TIL: Switching a WordPress site to HTTPS will result in mixed content. (more…)
Nginx version 1.6.2 is now available in pkgsrc as www/nginx. Addresses an SSL session reuse vulnerability (CVE-2014-3616). Enjoy!

SHA-256 SSL certificates

Written late in the morning in English • Tags: , , ,

The technical details of an SSL certificate are up to the issuing CA, which is understandable. I was still surprised when my SHA-256 CSR resulted in a SHA-1 certificate back in April, when reissuing it due to heartbleed. But I didn’t pursue it at the time.

Now that Google announced sunsetting SHA-1-signed certificates by the end of the year, the issue became more pressing. Fortunately instructions for reissuing GeoTrust-based certificates — such as the RapidSSLonline ones — were already available. (more…)

I just freed up over 5GB of RAM and closed several Chrome windows by installing OneTab.
When I click on Preview in the WordPress editor, Fluid makes a GET request to the web server. It still uses the action address specified in the #post form (post.php), just not the POST method. But none of the form values are included, so I end up staring at a listing of all posts instead of the preview I wanted. Maybe it is getting confused by the fact that the #post-preview “button” is actually an HTML link (an a element)? There is also some JavaScript that attaches to the click event of the link (see the doPreview() function).
CloudFlare must be rolling out new changes: I’ve seen the NetBSD Planet fail with a “cloudflare-nginx” generated “500 Internal Server Error” for an hour or two the past couple of nights. Last night at around 9pm UTC it happened again and didn’t recover. I changed the backend from an IPv6 address to IPv4 and that brought the site back. Eventually we’ll have to live with just IPv6 addresses, so this is an unfortunate regression on CloudFlare’s part.

Dilbert RSS

Written late in the morning in English • Tags:

Since yesterday the Dilbert RSS feed no longer includes an image element, so I revived my feed of long ago:


That’s actually a new address, because the old one wouldn’t work in Feedly. (more…)