When you are working as a network/cluster admin for you team to config the WireGuard VPN for other members, you may meet some of the problems below and these are the solution you can try to fix them.-----------------------------------------------------------------------------------------------------------Problem [1]: The WireGuard handshake request send from the client can be received from the server but the server's response was blocked at some where so the client can not receive server's response after you config multi layers of routing.Test Network Config (setup WireGuard on EXSI VM) :Solut...

There are only two hard things in Computer Science: cache invalidation and naming things — Phil Karlton Doing cache invalidation by hand is an incredibly frustrating and error-prone process. You’re very likely to forget a spot and let stale data get served. That’s enough to turn most people off russian-doll caching structures, like the one we’re using for Basecamp Next. Thankfully there’s a better way. A much better way. It’s called key-based cache expiration and it works like this: The cache key is the fluid part and the cache content is the fixed ...

Now almost every website requires the user to register, there are many benefits of registration for a website, such as retaining users, accommodating discussions, providing customized content and so on.But there is too much trouble if each site requires registration, right?Of course, users can also have their own way, for those less important sites, for example, using a unified user name, password and email so that you only need to remember one account. Then, we also see some advanced methods emerging, such as Facebook Connect, Twitter login, Google OAuth, etc., this indeed eliminates some tro...

I'm so tired of passwords. So, so, so tired.Most people don't understand this. Most people use the same password everywhere. Most people can just mechanically type out password3 in every password box, smirking to themselves at how clever they are, because who would ever guess 3 instead of 1?I don't do that. Let me tell you what i do.I generate a different password for every service, based on a convoluted master password and the name of the thing. I do this because it's what you're supposed to do; it's what security nerds (including myself for the purposes of this post) tell everyone e...

Securing server software is not a straightforward task. Not all of our operating environments are the same, leading to a variety of potential security vulnerabilities. However, using a few basic configuration and security options, you can stay a little ahead of where you want to be.1. Fail2banFail2ban is a Python-based intrusion prevention software that detects and blocks malicious IP addresses from multiple unsuccessful attempts at software logins. In other words, if someone is attempting to login to your server via ssh, it detects multiple, unsuccessful attempts and blocks that user ip for a...

Last week we talked about giving away your passwords and how you should never do it.  When a website wants to use the services of another—such as Bitly posting to your Twitter stream—instead of asking you to share your password, they should use OAuth instead.OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.This is a quick guide to illustrate, as simply as possible, how OAuth works.The ActorsThere are 3 main players in an OAuth transaction: the user, the consumer, and...

It seems like web app security has entered the public conscious recently, probably as a result of the press covering the activities of groups like Anonymous and incidents like security breaches at several CAs. Here are a couple of quick security tips to improve the security of your web apps. Think of these as low-hanging fruit, not as a substitute for thorough analysis of your app’s security. If there’s interest in this topic we can do more posts, too - let us know in the comments!Prologue: SSLYour app already forces all traffic over SSL, right? If it doesn’t, it should. T...

A new study examining 365 million lines of code in 745 applications identifies bad coding practices that affect security, performance and uptime, with Java Enterprise Edition applications having the greatest number of problems. Cast Software, which makes tools that automate the analysis of business applications, examined programs written in Java-EE, .NET, ABAP, C, C++, Cobol, Oracle Forms, and Visual Basic, used across a wide range of industries from energy and financial services to IT consulting, insurance, government, retail, telecom, and more. Java-EE applications were the most prevalent in...