I signed up for Amazon Prime in early February. I'll definitely be renewing this February. This is not an endorsement of Amazon Prime, I just thought the list would be interesting. Here's my year in Amazon purchases.
Crucial 256gb SSD
Nvidia GeForce GT720 graphics card
Raspberry Pi camera module
3m VGA cable
3m DVI cable
Flaxseed oil capsules
Taschen 365 day-by-day New York
Extra plush fitted mattress topper
10 x 80mm transfer files
USB3 Multi-card reader
16kg Kettlebell
Dremel glue gun
100 Velcro cable ties
Microsoft Sulpt Comfort Mouse
Quimox sync multi-charge USB cable
Nikon AF-S DK Nikkor 35mm f/1.8G lens
Raspberry Pi 2 Model B
1TB WD Red hard drive
49mm Cokin P series filter holder
Spyderco Bug knife
Car oil filter
Silverline oil filter wrench
Car air vent phone holder
Amazon Fire Stick
Cabin Porn book
Manfrotto PIXI mini tripod
Targus Defcon cable lock
Bicycle combination lock
DVB-T USB RTL-SDR receiver stick
35 miscellaneous cardboard boxes
Draper de-soldering gun
August VGB100 USB Video Capture Card
Lihit Lab Tegga Pen Case - Book style in black
2 x Round hard storage cases for cables
Stanley 20" Toolbox
Dussel Warwick Backpack
Yuanj Nuisance Call Blocker
MicroUSB to RJ45 Ethenet Network Adapter
8gb Sandisk Ultra microSDHC card
HDMI female to Mini HDMI Type C Male
2 x Micro USB male to USB A Female
10m telephone extension cable
Hard travel case for WD My Passport Ultra
Zheino 60gb SSD
Updated Now that Let's Encrypt is in public beta I've updated this to suit.
These are exciting times for the web. Secure connections have been around for a long time and are now expected and trusted by the public. Unfortunately they're also very expensive, usually around $99 per year.
But huzzah and hooray, we now have Let's Encrypt, a service from the EFF, Mozilla, Cisco and others to provide FREE TLS encryption for any website. You can read more about the mission here: https://letsencrypt.org/about/
At the moment the service is in public beta which means they're still ironing out the bugs, but it's currently serving tens of thousands of certs and seems to be holding up fine.
For the purposes of this little walk-through I'm using Ubuntu 14.10 and Nginx.
One of the goals of Let's Encrypt is that it be automatic. In time this will include configuring the server too (be that Apache, Nginx, or another) and it already does a pretty good job but there's definitely more work to do.
I'm going to show how get just the cert files and configure Nginx manually. So to start with clone the Let's Encrypt software somewhere, I put it in my home directory:
Ideally before the next step make sure you stop any service using port 80. There is a 'webroot' option to circumvent this and you can read more on the How it works page. But in my case I'm happy killing Nginx for a couple of minutes:
sudo service nginx stop
Now cd in to the new directory and run the software with the following parameters:
cd letsencrypt
./letsencrypt-auto certonly
The first time you run the program it will ask for an email address and ask that you agree with the T's and C's.
Finally it will ask for your domain(s). Separate these either with a space or a comma.
That's it! If all goes well the necessary files will be created here: /etc/letsencrypt/live/<yourdomain>/
To add to Nginx, add or change your sites-available file to look like this:
Next I created a server block to redirect https://www.lewiswalsh.com to https://lewiswalsh.com and one to redirect the insecure versions of those domains:
Since Let's Encrypt certificates expire every ninety days you'll need to manually renew. Eventually this can be automated, but for now just run the following command again when your certs expire:
After successfully enabling Let's Encrypt for my domain, I ran the test over at SSL Labs and was disappointed to see I only scored a C grade.
It seems that because my Nginx configuration supported SSLv3 it was susceptible to the POODLE attack. And thus regardless of anything else the grade was capped at C. This was easily fixed however by adding the following line to nginx.conf:
I ran the test again but this time only scored a B grade. Here's why:
Warning! This site uses a commonly-shared 1024-bit Diffie-Hellman group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.
First thing to do is generate a dhparams.pem. I put it in my /etc/nginx/sites-available directory, but it doesn't really matter where you put it as long as it's a fairly safe location:
Derek Sivers, the former big cheese at CD Baby and a very interesting guy, has a /now page. Yesterday a slow movement started that has snowballed since. He's written a post about it.
The idea is a simple page on a personal website that shows what we're all up to at the moment. The page should really be written in the present tense. And by standardising the /now URI it makes it easy to find.
A lot of people seem to be using it as another about me page, or as another way to advertise their product or service. That's ok I suppose, but I don't think that's really in the spirit of it.
I love this idea. But I want to see what people are doing with all their time. I want to get a sense of the person's whole life right now.