Podcasts about hsts

  • 44PODCASTS
  • 68EPISODES
  • 50mAVG DURATION
  • ?INFREQUENT EPISODES
  • Dec 5, 2024LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about hsts

Latest podcast episodes about hsts

CISSP Cyber Training Podcast - CISSP Training Program
CCT 199: Practice CISSP Questions - DNSSEC, IPSec, DoH, DoT and other Networking Security (Domain 4)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Dec 5, 2024 23:27 Transcription Available


Send us a textDiscover how a ransomware attack nearly brought vodka titan Stoli to its knees, pushing the company to the brink of bankruptcy with a staggering $78 million debt. This episode promises a compelling exploration of the catastrophic impact on their ERP systems and the urgent need for a solid business resiliency plan. Join me, Sean Gerber, as we unravel the complexities of managing IT risks, the geopolitical challenges faced by companies like Stoli, and the critical importance of conveying these risks to senior leadership—especially when regulatory deadlines loom.On a technical front, we'll demystify the nuances between IPsec transport and tunnel modes, breaking down misconceptions and shining a light on potential vulnerabilities such as outdated TLS versions. Learn why HSTS and DNS over HTTPS might not be the silver bullets they appear to be, and how HTTPS, while robust, isn't immune to phishing threats. This episode is an essential guide for cybersecurity professionals keen on fortifying their defenses against the relentless and evolving threats in today's digital landscape. Tune in for a rich blend of analysis and insights that underscore the vital role of awareness and technical knowledge in safeguarding our digital world.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

Day[0] - Zero Days for Day Zero
Attack of the CUPS and Exploiting Web Views via HSTS

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Sep 30, 2024 68:09


In this week's episode, we cover an attack utilizing HSTS for exploiting Android WebViews and abusing YouTube embeds in Google Slides for clickjacking. We also talk about the infamous CUPS attack, and the nuances that seem to be left behind in much of the discussion around it. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/257.html [00:00:00] Introduction [00:01:30] Exploiting Android Client WebViews with Help from HSTS [00:09:08] Using YouTube to steal your files [00:18:43] Attacking UNIX Systems via CUPS, Part I Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Gender: A Wider Lens Podcast
180 - The Many Roots and Presentations of Gender Dysphoria in Males

Gender: A Wider Lens Podcast

Play Episode Listen Later Aug 28, 2024 70:07


SPECIAL ANNOUNCEMENT FROM OUR SPONSOR: Therapy First is hosting a live webinar August 29th at 7pm EDT. “Moral Injury and the Call to Recovery” with therapist, author and social scientist, Amber Ault, PhD. CLICK HERE TO REGISTER. *Therapy First has been approved by NBCC as an Approved Continuing Education Provider,ACEP No. 7505. This webinar provides 1.5 hours of CE credits.This episode is a special mid-week release! No special guest for this conversation, just an important and thoughtful exchange between hosts, Sasha and Stella, exploring some of the common and yet intensely complex manifestations of gender dysphoria in males. This discussion offers a careful examination of the broad psychological, developmental, and sexual dynamics shaping male identity, the effects of testosterone, and perceptions around gender roles.Stella and Sasha guide listeners through several frameworks for understanding different experiences of gender dysphoria in males, including autogynephilia (AGP), homosexual transsexual (HSTS), and rapid onset gender dysphoria (ROGD). It's crucial to recognize that while diagnostic frameworks offer insight, they can oversimplify the complexities of human identity and behavior. Traits associated with AGP, HSTS, ROGD, or even neurodiversity, like autism, may overlap and interact in ways that are not fully understood, underscoring the need for a more integrated understanding that avoids overly simplistic categorizations and fosters more nuanced and optimized support.For links and resources relevant to this episode, access the full show notes at https://www.widerlenspod.com/p/episode-180  Buy Our Book – When Kids Say They're Trans: A Guide for Thoughtful Parents at https://whenkidssaytheyretrans.com/   Join Our Listener Community to Access Exclusive Content at https://www.widerlenspod.com/   Support the Show at https://www.widerlenspod.com/p/support-the-show   Join the conversation on YouTube at www.youtube.com/@widerlenspod  For more information about Sasha's & Stella's parent coaching membership groups, visit:Sasha Ayad: https://sashaayad.com/parenting-coaching   Stella O'Malley: http://www.stellaomalley.com/parent-coaching  To learn more about our sponsors, visit:Therapy First at https://www.therapyfirst.org/  Genspect at https://genspect.org/  This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.widerlenspod.com/subscribe   This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.widerlenspod.com/subscribe

T-Time
TT 09: Back in the closet with Janie Danger

T-Time

Play Episode Listen Later Jul 25, 2024 66:31


If you're a fan of Beauty Translated, or just Janie Danger, you're in for a treat today. With us on the pod today is Carmen's former partner in podcasting crime talking all about her new album "East Atlanta Sober", Janie Danger!!! Carly is just getting off a flight to join us for this kiki. We're talking about our upcoming rebrand, the attempted assassination of Trump, Being half AGP and half HSTS, and future travel plans! If you love this episode and want more Janie, be sure to head over to our Patreon - she'll be taking listener calls with us during this week's Sunday Service. Stream "East Atlanta Sober" Janie's inspo playlist. Give us a call on our Loveline: (678) 460-6253 ‬ Thank you so much to our Patreon subscribers, we love you! Intro song: Janie Danger - God's Perfect Victims Outro song: Janie Danger - Whiskey Mule Find the dolls over on Instagram: @TheCarmenLaurent, @Tr4nbie & @ttime_pod

Open Source Security Podcast
Episode 431 - Redirecting HTTP to HTTPS

Open Source Security Podcast

Play Episode Listen Later Jun 3, 2024 32:52


Josh and Kurt talk about a blog post titled "Your API Shouldn't Redirect HTTP to HTTPS". It's an interesting idea, and probably a good one. There is however a lot of baggage in this space as you'll hear in the discussion. There's no a simple solution, but this is certainly something to discuss. Show Notes Your API Shouldn't Redirect HTTP to HTTPS Hacker News discussion HSTS Section 5.1

Security Now (MP3)
SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

Security Now (MP3)

Play Episode Listen Later Jan 31, 2024 137:02


iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS sites TOTP codes/secrets and Bitwarden SpinRite on Mac SpinRite v6.1 is done! LearnDMARC.com Alex Stamos on "Microsoft Security" Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT

All TWiT.tv Shows (MP3)
Security Now 959: Stamos on "Microsoft Security"

All TWiT.tv Shows (MP3)

Play Episode Listen Later Jan 31, 2024 137:02


iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS sites TOTP codes/secrets and Bitwarden SpinRite on Mac SpinRite v6.1 is done! LearnDMARC.com Alex Stamos on "Microsoft Security" Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT

Security Now (Video HD)
SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

Security Now (Video HD)

Play Episode Listen Later Jan 31, 2024


iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS sites TOTP codes/secrets and Bitwarden SpinRite on Mac SpinRite v6.1 is done! LearnDMARC.com Alex Stamos on "Microsoft Security" Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT

Security Now (Video HI)
SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

Security Now (Video HI)

Play Episode Listen Later Jan 31, 2024


iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS sites TOTP codes/secrets and Bitwarden SpinRite on Mac SpinRite v6.1 is done! LearnDMARC.com Alex Stamos on "Microsoft Security" Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT

Radio Leo (Audio)
Security Now 959: Stamos on "Microsoft Security"

Radio Leo (Audio)

Play Episode Listen Later Jan 31, 2024 137:02


iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS sites TOTP codes/secrets and Bitwarden SpinRite on Mac SpinRite v6.1 is done! LearnDMARC.com Alex Stamos on "Microsoft Security" Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT

Security Now (Video LO)
SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

Security Now (Video LO)

Play Episode Listen Later Jan 31, 2024


iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS sites TOTP codes/secrets and Bitwarden SpinRite on Mac SpinRite v6.1 is done! LearnDMARC.com Alex Stamos on "Microsoft Security" Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT

All TWiT.tv Shows (Video LO)
Security Now 959: Stamos on "Microsoft Security"

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Jan 31, 2024 137:01


iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS sites TOTP codes/secrets and Bitwarden SpinRite on Mac SpinRite v6.1 is done! LearnDMARC.com Alex Stamos on "Microsoft Security" Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT

Radio Leo (Video HD)
Security Now 959: Stamos on "Microsoft Security"

Radio Leo (Video HD)

Play Episode Listen Later Jan 31, 2024 137:01


iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS sites TOTP codes/secrets and Bitwarden SpinRite on Mac SpinRite v6.1 is done! LearnDMARC.com Alex Stamos on "Microsoft Security" Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT

Signals to Danger - Railway disasters in the UK
RAIB Roundup 7th January 2024

Signals to Danger - Railway disasters in the UK

Play Episode Listen Later Jan 7, 2024 54:29


The first StD of 2024 takes a look at some recent safety digests, the release of the London Gateway report, and weighs in on the current debate about the safety of HSTs. Get bonus content on Patreon Hosted on Acast. See acast.com/privacy for more information.

STAB!
STAB! 374 – An Akira Type Situation

STAB!

Play Episode Listen Later Dec 8, 2023 46:15


In this dystopian episode of the STAB! show, supernatural host Jesse Jones welcomes a flesh mound panel of Nicole Eichenberg, Leo Antolin & Sean Crandall to share their three HSTs, pick-up lines to or from the clearance aisle at Michael's, a guy who always launches snot rockets, & protoplasm, recipes for vacation that’s more trouble … Continue reading »

Mountain Practice Journeys
Honoring Yourself As A Sensitive Therapist with guest April Snow [Episode 99]

Mountain Practice Journeys

Play Episode Play 58 sec Highlight Listen Later Sep 11, 2023 26:12 Transcription Available


Here in Episode 99 I chat with April Snow about how to honor yourself as a sensitive therapist and business owner. Highly Sensitive Therapists (HSTs) are naturally more empathetic, perceptive, and impacted by their work with clients. To bypass burnout, it's essential to look within to create a practice that aligns with your needs on every level - from how you decorate your office to when you schedule sessions to what trainings you take. Instead of looking around to decide what you're supposed to do, use your inner guide as a compass. HSTs have different needs and it's essential to give yourself permission to break the rules of how you're supposed to be as a therapist. When you design an HSP-friendly routine, practice, and lifestyle - you are capable of feeling deep fulfillment and creating deep, meaningful impact for your clients. ~~~Connect with April...Instagram: https://www.instagram.com/sensitivetherapist Facebook Group: https://www.facebook.com/groups/Support.for.HSTs Sustainable Practice Roadmap Program: Simple Systems and Community Support to Feel More Energized and Fulfilled as a Sensitive Therapist. Includes 6 months of weekly HST discussion groups and co-working sessions, 1:1 consultations, guest workshops, a 12-module self-paced course, and a 150+ page printed workbook. Sign up at: https://www.sensitiveschool.com/p/sustainable-practice?affcode=464106_is9qucd3Free Workshop: 3 Pillars of a Sustainable Practice. Learn the three essential strategies to have a supportive practice with less overwhelm and burnout, better boundaries, and more space to prioritize your needs! Sign up at: https://sensitiveschool.lpages.co/pillars-workshop~~~Support the show

#TWIMshow - This Week in Marketing
Ep164 - Apple Amps Up Privacy: A Glimpse at iOS 17 and macOS Sonoma

#TWIMshow - This Week in Marketing

Play Episode Listen Later Jun 12, 2023 27:02


Episode 164 contains the notable Digital Marketing News and Updates from the week of June 5 - 9, 2023. And the show notes for this episode was generated using generative AI. And like always, I curated the articles for the show.1. Google's Structured Data Validator vs Schema.org -During June 2023, Google SEO Office Hours, Google's Martin Splitt answered a question about structured data validation and how Google's validator can show different results than the Schema.org validator.Both Google and Schema.org offer tools for validating if structured data is correct. Google's tool validates structured data and it also offers feedback on whether the tested structured data qualifies for rich results in the search engine results pages. Rich results are enhanced search listings that makes the listing stand out on the search results. The Schema.org Schema Markup Validator checks if the structured data is valid according to the official standards.Per Splitt, “Schema.org is an open and vendor-independent entity that defines the data types and attributes for structured data. Google, as a vendor however, might have specific requirements for some attributes and types in order to use the structured data in product features, such as our rich results in Google Search. So while just leaving out some attributes or using some type of values for an attribute is fine with Schema.org, vendors such as Google and others might have more specific requirements in order to use the structured data you provide to actually enhance features and products.”In conclusion, Google's validator has a purpose that is different from just checking if the structured data is valid. It's checking to see if the structured data that Google requires (for potentially showing a webpage in enhanced search results) is valid. The Schema.org validator is just checking for standards and has nothing to do with how Google uses structured data.You can watch the June SEO office hour here.2. Google's Latest Search Console Update Makes it Easier to Fix Video Indexing Issues - Google has released an update to its Search Console, aimed at refining video indexing reports. This enhancement promises to offer you more precise problem descriptions and actionable solutions to help boost the visibility of your videos in Google Search.Previously, users encountered a generic "Google could not identify the prominent video on the page" error. Now, Google has decided to provide more specific details to overcome this problem. Here's what you need to know: Video outside the viewport: If your video isn't fully visible when the page loads, you'll need to reposition it. Make sure the entire video lies within the renderable area of the webpage. Video too small: If your video is smaller than desired, you should increase its size. The height should exceed 140px, and the width should be greater than 140px and constitute at least one-third of the page's width. Video too tall: If your video is taller than 1080px, it's time to resize it. Decrease the height to less than 1080px to comply with Google's new guidelines. While you might still see some old error messages for the next three months, Google plans to phase these out, replacing them with these new, more detailed notifications.By adhering to these updates, you can maximize your video's prominence on Google Search and enhance user engagement. Happy optimizing!3. Navigating the World of Domains: A Google Insider's Advice -  Let's delve into the world of domain names and how they can impact your business's digital reach, guided by insights from Google Search Advocate, John Mueller.Mueller recently clarified the differences between generic top-level domains (gTLDs) and country code top-level domains (ccTLDs), following Google's decision to reclassify .ai domains as gTLDs, breaking away from their previous association with Anguilla.In essence, gTLDs (such as .com, .store, .net) are not tied to a specific geographical location, unlike ccTLDs (like .nl for the Netherlands, .fr for France, .de for Germany) that are country-specific. Mueller pointed out that if your business is primarily targeting customers within a certain country, a ccTLD might be the way to go. On the other hand, if you're aiming for a global customer base, a gTLD could be the better option.Importantly, Mueller also highlighted the need to consider user perception. He posed a question to consider: will users click on a link they believe is meant for another country's audience?Furthermore, Mueller also cautioned against using TLDs that may appear spammy, as it can harm your site's credibility.His advice underscores the importance of strategic decision-making when registering your domain, reminding us that the choice of a domain name is not just a technical one, but a business decision that can have a significant impact on your online presence.4. Google's Verdict on the Impact of Security Headers on Search Rankings - In your quest for a secure website, you may have come across HTTP headers - bits of data that offer valuable metadata about a webpage to browsers or web crawlers. The most well-known among these are response headers, like the infamous 404 Error or the 301 redirect.A subset of these headers, known as security headers, play a critical role in fortifying your site against malicious attacks. For instance, the HSTS (HTTP Strict Transport Security) header mandates that a webpage be accessed only via HTTPS, not HTTP, and ensures the browser remembers this preference for the future.While a 301 redirect can guide browsers from HTTP to HTTPS, it leaves your site exposed to potential 'man-in-the-middle' attacks. An HSTS header, on the other hand, ensures your browser requests the HTTPS version directly, effectively bolstering site security.A question was recently posed to Google's John Mueller about whether integrating security headers, like HSTS, could influence website ranking. Mueller's response was clear: the HSTS header does not impact Google Search. This header's purpose is to guide users to the HTTPS version of a site. As for deciding which version of a page to crawl and index, Google uses a process known as canonicalization, which doesn't rely on headers like HSTS.So, while security headers might not boost your site's search ranking, their importance in maintaining a secure browsing experience for your users cannot be overstated. Remember, a secure website is a trusted website, and trust forms the foundation of any successful online presence.5. Debunking 'Index Bloat': Google's Take on Effective Web Page Indexing - In a recent episode of Google's 'Search Off The Record' podcast, the Search Relations team at Google tackled the topic of web page indexing, putting a spotlight on the much-discussed theory within the SEO community: "Index Bloat."This theory, often cause for concern, refers to a situation where search engines index pages that aren't beneficial for search results. It includes pages like filtered product pages, printer-friendly versions, internal search results, and more. Advocates of the index bloat theory argue that such pages can confuse search engines and negatively impact search rankings. They link this issue to the concept of a crawl budget, which is the number of URLs a search bot will crawl during each visit. The theory proposes that index bloat can lead to an inefficient use of this crawl budget, with search bots wasting time and resources gathering unneeded data.However, Google's John Mueller challenged this theory, stating there is no known concept of index bloat at Google. According to Mueller, Google doesn't set an arbitrary limit on the number of indexed pages per site. His advice to webmasters is not to worry about excluding pages from Google's index, but instead, focus on creating and publishing useful content.While some supporters of the index bloat theory have pointed to issues like accidental page duplication, incorrect robots.txt files, and poor or thin content as causes, Google asserts that these are not signs of a non-existent "index bloat," but simply general SEO practices that require attention.Some have suggested using tools like Google Search Console to detect index bloat by comparing the actual number of indexed pages to what's expected. Google's stance implies this comparison isn't indicating a problem, but is instead part of routine website management and monitoring.Google's official stance dismisses the idea of index bloat. Instead, the emphasis should be on ensuring the pages submitted for indexing are valuable and relevant, thereby enhancing the overall user experience.6. Controlling Googlebot: Decoding Google's Search Relations Podcast Insights - In the latest episode of the 'Search Off The Record' podcast, Google's Search Relations team, John Mueller and Gary Illyes, delved into two key topics: blocking Googlebot from crawling certain parts of a webpage and preventing Googlebot from accessing a website completely.When asked how to stop Googlebot from crawling specific sections of a webpage, such as the "also bought" areas on product pages, Mueller emphasized that there's no direct method to achieve this. "It's impossible to block crawling of a specific section on an HTML page," he clarified.However, Mueller did propose two strategies, albeit not perfect ones, to navigate this issue. One involves utilizing the data-nosnippet HTML attribute to stop text from being displayed in a search snippet. The other strategy involves using an iframe or JavaScript with the source blocked by robots.txt. But be wary, as Mueller cautioned against this approach, stating it could lead to crawling and indexing issues that are difficult to diagnose and solve.Mueller also reassured listeners that if the same content appears across multiple pages, it's not a cause for concern. "There's no need to block Googlebot from seeing that kind of duplication," he added.Addressing the question of how to prevent Googlebot from accessing an entire site, Illyes provided a straightforward solution. Simply add a disallow rule for the Googlebot user agent in your robots.txt file, and Googlebot will respect this and avoid your site. For those wanting to completely block network access, Illyes suggested creating firewall rules that deny Google's IP ranges.To sum up, while it's impossible to stop Googlebot from accessing specific HTML page sections, methods like the data-nosnippet attribute can offer some control. To block Googlebot from your site altogether, a simple disallow rule in your robots.txt file should suffice, though you can take further steps like setting up specific firewall rules for a more stringent blockade.7. Sweeping Changes to Google Ads Trademark Policy: What You Need to Know -  Google Ads is making significant changes to its Trademark Policy that could impact how your advertisements are run. Starting July 24, Google will only entertain trademark complaints that are filed against specific advertisers and their ads. This is a shift away from the current policy, where complaints can lead to industry-wide restrictions on using trademarked content.This change is a response to feedback from advertisers who found the previous system frustrating due to over-flagging and broad blocks. The new policy aims to streamline resolutions, making them quicker and more straightforward. In addition, it will provide greater clarity and transparency for advertisers, a much-needed improvement many have been advocating for.As explained by a Google spokesperson, "We are updating our Trademark Policy to focus solely on complaints against specific advertisers in order to simplify and speed up resolution times, as opposed to industry-wide blocks that were prone to over-flagging. We believe this update best protects our partners with legitimate complaints while still giving consumers the ability to discover information about new products or services.”Do note that any trademark restrictions implemented before July 24 under the current policy will continue to apply. However, Google plans to phase out these limitations for most advertisers gradually over the next 12-18 months.You can learn more about these changes by visiting the Google Ads Trademarks policy page here.8. Double Menus, Double Fun: SEO Unaffected by Multiple Navigations - In a recent SEO office hours video, Google's Gary Illyes made it clear that the presence of multiple navigation menus on your website doesn't affect your SEO performance - be it positively or negatively.The question arose during the video discussion, asking whether having two navigation menus - a main one featuring important site categories and a secondary one focusing on brand-related extensions - could potentially harm SEO performance.Illyes' response was reassuring. He stated that it's highly unlikely that multiple navigation menus would have any impact on your website's SEO. In other words, whether you have one, two, or even more navigation menus on your page, Google's algorithms are sophisticated enough to recognize these elements and process them accordingly.So, rest easy and design your website to best serve your audience. Remember, whether your navigation is on the top, left, or bottom of your page, Google's got it figured out!9. Google's Eye on XML Sitemap Changes: Resource Efficiency in Action - Google's own Gary Illyes recently reaffirmed that the tech giant is diligent about scanning XML sitemaps for updates before launching the reprocessing protocol. This practice is rooted in the desire to conserve valuable computational resources by avoiding unnecessary reprocessing of unchanged files.When asked whether Google compares current and previous versions of XML sitemaps, Illyes's response was a resounding yes. He explained that Google refrains from reprocessing sitemaps that have remained the same since their last crawl - a measure designed to prevent wastage of computing resources.However, any modifications in your sitemap, whether in the URL element or 'last mod', will trigger a new round of parsing and generally initiate reprocessing. Illyes pointed out that this doesn't automatically guarantee that the altered URLs will be crawled, as they must still pass through the usual quality evaluations like any other URL.Importantly, if a URL is deleted from the sitemap because it no longer exists, it doesn't imply that it will instantly be removed from the index or prioritized for crawling to expedite its deletion. Keep this in mind when making changes to your sitemap.10. Boost Your Search Rankings: Google's Advice on Consolidating Pages - In a recent SEO office hours video, Google's Gary Illyes brought up a valuable point about web page consolidation. He discussed 'host groups', a term used when Google displays two results from the same domain in search results, with one listed below the other.Illyes suggested that when your website forms a host group, it indicates that you have multiple pages capable of ranking well for a particular query. In such cases, he recommended considering the consolidation of these pages, if feasible.This advice aligns with Google's host groups documentation, which recommends setting one of these pages as the 'canonical' if you'd prefer users to land on that page over the other.The concept of a host group comes into play when two or more consecutive text results from the same site rank for the same query and hence, get grouped together.The rationale behind Google's recommendation for consolidation could be understood as an attempt to prevent your pages from competing against each other. When two pages vie for the same ranking, consolidating them could potentially boost the ranking of the remaining page.From an SEO perspective, having two listings could increase your click-through rate. However, the idea of consolidation is to create a more streamlined user experience and possibly enhance your page's ranking.Keep in mind that this is an approach to consider and may not suit every situation. Always consider your unique context and audience needs when making SEO decisions.11. Unlocking Video Thumbnails in Google Search: Key Insights Revealed -  Recent changes to Google's approach to video thumbnails in search results have prompted many queries. These alterations ensure that video thumbnails are displayed only when the video constitutes the main content on a webpage.This doesn't imply that the video must be the first element on your page. Instead, as Google's Gary Illyes explains, the video should be immediately noticeable — it should be "in their face right away." This user-centric approach enhances the user experience, eliminating the need for them to hunt for the video on the page.Illyes encourages web developers and SEO experts to consider the user's perspective. When visitors land on your page, they should not have to actively search for the video. It should be prominently displayed, akin to the approach of popular video platforms like Vimeo and YouTube.Remember, the aim of these changes is to reduce confusion and streamline the user experience by ensuring that videos are easy to find and view. Take inspiration from major video sites to better understand what Google's algorithms are seeking.12. Enhanced Conversion Tracking with Microsoft Advertising's New Cross-Device Attribution Model -  Microsoft Advertising is set to enhance its tracking capabilities with the introduction of a Cross-Device attribution model. Revealed in Microsoft's latest product update roundup in June, this model promises to provide more accurate insights into customer conversion journeys across multiple devices and sessions.With this new feature, if a customer clicks an ad on their laptop and later completes a purchase on their phone, Microsoft Advertising will attribute the conversion to the original ad click on the laptop. This development will ensure that your marketing efforts are accurately credited, regardless of the device where the conversion ultimately occurs.As a result of this new tracking model, marketers may notice a slight uptick in the number of conversions reported in their performance metrics. If you observe an increase in conversions, the new Cross-Device attribution model could be the driving factor. Keep an eye on your reports to understand the full impact of this latest update on your performance data.13. New Verification Mandates for Microsoft Ads: Everything You Need to Know -  Starting August 1st, Microsoft Advertising will be implementing a new policy to enhance transparency and security. Only ads from verified advertisers will be displayed on the platform. If you haven't yet met the Microsoft Ads verification requirements, it's crucial to complete them before August 1st to ensure your ads continue to run smoothly.The Microsoft Ads Advertiser Identity Verification program, which was launched in June 2022, is rolling out the following important dates: As of July 1st, all new advertisers must be verified before their ads can go live. If you haven't received an email from Microsoft about account verification by July 15th, you should reach out to Microsoft support. Starting August 1st, Microsoft Advertising will exclusively display ads from verified advertisers. Once verified, all ads will showcase: The name and location of the advertiser. The business or individual responsible for funding the ad. Additional information explaining why a user is seeing a specific ad, including targeting parameters. In addition to these updates, Microsoft Advertising is also launching a new feature - the Ad Library. This will enable all users to view ads shown on Bing that have gained any impressions in the European Union. Users will be able to search for ads in the Ad Library by using the advertiser's name or by entering words included in the ad creative. The details of the advertiser will be displayed in the Ad Library.Stay ahead of the game and get your account verified to enjoy uninterrupted ad delivery with Microsoft Advertising!14. Unleashing New Opportunities: LinkedIn Introduces Direct Messaging for Company Pages - In a bid to foster more professional connections and interactions, LinkedIn is set to expand its messaging tools. The platform has now introduced a new feature that allows Company Pages to send and receive direct messages (DMs). This marks a major development as previously, one-to-one messaging was only available for individual LinkedIn members.LinkedIn's new feature, termed Pages Messaging, paves the way for members to directly contact brands. Conversations can cover a broad range of topics from products and services to business opportunities. To handle these two-way conversations, organizations will be equipped with a dedicated inbox, enabling them to manage and prioritize incoming inquiries that are most relevant to their business.As a result of this feature, companies might see a significant increase in messages inquiring about opportunities. However, LinkedIn's 'focused inbox' system, which segregates DMs based on priority and topic settings, can help manage the influx. In addition, companies have the option to disable the Message feature if they wish.LinkedIn has been quietly testing this feature with a select group of users in the past month. Considering that over 63 million companies actively post on their LinkedIn Company Pages, this new feature could potentially revolutionize direct interactions and unearth fresh opportunities.Furthermore, LinkedIn is exploring the integration of an AI assistant to aid in lead nurturing. This could be a significant asset, allowing users to research the person they are communicating with without the need to manually browse through their profile or posts.While it might not be a 'game-changer', the new Company Page messaging feature, which is being rolled out from today, is certainly a noteworthy addition to consider in your LinkedIn marketing strategy.15. Apple Amps Up Privacy: A Glimpse at iOS 17 and macOS Sonoma - In a continued commitment to user privacy, Apple has introduced fresh security enhancements in iOS 17 and macOS Sonoma, aimed at curbing intrusive web tracking. The new Link Tracking Protection feature is at the heart of this upgrade.Activated by default in Mail, Messages, and Safari (while in Private Browsing mode), Link Tracking Protection zeroes in on tracking parameters in link URLs, which are often used to monitor user activity across different websites. The feature scrubs these identifiers, thereby thwarting advertisers' and analytics firms' attempts to bypass Safari's intelligent tracking prevention functionalities.Typically, these tracking parameters are attached to the end of a webpage's URL, bypassing the need for third-party cookies. When a user clicks the modified URL, the tracking identifier is read, enabling the backend to create a user profile for personalized ad targeting.Apple's new feature disrupts this process by identifying and removing these tracking components from the URL, ensuring the user's web page navigation remains as intended. This operation is quietly executed during browser navigation in Safari's Private Browsing mode and when links are clicked within the Mail and Messages apps.To strike a balance, Apple has also unveiled an alternate method for advertisers to gauge campaign effectiveness while preserving user privacy. Private Click Measurement, now accessible in Safari Private Browsing mode, enables the tracking of ad conversion metrics without disclosing individual user activity.In conclusion, Apple's latest efforts reflect a renewed commitment to user privacy, promising to make online experiences safer and more secure across their operating systems.

We Hack Purple Podcast
We Hack Purple Podcast Episode 72 with Scott Helme AGAIN

We Hack Purple Podcast

Play Episode Listen Later Jun 7, 2023 58:50


In episode 72 of the We Hack Purple Podcast host Tanya Janca brings Scott Helme back on because she just cannot get enough when it comes to security headers! You can watch and listen to his first episode here (https://wehackpurple.com/podcast/episode-69-with-scott-helme/). In this episode we focus on the “new” security headers from Scott's great blog article where he first introduced the public to them (https://scotthelme.co.uk/coop-and-coep/). The new security header's focus on protecting us from side-channel attacks like Spectre and Meltdown, and we really honed in on how to configure each one, and why we would need or want them. The features are powerful, and we discussed building up to using them, for best results. Part of the reason that Scott built SecurityHeaders.com was to contribute to solving the problem of ‘how do we get the message out there'. SecurityHeaders.com is an educational tool rather than any kind of definitive or perfect security assessment tool, but it's still incredibly useful. He's working hard to raise awareness, and podcast episodes like this can help.  One of the most striking things Scott hears when teaching his and Troy Hunt's ‘Hack Yourself First' course when they talk about headers like CSP and HSTS, is: “Wow, I didn't know this existed!” There is a huge gap that we need to bridge in security between these things existing, and people knowing they exist and then actually using them. This is a bug hurdle for folks like us.We also talked a bit about how all of these security headers are able to create reports and tell you what's up with your app. Lucky for us, Scott built Report-URI so we can receive those reports with ease! Scott also has another free tool he created: https://crawler.ninja/ too, where he scans the top 1 million sites every day and looks at various things, including their use of security headers. As an example, you can see this list of sites using a CSP from today: https://crawler.ninja/files/csp-sites.txtScott also creates reports using his crawler data that showing trends over time and changes in the usage of security features like various security headers: https://scotthelme.co.uk/tag/crawler-report/Very special thanks to our sponsor: Women's Society of Cyberjutsu! Women's Society of Cyberjutsu are hosting CYBERJUTSU CON 4.0 and the 10th Annual Cyberjutsu Awards on June 24, 2023!!! The con Con will consist of Hands-on Workshops, Capture The Flag (CTF) Competitions, Professional Headshots, Recruiting Opportunities, Celebration, and more.  Participants will walk away with hands-on knowledge that can be applied immediately on the job. You can check out the event here: https://womenscyberjutsu.org/page/CyberCon2023Join We Hack Purple!Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

Quilt Buzz
Episode 082: Vickeidy of @sewspicious

Quilt Buzz

Play Episode Listen Later May 4, 2023 33:41


Show Notes:0:47 and 0:53 - NYC0:51 and 1:00 - Dominican Republic1:07 - Spanish1:15, 1:24 and 1:33 - How Long Do You Have to Live in New York to Be a ‘Real' New Yorker? By New York Magazine1:55 - Morgann (@morgannmakes)2:03 - The Bachelor2:34 and 2:48 - Ben Higgins 3:07 - Treadle machine3:08 - Dominican Republic3:19 - Thailand3:34 - Dominican Republic4:02 - Singer Featherweight4:19 and 4:22 - Treadle machine4:23 - Singer 994:27 - Dominican Republic4:29 - New York City (NYC)4:30 - Treadle machine4:54 - Dominican Republic6:45 - Automatic thread cutter7:40 - Morgann (@morgannmakes)7:56 - Craftsy7:58 - Matchstick quilt by VIckedy 8:28 - Dungeons and Dragons9:41 - Morgann (@morgannmakes)9:44 and 9:56 - Handwriting with free motion quilting with Morgann10:13 - Craftsy10:13 and 10:16 - Matchstick quilt by VIckedy 18:51 and 19:53 - Sewcialite program with Art Gallery Fabrics19:57 - Curated fat quarter bundle by Sewpcious, Alegria 20:16 - Art Gallery Fabrics20:18 - Art Gallery Fabrics 2023 Sewcalites 20:24, 20:27, 20:40, 21:05 and 21:08 - Curated fat quarter bundle by Sewpcious, Alegria 21:13 - Rosalia quilt pattern by Vickeidy 21:31 - Half-square triangles (HSTs)21:32 - Quarter-square triangles22:34 - Feel Good Fibers (listen to episode 5 to learn more about the company)22:41, 23:07 and 23:48 - NYC Metro Mod Quilt Guild24:51 - FPP (foundation paper piecing) 24:51 - “Long live the mani” banner by Vickeidy 25:18 - Ami V Nails25:23 - New York Times25:25 - New York Times article, Is This the End of the Manicure?27:50 - Higher Learning with Van Lathan and Rachel Lindsay28:06 - Courthouse Steps traditional quilt block28:28 - Orlando of Quiltysarus (listen to episode 69 to learn more about him and his work)29:34 - Zirkel magnetic pin holder30:22 - Morgann (@morgannmakes)30:29 - Amber of Alderwood studio (listen to episode 73 to learn more about her and her work)30:34 - Rosalia quilt pattern by Vickeidy 30:38 - Curated fat quarter bundle by Sewpcious, Alegria 30:58 - New York City (NYC)31:12 - The Bachelor31:31 - Lynett of Lyn's Avenue (@lynsavenue)31:46 - Deidre of Lila Bean Quilts (@lilabeanquilts)31:56 - Mister Larrie (@mister.larrie)Follow Vickeidy:Instagram - @Sewspicioushttps://sewspicious.com/Follow Us:Amanda: @broadclothstudio https://broadclothstudio.com/Wendy: @the.weekendquilter https://the-weekendquilter.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

Modernize or Die ® Podcast - CFML News Edition
Modernize or Die® - CFML News Podcast for January 24th, 2023 - Episode 181

Modernize or Die ® Podcast - CFML News Edition

Play Episode Listen Later Jan 24, 2023 56:50


2023-01-24 Weekly News - Episode 181Watch the video version on YouTube at https://youtu.be/SrS95HqW8HQ Hosts:  Gavin Pickin - Senior Developer at Ortus Solutions Brad Wood - Senior Developer at Ortus Solutions Thanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week BOXLife store: https://www.ortussolutions.com/about-us/shop Buy Ortus's Books 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips) Learn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes  Patreon Support ( amazing )Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. Goal 2 - We are 37% of the way to fully fund the hosting of ForgeBox.io News and AnnouncementsNew updates released for Java 8, 11, 17, and 19 as of Jan 17 2023Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)https://www.carehart.org/blog/2023/1/17/java_updates_Jan_2023 Beware that latest Oracle JDK installers will REMOVE older JDK installs of that versionHere's something new to beware if you may run the Oracle JDK installer for the recently updated Java 11 or 17, whether on Windows, macOS, or via RPM: the new Oracle jdk installer WILL REMOVE any older previous versions of that JVM version created by previous JDK installers of the same major version. (Note that this issue does not affect those who implement java by extracting it from a compressed file, like a zip or tar.gz.)Fortunately for some, this issue does NOT affect those running Java 8 or below, or Java 19 or abovehttps://www.carehart.org/blog/2023/1/23/beware_latest_oracle_JDK_installers_will_remove_older_JDK_installs CBWire Poll about a CFCasts SeriesI'm in the planning stage of developing an ongoing video series for CBWIRE on https://cfcasts.com/. I have several ideas and would like to put it out to the community to vote what you'd like to see most. All series would feature 5-7 minute bit-sized videos posted regularly (probably weekly) until the series is finished.https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513 New Releases and UpdatesCBSecurity - V 3.0.0 This module will enhance your ColdBox applications by providing out-of-the-box security.Now with a cool Security Visualizer too?Change Log is packed - https://www.forgebox.io/view/cbsecurity#changeLog Changed / COMPATIBILITY Dropped ACF2016 Separated routes to it's own module Router COMPAT New JwtAuthValidator instead of mixing concerns with the JwtService. You will have to update your configuration to use this validator instead of the JwtService useSSL is now defaulted to true for all security relocations as the default Encapsulation of jwt settings from the ModuleConfig to the JwtService CBAuthValidator has been renamed to just AuthValidator this way it can be used with ANY authentication service instead of binding it to just cbauth. This validator just relies on the IAuthUser interface now. Added New AuthValidator now can validate permissions and roles according to our IAuthUser interface but can be used on ANY authentication service that implements IAuthService New authorization and authentication delegates for usage in cb7 New ability for the firewall to log all action events to a database table. New visualizer that can visualize all settings and all firewall events via the log table if enabled. New Basic Auth validator and basic auth user credentials storage system. This will allow you to secure your apps where no database interaction is needed or required. New global and rule action: block and the fireall will block the request with a 401 Unathorized page. New event cbSecurity_onFirewallBlock announced whenever the firewall blocks a request into the system with a 403. DBTokenStorage now rotates using async scheduler and not direct usage anymore. Ability to set the cbcsrf module settings into the cbsecurity settings as csrf. We now default the user service class and the auth token rotation events according to used authentication service (cbauth, etc), no need to duplicate work. New rule based IP security. You can add a allowedIPs key into any rule and add which IP Addresses are allowed into the match. By default, it matches all IPs. New rule based HTTP method security. You can add a httpMethods key into any rule and add which HTTP methods are allowed into the match. By default, it matches all HTTP Verbs. New securityHeaders configuration to allow a developer to protect their apps from common exploits: xss, HSTS, Content Type Options, host header validation, ip validation, click jacking, non-SSL redirection and much more. Authenticated user is now stored by the security firewall according to the prcUserVariable on authenticated calls via preProcess() no matter the validator used Dynamic Custom Claims: You can pass a function/closure as the value for a custom claim and it will be evaluated at runtime passing in the current claims before being encoded Allow passing in custom refresh token claims to attempt() and fromUser() and refreshToken() : refreshCustomClaims Added TokenInvalidException and TokenExpiredException to the refreshToken endpoint https://www.forgebox.io/view/cbsecurityWebinar / Meetups and WorkshopsOrtus Event Calendar for Googlehttps://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20 Ortus Fridays are back in Full Effect in 2023 ICYMI - Ortus Office Hours - Jan 6th, 2023 - 11 AM CST ICYMI - Ortus Webinar - Jan 20th 2023 - CBWIRE Coding Session - Let's build an app with CBWIRE with Grant Copley - 11 AM CST https://cfcasts.com/series/ortus-webinars-2023/videos/cbwire-live-coding-session-with-grant-copley  Ortus Office Hours - Feb 3rd, 2023 - 11 AM CST Software Craftsmanship Book Club - Feb 10th, 2023 - 2 PM CST (Patreon exclusive) CFCasts Content Updateshttps://www.cfcasts.comRecent Releases Ortus Webinar - January - CBWIRE Live Coding Session https://cfcasts.com/series/ortus-webinars-2023/videos/cbwire-live-coding-session-with-grant-copley  ITB 2022 - All videos released to subscribers - 30+!!!! 2023 ForgeBox Module of the Week Series - 1 new Video https://cfcasts.com/series/2023-forgebox-modules-of-the-week  2023 VS Code Hint tip and Trick of the Week Series - 1 new Video https://cfcasts.com/series/2023-vs-code-hint-tip-and-trick-of-the-week  Coming Soon Brad with more CommandBox Videos - 27!!! More ForgeBox and VS Code Podcast snippet videos CBWire Series from Grant - Fill out the Poll here https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513  ColdBox Elixir from Eric Getting Started with ContentBox from Daniel Box-ifying a 3rd Party Library from Gavin Conferences and TrainingCF Summit Online All the webinars, all the speakers from Adobe ColdFusion Summit 2022 – brought right to your screen. All sessions will soon be streamed online, for your convenience. Stay tuned for more! ICYMI - LEVERAGING AI / COGNITIVE SERVICES VIA COLDFUSIONMichael HayesJanuary 17 | 12:00 - 13:00 pm EST (1 hour)Azure Cognitive Services is API that leverages AI and Machine Learning to provide capability such as Sentiment Analysis, Entity Recognition, Auto Translator, Text to Speech, speech translation, and many more. All this would be written in ColdFusion 2021 of course and a GIT repo of the code will be shared with the community. There may be a secondary package that will be shared that would convert PostMan / Swagger collections to ColdFusion for rapid development via API's.https://www.youtube.com/watch?v=jM6YpCMs6jg ICYMI - SPREADSHEET MAGICKevin WrightJanuary 19 | 12:00 - 13:00 pm EST (1 hour)Microsoft Office is the 'de facto' standard in most business environments. In this session we will look at different ways of integrating with one of the most used applications of the MS office suite, Excel. Come learn how to create, access and manipulate spreadsheets programmatically with the CFSPREADSHEET tag in ColdFusion. We will go beyond basic read and write features, and will delve into more advanced techniques like working with formulas and formatting, and creating multiple sheets. We will also look at examples of more complex types of spreadsheets by using lookups and even creating and embedding dynamic charts. FORMAT: Presentation with slides / live code reviewhttps://www.youtube.com/watch?v=VAvTsqXZ2o0 OPPORTUNITIES FOR BLOCKCHAIN TECHNOLOGY AND NFTS IN THE REAL WORLDMasha Edelen and Nick JuntillaJanuary 24 | 14:00 - 15:00pm EST (1 hour)Understanding the value and practical use cases of Non-Fungible Tokens in modern business applications. Learn how to get started using the blockchain and building your Web 3 strategy.Website for CF Summit Onlinehttps://cfsummit-online.meetus.adobeevents.com/ VUE.JS NATION CONFERENCEJanuary 25th & 26th 2023https://vuejsnation.com/ VUEJS AMSTERDAM 20239-10 February 2023, Theater AmsterdamWorld's Most Special and Largest Vue ConferenceCALL FOR PAPERS AND BLIND TICKETS AVAILABLE NOW!https://vuejs.amsterdam/ VueJS Live MAY 12 & 15, 2023ONLINE + LONDON, UKCODE / CREATE / COMMUNICATE35 SPEAKERS, 10 WORKSHOPS10000+ JOINING ONLINE GLOBALLY300 LUCKIES MEETING IN LONDONhttps://vuejslive.com/ Dev NexusApril 4-6th, 2023 in AtlantaGeorgia World Congress Center285 Andrew Young International Blvd NWAtlanta, GA 30313https://devnexus.com/ No Ortus speakers this year. :-(Into the Box 2023 - 10th EditionMay 17-19, 2023 The conference will be held in The Woodlands (Houston), TexasThis year we will continue the tradition of training and offering a pre-conference hands-on training day on May 17th and our live Mariachi Band Party! However, we are back to our Spring schedule and beautiful weather in The Woodlands! Also, this 2023 will mark our 10 year anniversary. So we might have two live bands and much more!!!Still time - call for speakers for the Into The Box Conference for 2023 is open until Jan 31sthttps://www.intothebox.org/blog/into-the-box-2023-call-for-speakers https://itb2023.eventbrite.com/ CFCamp is backJune, 22-23rd 2023Marriott Hotel Munich Airport, FreisingCall for Speakers is now open!https://www.papercall.io/cfcamp2023https://www.cfcamp.org/Even Ben Nadel was talking about busting out the passportMore conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/https://github.com/scraly/developers-conferences-agenda Blogs, Tweets, and Videos of the Week1/24/23 - Blog - Charlie Arehart - What's new in FusionReactor 9.2.0, released Jan 18 2023If you're a user of the wonderful FusionReactor monitoring and observability solution (for ColdFusion, Lucee, Java servers and more), you may delight in hearing news of a new FusionReactor (FR) version. 9.2.0 was released last week, Jan 18, 2023.https://www.carehart.org/blog/2023/1/24/whats_new_in_fr_9.2.0 1/23/23 - Blog - Charlie Arehart - Beware that latest Oracle JDK installers will REMOVE older JDK installs of that versionHere's something new to beware if you may run the Oracle JDK installer for the recently updated Java 11 or 17, whether on Windows, macOS, or via RPM: the new Oracle jdk installer WILL REMOVE any older previous versions of that JVM version created by previous JDK installers of the same major version. (Note that this issue does not affect those who implement java by extracting it from a compressed file, like a zip or tar.gz.)Fortunately for some, this issue does NOT affect those running Java 8 or below, or Java 19 or abovehttps://www.carehart.org/blog/2023/1/23/beware_latest_oracle_JDK_installers_will_remove_older_JDK_installs 1/21/23 - Blog - Ben Nadel - Does The Order Of Hash Inputs Matter In Terms Of Uniqueness And Distribution?My initial implementation of the CUID2 algorithm for ColdFusion tried to stay as close as possible to the JavaScript version. As part of this algorithm, I hash together various sources of entropy in order to create a unique, collision-resistant value. Once I completed my initial implementation, I got to thinking: since the goal isn't to create a specific value but rather a random, unique value, does the order of the inputs to the hash actually have any bearing on the characteristics of the output? In other words, does the order of hash inputs make the hash more unique? Or, give it a more even distribution in a given space?https://www.bennadel.com/blog/4394-does-the-order-of-hash-inputs-matter-in-terms-of-uniqueness-and-distribution.htm 1/19/23 - Blog - Ben Nadel - Comparing Java's MessageDigest To ColdFusion's hash() Function In Lucee CFMLLast week, I implemented a ColdFusion port of the CUID2 library. My version seems to work correctly; however, it has some performance problems when compared to the Java version. When I instrumented the ColdFusion component methods, nothing really jumped out at me. But, I have a hunch that I could make the SHA hashing more performant. Only, I don't have a great mental model for hashing. As such, I wanted to perform a small comparison of Java's MessageDigest class with ColdFusion's native hash() function for hashing a compound input.https://www.bennadel.com/blog/4393-comparing-javas-messagedigest-to-coldfusions-hash-function-in-lucee-cfml.htm 1/18/23 - Blog - Ben Nadel - Using "continue" To Short-Circuit .each() Iteration In ColdFusionYesterday, I was refactoring some ColdFusion code to go from using a standard for-in loop to using an .each() iteration member method. The for-in version of the code had some short-circuiting logic that used continue statements to skip to the next loop iteration. And, when I refactored to using .each(), I forgot to change the continue keyword to be a return keyword. And, wouldn't you know it - the code worked anyway. This is likely a quirk, not a feature, of the CFML platform; but, I thought it would be fun to share.https://www.bennadel.com/blog/4392-using-continue-to-short-circuit-each-iteration-in-coldfusion.htm 1/17/23 - Blog - Charlie Arehart - New updates released for Java 8, 11, 17, and 19 as of Jan 17 2023Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)https://www.carehart.org/blog/2023/1/17/java_updates_Jan_2023 CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 46 ColdFusion positions from 27 companies across 22 locations in 5 Countries.2 new jobs listed this weekFull-Time - ColdFusion Developer at Remote - United Kingdom Jan 18https://www.getcfmljobs.com/jobs/index.cfm/united-kingdom/ColdFusion-Developer-at-Remote/11548 Full-Time - Senior ColdFusion Developer at India - India Jan 17https://www.getcfmljobs.com/jobs/index.cfm/india/Senior-ColdFusion-Developer-at-India/11549 Other Job LinksThere is a jobs channel in the CFML slack team, and in the Box team slack now tooForgeBox Module of the WeekCBSecurity - V 3.0.0 This module will enhance your ColdBox applications by providing out-of-the-box security in the form of: A security rule engine for incoming requests allowing blocking, authentication, and authorization checks Annotation-driven security for handlers and actions JWT (JSON Web Tokens) generator, decoder, rotation, invalidation and authentication services JWT Token Storage in a cache or database Refresh and access tokens Ip Blocking, Host Blocking, and much more CSRF protection Security Headers for protection against ip spoofing, host spoofing, click jacking, ssl attacks, hsts, and much more Pluggable with any Authentication service or can leverage cbauth by default Basic auth capabilities with an internal user storage Capability to distinguish between invalid authentication and authorization and determine the process's outcome Ability to load/unload security rules from contributing modules. So you can create a nice HMVC hierarchy of security Ability for each module to define its own validator Now with a cool Security Visualizer too?Lots more to it - https://www.forgebox.io/view/cbsecurity#changeLog https://www.forgebox.io/view/cbsecurityVS Code Hint Tips and Tricks of the WeekMarkmapVisualize your markdown in VSCode Preview markdown files as markmap Edit markdown files in a text editor and the markmap will update on the fly Works offline https://marketplace.visualstudio.com/items?itemName=gera2ld.markmap-vscode Thank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsDon't forget, we have Annual Memberships, pay for the year and save 10% - great for businesses. Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription. All Patreon supporters have a Profile badge on the Community Website All Patreon supporters have their own Private Forum access on the Community Website All Patreon supporters have their own Private Channel access BoxTeam Slack Live Stream Access to streams like “Koding with the Kiwi + Friends” and Ortus Software Craftsmanship Book Club https://community.ortussolutions.com/ Top Patreons ( amazing ) John Wilson - Synaptrix Tomorrows Guides Jordan Clark Gary Knight Mario Rodrigues Giancarlo Gomez David Belanger Dan Card Jeffry McGee - Sunstar Media Dean Maunder Nolan Erck  Abdul Raheen And many more PatreonsYou can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors Thanks everyone!!! ★ Support this podcast on Patreon ★

When A Guy Has
I almost knocked over my perfume samples

When A Guy Has

Play Episode Listen Later Sep 13, 2022 110:41


Our longest episode yet! Jolene is joined by Audrey (@foldyrhands) to talk about her life. Featuring: childhood OCD, Crohn's disease, eating disorders, Audrey Hepburn in Roman Holiday, transmasc socialization in a tranfem life, aspirational HSTS schtick, and more!

Modernize or Die ® Podcast - CFML News Edition
Modernize or Die® - CFML News for March 15th, 2022 - Episode 139

Modernize or Die ® Podcast - CFML News Edition

Play Episode Listen Later Mar 15, 2022 33:01


2022-03-15 Weekly News - Episode 139Watch the video version on YouTube at https://youtu.be/tmx5csCovncHosts: Eric Peterson - Senior Developer at Ortus SolutionsDaniel Garcia - Software Developer at Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-en out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Help ORTUS reach for the Stars - Star and Fork our Repos https://github.com/coldbox/coldbox-platform https://github.com/Ortus-Solutions/ContentBox/ https://github.com/Ortus-Solutions/commandbox/ https://github.com/ortus-solutions/docker-commandbox https://github.com/Ortus-Solutions/testbox/ https://github.com/coldbox-modules/qb/ https://github.com/coldbox-modules/quick/ https://github.com/coldbox-modules/cbwire https://github.com/Ortus-Solutions/DocBox Star all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week Buy Ortus's Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)  Patreon SupportWe have 36 patreons providing 96% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. News and EventsLucee 5.3.9.108 Release Candidate 2The Lucee team is proud to announce RC2, which consists of bug fixes and regressions.All things going well and subject to any regression, we plan to release a STABLE version on Friday the 25th of March, 2022https://dev.lucee.org/t/5-3-9-108-release-candidate-2/9795Built with ColdFusion CFMLThis repo is a community repo to list and showcase companies, sites and technologies powered by ColdFusion (CFML) and several Ortus Products.To contribute, fork and star the project. Then add your own organization file in the orgs directory and then append the name of that file ( excluding the extension ), into the cfml-rocks.json array of orgs. You may use the schema below for reference. Send us your pull request and once validated, we will add it to the repo and site.https://github.com/Ortus-Solutions/built-with-cfml-box/Ortus Webinar - March - ForgeBoxication with Gavin PickinMarch 25th, 2022 Time: 11:00 AM Central Time (US and Canada)ForgeBox is CFML's package management system, and in this webinar you will learn how you can use it with any cfml app you have. You'll learn how to use ForgeBox packaged in your app, commit your own code to ForgeBox, and if we have time we might even make your code into a ColdBox module.Register today: https://us02web.zoom.us/meeting/register/tZwkduGurDgoHNf4sljBngAFLpoNSNLkzom3 More Webinars: https://www.ortussolutions.com/events/webinars Ortus Webinar - April - cbSecurity: Passwords, Tokens, and JWTs with Eric PetersonApril 29th, 202211:00 AM Central Time (US and Canada)Learn how to integrate cbSecurity into your application whether you are using passwords, API tokens, JWTs, or a combination of all three!More Webinars: https://www.ortussolutions.com/events/webinars Hawaii CFUG User Group - Moving your Legacy ColdFusion application to Modern CFML with Mark TakataMarch 24th, 20221:00pm Hawaiian Time - 4:00pm PDTWe've all seen old legacy code in our ColdFusion applications.How do you move that legacy code to modern CFML with easier maintenance and deployment, fewer bugs, and streamlined code?Why Move to Modern CFMLMost of us understand that moving our legacy applications to modern CFML is smart. Easier Maintenance Rapid Deployment Fewer Bugs Modern, Responsive Front-End https://hawaiicoldfusionusergroup.adobeconnect.com/legacy/ Happy Birthday Docker - Docker Community All HandsThursday, March 31, 2022 | 8:00am - 11:00am PTJoin us in celebrating Docker's 9th birthday at our next Community All Hands! This virtual event is a unique opportunity for the community to come together with Docker staff to learn, share and collaborate about all things Docker.https://www.docker.com/event-community-all-hands Adobe Workshops and WebinarsJoin the Adobe ColdFusion Workshop to learn how you and your agency can leverage ColdFusion to create amazing web content. This one-day training will cover all facets of Adobe ColdFusion that developers need to build applications that can run across multiple cloud providers or on-premiseTHURSDAY, MARCH 24, 202210:00 AM PDTColdFusion Standard vs EnterpriseMark Takatahttps://coldfusion-standard-vs-enterprise.meetus.adobeevents.com/WEDNESDAY, MARCH 30, 20229:00 AM EDTAdobe ColdFusion WorkshopBrian Sappeyhttps://workshop-coldfusion-adobe.meetus.adobeevents.com/THURSDAY, APRIL 21, 20229:00 AM CETAdobe ColdFusion WorkshopDamien Bruyndonckx (Brew-en-dohnx) https://adobe-workshop-coldfusion.meetus.adobeevents.com/THURSDAY, APRIL 21, 202210:00 AM PDTAdobe ColdFusion TruthsMark Takatahttps://adobe-coldfusion-truths.meetus.adobeevents.com/FREE :)Full list - https://meetus.adobeevents.com/coldfusion/ Conferences and TrainingDocker Community All HandsThursday, March 31, 2022 | 8:00am - 11:00am PTJoin us in celebrating Docker's 9th birthday at our next Community All Hands! This virtual event is a unique opportunity for the community to come together with Docker staff to learn, share and collaborate about all things Docker.https://www.docker.com/event-community-all-hands  DevNexus 2022 - The largest Java conference in the USApril 12-14, 2022Atlanta, GABrad & Luis will be speakingLuis - Alpine.js: Declare and React with SimplicityBrad - What's a Pull Request? (Contributing to Open Source)https://devnexus.com/DockerConMay 10, 2022Free Online Virtual ConferenceDockerCon will be a free, immersive online experience complete with Docker product demos , breakout sessions, deep technical sessions from Docker and our partners, Docker experts, Docker Captains, our community and luminaries from across the industry and much more. Don't miss your chance to gather and connect with colleagues from around the world at the largest developer conference of the year. Sign up to pre-register for DockerCon 2022!https://www.docker.com/dockercon/ US VueJS ConfFORT LAUDERDALE, FL • JUNE 8-10, 2022Beach. Code. Vue.Workshop day: June 8Main Conference: June 9-10https://us.vuejs.org/ Into The Box 2022Solid Dates - September 27-30Call For Speakers and blog post coming soon!Into the Box Latam 2022Tentative dates - Dec 1-2CF SummitStill waiting on news from Adobe.CFCampStill waiting as well.More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Blogs, Tweets, and Videos of the Week3/8/22 - Tweet - Brad Wood - RabbitSDK UpdatesWhile doing some client work with RabbitMQ's delayed message plugin, I've added proper exchange management methods to the CFML #RabbitMQ SDK.  Now you can declare, bindm, unbind, and delete exchanges. https://forgebox.io/view/rabbitsdkhttps://twitter.com/bdw429s/status/1501294538052231171https://twitter.com/bdw429s3/9/22 - Tweet - Brad Wood - Slatwall No Longer Open Source#TIL The ColdFusion Slatwall Commerce platform was acquired by another company about 6 mo ago and is no longer open source.  Anyone using it and affected?  Looks like Ortus needs to dust off our cbCommerce module! #CFMLhttps://twitter.com/bdw429s/status/1501653592960380930https://twitter.com/bdw429s3/10/22 - Blog - Ben Nadel - FusionReactor APM Gives Me Peace-of-Mind Over In-Memory Caching In ColdFusionAs part of the operation of my ColdFusion application (ie, this blog), I cache a lot of data in-memory. Some of that data is cached up-front in the onApplicationStart() ColdFusion application life-cycle event handler; but, most of it is cached on-the-fly using the double-check locking pattern that I discussed recently. Unfortunately, I have no idea how much "data costs" to store in memory (meaning, how much room it takes up). So, I've always been a bit uneasy knowing that I may one day slam into a hard memory limit. But, all worry is gone now that I've installed FusionReactor's Application Performance Monitor (APM). I can now clearly see how much RAM I've used; and, more importantly, how much dang RAM I have left to play with.https://www.bennadel.com/blog/4225-fusionreactor-apm-gives-me-peace-of-mind-over-in-memory-caching-in-coldfusion.htm3/15/22 - Blog - Ben Nadel - Adding Strict-Transport-Security (HSTS) HTTP Header In ColdFusion 2021For years, I've been using Foundeo's HackMyCF security product on my server to help me keep my ColdFusion applications secure and up-to-date. Security is one of those feature that tends to rot over time. So, it's nice to have someone constantly nagging you about actively updating your platform. This morning, I'm finally adding the HTTP Strict-Transport-Security response header (often abbreviated as HSTS) to my ColdFusion blog so that browsers will force connections to be made using HTTPS, never HTTP.https://www.bennadel.com/blog/4228-adding-strict-transport-security-hsts-http-header-in-coldfusion-2021.htm3/14/22 - Blog - Ben Nadel - Serving A Bypassable "Down For Maintenance" Page In ColdFusion 2021In the vast majority of cases, updates to my ColdFusion blog can be made while the site is online. Sometimes, however, if those changes are not backwards compatible, or require too much cross-file coordination, there's no way that I can start making changes without causing errors in the user experience (UX). In such cases, I need to temporarily block access to the site using a "Down for Maintenance" page. But, I still need to access the site in order to monitor and test the changes. As such, this maintenance page needs to be conditionally bypassable. Luckily, all of this is really easy in ColdFusion.https://www.bennadel.com/blog/4227-serving-a-bypassable-down-for-maintenance-page-in-coldfusion-2021.htmColdBox Fail Fast - https://coldbox.ortusbooks.com/getting-started/configuration/bootstrapper-application.cfc#composition CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 57 ColdFusion positions from 34 companies across 32 locations in 5 Countries.2 new jobs listedFull-Time - Senior Coldfusion Developer |LATAM| at Colon, PAMar 11https://www.getcfmljobs.com/jobs/index.cfm/united-states/Senior-Coldfusion-Developer-LATAM-at-Colon-PA/11442Contract - Mid Level CF developer at Remote - AustraliaMar 15https://www.getcfmljobs.com/jobs/index.cfm/australia/mid-cfdev-remote/11443Other Job LinksOrtus Solutionshttps://www.ortussolutions.com/about-us/careers Everett Community Collegehttps://employment.everettcc.edu/postings/5300 The Consortium, Inchttps://jobs.crelate.com/portal/consortium/job/ok4b6rcj95g1rhscawespxcdjy ForgeBox Module of the WeekGeoLocation By IP by Ortus SolutionsGeoLocation By IP. Look up and cache a user's countryCode, countryName, regionName, cityName, , zipCode, latitude, longitude, and timeZone by IP address.https://forgebox.io/view/GeoLocation-lookup-by-IP “This code comes with no warranties, promises, or rainbows. In fact, it will probably kick your cat.” - Brad WoodVS Code Hint Tips and Tricks of the WeekGit TrimA command to quickly remove merged, pruned, untracked, or stale branches within a repository.https://github.com/jasonmccreary/git-trimThank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsDon't forget, we have Annual Memberships, pay for the year and save 10% - great for businesses. Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription. All Patreon supporters have a Profile badge on the Community Website All Patreon supporters have their own Private Forum access on the Community Website https://community.ortussolutions.com/ Patreons John Wilson - Synaptrix  Eric Hoffman Gary Knight Mario Rodrigues Giancarlo Gomez David Belanger Dan Card Jonathan Perret Jeffry McGee - Sunstar Media6 Dean Maunder Joseph Lamoree Don Bellamy Jan Jannek Laksma Tirtohadi Carl Von Stetten Jeremy Adams Didier Lesnicki Matthew Clemente Daniel Garcia Scott Steinbeck - Agri Tracking Systems Ben Nadel  Brett DeLine Kai Koenig Charlie Arehart Jonas Eriksson Jason Daiger Shawn Oden Matthew Darby Ross Phillips Edgardo Cabezas Patrick Flynn Stephany Monge John Whish Kevin Wright Peter Amiri You can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors ★ Support this podcast on Patreon ★

Transparency
EP27 - Culture, Class, and the Bakla - with Rod Fleming

Transparency

Play Episode Listen Later Feb 21, 2022 83:22


Journalist and photographer Rod Fleming, now based in the Philippines, gives a fascinating glimpse into the lives of the Bakla or "ladyboys" of South East Asia. He's interviewed hundreds of ladyboys, is well read in the HSTS research literature, and is himself married to a ladyboy.   https://www.rodfleming.com https://www.youtube.com/channel/UCqEjpXh1Hn7-ZiRsNxmeKdg  

Transparency
Light Reading for Grandparents - With Dr Michael Bailey

Transparency

Play Episode Listen Later Feb 14, 2022 74:08


Dr Bailey is a psychologist, behavioural geneticist, and professor at Northwestern University. His research on the etiology of sexual orientation led him to the topic of transsexualism in natal males. In 2003, his book The Man Who Would be Queen, about 2 types of transsexualism (HSTS and AGP), launched the concept of Blanchard's Typology into the mainstream, and Bailey into hot water with trans activists.   The Man Who Would Be Queen is no longer in print, but is available as a free PDF: https://www.nap.edu/login.php?record_id=10530&page=https%3A%2F%2Fwww.nap.edu%2Fdownload%2F10530  

Quilt Buzz
Episode 029: Donna of @xoxsew

Quilt Buzz

Play Episode Listen Later May 6, 2021 34:00


Show Notes:0:44 - LA (Los Angeles) 6:33 - Donna’s 2020 Quiltmas quilt block, Nakatomi6:54 - Donna’s 2019 Quiltmas quilt block, Griswald6;59 - “Little full, a lot of sap” reference from the feature film, Christmas Vacation9:57 - Mammoth Lakes quilt by Donna9:59 - Eastern Sierra quilt by Donna10:23 - Arcade quilt by Donna10:25 - [Las] Vegas11:38 - Flying geese quilt block 11:42 - HSTs (half-square triangles) 11:44 - Log Cabin blocks 15:10 - Utah19:58 - Canned air20:15 - #igquiltfest20:18 - #missingmarket20:45 - C, D, E, F scales 20:47 - Mario Kart20:56 - Super Nintendo Mario Kart20:56 - Mario Kart Nintendo Switch21:19 - Nintendo Switch21:29 - Nintendo Switch, Overcooked 223:14 and 23:21 - The von Trapp family24:43 - Kid 9024:47 - The Last Blockbuster24:54 - Blockbuster 25:06 - Gardettos 25:10 - Drunkard’s Path25:43 - Kona Cotton in Light Parfait 25:51 - Kona Cotton in Bone26:04 - Rashida Coleman Hale26:07 - Kona Cotton 26:09 - Fabric Bubb26:13 - Sewing Arts 26:15 - Art Gallery Fabrics 26:16 - Kona Cotton 26:17 - Fabric Bubb26:20 - The Fabric Room 26:41 - Ruler gripper27:27 - Aurifil Thread29:06 - Alyssa of @AlyssaPearlQuilts29:11 - Elizabeth of @Ely_Sews29:13 - Cass of @Nova Quilts29:15 - Alissa of @AlissaLovesToQuilt29:23 - Kristina of @Fabric Bubb30:56 - Emily of @EmilyWattsQuilts31:16 - Anita of @AnitaYokota31:32 - Racheal of @BanyanBridges 31:55 - Metropolis Quilt by Donna32:23 - Donna’s YouTube channelFollow Donna:Instagram - @xoxsewhttps://www.xoxsew.com/Follow us:Amanda: @broadclothstudio https://broadclothstudio.com/Wendy: @the.weekendquilter https://the-weekendquilter.com/Anna: @waxandwanestudiohttps://www.waxandwanestudio.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

IGeometry
Chrome 90 will start communicating in HTTPS (port 443) by Default - Let us discuss

IGeometry

Play Episode Listen Later Mar 4, 2021 11:37


For the longest time, all browsers will always use HTTP in schemeless URLs (when HTTP or HTTPS is not specified). Chrome is flipping this with version 90 Chapters * HTTPS by Default 0:00 * What happens Today 1:00 * What will happen in Chrome 90 4:00 * HSTS? 6:20 * is HTTPS everywhere dead? 7:10 * How to Enable 8:20 Video https://youtu.be/XrlfX0duLKQ https://latesthackingnews.com/2021/03/01/google-will-launch-https-first-approach-with-urls-from-chrome-90 --- Send in a voice message: https://anchor.fm/hnasr/message

Quilt Buzz
Episode 022: Oon of @grape.soda.studio

Quilt Buzz

Play Episode Listen Later Jan 28, 2021 27:40


Show Notes:0.56 - Barry, South Wales2:35 - A&W Root Beer2:52 - Barry Manilow3:07 and 3:20 - Barry White4:59 - Brushed cotton5:04 - Applique5:09 - Seam allowance6:02 - HSTs [half-square triangles]6:03 - WOF (width of fabric)8:15 - Selvedges8:16 - Cotton + Steel Fabrics8:28 - Cargo duffle bag by Noodlehead8:55 - Range backpack by Noodlehead10:44 - Suzy Quilts10:49 - Grow Quilt by Suzy Quilts11:27 - Lorna of Cloth & Crescent - Listen to Episode 1 of Quilt Buzz for reference 14:42 - Warp and Weft fabric collection by Alexia Abegg17:03 - Ask a Mortician 17:05 - The Futility Closet podcast17:33 - Caitlin Doughty18:18 - Sawtooth Star quilt block18:39 - Kona Cotton in Terracotta18:41 - Kona Cotton in Cantaloupe19:38 - Kim(berly) Knight of Ruby Star Society 19:45 - Kona Cotton 19:53 - Speckled by Ruby Star Society 20:21 - The Fabric Fox 20:21 - The Tartan Reel 20:26 - Olive + Flo Handcraft21:06 - Aurifil Thread21:48 - Oon’s first quilt 22:41 - Basting 23:40 - Laurel of Porcupine Sew Threads (@porcupinesews_threads)23:44 - EPP [English Paper Piecing]23:53 - Racoon Head EPP pattern by Porcupine Sew Threads24:23 - Quilt-as-you-go method25:40 - Dust and Waves Textile (@dustandwavestextile)25:47 - Ice dyed fabrics25:59 - Maine26:04 - Good News Movement (@goodnews_movement)26:21 - Cheap Nordic Houses (@cheapnordichouses)26:29 - Norway 26:30 - SwedenFollow Oon:Instagram - @grape.soda.studioFollow us:Amanda: @broadclothstudio https://broadclothstudio.com/Wendy: @the.weekendquilter https://the-weekendquilter.com/Anna: @waxandwanestudiohttps://www.waxandwanestudio.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

Björeman // Melin
Avsnitt 238: HEICom och hjälp mig

Björeman // Melin

Play Episode Listen Later Dec 17, 2020 101:56


JULAVSNITTET CentOS död, del 2: Rocky Linux nytt projekt som tar vid. (tydligen döpt efter en av grundarna av CentOS-projektet, Rocky McGaugh.) Rättelse om HSTS från The Seal: “Feedback gällande HSTS så är det inte alls kring att binda en domän till ett certifikat utan för att binda en browser att inte prova okrypterat igen på given tidenhet. Går att kombinera med den lite farliga varianten med includeSubDomains vilket då tvingar samma betende även på subdomäner” Jocke migrerar hårt från CentOS till FreeBSD. Alla småservrar för dns, ntp mm flyttat. Stora jobbiga servrar återstår (Matrix, Mastodon, Haproxy) EU sätter ner foten, kräver interoperabilitet för datasilos Macos Jättesur: helt plötsligt har Spotlight ballat ur. Quicksilver, Launchbar och Alfred dras till minne Datormagazin Retro #4 skymtad i butik! Vad säger Christian om Apples nya hörlurar? Dyra lurar är dyra Jocke får tidig julklapp från vän: ny mus till sin Mac mini M1 Chrome is bad. Google är verkligen ett storföretag. Anledningar att folk dras med gamla webbläsare avhandlas grundligt ##Film och TV## Jocke har sett hela Queens Gambit. Briljant och underbart bra TV. Mandalorian levererar säger Elias, 10 år. Linnea 9 år har koll på Baby Yoda. Christian rekommenderar extramaterialet på Disney+ Jocke tipsar om julfilmer Die Hard Karl-Bertil Jonssons julafton Kalles klätterträd Trolltyg i Tomteskogen Christian tipsar om julfilmer Klaus (Netflix) Love Actually Thomas Brodie-Sangster som spelar Sam spelar även i Queens Gambit. Fredrik tipsar om julfilmer: Die hard går inte att undvika Ensam hemma Sagan om ringen-filmerna ##Länkar## Rocky Linux HSTS Android 4.4 Irig mic HD2 EU vill spräcka silos Suseån Flying tiger FOSDEM Launchbar Quicksilver Alfred Growl Ars technica om Growl Adium 43 folders Merlin Mann Airpods max B&W Sennheiser HE1 - ett par Riktigt dyra lurar Elektrostathögtalare Wall of sound Ultimate ears 9000 SUP-bräda Magic mouse 1 Magic mouse 2 Magic trackpad 2 Chrome is bad Brave Vivaldi Queen’s gambit Anya Taylor-Joy The mandalorian Taika Waititi Swingers Love actually Klaus Die hard Ensam hemma Ivanhoe Karl-Bertil Jonssons jul Kalles klätterträd Per Åhlin Trolltyg i tomteskogen Björeman. Melin. Åhs. Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-238-heicom-och-hjalp-mig.html.

Björeman // Melin
Avsnitt 238: HEICom och hjälp mig

Björeman // Melin

Play Episode Listen Later Dec 17, 2020 101:56


JULAVSNITTET CentOS död, del 2: Rocky Linux nytt projekt som tar vid. (tydligen döpt efter en av grundarna av CentOS-projektet, Rocky McGaugh.) Rättelse om HSTS från The Seal: “Feedback gällande HSTS så är det inte alls kring att binda en domän till ett certifikat utan för att binda en browser att inte prova okrypterat igen på given tidenhet. Går att kombinera med den lite farliga varianten med includeSubDomains vilket då tvingar samma betende även på subdomäner” Jocke migrerar hårt från CentOS till FreeBSD. Alla småservrar för dns, ntp mm flyttat. Stora jobbiga servrar återstår (Matrix, Mastodon, Haproxy) EU sätter ner foten, kräver interoperabilitet för datasilos Macos Jättesur: helt plötsligt har Spotlight ballat ur. Quicksilver, Launchbar och Alfred dras till minne Datormagazin Retro #4 skymtad i butik! Vad säger Christian om Apples nya hörlurar? Dyra lurar är dyra Jocke får tidig julklapp från vän: ny mus till sin Mac mini M1 Chrome is bad. Google är verkligen ett storföretag. Anledningar att folk dras med gamla webbläsare avhandlas grundligt ##Film och TV## Jocke har sett hela Queens Gambit. Briljant och underbart bra TV. Mandalorian levererar säger Elias, 10 år. Linnea 9 år har koll på Baby Yoda. Christian rekommenderar extramaterialet på Disney+ Jocke tipsar om julfilmer Die Hard Karl-Bertil Jonssons julafton Kalles klätterträd Trolltyg i Tomteskogen Christian tipsar om julfilmer Klaus (Netflix) Love Actually Thomas Brodie-Sangster som spelar Sam spelar även i Queens Gambit. Fredrik tipsar om julfilmer: Die hard går inte att undvika Ensam hemma Sagan om ringen-filmerna ##Länkar## Rocky Linux HSTS Android 4.4 Irig mic HD2 EU vill spräcka silos Suseån Flying tiger FOSDEM Launchbar Quicksilver Alfred Growl Ars technica om Growl Adium 43 folders Merlin Mann Airpods max B&W Sennheiser HE1 - ett par Riktigt dyra lurar Elektrostathögtalare Wall of sound Ultimate ears 9000 SUP-bräda Magic mouse 1 Magic mouse 2 Magic trackpad 2 Chrome is bad Brave Vivaldi Queen’s gambit Anya Taylor-Joy The mandalorian Taika Waititi Swingers Love actually Klaus Die hard Ensam hemma Ivanhoe Karl-Bertil Jonssons jul Kalles klätterträd Per Åhlin Trolltyg i tomteskogen Björeman. Melin. Åhs. Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt.238-heicom-och-hjalp-mig.html.

Daily SEO Tips
307 Redirects are not real redirects

Daily SEO Tips

Play Episode Listen Later Dec 10, 2020 2:13


Does Google crawl 307 redirects? 307 redirects DO NOT function like 301 redirects. Listen to today s tip to learn about how and why you should fix these redirects. Hello, and thanks for listening to SEO tips today. These types of redirects (307) occur because the site was set up with HSTS which globally tells [...]

Geeksblabla
#58 - How Does the Internet Work?

Geeksblabla

Play Episode Listen Later Nov 27, 2020 158:55


In this episode of GeeksBlabla, we will discover with our guests how the Internet actually works. Guests Mohamed Ez-zarghili Abderrahim Soubai Elidrissi Yassine Moumen Notes 0:02 - Introduction. 0:07 - Briefly, how does the Internet work? 0:12 - What's the first thing that happens when we type something into Google? 0:17 - Electrical signals and Raspberry Pies. 0:20 - What can we possibly build with a Raspberry Pi? 0:23 - What actually happens when we search for something in Google? 0:25 - What does HSTS protect against and how is it implemented? 0:28 - What is mixed content (HTTP over HTTPS)? 0:33 - What does HTTP or HTTPS mean from the server side? 0:37 - What is DNS, how does it work and why is it important? 0:44 - Does changing DNS improve Internet speed? 0:53 - Do DNS resolvers control your Internet accessibility? 0:57 - How is the encapsulated frame sent to the internet through the default gateway? 1:03 - HTTP and the OSI model. 1:07 - What is the MAC address? 1:08 - What exactly is a protocol? 1:11 - Game Theory and communication networks. 1:13 - What is ARP cash poisoning (ARP Spoofing)? 1:15 - What happens when an HTTP request reaches the Server? 1:22 - Why is it said that HTTP is a stateless protocol? 1:24 - Reverse Proxy Server attacks. 1:25 - Concepts every back-end developer must be familiar with (sessions, cookies and ORM). 1:31 - Subdomains (cost, limitations and hosting). 1:33 - What is a Canonical Name (CNAME)? 1:35 - Why a Server has to be near the Client and how does it impact the Latency? 1:37 - As a DevOps engineer, how much do you need to know about network protocols? Are the basics enough? 1:39 - What is the difference between a Reverse Proxy and a Load Balancer? 1:47 - What is JSON Web Token (JWT) and how does it work? 1:54 - How does a Server respond to a request? 2:04 - What are the major components of a web browser? 2:13 - What is HTML parsing? 2:18 - Why is it important for a software engineer to have global knowledge? 2:23 - What is HTTP/3? 2:31 - Briefly, what exactly is the Deep Web? 2:37 - Wrap up and goodbye. Links Root name server What happens when… Prepared and Presented by Youssouf El Azizi

IGeometry
Is FireFox HTTPS only Mode The death of HSTS?

IGeometry

Play Episode Listen Later Nov 18, 2020 7:23


FireFox Enables HTTPS Only Mode, let us discuss https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ What does it mean? Death of HSTS? No more plugins Will it ever become default? (Government sites unencrypted, backward compatible) --- Send in a voice message: https://anchor.fm/hnasr/message

Quilt Buzz
Episode 016: Ben of @benmillett

Quilt Buzz

Play Episode Listen Later Nov 5, 2020 32:18


Show Notes:0:44 - Des Moines, Iowa0:55 - LGBTQ1:07 - Central Iowa Modern Quilt Guild1:42 - Half-square triangles2:33 - Singer2:50 - Pin basting3:19 - Stitch in the ditch3:47 - Walking foot3:52 - Quarter inch foot5:04 - Tessellation quilt (Ben’s version)5:55 - Not so straight6:34 - Flannel6:41 - Half-square triangles6:45 - Curves7:20 - Libs Elliot7:22 - La Fin Du Monde, End of the World Quilt (Ben’s version)8:01 - Laser cutter8:15 - Urbandale Laser8:24 - Convex curve8:25 - Concave curve8:27 - Orange Peel9:02 - Michelle at Urbandale Laser9:17 - Tracing plastic9:55 - Adobe illustrator9:58 - [Auto]CAD10:10 - Laser cutting10:22 - Half-square triangles10:28 - Jelly roll10:42 - Geometry10:52 - 4 at a time, 8 at a time HST (half-square triangles)10:59 - 2 at a time HST (half-square triangles)11:12 - Trimming11:14 - Squaring off the squares11:32 - Chain piece11:43 - 8 at a time (half-square triangles)11:51 - HSTs [half-square triangles]12:05 - HSTs [half-square triangles]12:10 - 2 at a time (half-square triangles)12:12 - 4 at a time (half-square triangles)12:24 - Reddit thread13:32 - “What Have I Done?” tote13:47 - [Quilt] block13:49 - Protea flower14:11 - Instagram15:16 - QuiltCon15:43 - 365 Kona Colour jacket by Ben Millett16:13 - Libs Elliot16:14 - La Fin Du Monde16:43 - Kona Colour card17:14 - Kona Colour card17:45 - Ziploc bags20:05 - 356 Kona Colours20:19 - 365 Kona Colour jacket by Ben Millett20:21 - Giucy Giuce Alison Glass Mini Sew Along Jacket by Ben Millet21:08 - QuiltCon21:46 - QuiltCon volunteer21:50 - RBF21:51 - Quilt gloves22:51 - QuiltCon23:09 - Lockdown23:38 - QuiltCon22:44 - M&M’s25:49 - Peanut M&M’s25:59 - Scrappy quilts26:11 - Traditional [quilt] blocks26:16 - Kona Cotton in Grass Green26:23 - Hex code26:27 - Hex code 66993326:34 - Kona Cotton in White26:42 - Libs Elliot26:43 - Giucy Giuce26:44 - Kaffe Fassett26:48 - Kaffe Fassett26:52 - Kona Cotton Phosphorific Tri-colour sample by Ben20:56 - Kona Cotton in Pomegranate26:57 - Kona Cotton in Peacock26:59 - Kona Cotton in Acid Lime27:04 - Fabric Bubb27:06 - Iowa Quilt Block27:25 - Fat quarters27:37 - Hera marker27:42 - Gutermann27:44 - Aurifil28:24 - Protea Flower for One Iowa’s Charity auction29:18 - Dragon Age: Inquisition29:34 - @johnpaulmorabito29:35 - Weaving artist29:38 - Des Moines Art Center29:45 - Computerised weaving29:45 - @johal_geometrics29:57 - Acrylic polymer artist30:28 - @HanWriting30:34 - EmbroidersFollow Ben:Instagram - @benmillettFollow us:Amanda: @broadclothstudiohttps://broadclothstudio.com/Wendy: @the.weekendquilterhttps://the-weekendquilter.com/Anna: @waxandwanestudiohttps://www.waxandwanestudio.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

Implementador WordPress
HTTP Strict Transport Security (HSTS)

Implementador WordPress

Play Episode Listen Later Nov 5, 2020 19:05


HSTS ¿qué es? ¿para qué es? En este episodio hablamos sobre esta Seguridad de Transporte Estricta para HTTP.

Implementador WordPress
HTTP Strict Transport Security (HSTS)

Implementador WordPress

Play Episode Listen Later Nov 5, 2020 19:05


HSTS ¿qué es? ¿para qué es? En este episodio hablamos sobre esta Seguridad de Transporte Estricta para HTTP.

Quilt Buzz
Episode 014: Keyana of @collectivequilts

Quilt Buzz

Play Episode Listen Later Oct 8, 2020 24:48


Show Notes:0:49 - Columbus, Ohio1:44 - Collective Quilts3:13 - Facebook Marketplace3:55 - Hand pieced3:56 - Hand quilted4:24 - Modern quilts4:30 - Traditional blocks4:33 - Negative space6:18 - #ombrebrown6:24 - Keyana’s ombre brown quilt on her Instagram6:49 - Ombre Brown7:37 - Testing patterns7:49 - Julia of The Little Pine Needle11:02 - Porfiria of Mrs Porfiria11:06 - Michelle of Meesh quilts11:12 - Color of Connection11:19 - Color of Connection11:20 - Michelle of Meesh Quilts11:26 - Porfiria of Mrs Porfiria11:34 - Modern quilting11:39 - Quilt along11:44 - Color of Connection Quilt13:21 - @colorofconnectionquilt13:28 - www.colorofconnectionquilt.com15:30 - Heartland13:40 - Archway Lemon Cookies15:45 - Log Cabin quilt block15:46 - Sawtooth Star quilt block15:54 - Sunbonnet Sue16:37 - Kona Cotton in Snow16:38 - Kona Cotton in Natural16:51 - Art Gallery Fabrics16:55 - Carolyn Friedlander16:56 - Anna Maria Horner16:58 - Ruby Star Society17:16 - Morgan of Morgan Kelly Quilts17:18 - Fabric Stork17:19 - Lamb and Loom Fabrics17:56 - Seam ripper18:00 - Aurifil18:06 - Half-square triangles (HSTs)18:11 - Hand quilt18:15 - Machine quilt18:21 - Hand bind18:24 - Machine binding18:29 - Piecing19:08 - Mindy of Wild Phil Quilting19:35 - Anna Maria Horner20:17 - Birch Point Quilt by The Blanket Statement21:35 - Erin of @TheBlanketStatement21:49 - @colorofconnectionquilt22:38 - Mindy of @WildPhilQuilting23:12 - Color of Connection Quilt23:16 - www.ColorOfConnectionQuilt.com23:19 - @colorofconnectionquilt23:37 - [Quilt] blockFollow Keyana:Instagram - @collectivequilts @colorofconnectionquiltPinterest - @collectivequiltshttps://www.colorofconnectionquilt.com/Follow us:Amanda: @broadclothstudiohttps://broadclothstudio.com/Wendy: @the.weekendquilterhttps://the-weekendquilter.com/Anna: @waxandwanestudiohttps://www.waxandwanestudio.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

IGeometry
HTTPS and HTTP/3 negotiation is now Faster thanks to Cloudflare, RIP HSTS, Let us Discuss

IGeometry

Play Episode Listen Later Sep 30, 2020 17:32


Watch the Video here https://youtu.be/76sgBHUl7iI Alessandro Ghedini wrote an interesting article discussing how DNS queries can help speed up HTTPS and HTTP/3 communication let us discuss this article https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/ 3:30 TLS video https://www.youtube.com/watch?v=AlE5X1NlHgg 4:57 HSTS https://www.youtube.com/watch?v=kYhMnw4aJTw 8:15 http/2 c smuggling https://www.youtube.com/watch?v=B2VEQ3jFq6Q 15:30 ESNI https://www.youtube.com/watch?v=t0zlO5-NWFU --- Send in a voice message: https://anchor.fm/hnasr/message

Quilt Buzz
Episode 012: Chris of @afullenglish

Quilt Buzz

Play Episode Listen Later Sep 10, 2020 27:22


Show Notes:0:43 - West Yorkshire2:10 - Liberty [London] fabrics2:15 - Brick pattern quilt2:28 - Liberty [London] fabrics3:33 - Chris’s baby Liberty quilt (please ‘like’ the photo while you’re there)5:39 - Liberty [London] fabrics5:50 - Modern Improv[isation]5:52 - Punky6:00 - Traditional [quilt] blocks6:03 - Improv[isation]6:12 - Hand tying quilt6:28 - Hodgepodge6:29 - Punky6:36 - Punk music6:37 - Ethos of Punk6:56 - QuiltCon6:57 - Nashville7:48 - Instagram8:41 - Liberty [London] fabrics10:13 - Op shop10:24 - Op shop10:31 - Improv[sation quilting] style11:12 - Paralysis by choice11:26 - Necessity is the mother of invention11:37 - Applique13:30 - QuiltCon13:31- Nashville13:38 - Sherri Lynn Wood13:43 - QuiltCon, Nashville 201913:45 - Sherri Lynn Wood13:57 - Austin13:58 - Armish quilts14:04 - Festival of the Quilts in the UK14:12 - International Quilt Museum14:14 - Baltimore Album Quilts14:36 - The Littlest Hobo14:50 - Hobo the dog15:31 - Quilting muder mystery novel series, Southern Quilting Mysteries by Elizabeth Spann Craig16:08 - Kickstarter16:23 - Airstreams16:29 - Scooby Doo16:32 - The Mystery Machine Van16:48 - Covid-1917:11 - New York17:23 - Nashville17:24 - Austin17:35 - Chicago18:16 - Cricket18:21 - Sleep sound machines18:38 - Nine-Patch [quilt block]18:40 - Mink18:51 - Oakshott Cotton18:53 - Kona Cotton18:58 - Kona Cotton in Highlight19:01 - Fluorescent yellow colour19:04 - Kona Cotton in Acid Lime19:07 - Kona Cotton in Highlight19:38 - Paul Smith19:48 - QuiltCon19:51 - Reprint and Repurpose20:27 - Instagram20:33 - Block printed fabric21:35 - Sheffield, England21:41 - Aurifil22:03 - HSTs [half-square triangles]22:20 - Basting22:53 - Jen Broemel22:56 - Improv[isation]22:59 - QuiltCon23:04 - Tricia Royal of @bitsandbobbins23:07 - Chicago23:15 - @SherriLynnWood23:20 - Nashville [QuiltCon 2019]23:40 - Hand tied quilt23:44 - Improv[isation]24:05 - Football [soccer]24:11 - Cricket24:19 - Goalkeeper24:39 - @Captain_Eyeliner24:41 - Wheatpaste artist24:44 - Wheatpaste25:04 - Wheatpaste hashtag [#wheatpaste]25:11 - @basquiat_archive25:24 - @internationalquiltmuseum25:26 - NebraskaFollow Chris:Instagram - @AFullEnglishhttps://www.chrisenglishquilts.com/Follow us:Amanda: @broadclothstudiohttps://broadclothstudio.com/Wendy: @the.weekendquilterhttps://the-weekendquilter.com/Anna: @waxandwanestudiohttps://www.waxandwanestudio.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

Quilt Buzz
Episode 011: Shelly of @matantequilting

Quilt Buzz

Play Episode Listen Later Aug 27, 2020 28:29


Show Notes:0:59 - Ottawa1:02 - Canada1:04 - French1:05 - English1:31 - Manitoba1:45 - Manatee2:17 - Knitting3:13 - Basket quilt3:16 - Hand applique3:31 - Hand quilted3:32 - Machine bind3:44 - Afterlife3:50 - Hand bind4:06 - YouTube4:12 - Longarm quilting4:18 - Piecing4:21 - Longarm quilt4:24 - Longarm League4:34 - Piecers4:44 - Longarm machine5:04 - Instagram6:56 - Ottawa7:06 - Manitoba7:26 - Minnedosa, Manitoba7:46 - Batman8:16 - Piecing8:19 - Modern traditionalism8:22 - Traditional [quilt] blocks8:36 - Revival prints [quilts]9:00 - Pantograph9:03 - Soho [pantograph]10:25 - Half-square triangles (HSTs)10:34 - Pantograph sizing10:59 - Piecing11:01 - Quilting11:45 - Quilt top11:59 - [Quilt] Backing13:45 - Game the system13:58 - Traditional [quilt] blocks14:04 - Pattern14:08 - Block books14;15 - Instagram14:21 - Patterns14:28 - Pattern15:37 - Recipe16:07 - Quilt kit16:44 - Trailer17:12 - Quilt top17L18 - Ikea17:28 - Duct tape17:57 - Tension18:05 - Learning curve19:30 - Rocky Dance19:52 - Slippers20:15 - Footwear20L34 - RuPaul’s Drag Race20:39 - Netflix20:41 - America20;42 - Canada20:54 - Wine21:04 - Log Cabin [quilt block]21:07 - Orange Peel [quilt block]21:25 - Alison Glass21:30 - Art Gallery Pure Solids21:38 - Sharp blade21:40 - Creative Grids Rulers21:43 - Fabric snips22:00 - To the side22:15 - Strip piecing22:35 - Pressing22:47 - Seam22:27 - Machine [quilt]22:30 - Machine [bind]22:35 - Pressing22:43 - [Quilt] blocks22:46 - Quilt top22:49 - Seam22:54 - Pressing23:02 - Wool pressing mat23:03 - Ironing board23:15 - Barn23:17 - Farm23:26 - [Bad] Posture23:34 - Solitary23:46 - Jess Ziegglar of Threaded Quilting Studio23:49 - Long arm quilter23:57 - Orange Peel quilt25:22 - Fish[ing]25:24 - Ice fishing25:30 - Open water [fishing] season25:32 - Manitoba25:37 - Fly fisher25:40 - Boat fishing25:58 - Fly fishing25:59 - Riverside [Park in NYC]26:24 - Jodie of @jozmakesquilts26:47 - Jodie’s dog: @duffron26:54 - Emma of @VIntageSewingBox26:57 - England26:59 - Liberty [of London Fabrics]27:02 - English Paper Piecing hexagons27:12 - Pastel [colours]27:22 - Megan of @thencamejuneFollow Shelly:Instagram - @matantequiltinghttps://matantequilting.com/Follow us:Amanda: @broadclothstudiohttps://broadclothstudio.com/Wendy: @the.weekendquilterhttps://the-weekendquilter.com/Anna: @waxandwanestudiohttps://www.waxandwanestudio.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

Quilt Buzz
Episode 008: Libs of @libselliott

Quilt Buzz

Play Episode Listen Later Jul 16, 2020 28:19


Show Notes:2:33 - Sampler [quilt]2:36 - Johannah Masko2:46 - Traditional [quilt] blocks2:51 - Half-square triangles (HSTs)2:54 - Flying geese2:55 - Applique3:22 - Lemoyne Star block3:27 - Star blocks3:52 - Double Wedding Ring quilt5:36 - Toronto6:02 - Catfish6:31 - Pyramid scheme6:47 - Traditional [quilt] blocks7:31 - Creative technologist7:31 - Digital artist7:43 - Lib Eliot’s plus sign quilt, “Add it Up”8:20 - Joshua Davis8:37 - Graph paper9:10 - Quilt blocks9:11 - [Adobe] Illustrator10:23 - Modern quilting10:27 - Traditional [quilt] blocks10:34 - Modern quilting10:50 - Pinterest11:18 - Hex values11:25 - Graffiti11:53 - Andover Fabrics11:58 - Quiltcon12:00 - Austin12:04 - Jacqueline Sava12:05 - Soak Wash12:28 - Daryl Cohen12:33 - Andover Fabrics12:45 - Andover [Fabrics]12:46 - New York City13:40 - Almost Blue13:44 - Denim13:48 - Value Village14:36 - Saturated15:00 - Phosphor16:20 - Almost Blue17:32 - Arrested Development18:03 - True crime podcasts18:06 - Uncover18:07 - CBC18:14 - This American Life18:16 - The Moth18:25 - Dorritos18:26 - Cool Ranch18:29 - Nacho Cheese [Dorritos]19:25 - Andover Fabrics19:29 - Anna Maria Horner19:55 - Jennifer Sampou20:04 - Ombre fabric collection by Jennifer Sampou, “Sky”20:28 - Pins20:38 - Clover refillable chalk marker21:09 - Heramarker21:43 - Nesting seams21:57 - [Pressing seams] open22:01 - [Quilting] blocks22:19 - Half-square triangles (HSTs)22:20 - Strip piecing22:21 - Curve [piecing]22:51 - Piecing22:56 - [Quilt] top23:23 - Instagram23:28 - QuiltCon23:31 - Norway23:46 - Australia24:06 - Erick Wolfmeyer24:23 - France24:32 - Germany25:33 - Knitting25:45 - Erick Wolfmeyer25:58 - Social Justice Sewing (SJS) Academy (@sjsacademy)26:04 - Sara Trail26:31 - Minecraft26:54 - Ben Venom26:59 - Hard Core Punk Rock [music]27:01 - Ben Venom27:02 - Heavy Metal quilts27:08 - Applique27:18 - San FranciscoFollow Libs:@libselliothttps://www.libselliott.com/Follow us:Amanda: @broadclothstudiohttps://broadclothstudio.com/Wendy: @the.weekendquilterhttps://the-weekendquilter.com/Anna: @waxandwanestudiohttps://www.waxandwanestudio.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

Quilt Buzz
Episode 005: Kim of @feelgoodfibers

Quilt Buzz

Play Episode Listen Later May 21, 2020 25:08


Show Notes:0:51 - @lelandavestudios1:05 - @feelgoodfibers2:14 - Flickr2:17 - Instagram4:03 - Words Quilt by Kim Soper Smith4:20 - Lincoln Quilt by Kim Soper Smith6:21 - @feelgoodfibers7:14 - eBay7:15 - Poshmark8:13 - Shopify9:05 - Megan Collins14:05 - Procreate14:06 - Apple pencil15:39 - Creative Pep Talk15:46 - The Goop Podcast16:02 - Tazo Passion Tea16:19 - Flying Geese16:25 - Blues and hot pinks16:32 - Neutrals16:42 - Hot pink17:00 - Anna Maria Horner17:08 - Kona Cotton17:13 - Linen17:17 - Good Vibes Quilt by Kim Soper Smith17:28 - Rotary cutter17:31 - Kai scissors17:33 - QuiltCon17:39 - Sashiko needles17:42 - Brooklyn Haberdashery18:09 - Half-square triangles (HSTs)19:52 - Megan Collins19:55 - Shannon Fraser19:58 - Michelle Cain20:11 - Thompson Street Studio20:26 - Good Vibes Quilt by Kim Soper Smith21:02 - Kim’s Gypsy Wife Quilt21:53 - Shelagh Jessop of Stuart Moores Textiles22:20 - @AshleyLongshoreArt22:32 - Bergdorf Goodman22:38 - Justina Blakeney23:23 - Organisation challenge by Feel Good Fibers23:47 - Feel Good Fridays Playlists24:01 - Megan CollinsSponsor:PreQuilt - Get $10 off either the Basic OR PRO Annual plan when you use code QUILTBUZZ at prequilt.com. Offer is available until May 31, 2020.Follow Kim:@feelgoodfibershttps://feelgoodfibers.com/@lelandavestudiosFollow us:Amanda: @broadclothstudiohttps://broadclothstudio.com/Wendy: @the.weekendquilterhttps://the-weekendquilter.com/Anna: @waxandwanestudiohttps://www.waxandwanestudio.com/Quilt Buzz: @quilt.buzzhttps://quiltbuzzpodcast.com/Intro/Outro Music:Golden Hour by Vlad Gluschenko

Home Studio To Stadium Podcast
HSTS: Ep. 1 - About JACB+

Home Studio To Stadium Podcast

Play Episode Listen Later Jan 16, 2020 14:43


Hope you're having a great day! Join the free Discord community here: http://bit.ly/jacbplus-discord Follow and subscribe to stay updated! Instagram: bit.ly/jacbplus-instagram YouTube: bit.ly/jacbplus-youtube Twitch: bit.ly/jacbplus-twitch Home Studio to Stadium is a refreshingly new, interactive podcast following the journey of JACB+, a new producer/singer out of New York City, from brand new artist to industry pro. Episodes feature interviews with rising artists, weekly updates, industry tips & tricks, song breakdowns, and much more. Interviews will be livestreamed on Twitch and Youtube, where viewers may submit questions to be asked and even earn free prizes. So be sure to follow JACB+ on Instagram for updates and don't miss out! Subscribe and follow along to experience the raw process of what becoming a musician in the 2020's is actually like.

IGeometry
Episode 121 - What happens when you type google.com into your browser address box and hit enter?

IGeometry

Play Episode Listen Later Dec 29, 2019 47:03


In this video I want to go through what really happens under the hood when you type google.com and you hit enter in a browser. This is inspired by alex’s github page below, it is a great detailed description of what happens. I did however add more details to certain areas and I removed some stuff like keyboard events and low level operating system like that. So if you are interested stay tuned! https://github.com/alex/what-happens-when 5:30 HSTS https://youtu.be/kYhMnw4aJTw 19:30 tcp vs udp https://youtu.be/qqRYkcta6IE 24:42 tls https://youtu.be/AlE5X1NlHgg 40:56 mimesniffing https://youtu.be/eq6R6dxRuiU Initial typing - lookup for most visited sites or an actual search Google.com Enter - parse is it a url or search term? If search do a search if url visit website Which protocol? which port ? HSTS? HTTPS or HTTP? DNS cached? Hosts? DoH? Lookup ? TCP ip / port ? arp? NAT? proxy? HTTP 1.1 ? More than one connection TLS version? ciphers? Alpn? SNI ? H2 ? H3? Quic? GET / - ? Headers compress cookies? binary stream? HTML? H2 push? HTML Parse? Make multiple requests css? JS? Multiple streams? If H1 then pipeline? --- Send in a voice message: https://anchor.fm/hnasr/message

IGeometry
Episode 118 - SSL Stripping and HTTP Strict Transport Security

IGeometry

Play Episode Listen Later Dec 22, 2019 18:25


HSTS or HTTP Strict Transport Security is a mechanism to force clients to communicate in HTTPS with a web server if both support this protocol. In this podcast, I talk through this tech. --- Send in a voice message: https://anchor.fm/hnasr/message

Troy Hunt's Weekly Update Podcast

Nord & Credential Stuffing; Veritas, DNA & Breach; Azure & Free SSL; Sectigo DV Craziness; LinkedIn & security.txt; HSTS or GTFO; Sponsored by Varonis https://www.troyhunt.com/weekly-update-164/

Domain Name Wire Podcast
Google’s Ben McIlwain – DNW Podcast #221

Domain Name Wire Podcast

Play Episode Listen Later Jan 28, 2019 33:42


Learn about the HSTS preload list and how to add your domain (or entire TLD) to it. This week Ben McIlwain of Google talks about SSL on domain names, particularly the HSTS preload list. Learn about the benefits of adding a domain name to this list and how an entire top level domain can be […] Post link: Google’s Ben McIlwain – DNW Podcast #221 © DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Search Camp Podcast (SEO + SEA)
SEO-Monatsrückblick November 2018: HSTS, GMB App, PageSpeed + mehr

Search Camp Podcast (SEO + SEA)

Play Episode Listen Later Dec 1, 2018 29:02


Im SEO-Monatsrückblick für den November 2018 stelle ich 16 aktuelle SEO-relevante Themen vor: Was hat es mit HSTS auf sich? Warum ist die neue Google My Business App so interessant? Und was passiert beim Thema PageSpeed (und vor allem beim Tool PageSpeed Insights)? Das und viel mehr gibt’s hier in komprimierter Form. Shownotes (Links auf die 16 Themen + Stichpunkte zu den Neuerungen): https://bloo.link/scseo1118

Firewalls Don't Stop Dragons Podcast

The 2018 DEFCON Vote Hacking Village showed once again that our voting machines are way too easy to hack. Even though election system manufacturers refuse to allow independent researchers to vet their products directly, hackers at DEFCON have managed to get their hands on several systems in use today, and show that they are trivial to compromise. Jacob Hoffman-Andrews from the EFF explains what all of this means and the measures we need to take to address these shortcomings. The PAVE Act that’s currently before Congress would provide mechanisms to mitigate the weaknesses of our voting systems by requiring a paper trail for all votes and risk-limiting audits to validate vote totals with minimal effort and cost. The companion Secure Elections Act is now a much weaker bill and would need to have these provisions restored. Jacob Hoffman-Andrews is a lead developer on Let's Encrypt, the free and automated Certificate Authority. He also works on EFF's Encrypt the Web initiative and helps maintain the HTTPS Everywhere browser extension. Prior to working at EFF, Jacob was on Twitter's anti-spam and security teams. One the security team, he implemented HTTPS-by-default with forward secrecy, key pinning, HSTS, and CSP. On anti-spam, he deployed new machine-learned models to detect and block spam in realtime. Before Twitter, he worked at Google, variously on the maps, transit, and shopping teams. For Further Insight: Website: https://www.eff.org/about/staff/jacob-hoffman-andrews Follow on Twitter: https://twitter.com/j4cob

Sugar Hill UMC
How Sweet The Sound: "Tis So Sweet To Trust In Jesus"

Sugar Hill UMC

Play Episode Listen Later Jun 23, 2018 28:10


Scripture references: Psalm 138:3-7; Isaiah 53; Hebrews 4:15; Matthew 28:18-20.

Sugar Hill UMC
How Sweet The Sound: "How Great Thou Art"

Sugar Hill UMC

Play Episode Listen Later Jun 17, 2018 34:06


Scripture references: Psalm 20:6-9, Psalm 72:18-19, Mark 4:26-29

Sugar Hill UMC
How Sweet The Sound: "Amazing Grace"

Sugar Hill UMC

Play Episode Listen Later Jun 9, 2018 32:35


Scripture references: Eph. 2:1-10; Psalm 139:1-6; 16-18.

Sugar Hill UMC
How Sweet The Sound: "It Is Well"

Sugar Hill UMC

Play Episode Listen Later Jun 2, 2018 31:02


Scripture references: Psalm 46:1-3, 4-7, 8-10; John 16:33; 2Corinthians 4:16-18; Job 1:20.

Sugar Hill UMC
How Sweet The Sound: "Great Is Thy Faithfulness"

Sugar Hill UMC

Play Episode Listen Later May 26, 2018 33:04


Scripture references: Psalm 89:1-8; 13-15; Lamentations 3:22-24.

Random Tech Thoughts
Google IO 2018: Introducing .App Domain Names And How To Secure Them [Recap]

Random Tech Thoughts

Play Episode Listen Later May 15, 2018 8:22


Everyone at IO got the "Oprah" treatment with "you get a domain, you get a domain... everybody gets a domain name!", but even if you aren't there you could still learn about this new TLD.

Random Tech Thoughts
Google IO 2018: Introducing .App Domain Names And How To Secure Them [Recap]

Random Tech Thoughts

Play Episode Listen Later May 15, 2018 8:22


Everyone at IO got the "Oprah" treatment with "you get a domain, you get a domain... everybody gets a domain name!", but even if you aren't there you could still learn about this new TLD.

Rebuild
199: The End of an Era (rui314)

Rebuild

Play Episode Listen Later Jan 23, 2018 153:56


Rui Ueyama さんをゲストに迎えて、CPU 脆弱性、トランスクリプト、日本語入力、ガジェット、HDR などについて話しました。 Show Notes Government shutdown 2018 Rebuild: 198: Gaming Hogehoge (drikin) Meltdown and Spectre How the industry-breaking Spectre bug stayed secret for seven months コンピュータセキュリティと様々なサイドチャネル攻撃|Rui Ueyama Amazon: Intel Meltdown patch will slow down your AWS EC2 server Google claims its Spectre patch results in 'no degradation' to system performance Skyfall and Solace vulnerabilities Intel CES 2018 keynote: behind the scenes exclusive Mitigations landing for new class of timing attack | Mozilla Security Blog IPhone’s Rolling Shutter Captures Amazing ‘Slo-Mo’ Guitar String Vibrations Hash DoS Attack perl5180delta Rebuild Search Google Cloud Speech API Rebuild: Supporter Gboard 6.7 beta adds Chinese, Japanese support Chromecast and Google Homes reportedly overloading home Wi-Fi DNS-over-HTTPS NeverSSL - helping you get online badssl.com Heroku Postgres Google App Engine .fm TLD Chrome 63 forces .dev domains to HTTPS via preloaded HSTS Marques Brownlee (MKBHD) Google CEO Sundar Pichai says he does not regret firing James Damore Light | Camera Lytro Google Photos will limit Pixel 2 users' uploads after 2020 Amazon Echo Spot Alexa, go ahead and hand over recordings in murder case Black Mirror フィリップ・K・ディックのエレクトリック・ドリームズ Turing Complete FM

The Bike Shed
138: I Don't Know How the World Works Anymore

The Bike Shed

Play Episode Listen Later Jan 12, 2018 48:00


We chat about how shared global state in tests can cause you to doubt foundational truths of the universe, some issues with Rails system tests, and recent changes in browser behavior. Announcing Diesel 1.0 - Congratulations to Sean and all committers. Where do Rubyists Go? Testing apps that use Geocoder PostgreSQL Mailing List Archives Respect user-set Capybara.server with Rails system tests Default Puma to non-clustered mode with Rails system tests Suspenders Chrome 63 forces .dev domains to HTTPS via preloaded HSTS Mozilla faces blowback after slipping Mr Robot plugin into Firefox - The Verge Firefox 57 delays requests to tracking domains

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Microsoft Office VBA Macro Obfuscation via Metadata https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/ Large Scale BGP Attack https://bgpmon.net/popular-destinations-rerouted-to-russia/ HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Microsoft Office VBA Macro Obfuscation via Metadata https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/ Large Scale BGP Attack https://bgpmon.net/popular-destinations-rerouted-to-russia/ HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html

Pastor G
FORWARD PODCAST: Dr. Blackman

Pastor G

Play Episode Listen Later Jun 26, 2017 44:17


HSTS' JR sits down with Pastor G and Dr. Lorraine C. Blackman

PastorG Podcast
FORWARD PODCAST: Dr. Blackman

PastorG Podcast

Play Episode Listen Later Jun 26, 2017 44:17


HSTS' JR sits down with Pastor G and Dr. Lorraine C. Blackman

The Bike Shed
114: Reasonably Thread Safe

The Bike Shed

Play Episode Listen Later Jun 16, 2017 39:15


We discuss a tiny DOS caused when upgrading thoughtbot.com to Rails 5.1 and how Rails could better surface warnings that only occur in your production configuration. We also get an update on multi-table joins in Rust. Meaningful schema diffs in Rails 5.1 HSTS Firesheep Use a secure session cookie for new installs pshtt Observatory by Mozilla Encrypted secrets in Rails 5.1 PhantomJS maintainer steps down Sean solves his problem: Multi-tabls joins in Rust

The Bike Shed
104: It's Dangerous to Refactor Alone!

The Bike Shed

Play Episode Listen Later Mar 23, 2017 42:00


Google's carrot-and-stick HTTPS policies and how playing The Legend of Zelda is like refactoring. Google Will Soon Shame All Websites That Are Unencrypted HSTS Super Mario Bros. 3 right-side scroll artifacts How the Nintendo NES Zapper Worked, and Why It Doesn't Work On HDTVs NES R.O.B reverse dependencies query Snipperclips Second Quests in Zelda Games Brickseek

Relative Paths | Web Development and stuff like that
39: HTTPS | Deliver some dog justice

Relative Paths | Web Development and stuff like that

Play Episode Listen Later Sep 6, 2016 46:33


This episode we tackle HTTPS. What it is, what's changed over the years, and why you should be using it now. We also touch on HTTP/2 where relevant and talk about some ways to make the jump to HTTPS if you've not done so already. We reference info from a lot of sites, links are in the show notes on our website. Mark's Toolstar is Why No Padlock, a web service for easily and quickly identifying insecure site content that might prohibit a browser from displaying a 'secure' padlock symbol in the address bar: https://www.whynopadlock.com/check.php My track for the Relative Paths Playlist is the Dave Morley remix of 'Kinetic' by Golden Girls. Apollo Records, 1993. It's cheesy and long. Sorry... Marks's track is 'Decisions' by Taylor McFerrin feat. Emily King, from the 2014 collaborative album 'Early Riser'. This one's going on our Alt playlist. The original Jukebox is on Spotify at https://relativepaths.uk/pl You can find the Alt Jukebox on Spotify at https://relativepaths.uk/altpl Subscribe and keep in touch: - iTunes - https://relativepaths.uk/it - AudioBoom - https://relativepaths.uk/ab - Stitcher - https://relativepaths.uk/st - SoundCloud - https://relativepaths.uk/sc - Twitter - https://twitter.com/relativepaths - Facebook - https://facebook.com/relativepaths The music we use for various intro bits, stings and outro is ‘Vitreous Detachment’ by Origamibiro, used with kind permission. - Ben HTTPS Usage Statistics: http://trends.builtwith.com/ssl/SSL-by-Default What Is HTTPS?: https://sayyestohttps.org/what-is-https/ HTTP vs HTTPS Speed Test: https://www.httpvshttps.com/ HTTPS' Massive Speed Advantage: https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/ Service Worker API: https://developer.mozilla.org/en/docs/Web/API/Service_Worker_API Depreciating Non-Secure HTTP: https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ Getting Ready For HTTP2: https://www.smashingmagazine.com/2016/02/getting-ready-for-http2/ Let's Encrypt: https://letsencrypt.org/ Redirect HTTP To HTTPS: http://stackoverflow.com/questions/13977851/htaccess-redirect-to-https-www HTTP Strict Transport Security (HSTS) In .htaccess: https://varvy.com/pagespeed/hsts.html Redirect and HSTS In .htaccess: http://stackoverflow.com/questions/37767031/301-redirect-and-hsts-in-htaccess Risks of HSTS and Preloading: https://www.tunetheweb.com/blog/dangerous-web-security-features/ SEO Tips and Tricks for Using HTTPS on Your Website (Ignore the bit about protocol relative URLs though!!): https://moz.com/blog/seo-tips-https-ssl

AT&T ThreatTraq
ThreatTraq #167 - Hey, That's My Route!

AT&T ThreatTraq

Play Episode Listen Later Nov 6, 2015 54:25


AT&T Data Security Analysts discuss HSTS data leakage, BGP hijacking, 5 signs of a web app hack, a ransomware takedown, and the Internet Weather Report. Originally recorded November 3, 2015.

DevelopSec: Developing Security Awareness
Ep. 30: HTTP Strict Transport Security (HSTS): Intro

DevelopSec: Developing Security Awareness

Play Episode Listen Later Sep 18, 2015 14:42


James talks about HTTP Strict Transport Security (HSTS) and what it is for.  For more information, check out the corresponding post https://www.developsec.com/2015/09/17/http-strict-transport-security-hsts-overview/ that has links to other references.

BSD Now
100: Straight from the Src

BSD Now

Play Episode Listen Later Jul 29, 2015 73:39


We've finally reached a hundred episodes, and this week we'll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere, and he even runs a conference about it! This episode was brought to you by Headlines Remote DoS in the TCP stack (https://blog.team-cymru.org/2015/07/another-day-another-patch/) A pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections While in the LAST_ACK state, which is one of the final stages of a connection's lifetime, the connection can get stuck and hang there indefinitely This problem has a slightly confusing history that involves different fixes at different points in time from different people Juniper originally discovered the bug and announced a fix (https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686) for their proprietary networking gear on June 8th On June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch (https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch&r1=284941&r2=284940&pathrev=284941), but did not issue a security notice or MFC the fix back to the -stable branches On July 13th, two weeks later, OpenBSD fixed the issue (https://www.marc.info/?l=openbsd-cvs&m=143682919807388&w=2) in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found Immediately afterwards, they merged it back to -stable and issued an errata notice (http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig) for 5.7 and 5.6 On July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix (https://svnweb.freebsd.org/base/head/sys/netinet/tcp_output.c?view=patch&r1=285777&r2=285776&pathrev=285777) and issued a security notice (https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html) for the problem (which didn't include the first fix) After the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way NetBSD confirmed they were vulnerable too, and applied another completely different fix (http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_output.c.diff?r1=1.183&r2=1.184&only_with_tag=MAIN) to -current on July 24th, but haven't released a security notice yet DragonFly is also investigating the issue now to see if they're affected as well *** c2k15 hackathon reports (http://undeadly.org/cgi?action=article&sid=20150721180312&mode=flat) Reports from OpenBSD's latest hackathon (http://www.openbsd.org/hackathons.html), held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these) The first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event He writes, "Did you ever look at a huge page in man, wanted to jump to the definition of a specific term - say, in ksh, to the definition of the "command" built-in command - and had to step through dozens of false positives with the less '/' and 'n' search keys before you finally found the actual definition?" With mandoc's new internal jump targets, this is a problem of the past now Jasper also sent in a report (http://undeadly.org/cgi?action=article&sid=20150723124332&mode=flat), doing his usual work with Puppet (and specifically "Facter," a tool used by Puppet to gather various bits of system information) Aside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an "-i" flag for sed (hooray!) Antoine Jacoutot gave a report (http://undeadly.org/cgi?action=article&sid=20150722205349&mode=flat) on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services) It now has an "ls" subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this "the poor man's service monitoring tool") He also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example) His list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades Foundation director Ken Westerback was also there (http://undeadly.org/cgi?action=article&sid=20150722105658&mode=flat), getting some disk-related and laptop work done He cleaned up and committed the 4k sector softraid code that he'd been working on, as well as fixing some trackpad issues Stefan Sperling, OpenBSD's token "wireless guy," had a lot to say (http://undeadly.org/cgi?action=article&sid=20150722182236&mode=flat) about the hackathon and what he did there (and even sent in his write-up before he got home) He taught tcpdump about some new things, including 802.11n metadata beacons (there's a lot more specific detail about this one in the report) Bringing a bag full of USB wireless devices with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work One quote from Stefan's report that a lot of people seem to be talking about: "Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We'll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year." Jeremy Evans wrote in (http://undeadly.org/cgi?action=article&sid=20150725180527&mode=flat) to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem While he's mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon Rafael Zalamena, who got commit access at the event, gives his very first report (http://undeadly.org/cgi?action=article&sid=20150725183439&mode=flat) on his networking-related hackathon activities With Rafael's diffs and help from a couple other developers, OpenBSD now has support for VPLS (https://en.wikipedia.org/wiki/Virtual_Private_LAN_Service) Jonathan Gray got a lot done (http://undeadly.org/cgi?action=article&sid=20150728184743&mode=flat) in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code As he's become somewhat known for, Jonathan was also busy running three things in the background: clang's fuzzer, cppcheck and AFL (looking for any potential crashes to fix) Martin Pieuchot gave an write-up (http://undeadly.org/cgi?action=article&sid=20150724183210&mode=flat) on his experience: "I always though that hackathons were the best place to write code, but what's even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that's what I did." He laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack Unfortunately, most of Martin's secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle We're still eagerly awaiting a report from one of OpenBSD's newest developers (https://twitter.com/phessler/status/623291827878137856), Alexandr Nedvedicky (the Oracle guy who's working on SMP PF and some other PF fixes) OpenBSD 5.8's "beta" status was recently reverted, with the message "take that as a hint (https://www.marc.info/?l=openbsd-cvs&m=143766883514831&w=2)," so that may mean more big changes are still to come... *** FreeBSD quarterly status report (https://www.freebsd.org/news/status/report-2015-04-2015-06.html) FreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far It's broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others Starting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just "svn.freebsd.org") are now using GeoGNS with official SSL certs and general redundancy was increased In the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages The core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon Work also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012) The report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support Multipath TCP was also a hot topic, and there's a brief summary of the current status on that patch (it will be available publicly soon) ZFSguru, a project we haven't talked about a lot, also gets some attention in the report - version 0.3 is set to be completed in early August PCIe hotplug support is also mentioned, though it's still in the development stages (basic hot-swap functions are working though) The official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling Various other small updates on specific areas of ports (KDE, XFCE, X11...) are also included in the report Documentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot Many other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more *** The OpenSSH bug that wasn't (http://bsdly.blogspot.com/2015/07/the-openssh-bug-that-wasnt.html) There's been a lot of discussion (https://www.marc.info/?t=143766048000005&r=1&w=2) about a supposed flaw (https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/) in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even) There's no actual exploit to speak of; this bug would only help someone get more bruteforce tries in with a fewer number of connections (https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-July/034209.html) FreeBSD in its default configuration, with PAM (https://en.wikipedia.org/wiki/Pluggable_authentication_module) and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem - not upstream OpenSSH (https://www.marc.info/?l=openbsd-misc&m=143767296016252&w=2), nor any of the other BSDs, and not even the majority of Linux distros If you disable all forms of authentication except public keys, like you're supposed to (https://stribika.github.io/2015/01/04/secure-secure-shell.html), then this is also not a big deal for FreeBSD systems Realistically speaking, it's more of a PAM bug (https://www.marc.info/?l=openbsd-misc&m=143782167322500&w=2) than anything else OpenSSH added an additional check (https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab) for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can run freebsd-update (https://lists.freebsd.org/pipermail/freebsd-security-notifications/2015-July/000248.html)) *** Interview - Sebastian Wiedenroth - wiedi@netbsd.org (mailto:wiedi@netbsd.org) / @wied0r (https://twitter.com/wied0r) pkgsrc (https://en.wikipedia.org/wiki/Pkgsrc) and pkgsrcCon (http://pkgsrc.org/pkgsrcCon/) News Roundup Now served by OpenBSD (https://tribaal.io/this-now-served-by-openbsd.html) We've mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it The use case for the author was for a webserver, so he decided to try out the httpd in base Configuration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting TLS 1.2 by default, strong ciphers with LibreSSL and HSTS (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) combined give you a pretty secure web server *** FreeBSD laptop playbooks (https://github.com/sean-/freebsd-laptops) A new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named "freebsd-laptops" It's based on ansible, and uses the playbook format for automatic set up and configuration Right now, it's only working on a single Lenovo laptop, but the plan is to add instructions for many more models Check the Github page for instructions on how to get started, and maybe get involved if you're running FreeBSD on a laptop *** NetBSD on the NVIDIA Jetson TK1 (https://blog.netbsd.org/tnf/entry/netbsd_on_the_nvidia_jetson) If you've never heard of the Jetson TK1 (https://developer.nvidia.com/jetson-tk1), we can go ahead and spoil the secret here: NetBSD runs on it As for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE This blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything) You can even run X11 on it, pretty sweet *** DragonFly power mangement options (http://lists.dragonflybsd.org/pipermail/users/2015-July/207911.html) DragonFly developer Sepherosa, who we've had on the show, has been doing some ACPI work over there In this email, he presents some of DragonFly's different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well He also did some testing with each of them and gave his findings about power saving If you've been thinking about running DragonFly on a laptop, this would be a good one to read *** OpenBSD router under FreeBSD bhyve (https://www.quernus.co.uk/2015/07/27/openbsd-as-freebsd-router/) If one BSD just isn't enough for you, and you've only got one machine, why not run two at once This article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it If you've been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware The author also includes a little bit of history on how he got into both operating systems There are lots of mixed opinions about virtualizing core network components, so we'll leave it up to you to do your research Of course, the next logical step is to put that bhyve host under Xen on NetBSD... *** Feedback/Questions Kevin writes in (http://slexy.org/view/s2yPVV5Wyp) Logan writes in (http://slexy.org/view/s21zcz9rut) Peter writes in (http://slexy.org/view/s21CRmiPwK) Randy writes in (http://slexy.org/view/s211zfIXff) ***

Liquidmatrix Security Digest Podcast
Liquidmatrix Security Digest Podcast - Episode 20

Liquidmatrix Security Digest Podcast

Play Episode Listen Later Feb 13, 2013 60:46


Episode 0x20 -- Can Dave count to 20? Special Bonus Episode! Since Dave (and a few select others) have problems with actually showing up to recordings, you'll be getting this episode about one day after the much maligned and completely screwed up Episode 0x1F. We are attempting to get back on track and do things the way they should be done. Or something like that. Also, Shmoocon! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Password Dump stats for January 2013 and December for those curious LA Post serving Black Holes WaPo - ‘Fragmentation’ leaves Android phones vulnerable to hackers (some info on malware p0wnage) NIST 800-53 Rev4 is in Draft read it, comment on it. DHS declares 100 mile "4th Amendment Free" zone adjacent to US border Kaspersky update hoses Internet access for Windows XP users. Canadian Business Groups Lobby For Right To Install Spyware on Your Computer. The Everyday Agony of the Password Audacious Hack Exposes Bush Family Pix, E-Mail The Breach Report Bit9h got hacked!!!! SCADA / Cyber, cyber... etc Cyber Lobbists SCADA for the home players - turn the Belkin Wemo into a deathtrap Mailbag / Bizarro Land Hi LSD crew...just finished 0x1E again and again, well done! Many thanks. I am missing a bit the "central topic" what you had in earlier ones. What I mean is like in episode 0x14 about "Hardcore – Recovering from the Disaster you didn’t plan for" or "hiring". This was really interesting and gave some good insight. I understand quite a number of things are "common sense", but still, unfortunately quite a number (of the other?) things are not "common practice" and I think these need to be communicated. Cheers guysThomas Discussion - Keeping up with new technical developments Because Thomas is a good guy, and he actually sent us an entire book of ideas, we're going to use one of them. Keeping up with new technical developments such as RFC 6797 HSTS and how to manage that along with everything else you're supposed to be doing as an information security professional. (Cue Dave talking about the value of CPEs in 3... 2... 1...) Briefly - NO ARGUING OR DISCUSSION ALLOWED If you permit USB keyboards or mice, you're permitting exfiltration Log stash book!!! Payment Card Industry clears up confusion over cloud use. Dave was on TV. He has many monitors. He is an Internet Security Expert. (fortunately he's not a social media expert) Not done yet: Oracle to ship revised Java fix on February 19 Jeremiah Grossman's Self Pwnage Another RoR SQLi vuln Liquidmatrix Staff Projects The Security Conference Library  Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon and Dave will be at RSA, AltSecCon, Secure Dusseldorf, Infosecurity Europe, Black Hat, Defcon, Secure Asia In Closing We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested  Movie Review  everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: Seacrest Likes Vicodin. SRLSY (but who doesn't - yummy yummy vicodin.... tasty) Creative Commons license: BY-NC-SA