Letting the workday end with some #linuxacademy - not the worst way to wind down.
📢The eagerly awaited #OpenID Connect Handbook 📓 is out!
An in-depth look at the de facto standard for handling #authentication in the modern world 🌐
The Online Abuse Playbook
"There’s a well-defined pattern to how marginalized people are attacked online. If we can understand it, we can help stop each other from participating."
Every single admin or persons with a high-volume account needs to read this.
I read this article when it came out, and saw it get played out on Twitter, practically to the letter.
Web server security – many web servers still set legacy HTTP response headers since old guides recommend to set these headers.
We added a new section to part 3 of our Web server security series that describes these headers in detail:
Don't blindly set X-Frame-Options, X-Xss-Protection, or HPKP. You likely don't need to set them.
Oh, the good old "let hostname point to 127.0.0.1 and embed the private key in the software running on localhost". This time from @firstname.lastname@example.org which actually also runs a CA and really should know better... https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
A Deep Dive into XXE Injection
So #GitLab Pages has finally rolled out their automatic #LetsEncrypt integration for hosted web sites. It's quite painless and automatically renews certs. So glad that I don't have to manually do this or maintain some brittle CI-based scripts anymore.
If you've got a GL-hosted site, take the next 90 seconds and go secure it!