Web performance

Written on 3 December 2014, 10:16pm

Tagged with: ,

It’s the speed geek’s favorite time of the year – so I am bookmarking some links for later use ๐Ÿ™‚

Starting from the 2014 performance calendar and jumping from link to link:
1. HTTPS and web performance: SSL server test, HSTS header, cache, keep alive, etc…
2. Is it fast yet?

TLS has exactly one performance problem: it is not used widely enough.
Everything else can be optimized.

3. High Performance Browser Networking by Ilya Grigorik – made available by O’Reilly for free.
4. High Performance Web Sites and Even Faster Web Sites by Steve Souders
5. Improving Smashing Magazineโ€™s Performance: A Case Study

And some names in the web performance field:
Tim Kadlec
Ilya Grigorik
Steve Souders
Stoyan Stefanov

Random things about security

Written on 23 November 2014, 11:12pm

Tagged with: , ,

1. OpenSSL common commands

A list of the most common commands used in OpenSSL: https://www.sslshopper.com/article-most-common-openssl-commands.html

Generate a CSR along with a private key:
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out domain.csr
Probably the most used openssl command because it’s the first step in moving to HTTPS.

Generate a CSR using an existing private key:
openssl req -out CSR.csr -key privateKey.key -new

Remove a passphrase from a private key (Warning: leaving a private key unencrypted is a major security risk #):
openssl rsa -in privateKey.pem -out newPrivateKey.pem

Transform a certificate from PEM (text) format to DER (bynary) format:
openssl x509 -outform der -in certificate.pem -out certificate.der

Transform a key from PEM to DER format:
openssl rsa -in key.pem -out key.der -inform pem -outform der

These last 2 commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers (ex – a PEM file for Apache to a PFX for Tomcat or IIS).

The main command options in OpenSSL – req, rsa and x509:
req PKCS#10 X.509 Certificate Signing Request (CSR) Management.
rsa RSA key management.
x509 X.509 Certificate Data Management.

DER (Distinguished Encoding Rules) is a case of BER (Basic Encoding Rules)
OpenSSL as Windows binary: http://slproweb.com/products/Win32OpenSSL.html

2. Let’s encrypt!


When Letโ€™s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server.
The Letโ€™s Encrypt management software will:
– Automatically prove to the Letโ€™s Encrypt CA that you control the website
– Obtain a browser-trusted certificate and set it up on your web server
– Keep track of when your certificate is going to expire, and automatically renew it, etc

3. Some security books

If you plan to get CompTIA Security+:
Get Certified Get Ahead
All-in-One Exam Guide
Comparison between the two books. Amazingly, they are both from 2011 (so more than 3 years old, which in the security field should be ages).

If you know about the Fermat enigma (somehow related), then you you should probably know about its author, Simon Singh. He also wrote a very known book about code and cypher: The Code Book (I know, it’s from 1999, but we were in the context of old books about security ๐Ÿ™‚ ). Here’s an idea out of it:

It has been said that the First World War was the chemist’s war, because mustard gas and chlorine were employed for the first time, and that the Second World War was the physicists’ war, because of the atom bomb was detonated. Similarly, it has been argued that the Third World War would be the mathematicians’ war, because they will have control over the next great weapon of war – information.

PS – iPad mini feels just right

Reading list

Written on 15 April 2014, 10:06pm

Tagged with: , , ,

Floralia Brussels
The updated reading list from 28 November 2013:
✔ 1. Steve Krug โ€“ Donโ€™t make me think —read, as well as the 3rd, revisited edition
⇓ 2. Dean Buonomano โ€“ Brain Bugs —saved for later
✖ 3. Andy Hunt โ€“ Pragmatic thinking and learning —read the first chapter, did not catch me. Maybe some other time
⇓ 4. Paco Underhill โ€“ Why We Buy —saved for later
⇓ 5. Barry Schwartz โ€“ The Paradox of Choice (Why more is less) —saved for later
✔ 6. Dale Carnegie โ€“ How to win friends and influence people —read, as well as a condensed version of it
✔ 7. Smashing book #4 —currently reading
✔ 8. George Orwell โ€“ 1984 —read, but did not found the positive state of mind to finish it
✔ 9. Dean Beaumont โ€“ The Expectant Dadโ€™s handbook —read, this and two more ๐Ÿ™‚

In the mean time I also read The speed reading book, Ronnie and rediscovered the pleasure of reading funny SF novels.

Next in my reading list:
1. Smashing book #4 – finish it
2. Dean Buonomano โ€“ Brain Bugs
3. Irwin Schiff and Peter Schiff – How an economy grows and why it crashes
4. Bill Shankly – My Story
5. Steve Peters – The chimp paradox
6. Paco Underhill โ€“ Why We Buy
7. Barry Schwartz โ€“ The Paradox of Choice (Why more is less)
8. Steve Souders โ€“ Even Faster Web Sites: Performance Best Practices for Web Developers
9. Whatever I find interesting from the Smashing library ๐Ÿ™‚