Heartbleed Relief: Replace the Default SSL Certificate in Parallels Plesk Panel

Heartbleed logoIf you have a web site with an SSL certificate then you are probably affected by the Heartbleed vulnerability which popped into general visibility. If your server is vulnerable, you need to do two things:

  1. Update openssl
  2. Replace your SSL certificate (since you have to assume that the certificate’s private key has been stolen).

Anyone in possession of your private key can a) impersonate your web site; and b) decrypt all past, present, and future traffic.

One little piece of the recovery is replacing the default certificate for your control panel. If you only have one server then clicking around in the control panel is OK. But if you have a lot of servers, that will quickly drive you bonkers.

Here is a shell script which will replace the default SSL certificate for Parallels Plesk Panel. The new certificate will be valid for 1095 days (three years). It will then use the new SSL certificate to secure the Plesk Panel itself. Continue reading Heartbleed Relief: Replace the Default SSL Certificate in Parallels Plesk Panel

Thoughts on Google+

Ideas have been bubbling for awhile but are finally congealing (what an attractive metaphor!) into what will become an article or two on Google+. Over the past several years, Google has developed a strong set of tools for individuals to use. Some of these tools have facilitated collaboration or sharing. With Plus, Google is making all of their tools sharable….

I’d love to hear your thoughts on this. Come on over to my Google+ post and join the conversation.

If you are not yet on Google+ and need an invitation to get in, send an email to art{at}zemon(dot)name and I will be glad to help you along.

Join Me on Google+

Google+Come join me on Google+, the new social-network-plus-a-whole-lot-more that Google launched at the beginning of July. If you are a Facebook or Twitter user, you may well find that you like Google+ better in some ways. The user interface is delightful. You can easily share posts and photos with just the people who you want to see them (i.e., your mom need not see that photo of you _________).

Perhaps best of all, Google does not claim to own your data. If you want to delete something, or edit a post, or even delete your entire account, it’s easy to do.

Here is my profile page on Google+ and you will notice that you can see it even if you are not a Google+ subscriber. When you click that link, you will see all of my public posts. I have also posted a number of items to select “circles” and those can only be seen by the intended recipients.

To sign up for Google+, jump over to the Google+ home page.

+1 for Google+

I have been playing with Google+ for the last several days and, thus far, like it very much. Most importantly, I trust Google to avoid making changes to their privacy policy which will reveal information that I decide to keep private. Facebook has done the opposite (made my private info available to third parties) so many times that I no longer post anything significant on Facebook.

The user interface is clever and (mostly) intuitive. I love the ease with which I can choose who to share each posting with. I also appreciate that I can share my postings with friends just by entering their email addresses. They don’t have to be Google+ members to get copies of my postings. (Of course, they can unsubscribe from the email notifications so I won’t be spamming them.)

Check out my posts on Google+ and join the fun over there.

Testing CloudFlare

I have been reading about CloudFlare for some time and decided to give it a try. CloudFlare promises to speed up a web site using several technologies, including caching static content on their CDN, minifying content, and blocking access to malicious bots.

I installed it on this site for testing and, at least initially, I am impressed. HTML, Javascript and CSS are all nicely minified. Having static content in their CDN means that loading (for instance) the Help Others Now page hits my server for only one resource, the page itself, and the other 18 resources on the page are handled elsewhere.

Assuming this experiment goes well, I will try CloudFlare on some of my business sites.

That Comfy Small Town Feeling

I remember how nice it was, after I moved from Chicago to Valparaiso, IN, that I could tell someone my name and he knew where I lived. It was a small town. We all knew where pretty much everybody lived. One time, just to see what would happen, I sent a letter to my step-father addressed simply,

Dr. Norm Robertson II
Valparaiso, IN 46383

The letter got delivered, right on time. (Here’s a grateful tip of my virtual hat to the US Postal Service employee who went above and beyond the call of duty to make that happen.)

In sixth grade, I had a paper route and wanted a checking account. Teaching me about banking seemed like a good idea to my mom so she and I walked down to the First National Bank of Valparaiso and, in a few short minutes, I was the proud bearer of my first checkbook. It even had my name, alone, on the checks. I learned how to deposit my pay and wrote checks at the bank when I needed some cash. By mid-December, I had accumulated enough money to buy my mom the electric can opener that I had been eying at Sears. The clerk was a little dubious when confronted with a sixth-grader with a checkbook but, when I told her who my parents were, the store took my check and I walked out a much more grown up boy than I had walked in.

It’s nice to be known.

These days, it is easy to get paranoid about protecting our privacy. I am not sure that we ever had much privacy so I wonder where this fear originated. How did we get from that  comfy feeling of being a well-known part of a community to worrying that our neighbors might find out too much about us? Fretting about privacy does not make us less well known; it just raises our anxiety levels.

I was idling away some time the other evening, looking up race results for some of the people that I have met since I began running in July. The Google searches turned up not only race results but ages and home addresses and photo albums. The photos even told me which high schools had been attended (a uniquely St. Louis concern, it seems). I felt like I was back in small town Indiana. Instead of being just running partners, these people became more human, more friend-ly.

I savor that small town feeling again, even if I would have to drive a car to their houses instead of ride my bike.

Facebook’s Last Straw

Facebook added the proverbial last straw with its latest privacy faux pas. It has demonstrated, yet again, that in pursuing it’s goal of selling advertising, Facebook places very little importance on our personal privacy. Remember that, while Facebook ostensibly is a web site designed to help people connect with like-minded people, in fact Facebook is a business which derives it’s revenues from other businesses, not from it’s subscribers. In plain English: Unless you are paying big dollars to Facebook, you are not Facebook’s primary audience.

Don’t believe me? I just spent half an hour tightening up my Facebook privacy settings; it was a bewildering maze of pages and checkboxes and pop-up windows. I thought maybe I was just dim, that it couldn’t be as hard as it seemed to be. But no; it really is that hard. The New York Times counted the words and discovered that Facebook’s privacy policy is longer than the US constitution!

The new opt-out settings certainly are complex. Facebook users who hope to make their personal information private should be prepared to spend a lot of time pressing a lot of buttons. To opt out of full disclosure of most information, it is necessary to click through more than 50 privacy buttons, which then require choosing among a total of more than 170 options.

Users must decide if they want only friends, friends of friends, everyone on Facebook, or a customized list of people to see things like their birthdays or their most recent photos. To keep information as private as possible, users must select “only friends” or “only me” from the pull-down options for all the choices in the privacy settings, and must uncheck boxes that say information will be shared across the Web.

The last straw was discovering a page which allowed my personal information to be shared with third-parties (advertisers and other businesses) when my friends do stuff, not because of my own actions. Here is the page, after I turned everything off; all of the boxes had been checked when I first came to the page.

Facebook Third-Party Privacy

Just one example: I am perfectly happy allowing my friends to know my birthday but I was angry to discover that, when a friend of mine “visits a Facebook Platform application or website,” my birthday was revealed to the business running that “application or website.” That’s just not right; I did not give my permission for this. I do not want it to happen. Facebook added this “feature” and began giving out this information without asking me.

In response to that discovery, I have done a couple of things. First, I took the time to go through every Facebook privacy page and tighten up the settings. My friends can still see stuff about me. The friends of my friends can also see some stuff about me. To the extent possible, I have blocked business’ abilities to obtain my data. Second, I have removed all of the data which I do not want publicly shared. Since I cannot trust Facebook to keep it private, I no longer store those data in my Facebook profile.

If you are reading this on Facebook, you should know that Facebook is posting a copy of my original article. I actually wrote this on my own blog at www.CheerfulCurmudgeon.com and I invite you to visit the site directly. Facebook does not copy everything from the blog and you are missing good stuff by staying in Facebook and not coming over to the actual website.

I choose to control access to my data, sharing it only with the people that I trust. Facebook has proven, time and again, to be a very untrustworthy arbiter of our data.