Vladimir Cicovic Blog

Imagine that certification authority without your permission publish certificate for your site and for example the same one gets used by cybercriminals. Your online shop gets BGP hijacked and you lose millions.

So how to prevent this type of attack?

One way is to use CAA DNS records. What does that mean? It means that you put exactly what CA you want only to use. So others CA become a fraud. And if happen - you get a message on this.

It is a security mechanism to prevent stealing SSL/TLS certificates and imitates your (let say) online shop and stealing millions from your clients and from you.

Example of the records:

dig CAA vladimircicovic.com

; <<>> DiG 12.11.3-1TAONSA_linuxOS<<>> CAA vladimircicovic.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10986
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;vladimircicovic.com.       IN  CAA

;; ANSWER SECTION:
vladimircicovic.com.    10800   IN  CAA 0 iodef "mailto:someemail@localhost.com"
vladimircicovic.com.    10800   IN  CAA 0 issue "letsencrypt.org"
vladimircicovic.com.    10800   IN  CAA 0 issuewild "letsencrypt.org"

;; Query time: 307 msec
;; SERVER: 
;; WHEN: Sat May 09 20:06:28 CEST 2020
;; MSG SIZE  rcvd: 174

So important to set iodef, issue, issuewild to CAA works properly.

You can ignore the given record but keep in mind this How 3ve’s BGP hijackers eluded the Internet—and made $29M could happen to you.

Yea this is a scary blog post about how people lose money if they don't read this post :D

Most of my posts on the blog have pictures. At some point, pictures have an 800kb size. Some less other more than that. In short: I have a bunch of pictures 4.5MB. So loading my sites was heavy for some users in China, Japan, Australia. Using Google Analytics and sites for web testing - I notice this issue. So the first moment was how to resolve?

I start digging on the net and find that most of my png could be converted to the JPEG 2000 format.

After running command like:

gm convert -define 'jp2:rate=0.008' 20200509173353-twittercard.png 20200509173353-twittercard.jpg

gm command is part of GraphicsMagick package.

Second thing - resizing pictures. Most of my pictures have more then 800x600, so I resize to 640x480. And win drastically speed.

convert 20200509173353-twittercard.jpg -resize 600x400\> 20200509173353-twittercard.jpg

From 4.5MB I went to less than 1MB. Also, I make a faster site to run. Small success but I love it.

Example without and with twitter card meta tags

Most of you using WordPress, Joomla - some kind of CMS and you get your own plugin for twitter card. From the internet: "A Twitter card is content designed to give users a rich media experience whenever tweets contain links to a site's content. Twitter has various card types to show content previews, play video, and increase traffic to sites."

Here summary how this looks like Twitter card optimized

So, most of you who are using some CMS are blessed with plugins and prepared solutions for most of the things that need it. Not me. I start learning trough pieces of each part for web sites from SEO to how to make web site faster(numb of pages, picture optimization, etc)

My simple solution for this was to add inside of head:

    <meta name="twitter:card" content="summary" />
    <meta name="twitter:site" content="@vladimircicovic" />
    <meta name="twitter:creator" content="@vladimircicovic" />
    <meta property="og:url" content="https://www.vladimircicovic.com/2020/05/why-is-serverless-important" />
    <meta property="og:title" content="Vladimir Cicovic Blog" />
    <meta property="og:description" content="Serverless short description with good, bad things" />
    <meta property="og:image" content="https://www.vladimircicovic.com/content/images/da4d8eec88e0ddf8ec2716bbf1f0f2b4.jpg" />

Hope this help someone and make them day !