Bandwidth theft or “hotlinking” is direct linking to a web site’s files (images, video, etc.). An example would be using an tag to display a JPEG image you found on someone else’s web page so it will appear on your own site, eBay auction listing, weblog, forum message post, etc. …
I wanted to cover off some interesting work I’ve been doing with website minification that I wanted to share. The size of the average web page (top 300,000 websites) passed 1600K for the first time in July. We’re cramming more images and html into our websites and with all this information we need to ensure a responsive experience for the users of our sites. It’s useful to regularly check the size of pages and take actions to try and minimize website sizes. This improves the rendering of the site for the user and lowers costs of hosting for the administrator....…
I had a co-worker ask me about upgrading puppet modules and I thought I’d share the information I spoke to them about. Writing individual puppet modules for a client can be a time consuming process. Luckily for us puppet modules for common tasks have been written and published. Using these modules enables the Systems Administrator to cut down on the amount of code they need to write and manage. However, things get tricky when you’re managing multiple environments (change controlled puppet deployments!), multiple networks/clients and want to keep the modules updated. …
Previously I highlighted the release of an exploit to elastic search that results in the ability to execute unauthorized code on a server running elasticsearch 1.1.x. It has just been reported that this same exploit is now being used to install DDOS (distributed denial of service) bots on vulnerable machines hosted within AWS. Elasticsearch instances should always be treated like a database and not be directly exposed to the internet. As a minimum you should be using plugins to nginx to get JSON functionality direct from the web server and have it act as a proxy to back end processes...…
July 25, 2014 is the 15th Annual System Administrator Appreciation Day. Cake welcome! The first System Administrator Appreciation Day was celebrated on July 28, 2000. Kekatos was inspired to create the special day by a Hewlett-Packard magazine advertisement in which a system administrator is presented with flowers and fruit-baskets by grateful co-workers as thanks for installing new printers. Kekatos had just installed several of the same model printer at his workplace. The official SysAdmin Day website includes many suggestions for the proper observation of the holiday. Most common is cake and ice cream. Many geek and Internet culture businesses, such...…
forward secrecy In cryptography, forward secrecy (abbreviation: FS, also known as perfect forward secrecy or PFS) is a property of key-agreement protocols ensuring that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. The key used to protect transmission of data must not be used to derive any additional keys, and if the key used to protect transmission of data is derived from some other keying material, then that material must not be used to derive any more keys. In this way, compromise of a...…