26 Aug 2017

TogoTelekom – Raspberry Router

TogoTelekom – Raspberry Router

Turn your Raspberry in a Router (Global), with the Github Repo from billz it’s easy to do this, but we want to extend it even further.

We are in Togo, Africa and love this country/continent. How to have affordable internet in a country who costs 1Mbit/s around 100 Euro/per month? You see right, 1Mbit/s (100-110Kbit/s Download – 20Kbit/s Upload) for 100 Euro!!! That’s kinda incredible. There exists a cheaper solution (Nope, not hacking the provider), using TogoTelekom “Normade USB Stick”, which costs around 18 Euro per month. The connection doesn’t has a fixed line (What it’s better) and you can surf a complete month for 18 Euro. You get right now the story.

Thanks to billz repo we have the “base” of our Raspberry Router setup, look into his repo to see how to install. We extending it to the WvDIAL for TogoTelekom, we created also a GitHub Repo. With this both, you have the “initial” base of accessing internet via your Raspberry. Well, but now you miss one important thing, there isn’t a WvDIAL page in RaspAp – WebGUI, we created for this also a GitHub Repo. We changed the “include/functions.php” “index.php” files, which has the WvDIAL page. Adding a systemd init file and after each reboot you got your internet up and running.

If you aren’t familiar with GitHub/Raspberry, we creating this solution for you, just drop us a line, and we get back to you

28 Jul 2017

CSP v3 in WordPress?

CSP v3 in WordPress?

Based on my last post “SSL CERTIFICATION WITH CSP & HSTS” how to add CSP in WordPress?

Well, the short story of this v3 format of CSP, it’s easy with some know-how to implement it. In production mode, where “Analytics”, FBEvent are loaded via a .js file. It won’t work (At least for now, I’ll update the posts when I found the trick).

Let’s talk about the v3 CSP format. It’s far better than the CSP v2 format where you have to explicit tell the HTTP-Server which “sites” are allowed. In v3 you can use nonce, what a wonderful idea. In production mode, well you will find several problems, like Analytics won’t get loaded (document.createElement doesn’t have “nonce”), and I’m pretty sure if it will ever have! Code-Injection a.k.a facepalm. Site-Note: It would be not “Secure” if you can inject any code via console, why you want CSP at all… Of course you can trigger the Analytics code via WordPress injections, but this won’t be anymore async… Well complicated.

Now what I’ve came up by my research snipping a plugin together. First, make the mu-plugins folder, than add the plugin (Within the folder).

What it does?

It reads the complete output-buffer, and change it the script/style tags to a valid CSP nonce tags. That’s it.

Errors/Limitation?

There are currently to many, any “HTML Optimizer” use the same process like this code (Yes, since the WP core-developer missed the inline-script or localization-scripts.. there are currently no another ways.). This means Autoptimize, W3-Cache etc. won’t work. WP-Admin throws many CSP Errors and the Media-Uploader Popup is showing.

 

06 Oct 2016

SSL Certification with CSP & HSTS

SSL Certification with CSP & HSTS

Are you ready for 2017 with your website using SSL Certification?

Last month Google announced it will have a major security update in Chrome (Version 56). The news is for security enthusiastic like us glad, when not even happy. Finally our beloved Browser is getting a Security update who shows everybody, do not use unprotected website!

So let’s start from the beginning. You most time are thinking, why should XY get your information when you visit website XY? Well for marketing reason? Knowledge (Website owner) from visitors is like your best friend, he knows how you scroll, click, referrer, PC specs etc..

You gonna say, that’s not a secret they can have those information. There is the problem! They can have those information, but not everyone else. With an insecure website (Without SSL Certification) you can not validate that this is really this website.

Example, couple days ago gave me my best friend a link (Where is right now blocked in Chrome), a website who is “coping” Facebook.com website, it looks like Facebook, but it isn’t. With a “Red-Warning-Bar” it’s obviously catching your attention that there is something wrong and you gonna drop that website immediately…

Now what is CSP and HSTS?

Both are a security technology, Content Security Policy (CSP) where protect your website and HSTS secure yours domain of using only HTTPS.

CSP: Example you own example.com and you have jQuery, CSS styles loaded via external files, but you haven’t any inline-styles or inline-javascript in your website. With CSP you strictly forbid to have those. (That’s just one feature who CSP comes with). Those policies you can protect your website more easily from being hi-jacked.

HTTP Secure Transport Security (HSTS), is a Web Server feature, to protect your domain to redirect the complete time period of your SSL-Certification to use only HTTPS.

Example of a HSTS header tag for Apache2:

Header always set Strict-Transport-Security "max-age=15768000"

Conclusion:

We are waiting for the new features in Chrome, and will highly recommend your business/blog or web app to activate SSL certification with CSP/HSTS activated. You can start now, or latest on December 31th 2016.

28 Jun 2016

Windows 8, 8.1 and 10 Default App delete

Windows 8, 8.1 and 10 Default App delete

Windows default Apps are annoying, flashing on your Start menu and using your bandwidth (even when you have not a limited bandwidth, App update takes your bandwidth). There exists out there already some mentioning default app remover like the first page results from Google, Reddit User LayerEightProblem create his “Windows 10 default App remover” app in .NET where is pretty good for his first C# app, when you have:

  1. For Windows 10 only
  2. Delete only the most common default Apps

There exists more default apps, usually installed on your Windows 8, 8.1 and 10, and some of them you might never even wanted to start (e.g. MineCraft, CandyCrush or Twitter etc.).

For this problem we came up with our “PowerShell” script where is not stylish like LayerEightProblem’s app, but we have some features inside to make things easier for you.

Our “Delete Windows Default App” can do for you many things like:

  • No Limitation of Windows (8, 8.1 and 10 is supported)
  • Default Apps (Database (Updatable)) and search for all Apps (To catch all Apps).
  • No Installation required.

How to things works with the App? Well pretty easy download here and execute it.

When you got a error message that this “is not secure” just run in your PowerShell Set-ExecutionPolicy RemoteSigned and you get the app to run.

Technical Information:

Supported OS: Windows 8, Windows 8.1 and Windows 10
Supported Language: Deutsch, English
PowerShell Version: 2.0
Script Requirement: Active Internet connection (To download the Database here)

10 Dec 2015

(Survey) What do you think about SHelfinger?

(Survey) What do you think about SHelfinger?

[heading type=”h2″ underlined=”false” no_top_padding=”false” no_bottom_padding=”false”]Information Survey[/heading]

It is always important to know what our visitors and clients are thinking about a company. We was in the last days thinking about how to ask them. Email? To complicated with the redirection, Phone? To expensive, we want not to increase our prices, just because of that, SHelfinger review? Yes, that’s right. You have the choice to apply on the survey or not. It’s free and costs less then 5 minutes of your time. With those information we want to make us better, more attractive and of course we want to show our clients what we’re capable of.

You want also a survey? Drop us a line on our contact page, and we will be back to you soon (Normally within 24 hours).

[heading type=”h2″ underlined=”false” no_top_padding=”false” no_bottom_padding=”false”]How to apply?[/heading]

To apply on our survey please follow this link here, you’ll be redirected to our “Communications-Sub domain” where all our newsletter and notification for our clients are based.

[button link=”http://goo.gl/YTSTN4″ open_new_tab=”true”]Survey[/button]

[heading type=”h2″ underlined=”false” no_top_padding=”false” no_bottom_padding=”false”]Privacy rules[/heading]

We always respect your privacy, take a look at our privacy policy to know what we’re doing with your information and with whom we’re sharing this information. (Our information where you gave us, will stay by us). When you provide us information and you want to delete it again, please feel free to send us a request.