New Post has been published on TechLabs - Beyond Technology
New Post has been published on https://techlabs.technology/advanced_ads/brazilian/

tannertan36
Cosmic Funnies

ellievsbear
Peter Solarz

roma★
"I'm Dorothy Gale from Kansas"
2025 on Tumblr: Trends That Defined the Year
almost home
styofa doing anything
Show & Tell
Lint Roller? I Barely Know Her

Kaledo Art

JVL
No title available
Game of Thrones Daily
occasionally subtle

JBB: An Artblog!

Love Begins
hello vonnie

Origami Around
seen from United States

seen from United States
seen from United States
seen from United States
seen from United States

seen from United States
seen from United States

seen from Malaysia

seen from United States

seen from United States

seen from Bangladesh
seen from Italy
seen from Moldova
seen from Russia
seen from Tunisia

seen from Indonesia
seen from Nepal
seen from Sweden
seen from Brazil
seen from United States
@techlabs2beyond-blog
New Post has been published on TechLabs - Beyond Technology
New Post has been published on https://techlabs.technology/advanced_ads/brazilian/
New Post has been published on TechLabs - Beyond Technology
New Post has been published on https://techlabs.technology/advanced_ads/top-10/
New Post has been published on TechLabs - Beyond Technology
New Post has been published on http://bit.ly/2qfG9zJ
Free public bus transportation in Greater Goiânia. This one is for real.
So once in a while, the Rede Municipal de Transporte Colletivo de Goiânia (RMTC) launches a new program. The launched the “Quick recharge your SitPass with a Credit Card” and it got on the TV-news, the newspaper. They interviewed persons and everyone was happy with this solution but this program worked for only several days. See the article in the newspaper “O Popular” . They also made an app for the Google Store and the Apple store. It started to work on day 21/03/2016 and ended on 30/03/2016, only nine days later, while in São Paulo and some other regions this system still works. Well, I think that’s Goiânia. I remember this because if you used the system it was you, the user. that had to pay the 5% extra to use your credit card.
The public transportation in Goiânia is a mess, too many persons that need to take the bus to go to work or school, and only a few buses to take the whole population by bus to work or whatever.
There also is a program to get a free bus ride. You pay the first ride and get the second ride for free. Most of the people heard about it, but yeah, is it valid or not. This is Goiânia, so you never know. Well, the answer to this one is YES.
There are several cards with credit on it in circulation. The most famous one is the SitPass Fácil, and there is a card for students and elderly persons. But you also have the “SITPASS INTEGRAÇÃO” and that’s the card that I want to talk about. The SitePass Fácil is the most popular because your employer only can pay for you bus fare to get to work on this type of card. It´s a law that you can get for free from and to your work. The nice part of this is that you can sell your credit and use it on the “SITPASS INTEGRAÇÂO“. There is a little charge, but the benefit is will pay off.
Cartão-Integração
The card “SITPASS INTEGRAÇÃO” gives you a free ride, with some rules. It is valid for 2 hours, from the moment you pass the card to enter the bus and the moment you enter the bus to return. You also are not allowed to use the card on the same bus to get back home for example. But if you change from one line to another inside a terminal and you leave the terminal for example with bus 600, you can use bus 600 to get back for free because you don´t have to use your card to get in bus 600 in the terminal.
Well, this sounds too good to be true. You need a special card, with a photo ID and your name on it. You have to create it online and after some day you can collect it at the store of Sitt-Pass in the Center of Goiânia. Use this link to create your online account and get your free bus fare in Goiânia. You need a 3×4 picture, a proof of residence and CPF. Your account is approved in 2 or 3 days, you have to check the site to find out. If it is approved you (and you only) can collect your brand new card at the SitPass Store, located at “Loja Sitpass from 08:00 to 17:30 hrs, at Rua 04 nº 515, Edifício Parthenon Center, Centro”. The card is Free, you don´t have to pay for it.
There is also an app, “SIM Rmtc” that works on all popular phone platforms and is really useful to plan your trip inside the city.
If you use it wisely, the application and the new card, you can save up to 50% on your bus fare that at the moment is R$ 3,80. So you can save every time you use the card R$ 3,80.(Soon it will be R$ 4,00)
The technique used on the cards in NFC (Near Field Communication). When you have a smart phone and have turned on the NFC function on your phone it starts to make funny sounds when you pass your card close to it.
Share this article with your friends, so they can also save on the expensive, Rede Municipal de Transporte Colletivo de Goiânia. (RMTC)
New Post has been published on TechLabs - Beyond Technology
New Post has been published on http://bit.ly/2qsjnYi
Interactive System Format with Windows 10 Professional and Office 365 professional.
We just started with a new service for our clients, and of course for new clients. The Remote, interactive, system format with Windows 10 Pro and Office 365 Professional. All Software is directly downloaded from the Microsoft Servers, so there is no risk that we install any Malware or Virus on your computer / notebook. We can install the software in almost all languages. All other software installations are on special request. And we don´t like secrets, so we let you see how we do it. We don’t black out the screen or anything else. We even setup your email accounts in Outlook 2016 and give you a free month of Eset Internet Security and a trail version of AntiMalware Bytes. In case you want to buy a license of Eset Internet Security, valid for 3 years, we sell these with big discounts. Even the AntiMalwareBytes we can sell with big discounts. We buy a lot of licenses each month and get them with discount, and that discount we share with our clients.
With all our years of formatting and installing Windows / Linux system, we now go online. In the past, we drove by the whole city to help out our clients, but that is past time. Today we can do it all online, faster, flexible and global. It does not matter where you live in the world, we can help you set up your computer like when it came out of the store.
All you need is an internet connection (the faster the better), A pen drive (Thumb drive) to create a special boot device with the setup files of windows 10. And we need some software tools, available for download on the internet.
Windows 10 system format
So, In short, we need: 1) Internet Connection 2) Pen-drive or Thumb drive with at least 4GB. 3) Whatsapp to do the interactive part of the installation 4) Teamviewer to connect to your computer and be able to work on your computer/notebook. You can download your copy here https://www.teamviewer.com 5) Skype as communication backup ([email protected] – Minden USA)
After you installed TeamViewer, the first thing that our technician will do is to log into your computer. He will have full control over the computer in the same way as he really would be in your house or office. He will use new techniques to make a secure data disk and a disk only for the operating system.
We kindly ask our clients not to play with the mouse or keyboard, in that case, our technician has to stop working. He needs to have free access. You can talk to him with TeamViewer or Skype if you think something is wrong.
The whole process is easy, you can see what’s happening. There will be a period of time when Windows 10 is installing that our technician is not able to control your PC. We then ask our clients to take a picture of the screens (please turn off the flash) with WhatsApp and send them to our technician and he will guide you to the screens. There are only some screens that you have to make a picture. That’s the interactive part of our installation. After the process is done we ask you to install Teamviewer again and our technician will continue installing windows 10 and Office 365 for you. We give you a 100% satisfaction warranty.
Backup your data: Before we begin we kindly ask you to backup all your data, pictures, documents. After our technician has done his job your computer is clean, like new. All data will be erased to ensure a clean / virus free installation. If you need space for backup we offer the space needed in the cloud. See under “Get it Today” to see the price per 10GB. Depending on your internet speed this can take a long time and you can´t use your computer in the meanwhile.
To give your computer a new os will speed things up a lot. Get your “Remote Interaction Technician” today.
Be fast and get a USD 10,00 discount on your order. Discount Coupon code: PP10OFF Follow this link to complete your order “Get it Today”
New Post has been published on TechLabs - Beyond Technology
New Post has been published on http://bit.ly/2lJMHnT
Optimizing HTTPS for speed and security on Nginx with Let's Encrypt
Until some years ago only financial, booking sites, or online webstore were we use our Creditcard and personal information stored use https for security reasons. They even can’t get CreditCard acception without a certificate.
Today we see that most of the sites use https to encrypt the information that passes the internet. A simple blog has https to protect the login and password. There are some different types of certificates to protect a website, that depends on the kind of information that is on that site. There are free ones and the expensive ones that cost more that US500,00. If you are a bank you should buy an expensive certificate with insurance. If you have a blog, then you can use a free valid certificate, namely, Let’s Encrypt. Most Linux distributions have packages for it so is really easy to install. On Ubuntu you just install it like with apt-get.
sudo apt-get update sudo apt-get install letsencrypt
Most control panels have to option to select if you want to use a certificated or not. A connection with a site that uses https slows down the connection time a bit because it has to verify the validation of the certificate on the site. With the instructions below this time is reduced and we still keep a good security level for our site and gain a 150ms or more back again.
NOTE: All of the configuration directives explained here will be for your server block in your Nginx config.
1. Setting up OCSP stapling for Let’s Encrypt certificates under nginx
Thanks to a free certificate from Let’s Encrypt, this site is now accessible over SSL. Instead of using the official Let’s Encrypt client to obtain the certificate I used first used letsencrypt-nosudo. This client has a number of advantages: it doesn’t need to run as root, it doesn’t take over port 80 on your server, it doesn’t run continuously in the background, and it doesn’t touch your server configuration. But recently with a new server setup I used the apt-get manner. The only thing I missed from the official client was setting up OCSP stapling, which the official client will do but letsencrypt-nosudo won’t. Through some trial and error I figured out which certificates need to go where in order to get stapling working from nginx.
Figure out which of the Let’s Encrypt certificates was used to sign your certificate. From the command line, run the command
openssl x509 -noout -text -in ssl/signed.crt | grep Issuer:
replacing “ssl/signed.crt” with the path to the certificate you just obtained. (The OpenSSL command prints a bunch of somewhat-human-readable information about the certificate; the grep command extracts the line we care about.) The output will be something likeIssuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 That last bit (“Let’s Encrypt Authority X3”) is the name of the Let’s Encrypt certificate that was used to sign your new certificate. Note: Since the new apt-get install the Issuer: C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
Download that certificate in PEM format.You need to download the PEM version of this certificate. You can find all of the Let’s Encrypt intermediate certificates on the Let’s Encrypt site; click on the “PEM” link for the appropriate certificate to get the file you need. Or, from the command line,
wget -O /etc/ssl/chain.pem "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"
replacing “x3” with a different certificate name if necessary.
Point Nginx to this file as the “trusted certificate”. In your nginx.conf file, add these directives to the same block that contains your other ssl directives:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/chain.pem; resolver 8.8.8.8 8.8.4.4;
You also need to provide one or more DNS servers for Nginx to use. Here I’m using Google’s public DNS servers, but you are free to use whichever works for you (if you don’t like Google or are worried about privacy, OpenDNS might be a good option for you). The resolvers are used in a round-robin fashion, so make sure all of them are good ones.
Make sure you verify your setup using
sudo nginx -t
If the test is successful, restart Nginx
sudo nginx -s reload
and you should be up and running with OCSP stapling!
2. Connection credentials caching
Almost all of the overhead with SSL/TLS is during the initial connection setup, so by caching the connection parameters for the session, will drastically improve subsequent requests (or in the case of SPDY, requests after the connection have closed – like a new page load).
All we need is these two lines:
ssl_session_cache shared:SSL:20m; ssl_session_timeout 180m;
This will create a cache shared between all worker processes. The cache size is specified in bytes (in this example: 20 MB). According to the Nginx documentation can 1MB store about 4000 sessions, so for this example, we can store about 80.000 sessions, and we will store them for 180 minutes. If you expect more traffic, increase the cache size accordingly.
I usually don’t recommend lowering the ssl_session_timeout to below 10 minutes, but if your resources are sparse and your analytics tells you otherwise, go ahead. Nginx is supposedly smart enough to not use up all your RAM on session cache, even if you set this value too high, anyways.
3.Optimizing the cipher suites
The cipher suites are the hard core of SSL/TLS. This is where the encryption happens, and I will really not go into any of that here. All you need to know is that there are very secure suits, there are unsafe suites and if you thought browser compatibility issues were big on the front-end, this is a whole new ballgame. Researching what cipher suites to use, what not to use and in what order takes a huge amount of time to research. Luckily for you, I’ve done it.
First you need to configure Nginx to tell the client that we have a preferred order of available cipher suites:
ssl_prefer_server_ciphers on;
The most recent version of TLS is 1.2, but there are still modern browsers and libraries that use TLS 1.0. I left out the suport for TLS 1.0
So, we’ll add this line to our config then:
ssl_protocols TLSv1.1 TLSv1.2;
Next we have to provide the actual list of ciphers:
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
All of these suites use forward secrecy, and the fast cipher AES is the preferred one. You’ll lose support for all versions of Internet Explorer on Windows XP. But that ancient OS, who cares?
4 .Generate DH parameters
Create the DH parameters file with 2048 bit long safe prime:
mkdir /etc/nginx/cert openssl dhparam 2048 -out /etc/nginx/cert/dhparam.pem
And add it to your Nginx config:
ssl_dhparam /etc/nginx/cert/dhparam.pem;
Note that Java 6 doesn’t support DHParams with primes longer than 1024 bit. If that really matters to you, something is a bit wrong somewhere.
5.Strict Transport Security
Even though you already should have made all regular HTTP requests redirect to HTTPS when you enabled SPDY, you do want to enable Strict Transport Security(STS or HSTS) to avoid having to do those redirects. STS is a nifty little feature enabled in modern browsers. All the server does is to set the response header Strict-Transport-Security with a max-age value.
If the browser have seen this header, it will not try to contact the server over regular HTTP again for the given time period. It will actually interpret all requests to this hostname as HTTPS, no matter what. You can even tell the browser to enable the same behavior on all subdomains. It will make MITM attacks with SSLstrip harder to do.
All you need is this little line in your config:
add_header Strict-Transport-Security "max-age=31536000" always;
The max-age is set in seconds. 31536000 seconds is equivalent to 365 days.
6.Wrap-up
I know how annoying it is to follow guides like this. You just want the config, right? Well, here it is:
user www-data; worker_processes auto; pid /run/nginx.pid; events worker_connections 1024; use epoll; multi_accept on; http { [...] ## # SSL Settings ## ssl_protocols TLSv1.1 TLSv1.2; # Dropping TLSv1 and SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; ssl_session_cache shared:SSL:20m; ssl_session_timeout 180m; ssl_dhparam /etc/nginx/cert/dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/chain.pem; resolver 8.8.8.8 8.8.4.4; add_header Strict-Transport-Security "max-age=31536000" always; ## Detect when HTTPS is used map $scheme $fastcgi_https default off; https on; # Rest of your regular config goes here: # [...]
That’s it.
New Post has been published on TechLabs - Beyond Technology
New Post has been published on http://bit.ly/2kCcG2D
Relocating and moving our old website to a brand new domain techlabs.technology
We are gonna move, relocate, pack our stuff, put it into a box and all the boxes going into a container and we are going to unload the container with the boxes to on new domain. Too bad, I kind of liked this old location, but the relocation to techlabs.technology is even getting better. It fits better to our name.
So a relocation to a new address, unpacking to old stuff and put it up and running again isn’t that bad. The parts just fitting better together now.
Thanks for your visit to our old “home” and feel welcome to visit our new home at techlabs.technology
With many thanks,
Techlabs Team
New Post has been published on TechLabs - Beyond Technologies
New Post has been published on http://bit.ly/2k28xnY
Secure your wp-admin login area of WordPress
Most attacks on our WordPress start with the login area, the wp-admin or wp-login.php. All script kiddies or brute-force attacks will try to get a valid login on the wp-admin page. Other attacks can be on bad written plugins or outdated plugins, so keep your WordPress site up to date. We can secure our wp-admin page it in various manners and I will show you some of them.
#1 Change the wp-admin to something else. An attacker knows that the wp-admin page is the back door to your WordPress installation. A hacker needs to find your login page if he or she intends to brute force the login page to gain access. So, if we remove the back door and put it to another place where they cannot find it.
We can change the wp-admin page with the following rewrite rule in our Nginx config. Here as an example, we change wp-admin to secured-login in the HTTP block.
# Enable the hide backend feature - Security - Hide Login Area - Hide Backend rewrite ^(/)?secured-login/?$ /wp-login.php?$query_string break; rewrite ^(/)?wp-register-php/?$ /secured-login?action=register break;
#2 Block access to the wp-admin by IP If you have a static IP address instead of a dynamic IP address that changes from time to time, than we can block all traffic to our wp-admin page except your static IP address. If you are traveling a lot then better don’t use this.
location ~ ^/(wp-admin|wp-login\.php) allow 1.2.3.4; deny all;
#3 Protect your wp-admin with 2FA (two-factor authentication) There are some WorpdPress plugins that offer 2FA, but this one is really unique. It blocks to login screen until the user presses Push, Call or Enter a Passcode on his phone. The send Me a Push is free, the others uses the credits in your account.
DUO LOGIN
The best option is to Send Me a Push, not only because it’s the only free option that won’t use credits, and that will open a screen on your phone to approve or deny it.
You can also set Global Policy in the control panel of duo.com, such as country restriction, and a lot more. For example, if I set to allow only one country to login and someone from another country gets to the wp-admin screen he get’s this.
denied
Well, give it to me! First, we go to https://duo.com/ and create a new sign up for the service. You get some free credits to call and SMS, but it’s better to alway use the Push option if possible.
Here you can select that you want to protect WordPress and you will get the credentials to copy over into your WordPress. Eventually set up the policies, such as country restriction.
Have a look in the store of your mobile phone and search for DUO and install it. It’s available for Windows Phone, iPhone and Android.
Next, we search our plugin DUO and install and activate it, copy the credentials to the plugin. It’s a really nice tool that can protect many applications or websites.
New Post has been published on TechLabs - Beyond Technologies
New Post has been published on http://bit.ly/2jZQJty
Let's Encrypt for ISPCONFIG on Ubuntu 16.04
Preparations:
If you haven’t already, be sure to create an A Record that points to the public IP address of your server.
panel.domain.com. A 52.67.XXX.XXX
To install let’s encrypt is a lot easier now that it is in the repository of Ubuntu 16.04. The first step to using Let’s Encrypt to obtain an SSL certificate is to install the letsencrypt software on our server.
Update the server’s local apt package indexes and install the client by typing:
sudo apt-get update sudo apt-get install letsencrypt
To create a green padlock for our ISPconfig installation follow this:
letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@`hostname -d` --domains `hostname -f` --webroot-path /usr/local/ispconfig/interface/acme dt=`date '+%Y%m%d%H%M%S'` cd /usr/local/ispconfig/interface/ssl/ for ext in csr key.secure key crt; do if [ -f ispserver.$ext ]; then mv ispserver.$ext ispserver.$ext.old.$dt; fi; done ln -s /etc/letsencrypt/live/`hostname -f`/privkey.pem ispserver.key ln -s /etc/letsencrypt/live/`hostname -f`/fullchain.pem ispserver.crt service nginx restart
Now you have your green padlock at your server were you have ISPconfig installed, so for example, https://panel.domainname.com:8080
New Post has been published on TechLabs - Beyond Technologies
Test Post from TechLabs - Beyond Technologies