Detecting Security Upgrades on Ubuntu

In my article on unattended upgrades I described how to set up an Ubuntu system to install security upgrades automatically. This is convenient for small setups, but in an enterprise environment you typically want to perform some QA before applying the change. A better solution is to have your monitoring system generate an alert if security upgrades are available. In this article,  we’re going to build an Icinga plugin to hook into your monitoring/alerting system.

Continue reading

Posted in linux | Tagged , , , | Leave a comment

Detecting HTTP/2 Support

Thanks to Ubuntu 16.04 which includes a fairly recent Nginx version, I have now enabled HTTP/2 on my private server. Of course, I also wanted to verify whether my configuration change had any effect – after all, there is no visible change (except for a little speed-up). One option that works really well is the HTTP/2 and SPDY indicator Chrome extension. But after some playing around with Python, I also found an easy way to detect HTTP/2 support using just Python’s standard library.


Continue reading

Posted in python | Tagged , , | 1 Comment

Migrating to HTTPS

There’s more to migrating a complex site to HTTPS than just enabling TLS in your web server or reverse proxy. All links to embedded resources like style sheets, images, or scripts need to be served via HTTPS and potentially have to be rewritten. In a well-designed site that’s not an issue, but in most peoples’ organically grown setups it can be a huge effort.

Continue reading

Posted in misc | Tagged , , | Leave a comment

Let’s Encrypt on

A couple of days ago, announced that they are now supporting TLS for custom domains (which is how this blog is hosted). There are many reasons for not hosting a blog yourself even if you have the necessary skills, like not having to deal with security updates and scalability issues for starters. Flexibility isn’t one of them, unfortunately, so I’m very pleased TLS has finally arrived. But let’s have a look at their setup.

Continue reading

Posted in meta | Tagged , , | Leave a comment

Resolving JARs

Sometimes it’s useful to check whether a local JAR file is available from Maven Central, for example when converting an old build system to Maven. In many old systems, JARs aren’t named consistently and versioning info isn’t available. Fortunately, Maven Central has a search interface that supports lookup by a JAR file’s SHA-1 checksum. And even better, there is a REST API to automate things.

Continue reading

Posted in java, Uncategorized | Tagged | Leave a comment

Let’s Use TLS

I have followed the HTTP/2 specification process closely and I like how the new protocol improves web performance and makes old workarounds obsolete. One drawback of deploying HTTP/2 is that most browser vendors only implement it on top of TLS. Since I’ve seen a lot of broken TLS configurations lately, I thought it would be interesting to set up TLS on my private server and share the resources I used in the process.

Continue reading

Posted in best practices, Uncategorized | Tagged , , , | Leave a comment

Frontend Engineering

Despite all its shortcomings as a programming language, JavaScript isn’t a dirty word anymore. A decade ago, most self-respecting developers would refuse to even touch it, so it was left to web designers and junior developers who spiced up a few HTML pages with dispensable functionality. It’s amazing how the advent of AJAX changed things.

Continue reading

Posted in misc | Tagged , , | 1 Comment