UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier), is a string that identifies a piece of information in computer systems. WordPress use GUIDs to identify each individual post, but use URLs (kind of) for GUIDs, and thus does not follow the standard definition (RFC 4122) of a UUID (or GUID).
Continue reading “Proper RFC 4122 UUIDs as GUIDs in WordPress” →Secure email: Encrypt and sign your emails with PGP/GnuPG
Email is fundamentally insecure. There are such a plethora of issues with it, it is crazy to think about the kind of information sent with it. It is probably even crazier when you realize we’ve had a solution for sending secure email since 1991.
Continue reading “Secure email: Encrypt and sign your emails with PGP/GnuPG” →Six reasons why I love WordCamps
This weekend I was at WordCamp Berlin, met a lot of great people, and watched a lot of interesting presentations. WordCamps are actually quite informal by themselves, but at the afterparties, people are really letting their shoulders down and it often seems like people are long-time personal friends. If you open up to it, it […]
Continue reading “Six reasons why I love WordCamps” →DNS privacy: Use a DNS provider that doesn’t track you
Many ISPs and other DNS providers are slow or inject ads, track you, hijack DNS queries or do other nasty stuff. To mitigate this, you should use a fast, reliable and free service that respects your DNS privacy.
Continue reading “DNS privacy: Use a DNS provider that doesn’t track you” →Self-destructing cookies: Real, forced Do-Not-Track for your privacy
This is the second post in my series of posts on some of the tools I use to stay a little safer and protect my privacy online. With self-destructing cookies, you get a clean sheet even with those who don’t respect the Do-Not-Track header.
Continue reading “Self-destructing cookies: Real, forced Do-Not-Track for your privacy” →How to perform and mitigate a WordPress session donation attack
WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.
Continue reading “How to perform and mitigate a WordPress session donation attack” →Immutable assets with unique URLs in WordPress for enqueued JS and CSS files
If you’re utilizing the browser cache correctly, you’ll gain huge performance benefits for your users, as well as save bandwidth and server capacity which equals to saving money. To do this right, you must create unique URLs for all versions of your resources, and tell them to never ask for the content again by telling […]
Continue reading “Immutable assets with unique URLs in WordPress for enqueued JS and CSS files” →Secure messaging on your phone with the Signal app
I’m running a series of posts on some of the tools I use to stay a little safer and protect my privacy online. Here’s how you can get much better secure messaging on your phone using the Signal app.
Continue reading “Secure messaging on your phone with the Signal app” →How CloudFlare handled CloudBleed
Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with their service. It turned out that in some unusual circumstances, they would bleed memory that contained private information.
Continue reading “How CloudFlare handled CloudBleed” →Giving users a helping hand when authorizing them in WordPress
Inspired by how Facebook assists their users when they log in, I decided to implement something like the same for WordPress.
Continue reading “Giving users a helping hand when authorizing them in WordPress” →