Code signing of java assets – creating a keystore

This is generally done via the command line, though I’ve seen it done with Ant in some cases. Here are the specifics… you’ll want to change the passwords and likely take a look at the algorithm (RSA for this example and validity (365 days in this example) for your actual use.

Background, in order to sign your java assets, you will first need to generate a key. You can later get this verified by a CA (Certifying Authority) as needed, this example is selfsigned.

NOTE: I’ll use these example values in the Maven and Ant signing code examples to follow.


keytool -genkey -keyalg RSA -alias selfsigned -keystore selfsignkeys.store -storepass 123456 -keypass 123456 -validity 365

REFERENCES:

Firefox 41+ extension signing

In the never-ending quest for browser security, Firefox has started implementing safeguards to only allow signed extensions. I found this out after upgrading to Firefox 41 as my installed version of “Deque FireEyes” stopped working. Thankfully, there is a workaround in Firefox 41, but it goes away in Firefox 42.

  • Firefox 40: warning only!
  • Firefox 41: workaround, via:

    about:config:
    xpinstall.signatures.required = false
  • Firefox 42: BLOCKED! unless signed

REFERENCES:

Ashley Madison data dump

This topic has been in the media ALOT lately, for the less technical individuals here’s a simple way to get at the information.

For (mostly) anonymous access to the ‘dark internet’…. it’s not as ominous and illegal as you might think, you can download a browser here:

https://www.torproject.org/download/download

If you don’t mind being (possibly) tracked by your IP Address, you can just download a Torrent client such as Transmission or µTorrent.

The torrent file can then be accessed here:
https://thepiratebay.mn/torrent/12237184/The_Complete_Ashley_Madison_Dump_from_the_Impact_Team

REFERENCES:

Website testing with SortSite

SortSite is a popular desktop software for testing of web applications for broken links, browser compatibility, accessibility and common spelling errors. It is also available as a web application known as “OnDemand“.

You can generate a free sample test of your website at:
http://try.powermapper.com/Demo/SortSite

REFERENCES:

Deque FireEyes accessibility testing plugin

I’ve done a lot of accessibility testing and development work over my career. One of the many free tools that I use in that role is FireEyes. Deque also has some commercial packages for developer use.

FireEyes adds a new tab on the Firebug tab bar and adds the ability to analyze a web site for WCAG 2.0 Level A and AA and Section 508 accessibility violations. The Stand-Alone version of FireEyes is a browser plugin to the FireFox browser. It requires that the FireBug plugin already be installed

Requirements:

  • Firefox 31-41

    As of 2015aug21, the current version of the extension is NOT signed and will not execute on later versions. [See my later post on this topic]

  • FireBug 2.x – Do NOT install Firebug v3 alpha as the tab will not show.

NOTE: should be on Firebug tab labeled “Worldspace Fireyes”, but does not seem to be available in Firebug3.

NOTE: if you try to download in MSIE, you must rename the .zip to .xpi, and then open with Firefox.

REFERENCES:

Google and Facebook bypassing P3P User Privacy Settings

I wrote about P3P a very long time ago, and have implemented it on several websites. Some history, the W3C crafted the P3P policy.
Microsoft introduced P3P support in IE6 (in 2001) and it remains implemented in all current versions of the browser. The primary intended use is to block 3rd party cookies within the browser on behalf of the user.

Interesting enough, Microsoft has had been a bit of a struggle with Google and Facebook, which send the following HTTP response headers.

Google’s Response:

P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Facebook’s response:

P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"

REFERENCES:

WordPress credentials for update

After moving or updating WordPress, later plugin updates may start asking for FTP and/or SSH credentials. This can be easily avoided by setting the following:

  1. In wp_config.php

    define('FS_METHOD', 'direct');
  2. Verify file ownership permissions, on Ubuntu, this is typically:

    sudo chown -R www-data:www-data YOURFOLDER

Mozilla Firefox Tracking Protection

While “Do Not Track” (DNT) was an HTTP Header used to “request” that the browser sent to a server, it was not guaranteed to be honored. New versions of Firefox support “Tracking Protection” that automatically block many common tracking mechanisms.

  • Type “about:config” in the URL line.
  • Toggle “privacy.trackingprotection.enabled” from false to true.
  • Done!

REFERENCES:

Disable IPv6 on Ubuntu

Ubuntu updates occasionally fail due to IPv6 update servers not being reachable. While I prefer to keep IPV6 activated, this approach will allow you to disable it for updates, simply reverse the steps to re-enable afterwards!

  1. Update the configuration file…

    sudo vi /etc/sysctl.conf

    ADD:

    # IPv6 disabled
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    net.ipv6.conf.lo.disable_ipv6 = 1

  2. Then, you must enable the change…

    sudo sysctl -p

  3. To verify…


    ifconfig

Upgrade Splunk server

Initially this seemed a bit problematic for me. Each time the browser client is started it (by default) checks for a new server release and prompts the user to upgrade. The installation automatically identifies the currently installed version and takes the necessary steps to migrate configuration.

Steps are similar to initial installation.

  1. Download the appropriate build for your server (i386 vs. amd64)
  2. transfer to the server via sftp or other secure means
  3. sudo /opt/splunk/bin/splunk stop
  4. sudo dpkg -i splunk*
  5. sudo /opt/splunk/bin/splunk start
  6. … accept terms… Y
  7. MIGRATE “y”
  8. http://HOSTNAME:8000
  9. sudo /opt/splunk/bin/splunk enable boot-start