This post is the second in the “Your HTTPS Setup is Broken”-series. Previously, I’ve described how easy it is for an attacker to eavesdrop on your “secure” communication. In this post I’ll show you how to enforce encrypted communication, so an attacker cannot downgrade the connection to unencrypted HTTP.

Your HTTPS setup is broken!

So, you use HTTPS to encrypt communication with your customers. Maybe you use the latest encryption ciphers and algorithms. But you may still have a very big issue in your setup. In this first blog post about HTTPS security, I’ll show that trust is at least important as encryption while securing communication. Furthermore, I’ll show how untrustworthy the current Certificate Authority infrastructure is.

This post is about Cassandra’s batch statements and which kind of batch statements are ok and which not. Often, when batch statements are discussed, it’s not clear if a particular statement refers to single- or multi-partition batches or to both - which is the most important question IMO (you should know why after you’ve read this post).

In this post I’m going to describe an issue we experienced with nginx and its handling of Server Side Includes (SSIs). We saw that nginx at first decodes the SSI URI path and afterwards encodes it when loading the resource. And in some cases, the URI path encoded by nginx was different than the original one. The solution is easy (use query parameters if in doubt), but I thought I’d share this so that others maybe don’t run into this issue and/or see how to debug such things.

Wer kennt es nicht: Abends noch eine SSH-Session laufen gehabt, Laptop zugeklappt und zuhause ist die Session tot. An ein Arbeiten im Zug ist noch nichtmal zu denken.

I found a post by Qiaochu Yuan that has the following definiton: A comathematician is a device for turning cotheorems into ffee.

Apparently this is a very funny joke. Could someone explain it to me and tell me where I could learn about the subject in question? Thank you very much in advance.

In our current project we just wanted to see which requests exceeded a certain response time threshold. Additionally we wanted to know where the time was spent, i.e. which backend requests (e.g. hitting the database or search engine) contributed how much to the overall response time. So we’d like to get log entries like this: