https://flowingdata.com/projects/2015/timeuse-simulation/

JWT is neat, in every meaning of the word. Sure, the base64-encoded data is basically plaintext. But a secure signature makes it All All Right. 🙂 Simple and elegant.

I used my OAuth code from twitter to do the encoding and encrypting. As per the usual, it’s in my Reusable project on github.

I used the most-readily-available encryption algorithm. Looking forward to setting up better faster harder ones soon.

These are really good libraries that got my dates and times flowing client-server full circle, with all the UI and math tools I needed.

KISS!


  // Date sanitation: limit ancient and future days and ensure start isn't beyond end
  date today = second_clock::local_time().date();
  date s = startdate;
  date e = enddate;
  if (e > today)
    e = today;    
  if (e - s > date_duration(cn_max_days_to_look_back))
    s = e - date_duration(cn_max_days_to_look_back);
  if (s > e)
    s = e;

Even the name teaches. Instead of HyperCharts or whatever everyone else is calling themselves, even the name of d3 teaches: let your data drive everything.

One deep dive with haproxy and I have handed it complete control of all my certificates.

* One bind statement with every single cert file I own, and haproxy is instantly handling every host’s SSL handshaking using SNI
* It is handling dynamic conversion of http requests to https
* It has removed the need for https on any webserver on the secured LAN
* It allows incredibly flexible load balancing via host, port, url, etc etc
* It is easy to set up to use ssl best practices, so every one of your websites instantly gets A+ ratings on ssl labs

Unbelievable, I’m stunned.

Here’s all I needed to get ssl labs A+ ratings:


global

    # MDM NO SSLv3!  Good ciphers!
    ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
    ssl-default-bind-ciphers AES128+EECDH:AES128+EDH

frontend ....

  # MDM We need to provide an HSTS header to get A+ at ssllabs!
  http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
      
  reqadd X-Forwarded-Proto:\ https

Also needed this in wordpress wp-config.php:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';