Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely. See the standard modules page for a list of all the functions built into Webmin.

More important than the mechanics of the system is the rationale...

Debian provides the two separate directories so that if you're automatically managing your Apache configs, you can just have all of the vhosts drop into sites-available on all your machines, and then individual vhosts can be enabled on the server that will actually serve them. It also means you can near-instantaneously disable a site if it's causing problems //

Important information:

You should edit files only in sites-available directory.

Do never edit files inside the sites-enabled directory, otherwise you can have problems if your editor runs out of memory or, for any reason, it receives a SIGHUP or SIGTERM. //

the file in sites-enabled is a symlink to the sites-available file: ///

after manipulating symlinks in sites-enabled, run sudo service [httpd | nginx ] restart

We all know how to enable a website using apache on Linux. I'm pretty sure that we all agree on using the a2ensite command.

Unfortunately, there is no default equivalent command that comes with Nginx, but it did happen that I installed some package on ubuntu that allowed me to enable/disable sites and list them.

The problem is I don't remember the name of this package.

Does anybody know what I'm talking about?

Please tell me the name of this package and the command name.

wallabag is a read-it-later application: it saves a web page by keeping content only. Elements like navigation or ads are deleted.

The main documentation for this application is organized into multiple sections:

user-related docs
apps-related docs
administator-related docs
developer-related docs

For user convenience, web browsers store the account and password entered into the login form when the user visits a website and provide the feature to enter them automatically upon revisiting. The password management feature is enabled by default on Chromium-based web browsers (Edge, Chrome).

Figure. Chrome pop-up suggesting to save password
The information entered when logging in is saved to the Login Data file via the password management feature.

Chrome C:\Users\<User name>\AppData\Local\Google\Chrome\User Data\Default\Login Data
Edge C:\Users\<User name>\AppData\Local\MicrosoftEdge\User\Default\Login Data

Login Data is an SQLite database file, and the account and password information are saved to the logins table. In addition to accounts and passwords, the time saved, URL of the login site, and the number of times of access is saved to the logins table.

If the user refuses to save account and password information of a site, in order to remember this, the blacklisted_by_user field will be set as 1, the username_value and password_value fields will not have accounts or passwords, and only the origin_url information is saved to the logins table. //

– Collecting and stealing information saved to browsers
– Login account and password
– Cookies
– Autofill
– Credit card information
– Browsers targeted for attack
– All Chromium-based browsers
– All Gecko-based browsers
– Cryptocurrency wallet information
– Seed file saved to the system

Gitea - Git with a cup of tea
A painless self-hosted Git service.
Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.

Browser detection using the user agent

Serving different Web pages or services to different browsers is usually a bad idea. The Web is meant to be accessible to everyone, regardless of which browser or device they're using. There are ways to develop your website to progressively enhance itself based on the availability of features rather than by targeting specific browsers.

But browsers and standards are not perfect, and there are still some edge cases where detecting the browser is needed. Using the user agent to detect the browser looks simple, but doing it well is, in fact, a very hard problem. This document will guide you in doing this as correctly as possible.

Note: It's worth re-iterating: it's very rarely a good idea to use user agent sniffing. You can almost always find a better, more broadly compatible way to solve your problem!

This project is an independent fork of Firefox, with the primary goals of privacy, security and user freedom.

LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.

Favicon Generator. For real.
All browsers

• chrome Safari Firefox Internet Explorer Edge

All platforms

• iOS Android Windows Mac OS X Google Result Pages

Your favorite technologies

• HTML5 WordPress Grunt Gulp Node.js Command line Ruby on Rails ASP.NET Core Google Web Starter Kit

The humble favicon was messily birthed with the pernicious IE5 release. Since that fateful day, browsers have slowly expanded favicon technology to encompass many wildly differing and lightly documented use cases. Here in 2021 favicons are found primarily in browser tabs, home screens, and Google search results, but they continue to pop up in the strangest places.

Recently my team was tasked with building a favicon fetcher. As a warmup, I looked to see how Chrome handles favicon loading. Do you know that the favicon loader in Chrome is many thousands of lines of code? Why is it so complicated?

We realized we knew very little about the favicon ecosystem. Eventually we decided to fetch the Tranco top 100,000 websites and analyze their favicons. We checked each home page for favicons, Apple touch icons, and manifest icons. We also examined fallback locations like /favicon.ico. Here’s a quick table to catch you up: //

The big winner is the mesmerizing favicon from eventhorizontelescope.org, clocking in at a hefty 7MB. When I downloaded this favicon, the density of my machine increased and nearly collapsed into a black hole.

Simplest Guide for Squid SSL Bumping //

“📢 Reader Alert❗If you are using an uncapped Internet package, probably this might not be your cup of tea ☕️…”
If you are still interested, hold my beer 🍺 I am going to tell you how to save your data ( and ofcourse money ! 💰). Your savings are proportional to your repeatable web behavior.

Earlier this year Chrome developers decided that the browser should no longer support JavaScript dialogs and alert windows when they're called by third-party iframes. //

When the web developer community finds out Google is going to break a ton of websites through a tweet, you know communication has failed. But there was a follow-up tweet that's actually far more disturbing than the news of alert() disappearing.

The tweet comes from Chrome software engineer and manager Emily Stark, who is of course speaking for herself, not Chrome, but it seems safe to assume that this thinking is prevalent at Google. She writes: "Breaking changes happen often on the web, and as a developer it's good practice to test against early release channels of major browsers to learn about any compatibility issues upfront." //

First, she is flat out wrong – breaking changes happen very rarely on the web and, as noted, there is a process for making sure they go smoothly and are worth the "cost" of breaking things. But second, and far more disturbing, is the notion that web developers should be continually testing their websites against early releases of major browsers. //

Web developer and advocate Jeremy Keith points out something else that's wrong with this idea. "There was an unspoken assumption that the web is built by professional web developers," he writes. "That gave me a cold chill."

What's chilling about the assumption is just that, it's assumed. The idea that there might be someone sitting right now writing their first tentative lines of HTML so that they can launch a webpage dedicated to ostriches is not even considered.

What we are forced to assume in turn is that Chrome is built by the professional developers working for an ad agency with the primary goal of building a web browser that serves the needs of other professional developers working for the ad agency's prospective clients. //

As Keith points out, this assumption that everyone is a professional fits the currently popular narrative of web development, which is that "web development has become more complex; so complex, in fact, that only an elite priesthood are capable of making websites today."

That is, as Keith puts it, "absolute bollocks."

On 30th September 2021, the root certificate that Let's Encrypt are currently using, the IdentTrust DST Root CA X3 certificate, will expire. You may or may not need to do anything about this Root CA expiring, but I'm betting a few things will probably break on that day so here's what you need to know!

Summary

“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.” //

What is the main purpose of security.txt?

The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.

Where should I put the security.txt file?

For websites, the security.txt file should be placed under the /.well-known/ path (/.well-known/security.txt) [RFC8615]. It can also be placed in the root directory (/security.txt) of a website, especially if the /.well-known/ directory cannot be used for technical reasons, or simply as a fallback. The file can be placed in both locations of a website at the same time.

Don’t have an SSL Certificate? Google is going to flag your website this year!

We turn to the internet for everything. From selling to buying,

With this dominating trend, online security has become a necessity.

Undoubtedly, Google loves its users and therefore, is coming up with every possible way to make us feel secure here on the internet.

With its recent announcement, earlier this year, Google will flag all the unencrypted internet by the end of 2017.

What?

This website is for when you try to open Facebook, Google, Amazon, etc on a wifi network, and nothing happens. Type "http://neverssl.com" into your browser's url bar, and you'll be able to log on.

Why?

Normally, that's a bad idea. You should always use SSL and secure encryption when possible. In fact, it's such a bad idea that most websites are now using https by default.

And that's great, but it also means that if you're relying on poorly-behaved wifi networks, it can be hard to get online. Secure browsers and websites using https make it impossible for those wifi networks to send you to a login or payment page. Basically, those networks can't tap into your connection just like attackers can't. Modern browsers are so good that they can remember when a website supports encryption and even if you type in the website name, they'll use https.

And if the network never redirects you to this page, well as you can see, you're not missing much.

HTTPS is now free, easy and increasingly ubiquitous. It's also now required if you don't want Google Chrome flagging the site as "Not secure". Yet still, many of the world's largest websites continue to serve content over unencrypted connections, putting users at risk even when no sensitive data is involved.

The Save 418 Movement
We are the teapots.

Status Code 418 states that

Any attempt to brew coffee with a teapot should result in the error code "418 I'm a teapot". The resulting entity body MAY be short and stout.

-- See RFC2324 Section 2.3.2

Go to Google.com/teapot, and see for yourself.

Generate and verify the MD5/SHA1 checksum of a file without uploading it.

Generate the hash of the string you input.