hashing woes with csp and googles chrome

wenlock a policeman

Say

<script async src="https:/zoo/js/jquery.thing.js" integrity="sha384-xxx" crossorigin="anonymous" defer>

Was giving the zoo a load error with our csp which is a rather lax affair however i found out that sha384 hashes where not liked by googles chrome and a 256 hash worked.

I can’t remember editing the js so changing it or needing to but the mix messages of the csp did make it kind of hard to figure what was wrong – i am blaming chrome not myself.

The thing does not complain as much now. So fixed i think for chrome although it feels a bit like chrome is the next internet explorer incarnate..

Sigh

webp – not a image panacea.

not that gimp

webp is a image format that chrome reads and gwenview does as well on my linux desktop  If your a windoze ormac user good luck. The gimp* in its current version cannot or imagemagik so it is limited.

I was not impressed and you might need a different browser to see webp.images

size wise

ls -la cr*
-rw-r–r– 1 bananas bananas 18344 Nov 4 19:52 craving.jpeg
-rw-r–r– 1 bananas bananas 1566 Nov 5 19:14 craving.webp

Amazing no ? a gwenview convert

However it changes this jpeg

To (unable to upload webp images to wordpress) so a screenshot. the webp image will be downloaded by firefox as well for openiing in something else. – so your probably looking at browser strings to decide what image each sees and some kind of conditional language statement..

So its a bit blurry. No its not your eyes

It might be fast but seems a little too google friendly not everybody uses google.

Webp seems to have a long way to go.   Can’t recommend can you?.

seo and webdesigner spammers are weird

Kkaran Bahree indian crook of well know ill repute

Strange bunch – I would like to know

why send via outlook,com – microsoft free email it is not like microsoft are writing ie6 compatible sites for us, I hate microsoft and report it as spam and i can fuck up microsoft free email that way too..

I am amused to read (if it gets past the spam filter) that microshit only employ 10 people.  Are these indians doing this too incompetent to have a domain themselves ?

Use of return receipts  – so first thing it does is ask for a confirmation and them ….

Asks for another human reply -you just got one so what was wrong with the one from above ? you demanded .

no checking of websites – The monkey house does not give a shit that we are not number 1, and yes our design is mobile friendly.

Forward of the original email.  – er why would i reply to that ?

Anyhow

Scammy cookie explanation websites

Cookies on websites are weird your warned but have to accept whatever woe may or may not come your way.

http://international-chamber.co.uk/ * is the site that fails to load at all listing it seems pointless and a lot of sites show it.

the other site had an advert for a scammy technical support firm on the front page. Which gave me the wrong impression.

ttp author and bad man

If the intention was to de-escalate the threat that these electric biscuit** things might do then i was none the wiser and downright concerned about the explanation of cookies from the american chamber of commerce..

Somehow they will not be part of any website redesign i do explaining what a cookie is.

*the people who made Hillary Clinton unelectable ** sweet ?

The newspaper industry ‘app’ mystery

Yeah its the tempest

The monkey houses newspaper (my blog) also has an online version of which you need a login to and we don’t have them, as i block some things and if you do visit the site it complains about it.  Nobody in the zoo visits the site for the nagging delay and the weird commentators who want world war three or something less doomsday like say who’s multimillionaires daughter has a diet cookery book out and why an eel in your stomach will work wonders which could be a world war three in your stomach i guess if that is not overthinking things..

Anyhow i was not bothered but I had an interest to see if subscribers also got served ads – i guess ‘yes’ if you ask me what i suspect with the extra data the bush telegraph also knows to create a super cookie for nefarious advert use – say buy a hardback book about word war three dieting? – loose weight with Polonium*  But the newspaper who apparently gave us web access never told the alpha ape here in the monkey house how to login.  Not that anyone the monkey house was bothered by this omission.

Then all of a sudden he tells me they reduced the price of the subscription and cancelled the web access for non use. Oh news to all.

The monkey house is not bothered by this but it is something i will not now know.  Ignorance is bliss..I did once try and get a more up to date ‘free’** computer for a beta they where giving away [not me] but neither seemed wiling to do anything about it

The moral to this story if you do not tell customers of a thing they won’t use it.not that my exploration would result in happy customers here paying extra for web access..

Cookies !

*works.** note the exclamation marks

html5 validation in the wild.

The monkey house here in zoo needed its website changed so i got handed this job and when i ran my perfectly looking site through a validator it had a few issues but those things always do.

are-you-serious-wtf-meme-baby-faceHtml5’s date and time features i did not get and where complained about especially pubdate which seems to have confused many so i left those in.

Nav roles also brought up a public health warning which i ignored.

The rest where my errors, unclosed div’s, form elements without id=”foo” and of course the odd typo.

In the end i fixed most of the issues but a noscript issue made me question my sanity when the feature which needs a scripting back end told me that it would never run in a noscript environment, i would hope so.

The site still looks the same for all the improvements.

Really it does not look like i did anything, but i did. Honest

html5 and an odd css problem

headacheI was looking at our production zoo website when i noticed that the css mailto image was not displaying.

It was pointing to a wrong url and several days later after changing that still no image was showing up, i eventually fixed it with a space in the html.

It was working and in the old browser from redesign but had since stopped, bloody browsers changing there minds.

On seo books

hipsterSome seo books where read my me here in the monkey house – there not my choice but what i could find rather than buy paper  ebooks it appears are the way to go here but with a lot of crooks in seo meaning one book a decade is out of the question due to scams by seo professional’s in there quest misdirecting searches.

This is not an endorsement of the items below but they reflect a more modern world view than i usually could obtain there are two books reviewed.

moranFirst is isbn: 9781119129554 was not a book i bought and is by Peter Kent and called seo for dummies (edition six) published in 2015 a publisher i dont think a lot of and aviod

Kent is a lot more honest than mr Odden who you will meet below.  This book has technical terms in as a bonus and lays out a long term view rather than claim that a one off $25 will buy you first result (my blog) which many seo ‘professionals’ flog and does not work.

It is low on technical content but he points out the downsides of the seo profession too although to describe nofollow as a curse seems a tantrum.  Hey your ‘profession’ fucked it up.

A bit general term but full lifecycle.

3/5 bananas

seocrookisbn: 9781118167779 is by Lee Odden and called optimize published in 2012 it was not a book i bought but in the introduction you have to be a brilliant public speaker to do seo.   I nearly gave up at that point for reasons of deadpan humour.

Hold on lets do this as a speech after all comrade Odden suggests it.

picardmy lords ladies, gentlemen and honoured league of international chicken sexers of planet earth may i tell you that many people google things, tweet and use facebook and this can be a commodity.

Using a marketing plan Odden employs usefull idiots to create noise that drowns out any meaningful conversation for example consider this meaningless crap.

seospamAlas it takes the author to nearly the end of the book to admit that nofollow in blogs and competitors mean this stuff is of poor quality and i imagine that this din of don’t think of that try this is hardly the kind of content deemed of value.  It does kind of explain why i don’t get the comment spam volume here.

Yeah its the tempest

Yeah its the tempest

If the high noise ratio to meaningless content is Odden’s aim then i will imagine that this non technical book will require a complete overhaul very soon.

But it might work if your a public speaker.  I failed to master that skill in the time i read the book in.

0/5 bananas.

Seo books um lets say are best not purchased.

hsts and hpkp in the wild

babymemehsts impressed me when i had to do a tls upgrade unexpectedly, that’s a great thing to configure although preload as syntax option is best removed and is counter intuitive.

But hpkp (my blog) still baffles me.  hpkp is a waste of time although i have ‘valid’ hpkp i still have no hpkp backup key and the report uri thing also remains a mystery to me – is it a form in html,a cgi script or something else.

Specifically problems seem to exist with primary and backup keys (if you hairy eyeball to documentation) appears to be done with pin-sha256=\”base64+primary==\”; and +backup but i can’t verify that although it could be rfc right.

report uri is also a mystery to most just do the hashes so i guess they also gave up on it however it is supposed to work – i rekon a cgi like form is used

The higher mysteries of hpkp will remain here in the zoo

letsencrypt fail

The zoo runs several websites off one piece of hardware and some of you lot probably will be amazed that it is possible (my blog) and it works.

However lets encrypt is a wreck behind the scenes even run as root i failed to get past this web hoster’s botched implementation certbot

Carol Beer little britain says computer said no

Carol Beer little britain says computer said no

Problems encountered — one registration per /etc monkey.com and banana.com need two accounts

I delete one , i get further than before then i need to create directories and when i run those commands (printf) the client still says no and when dealing muiltple ip addresses then some editing of the python syntax is needed

This

:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((”, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()”

Needs to become

:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((‘<ip address>’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()”

However a dns redirect trumps this feature so its a real pain in the arse – all i wanted was tls website for an expired tls domain – no joy and for a postfix instance a certificate which seems to demand a website which i dont want.

I also deleted my 443 config (i did make a backup) but it strikes me as very much not ready for the real world. I decided to buy ssl instead.

Perhaps my tlsa records (my blog) upset the process but when certbot does computer says no when i wanted was something along the lines of a crt, pem chain which i could figure out the rest instead i get a boiler plate 443<monkey>.com apache template somewhere in /etc.

rocketletsencrypt is too restrictive and its configuration leaves much to be desired.  OK I was working this as an in place upgrade rather than a ‘virgin’ domain which never had ssl cert before which i could test* but its not rocket science tls but the process involved is horrid.

Peace.

*to do this i would create dns zones,change dns glue records,switch on an ipv4 address and add a www thing,delete the bad account data,and then a day later try again.  No thanks.