Brain on Fire » Blog Tim McCormack, distilled

You can do everything "in the cloud" these days, from blogging to posting photos to running servers. Most impressively, you can now also lose control of your files and personal information with unprecedented ease, or simply lose it, period. This is exactly the worst possible feature for the personal publishing use-cases of cloud computing. Possibly the most distressing aspect of cloud-based publishing is that it firmly designates the intangible network as the primary resting place of one's data. (I will note here that this aspect is itself what I am using to define "cloud computing" for the purposes of this blog post.) If the first place you put your creations is some hosted service on the great wide interwebs, you're playing with fire.

I like using HTTPS whenever possible. Usually this is as simple as adding a single letter to a URL, but some sites have separate domains for SSL. The Wikimedia sites are a great example of this; they share the domain secure.wikimedia.org and use the first elements of the path to specify the site.

Now, I could have set up a Greasemonkey script to redirect me once I hit an unsecure Wikipedia page, but then it's too late. (I'm usually going directly to the article via web search results.) I could also use Greasemonkey to rewrite URLs in web pages, but that's a mess. Instead, I wanted to intercept any requests to unsecure Wikipedia and redirect them on the fly, before they even left my machine. Here's how I set up my browser to always use SSL for Wikimedia sites:

1. Have Apache with virtual hosts and Mozilla Firefox with FoxyProxy
2. In my default virtual host:

   <Directory /var/www/>
   	RewriteEngine On
   	RewriteBase /
   	RewriteCond ${HTTP_HOST} !.*mycomputername.*
   	RewriteRule . rewriter.php [L]
   </Directory>

3. And this file at /var/www/rewriter.php:

   <?php
   
   $host = $_SERVER['HTTP_HOST'];
   $path = $_SERVER['REQUEST_URI'];
   
   // ensure path is not of form http://...
   if(strpos($path, '/') !== 0) {
   	$start = "http://$host/";
   	if(strpos($path, $start) === 0) {
   		$path = substr($path, strlen($start) - 1); // include slash
   	} else {
   		die();
   	}
   }
   
   if(preg_match('/([a-z0-9]+)\.wikipedia\.org/', $host, $m_domain)) {
   	header("Location: https://secure.wikimedia.org/wikipedia/{$m_domain[1]}{$path}");
   	die();
   }
   
   ?>

4. Then set up a proxy in FoxyProxy, early in the chain, called "rewriter". Set it to a SOCKS 5 proxy at localhost:80, using the whitelist regex http://[a-z]+\.wikipedia\.org/.*

Obviously, the setup as written here only gets Wikipedia, but it could easily be expanded to Wiktionary, Wikibooks, Wikimedia Commons, and other sister sites.

I'll delete any tech-support questions in the comments area, so don't ask them. This guide is for advanced users only. Discussions of potential improvements are welcome.

When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?

Star Simpson, the 19-year-old arrested at Logan airport for having a "hoax device", is just another living, breathing, hoping, dreaming human, like you. Essentially, she was arrested for being an idealist, for not understanding that the people with the guns and the power see "different" as "dangerous".

The following was written by a friend of mine, who wishes to remain anonymous, but gave permission to share it.

Four days ago, a group calling itself the "MediaDefender-Defenders" released a torrent pointing to 700 megabytes of corporate emails from MediaDefender, a company providing "BitTorrent protection services" to record labels and movie studios. The emails expose company strategy, confidential contracts, passwords and login information, lists of servers and IP addresses, and reactions to mentions of the company in the news [read them here]. This post is a summary of recent events, along with a heaping of speculation as to what happened behind the scenes.