Headline »

How to Control a DSLR using an iPhone 5S

With the proliferation of smartphones that support powerful cameras, it’s not surprising to see an increase in the number of iPhoneographers worldwide. If you’re a camera enthusiast looking for a way to use both devices on your next shoot, read on. We’ll provide you with the steps in using your iPhone 5S to control your DSLR with the help of CamRanger.

Read the full story »
General

All other little handy tips that can’t really fit in any specific category

Photography

Photography technique, tutorials and equipment review.

Computers

Tips, tutorials and solutions for Windows, Macs, Linux, Servers and Media Centers. Get the very most out of your computer. Resources for all levels from newbies and techies.

Web Design and Development

Tools, tech tips and tutorials for web design and development. Including wordpress plugins and tweaks.

Tools and Productivity

Software, web applications, scripts and tools to make your computing, design, development or networking experience more easier, enjoyable and productive.

Security »

Trust your CDN but verify with SRI

CDN

 

I attended a SecTalks meetup last night which talked about the dangers of Content Delivery Networks being compromised (CDNs).

Lots of websites source their javascript and css resources from CDNs to improve their website’s performance. Examples of CDNs are jquery, bootstrap, google api and Amazon S3.

This implicit trust of external/third party resources can put those websites at risk of being compromised, even without those web servers being hacked.

 

How so?, you might ask.

Well through the CDN being compromised, the website might be sourcing infected javascript files with malicious code (such as keyloggers) or with css stylesheets that can deface your website.

A well known example of this sort of attack was when Reuters’ website got hacked back in 2014 and had their website redirected to somewhere else. Reuters itself wasn’t hacked, but the CDN it used was.

 

Trust but Verify

A recent W3C specification, Subresource Integrity (SRI), allows websites that include javascript to stop working if that file had been modified. This allows websites to benefit from the performance gain of using CDNs without the fear that a CDN compromise can harm their website.

This can be done using the integrity attribute. See examples below.

sriCodeExample

The value of the integrity is basically the hash of the file. Currently the supported hash functions are SHA-256, SHA-384 and SHA-512.

 

How do I generate the hash?

You can run the sha256sum, sha284sum or sha512sum command on a terminal to generate the hash.

Alternatively, there are websites which does the same thing too, such as the SRI Hash Generator. However with this option, it might lead you to ask how you can trust that those SRI generator websites aren’t compromised themselves.

On top of that some common CMS have plugins for doing SRI, such as the WordPress SRI manager plugin.

 

Not all browsers currently support SRI

The specification is currently only supported on Firefox, Chrome and Opera. So those using Internet Explorer and Safari don’t currently benefit from SRI.

However looking at the recent browser statistics, those three browsers make up for almost 90% of the browser market share.

 

Conclusion

SRI allow websites to enjoy the performance benefits of using CDNs and give companies peace of mind that the content they are using have not been compromised.

Mac File Name Case Preserving yet Case Insensitive

Mac OS have case preserving and case insensitive file systems. This little handy tip will talk about that does that mean and also mention the gotchas from having such a file system and what can be done to prevent it.

JAVA: How to create a generic Array

If you try to create a generic array in Java, you will notice that it will throw an error. Here’s how to get around that.

Infograph on Facebook Page Marketing Part 3

edgerank103

Have your Facebook posts and updates been getting less attention than it used it? Well Facebook has gone through a number of changes and it has changed the way it determine what posts appear on each individual user’s news feed. This three part article series will explain to you how Facebook determine what posts gets displayed on which individual’s news feed.

Infograph on Facebook Page Marketing Part 2

edgerank102

Have your Facebook posts and updates been getting less attention than it used it? Well Facebook has gone through a number of changes and it has changed the way it determine what posts appear on each individual user’s news feed. This three part article series will explain to you how Facebook determine what posts gets displayed on which individual’s news feed.

How to Configure Linux to Automatically Boot Up

This article is a howto for setting up your server to use the RTC (Real-time Clock) alarm to have your Linux box automatically shutdown and boot up at a given time each day.

css.php