Category: Projects

Speaking at JSConf EU 2014

By , Tuesday 4th November 2014 11:44 am

In September 2014 I have the privilege to speak at JSConfEU 2014. Here’s the video:

Protecting node.js from BEAST TLS attack

By , Friday 7th June 2013 6:56 pm
Copyright Disney, I don't think they'll sue me. Thanks for the image.

Copyright Disney, I don’t think they’ll sue me. Thanks for the image.

After reading Eric Martindale‘s very useful blog post on “Mitigating TLS BEAST attack in node.js” I decided to implement this for pinitto.me in order to increase security of the site.

After implementing the suggested code I then attempted to test the SSL setup via SSLLabs.  Sadly the report came back showing that pinitto.me was still vulnerable to BEAST attacks.

A BEAST (or Browser Exploit Against SSL/TSL) attack is an attack where a third party can silently decrypt communications between a browser and a server. This is performed by attacking a weakness in CBC (cipher block chaining) discovered back in 2006 but with a practical exploit not found until late 2011.

BEAST attacks are not possible on TLS versions greater than 1.0 but as this version is currently the most predominant on the internet such attacks are possible on most unprotected servers.

The documentation on SSLLabs.com suggested a different set of ciphers to those suggested by Eric and so after implementing these pinitto.me is now reported to not be vunerable to these attacks, yey!

The code for setting up a HTTPS server on node.js therefore becomes:

var https = require('https')
  , fs = require('fs')

var options = {
   key: fs.readFileSync(config.ssl.key, 'utf8'),
   cert: fs.readFileSync(config.ssl.cert, 'utf8'),
   ca: fs.readFileSync(config.ssl.ca, 'utf8'),
   ciphers: 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
   honorCipherOrder: true
}

https.createServer(options, function (req, res) {
  res.writeHead(200)
  res.end("Hello World!")
}).listen(443)

Notes

XMPP-FTW now supports Superfeedr

By , Sunday 12th May 2013 5:07 pm

Summary

As of version 0.9.0 xmpp-ftw now supports the Superfeedr XMPP API. If you don’t know what Superfeedr is then read this shamelessly stolen description from Crunchbase:

Superfeedr fetches and parses RSS or Atom feeds on behalf of its users and then pushes them the new entries in these feeds. Superfeedr implements most of the current Real-time technologies and guarantees an entry detection time inferior to 15 min. Superfeedr has both an XMPP and a PubSubHubbub API.Read more: http://www.crunchbase.com/company/superfeedr#ixzz2T6A0Grml

The XMPP-FTW interface to Superfeedr is built off their documentation which can be found here: http://superfeedr.com/documentation#pubsubhubbub.

Continue reading 'XMPP-FTW now supports Superfeedr'»

Talking at the first XMPPUK Event – March 2013

By , Wednesday 13th March 2013 8:37 pm

We had the inaugural XMPP/realtime meetup held at Mozilla London on the 13th March which was sponsored by my employer Surevine.

At Surevine we believe that XMPP has a very important place in the future of the web and this goes hand-in-hand with realtime technologies too which is why we’ve started this meetup which will hopefully grow into its own entity.

I’ve written a blog post up on the Surevine website about the event which I suggest you read if you are interested. This also contains details about finding out more about the event and where to get information on future planned events too.

Continue reading 'Talking at the first XMPPUK Event – March 2013'»

New demo system for XMPP-FTW

By , Sunday 10th March 2013 6:39 pm

Originally seen on http://awesome-wildlife.blogspot.co.uk/2009/12/aardvark.html

I’ve spent most of the day writing a new demo system for XMPP-FTW and despite it looking ugly as sin (I am no god with design) I’m quite pleased with how it works, so I thought I’d write up a little piece about it…

Continue reading 'New demo system for XMPP-FTW'»

Talking at London Node User Group (LNUG) – Feburary 2013

By , Wednesday 27th February 2013 8:18 pm

At the Feburary London Node User Group (LNUG) I had a chance to speak about one of my new projects pinitto.me. Pinitto.me is an open source infinite virtual corkboard application that I created over a weekend around christmas to help with planning days for myself and colleagues at Surevine.

Continue reading 'Talking at London Node User Group (LNUG) – Feburary 2013'»

Panorama Theme by Themocracy

1 visitors online now
0 guests, 1 bots, 0 members
Max visitors today: 4 at 02:06 am UTC
This month: 16 at 07-08-2017 06:57 am UTC
This year: 45 at 02-01-2017 10:28 pm UTC
All time: 130 at 28-03-2011 10:40 pm UTC