On the internet today, our online accounts are exposed to a lot of risks. Leaked passwords from break-ins at major Internet properties or phishing attacks have lead to many account breaches. In order to protect my high-value accounts, I have either enabled two-factor authentication or I use federated sign-in, delegating …
read moreOther articles
DNS Over HTTPS
With much of the web switching to HTTPS and at least some people becoming more concerned about privacy, DNS has recently come into the spotlight because it provides an ISP with the ability to monitor which websites a user visits. Multiple mitigations have been proposed - Android for example is going …
read moreEmpty InputStream with Spring MVC
The other day, I was trying to build a simple batch upload interface for a Java web application running Spring Boot with Spring MVC on Apache Tomcat. But when I tried reading the InputStream in my controller, it was always empty. Fortunately, this turned out to be quite easy to …
read moreDetecting HTTP/2 Support
Thanks to Ubuntu 16.04 which includes a fairly recent Nginx version, I have now enabled HTTP/2 on my private server. Of course, I also wanted to verify whether my configuration change had any effect - after all, there is no visible change (except for a little speed-up). One option …
read moreMigrating to HTTPS
There's more to migrating a complex site to HTTPS than just enabling TLS in your web server or reverse proxy. All links to embedded resources like style sheets, images, or scripts need to be served via HTTPS and potentially have to be rewritten. In a well-designed site that's not an …
read moreLet's Encrypt on Wordpress.com
A couple of days ago, Wordpress.com announced that they are now supporting TLS for custom domains (which is how this blog is hosted). There are many reasons for not hosting a blog yourself even if you have the necessary skills, like not having to deal with security updates and …
read moreLet's Use TLS
I have followed the HTTP/2 specification process closely and I like how the new protocol improves web performance and makes old workarounds obsolete. One drawback of deploying HTTP/2 is that most browser vendors only implement it on top of TLS. Since I've seen a lot of broken TLS …
read moreFrontend Engineering
Despite all its shortcomings as a programming language, JavaScript isn't a dirty word anymore. A decade ago, most self-respecting developers would refuse to even touch it, so it was left to web designers and junior developers who spiced up a few HTML pages with dispensable functionality. It's amazing how the …
read moreTwo-Factor Authentication
With more and more of my personal data being hosted in the cloud, I felt that I needed to take security more seriously. Since passwords are the weakest link in most systems, I was looking for a better solution. While I'm able to generate sufficiently secure passwords, there are only …
read more