I build things.

Static Site Security Posture

Using Lambda@Edge to Implement OWASP Secure Headers for S3 Hosted Websites

The combination of S3 and CloudFront offers a low cost and easy way to deliver static and client side websites. In this blog post I’ll explore how to use Lambda@Edge to improve the security posture of your S3 hosted site through the addition of the OWASP recommended browser security headers. There are some aspects of control that you don’t have, when using S3 and CloudFront, compared to serving your content from a more typical server environment.

OpenVPN on AWS in 4 clicks

Run a personal VPN server in AWS using CloudFormation and OpenVPN

There’s been a sudden general interest in VPNs again with the recent policy developments in the US. There are many important steps users can take to bolster their privacy and you can get a good run down of them in this EFF article. It is worth re-stating that VPNs are not a magic bullet. They typically just shift the threat downstream. A substantial number of VPN providers are not trustworthy and likely more dangerous than your ISP.

Dropbox WTF

Is Dropbox behaving badly on your Mac?

This is a somewhat complex issue but the TL;DR here seems to be: Dropbox is using deceptive and ethically questionable means of obtaining broad permissions on your Mac without being clear to you why they need them and what they are doing with them. That is certainly worthy of a closer look and some consideration of how that makes you feel re: using their products. I first saw this referenced today by @bitfield and the main issues here are that:

ACM Validation Domain

Sending validation emails to apex domain for subdomain requests.

The release of AWS Certificate Manager has been a fantastic resource for zero cost issuance and management of SSL/TLS certificates for use in your AWS environments. As per the ACM marketing collateral: With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals. SSL/TLS certificates provisioned through AWS Certificate Manager are free.