j a m i e

WordCamp EU

Over already, time flies when you’re having fun.

Continuing on from WordCamp London I was chosen to also attend WordCamp EU, in Paris for 16th & 17th June.

WordCamp London prepared me for the usual stuff, the volume of visitors though had rocketed from ~500 up to almost 3,000 which was crazy! Also bumped into a few old faces which was cool.

I arrived late Thursday night after having my flight delayed. Friday was intense, from 7:30AM through to almost 6AM, Within the first 3 hours we’d given away the lions share of our T-Shirts, through the years WP Engine have gotten a name for themselves for having the best shirts in the business, which I’d tend to agree with. New designs for every convention and actual proper fabrics – not run of the mill tees with a logo, bright color and starched. We also had some of the usual stuff, shades, a bunch of stickers and our French themed sticker too! And fidget spinners.

Thursday night we had a trés exclusive afterparty at a bar in town, the spicy home. Around 100-150 people squeezed in and somehow we had a magician. After that, we showed up to another afterparty we co-sponsored for plugin development. Fell into bed around 1am to do it all again Saturday. Worth noting at some point around then one of my own personal servers had a raid array fail over, ultimately lost a whopping 18tb of backups. Re-downloading them as we speak.

Thankfully, Saturday was quieter. That coupled with our now almost depleted stock let us have a bit of a breather and some of us managed to get in a talk. Luckily, I managed to grab the Q&A with WordPress co-founder Matt Mullenweg which was really good. On the whole, it’s great to start recognising people, even those from competing companies and having a chat. As always, it’s fantastic to have clients come up to us also with their success stories, of how much they enjoy it with us. It’s great to know that we’re making peoples lives easier, good for the soul.

That’s pretty much it, writing this up from a Bus Eireann rattler that’s still an hour from Limerick. Can’t win em all.

Getting an A on Mozilla Observatory

So I’ve done this with a few sites so far and figured it may be worth a write up. It’s actually a lot less daunting than it seems. Here’s where you can test it.

jamie.ie, blog.jamie.ie and hoarding.me aren’t done yet as they’re hosted on WP Engine, a managed wordpress host so I haven’t gotten around to it (yet). Feel free to test on welp.me or im.welp.me.

Assuming you’re already using nginx it’s just a case of adding a few lines to your default config. Lets start with the massive pain in the ass that is CSP. Kill me. I use a default that fails mozilla observatory, great start right? Don’t worry, we’ll pass everything else and get an A anyway so who cares. Most of these are necessary to run any sort of social site, facebook, google analytics, twitter etc. And the maxcdn bootstrap.


add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pagead2.googlesyndication.com https://connect.facebook.net/en_US/sdk.js https://platform.twitter.com https://www.google-analytics.com; img-src 'self' https://syndication.twitter.com https://www.facebook.com https://www.google-analytics.com data:; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-ancestors 'self'; frame-src 'self' https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; connect-src 'self' https://apis.google.com; object-src 'self' https://pagead2.googlesyndication.com";

The next three you shouldn’t be failing to begin with.  CORS is the devil, so that’s skipped too. May god have mercy on your soul. Pinning keys is overkill, if you’re using Lets Encrypt it’s also a waste of time updating this every 3 months so don’t bother.

For HTTP Strict Transport Security;


add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";

For Redirection;


server { listen 80 default_server; listen [::]:80 default_server; return 301 https://$host$request_uri; server_name your-domain-name.tld; } server { server_name your-domain-name.tld; listen 443 ssl http2; listen [::]:443 ssl http2;

You can omit both server_name directives if you’re only serving one site.

For Referrer Policy;


add_header Referrer-Policy "no-referrer";

For X-Content-Type-Options;


add_header X-Content-Type-Options nosniff;

 

For X-Frame-Options, it’s set in your CSP which we’ll added in the first part (frame-ancestors ‘self’)

For X-XSS-Protection;


add_header X-XSS-Protection "1; mode=block";

Harden your SSL settings with this;


ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SH$ ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_stapling on; ssl_stapling_verify on; ssl_session_tickets off; ssl_ecdh_curve secp384r1;

Grab a beer and enjoy your A rating.

XMPP server online.

So a while ago I used to run an IRC server with bots, but this proved to be a massive pain in the ass. A few days ago I contemplated doing the same thing again and instead looked around, eventually settling on XMPP – I used one of these in the past also but it was via some crappy java server app thing called openfire (I think).

Ejabbered caught my attention and surprisingly, it only took around an hour to set it up and configure. It’s free to use for anyone now at im.welp.me

On the hoarding.me front, I have another scaleway server that I almost finished testing the guide on but I keep getting sidetracked. The guide as a whole is in a pretty good spot right now so this weekend I’ll probably do another catch up and call it finished for a while.

I’ve been looking into setting up another bittorent tracker and frontend too. Chihaya or ocelot for the tracker, project luminance or oppaitime for the frontend. I definitely want to use chihaya over ocelot but can’t decide between the two frontends – interesting times ahead I guess. As if I didn’t rent enough servers already.

Soft launching hoarding.me

So I’ve gone ahead and opened it up to testers over on reddit at /r/datahoarder [link] and at /r/seedboxes [link].

Feedback is good so far, there’s no actual limitation on accessing the site. If it got spread around I’d just have stuck basic auth on for a while but pretty sure we’ll be good. That said I’ve probably PM’d 50-60 people already. Tomorrow will mainly be focused on improving the writing on some pages and correcting any typos that are found.

On Sunday then I’ll post it around and leave it up as the finished article. There is one part of it missing that I’d like to add but I haven’t been able to get it running right. Namely, @reboot crons to mount everything – it’s fine without them because restarts are pretty rare but it’d be nice to have a 100% finished setup. We’ll see!

Wordcamp & hoarding.me

Woo! Wordcamp London has passed us by and I was lucky enough to be chosen to attend with the WP Engine team. It was awesome, you should totally go if you ever have the chance. We were located in the main sponsor lobby between Woocommerce/Jetpack and 34sp/godaddy. Met some really cool people with really cool stories and looking back on it not sure why I was nervous beforehand. 90% of the people that came up to us were just there to thank us (WP Engine) and tell us how much they enjoyed being on our platform. Was a very rewarding experience and very glad I was chosen to attend!

 

In other news, when I get some time to myself I’ve been slowly tipping away at a massive guide over on hoarding.me. When finished, it will be one super long guide, detailing from scratch what you need to do to turn a VPS/Dedicated Server into a fully automated Plex god. Including attaching an encrypted, unlimited storage Cloud Drive mount. I have it all fully written up and have tested the guide on a spare server. Just waiting on a friend to test it out from scratch and see how it performs.