date":"1995-06-05T04:50:35.145Z","age":26},"registered":{"date":"2018-07-21T00:59:50.523Z","age":3},"phone":"02990797","cell":"94800012","id":{"name":"CPR","value":"050695-9954"},"picture":{"large":"https://randomuser.me/api/portraits/women/27.jpg","medium":"https://randomuser.me/api/portraits/med/women/27.jpg","thumbnail":"https://randomuser.me/api/portraits/thumb/women/27.jpg"},"nat":"DK"}],"info":{"seed":"8971869bb62b73d7","results":1,"page":1,"version":"1.3"}}

Via:

–jeroen

Read the rest of this entry »

Posted in Communications Development, Development, HTTP, Internet protocol suite, JavaScript/ECMAScript, JSON, Python, REST, Scripting, Software Development, TCP | Leave a Comment »

The browser wars that started on iOS (forcing Safari) and Android (forcing Chrome) now are continued on Windows 11 (forcing Edge)

Posted by jpluimers on 2021/10/05

Via:

 

Posted in Awareness, Development, HTTP, Internet protocol suite, Software Development, TCP, TLS, URI, Web Development | Leave a Comment »

« Previous Entries
 
%d bloggers like this: