Categories
Security

Subresource Integrity in HTML

In light of the recent supply chain attack on the polyfill.io CDN, a GitHub account and domain were taken over by a malicious actor, who began injecting harmful JavaScript into thousands of websites. If websites load JavaScript, this script can operate in the first-party context and may perform a range of actions, including logging form data, capturing cookies, and modifying the website as desired. This poses an extreme risk if you do not trust the source completely.

One way to mitigate this risk is by using Subresource Integrity (SRI), which allows you to pin a remote JavaScript file to a specific hashed fingerprint of its content. This makes loading remote resources significantly safer by blocking the loading if the content of the remote JavaScript content changed.

Categories
AI

What i learned about Claude.ai

I started playing with Claude.ai and this is what I learned.

As is typical with my blog posts, this is a developing story, and I will continue to update this post as I play and learn more. For now, I am still impressed by the quality of the answers. Particularly, coding appears to yield far superior results compared to ChatGPT 3.5, ChatGPT 4, or ChatGPT 4.

Categories
Azure

New Kudu for Linux App Service

Already published in February 2020 with the “preview”-state, the new Kudu was published on Microsoft’s website. But until recently, I was also not aware that this existed. Now in July 2024, the default link from the Azure portal still leads to the old Kudu, with the new Kudu only available if you know it’s there.

Categories
Web

What is ClaudeBot/1.0

ClaudeBot is a web crawler used to download training data for training LLMs (Large Language Models). This bot is operated by Anthropic, the company that runs Claude.ai.

ClaudeBot/1.0; +claudebot@anthropic.com

Should you block CaludeBot or limit its access, and how can you do that? Find out more in this article.

Categories
News

Freshping.io webhook issues July 2024

I am a free customer of Freshping service. Since yesterday evening July 9th, 2024, my integration with pushover.net using a webhook has stopped working, and I couldn’t find any way to fix it. My integration remains present, and the configuration appears to be correct. However, webhooks seem not to be sending out notifications. Due to the announced service change, I do not qualify for support anymore as a free user.

Categories
Security Web

GitHub follow commits as RSS

There might be times when you want to closely follow updates to a public GitHub repository. I had this use case in June 2024 when following the Swiss NCSC for cyber threat information regarding DDoS attacks.

I solved this problem by setting up an API key and regularly querying the main branch commits. However, this process is unnecessarily complex. A much easier way is to follow a repository as an RSS feed.

Categories
Web

Understanding GLCID, WBRAID, and GBRAID

In today’s digital marketing world, tracking how ads perform is crucial. Google has been helping advertisers track ad performance using something called GLCID. Recently, Google introduced two new tools called WBRAID and GBRAID. These changes are due to new privacy rules from Apple, and they help advertisers see how effective their ads are without compromising user privacy.

Categories
Security

SWICO: Hosting

I familiarized myself with the “Leitfaden für Behördenanfragen zu Kundeninformationen und -inhalten” which was created by Swico to guide Swiss hosting providers on handling inquiries from Swiss authorities and courts regarding customer activities, information, and content.

Categories
Monitoring

Reponse Time Buildup

This is a quick snippet, a view onto a Statuscake response time graph. A web application had a memory leak, and over multiple days, the response time was building up on instance 1. If instance 2 is queried, the response time is good; instance 1 had the memory leak and would cause the response time to build up.

https://app.statuscake.com/UptimeStatus.php?tid=*** Statuscake Test Details 2020-12

There is nothing to learn here, but this graph speaks for itself and looks rather beautiful. It shows an extremely rare and very visible error.

Categories
Security

WSUS Offline Update

I have used this software for my netbooks that always failed to download the Windows update. I was able to extend the useful life of the device for years. This tool may not be very corporate-ready, but if you have a Windows device and you need to update it offline and easily, this can be a lifesaver.

Please download from the original source, a German website.

https://www.heise.de/download/product/wsus-offline-update-ct-offline-update-38170

This is my small mirror, but it may not be updated to the latest version. Therefore, please refrain from downloading from here unless necessary.

  • WSUS Offline Update 12
    • Windows 8, Windows 8.1, Windows 10
  • WSUS Offline Update 11.9
    • Windows 7
  • WSUS Offline Update 9.2.5
    • Windows XP, Windows Vista