For some reason I found this rule to be difficult but finally got it to work thanks to the internets. This is the only rule that worked within the NGINX configuration to get only the root URL to redirect to (in my case) a non-SSL location. Here’s the section:
For a number of reasons, it recommends disabling SSLv3 (as a result of its insecurity), settings AES256 as the standard cipher to utilize and a couple of other things that can prevent attacks. Good stuff to tighten up security on an NGINX SSL implementation.
After events that occurred with AT&T on the technical and customer service sides back when I first moved into my new house, I wasn’t quite sure what to expect with changing over, once again, to new service. However, after all of the frustration and mind-boggling breakdowns in order processing and account bungling from a few months ago, this has been worth the wait.
I had a failure recently when trying to compile ModSecurity as a standalone module for use within NGINX that seemed to be pretty consistent with what others were experiencing, from the limited number of sites that seemed to have information on this particular problem. I knew it was possible to set this up, but I also knew I was missing something.
After scanning the internet for a solution and getting some pointers from Ryan Barnett at Trustwave’s SpiderLabs, I finally found what I was looking for to get this to work.
Though I haven’t proven this theory out yet I’ve been wondering since it seems to me to be a difference in stability. So my neighbors all around me have U-verse and have had all kinds of issues in which a U-verse tech has had to come out to resolve their issues. I’ve had basically none, with a couple of exceptions (area-wide drops). One neighbor had to have the line at the curb completely dug up and reset, but that was a different issue. When they setup my connection, I asked up front to run twisted pair from the outside to my router/gateway instead of using coax. As I understand it, unless I’m mistaken, the default is to use coax which, sure enough, all my neighbors have. As it pertains to VDSL2+ (the protocol U-verse uses), is twisted pair more stable than coax as a medium for delivery? I’m just curious, because that would be an easy thing to ask for at the beginning. I don’t know that this is the case, but I would be interested to see stats on that. Here are my numbers using twisted pair after 113 days of data/error collection:
My, how easily we forget history. Even recent history. 2006 wasn’t that long ago, when an AT&T technician outed the National Security Agency’s program to install Narus data siphoning devices in the AT&T central offices. At the time Bush was president. Conservatives ignored all the noise about warrantless wiretaps from their political opponents and explained it away as necessary for the war on terror (oddly enough as our own president did today). I even held that view until these revelations. Then I became concerned. Little did the conservatives realize the civil libertarians (and concerned liberals) were right all along: this will be used, not for outsiders, but for us (much like DHS, but that’s another story, though eerily related).
Now Obama is president and the tables are turned. If we go back and read the articles in which the media was (rightly) concerned about President Bush’s warrantless wiretapping as it relates to the Constitution, we see it takes on a whole new meaning now that Obama is President and conservatives are being targeted. Whether it’s Bush or Obama though (who, on this point at least, are one in the same), we are coming to find out that we’re all civil libertarians now. The government has way too much power for the good of us all. And it will never lessen its grip without a fight.
That it has been revealed Verizon has tracked (eh hem, is tracking, eh hem) millions of calls only reveals the tip of the iceberg. It goes much, much deeper and broader than that.
Below is a list of some of the stories, videos and testimony from the early to mid-2000’s forward in which all of this was brought up over and over again: NSA is siphoning and storing our data. All they can get their hands on. They siphon it, mine it, store it, create data cubes off of it, make it searchable, sort it, analyze it, report off of it. What I know from the IT world of data storage, searching and analysis, applied to private data in this context, is frightening. And now NSA is fixing to launch their Bluffdale data center in which yottabytes of data will be stored. It’s a Brave New World. Big Data isn’t just a concept in the corporate IT world, but rather very much a part of data acquisition, storage, reporting, and sorting theory by the government.
What more can be said to show this government is out of control? Not sure what else can be done, short of a serious crisis to get us to wake up. The cultural rot, the malaise, the lack of incentive, the entitlement, the willful ignorance, and most of all, the loss of gospel-truth taking hold in people’s hearts. Saddening situation.
Lord help us, seriously, if there is ever a serious crisis causing dislocation. Emergency legislation waits in the wings. You know I never have understood over the years when I talk to people about these things how they can just flippantly say, “Yeah, I’m sure they’re listening to everything,” almost in disbelief. And I reply, “No seriously, they’re siphoning our data,” so as to emphasize the fact that it is happening, I’m not talking in hypotheticals. Unfortunately it will take a series of crises to get people to wake up to the seriousness of what we’re facing politically, economically, socially, spiritually.
I’ve been looking at a solution for this for quite some time. Until recently, the only way to make this work was to jailbreak your phone and use GuizmOVPN or some other type of app, which of course voids your warranty. But then along came OpenVPN Connect, an app for the iPhone and the iPad that is extremely simplistic to use (well, relatively speaking for OpenVPN). It works just like any other client side setup for OpenVPN, only you move the certs and config files over through iTunes File Sharing (which is probably the more secure way to do this transaction). This is an absolutely amazing way to secure your traffic to and from an OpenVPN server, from wherever you are, using 3g/4g or Wi-Fi.
Download the OpenVPN Connect app from iTunes on to your iPhone or iPad.
Take a sample client.ovpn file and modify it with your particular settings to connect to your OpenVPN server. Make sure and set the cert and key names to exactly what you’ll be copying over, otherwise it won’t reference the proper files from within the config.
Get your client.crt, client.key, ca.crt, ta.key, and client.ovpn files ready for moving over to your phone. (these file names are just examples)
Open iTunes with your phone or device connected.
Select the device on the left-hand side.
Click the Apps tab at the top.
Scroll down to the File Sharing section, select OpenVPN and drag n’ drop your five files (should be five at least) into the OpenVPN Documents window. Once they are moved over, go ahead and do a sync just to make sure everything is good.
As long as everything was setup correctly in the client.ovpn file and your certs are all good, you should be able to open your app and add it as a new profile. Once the the new profile is added in the app, you should be able to connect.
Note: As an aside, if you want to secure all your traffic to and from the OpenVPN server, make sure and set this parameter before you upload the client.ovpn file: redirect-gateway def1
The downside? It eats battery life like crazy. That all may depend on your encryption level and key size though. In addition, each time you want to edit the client.ovpn, you have to edit it locally on your computer and re-upload it. But considering the alternative (no VPN, PPTP, or jailbreaking your phone), this is an excellent app.
This problem has been perplexing me for several months now, ever since I upgraded my server to 12.10 Quantal. Finally found a solution (Can’t remember the site where I found it though)! These are the instructions for a profile that’s already been configured that no longer works.
Open the NX Client for Windows (in my case).
In the Session section, select the session profile you originally created, that no longer works.
Under the General tab, and the Desktop section, ensure that Unix and GNOME is selected.
Now, in the same tab, in the Display section, check the box next to Use custom settings, and click Settings.
Under the Performance section, check the box next to Disable the render extension.
Click Ok, then on the next screen, click Save and Ok.
Here are some highlights from the conference. There’s a lot more detail, but this is the good stuff I’ve gathered.
SP2013 RTM was released.
Drag and drop documents into document folder; preview documents in pop-up window (including the ability to scroll through, it’s not just an image). Really cool.
Drag and drop does work cross-browser. Really great news.
One of the coolest functions for developers and designers in SP2013: automatic HTML to master page conversion.
SP2013 is backward compatible with 2010 … in almost every way, from back-end to front-end (this was contradicted later as I’ll show, however for the most part, I believe it’s accurate)
SP2013 central admin UI is different but structure/taxonomy is the same for the most part
Said in keynote: custom solutions work just the same in 2013 from 2010. (Yeah, we’ll see )
New: Search-driven navigation. Intriguing and powerful.
Your own profile in MySites has a news feed that looks almost like Facebook and Twitter combined. You can follow certain sites or (what were once called) document libraries and it will all show up in one feed. You can then interact with others’ posts and conversations.
Client and server-side, they made significant reductions in I/O (on the back-end) and bandwidth (via the front-end); 40% reduction in bandwidth usage over-all; 50% reduction in SQL I/O by eliminating redundant queries and limiting the number of queries a single page makes; image compression is now 4X what it was.
eDiscovery: not just for SP, but also Exchange and other apps (like Project Server). You can freeze a file in its existing state, without affecting the file itself (meaning changes can still be made, but it doesn’t change the copy you’ve frozen), without user knowing it, in case of audit.
When versioning items, now only the delta is saved as opposed to the entire item each time. This significantly reduces SQL content DB growth.
Web analytics is now rolled into search. Very cool.
Down side: you cannot do an in-place upgrade. Only database attach. Not many people were happy about that apparently (maybe it was just me; that’s how I upgraded 2007 to 2010).
Down side: Office Web Apps now exists on its own, you no longer install it within SP as a service application. If upgrading, you would need to install Office Web Apps on its own server(s).
OWA bolts into Exchange now. Interesting.
For whatever reason, I got an upgraded hotel room at Mandalay Bay; a suite, very nice:
It’s amazing these are still allowed in hotels. Wonder how much longer that will last. Even Vegas still holds out hope and truth though for now.
Mandalay Bay Hotel, Luxor in the middle, and THEhotel to the left.
ClubLAX, aka ClubSPC (since M$ bought it out from 6-8pm one night); the decibel level was astounding. I’m getting old.
Bumblebee, of course.
One of the many meals where 10,000 people were served two full meals a day. Quite a serious logistical operation. Mandalay Bay pulled it off. Very impressive.
Waiting in line, for 40 minutes, with 10,000 people for Jon Bon Jovi and a lot of food; the SPC Beach Party. The lobster tacos were killer. I was too full after those to try anything else. I had to bolt early to make it to the next event …
This was the highlight for me: The @RBAConsulting Sky Party. 34th floor of the Palms Casino Resort, overlooking the strip. I overheard that this loft/suite was $40,000 a night? Good grief. Cigar rolling, drink, food, music, all overlooking Vegas. The pool went out over the edge, suspended. It was by far the coolest event I went to.
Best shot I got …
DJ, mixin’ it up! He never did get around to the Snoop Dogg song I requested though