[ This is a content summary only. Visit our website https://ift.tt/1b4YgHQ for full links, other content, and more! ]
by Saima Salim via Digital Information World
Thursday, April 9, 2020
YouTube Tests Unlisted Video Review Program – Find out all about it here!
YouTube creators often wonder why their video was demonetized by the video-streaming platform. They have also requested the YouTube moderators on multiple occasions to enhance transparency and provide them with detailed information regarding why their video was deemed unfit for paid advertisements....
[ This is a content summary only. Visit our website https://ift.tt/1b4YgHQ for full links, other content, and more! ]
by Saima Salim via Digital Information World
[ This is a content summary only. Visit our website https://ift.tt/1b4YgHQ for full links, other content, and more! ]
by Saima Salim via Digital Information World
How to Use SSL/TLS with Node.js
In 2020, there’s no reason for your website not to use HTTPS. Visitors expect it, Google uses it as a ranking factor and browser makers will happily name and shame those sites not using it.
In this tutorial, I’ll walk you through a practical example of how to add a Let’s Encrypt–generated certificate to your Express.js server.
But protecting our sites and apps with HTTPS isn’t enough. We should also demand encrypted connections from the servers we’re talking to. We’ll see that possibilities exist to activate the SSL/TLS layer even when it’s not enabled by default.
Note: if you’re looking for instructions on how to set up SSL with NGINX when configuring it to work as a reverse proxy for a Node app, check out our quick tip, “Configuring NGINX and SSL with Node.js”.
Let’s start with a short review of the current state of HTTPS.
HTTPS Everywhere
The HTTP/2 specification was published as RFC 7540 in May 2015, which means at this point it’s a part of the standard. This was a major milestone. Now we can all upgrade our servers to use HTTP/2. One of the most important aspects is the backwards compatibility with HTTP 1.1 and the negotiation mechanism to choose a different protocol. Although the standard doesn’t specify mandatory encryption, currently no browser supports HTTP/2 unencrypted. This gives HTTPS another boost. Finally we’ll get HTTPS everywhere!
What does our stack actually look like? From the perspective of a website running in the browser (at the application level) we have to traverse the following layers to reach the IP level:
- Client browser
- HTTP
- SSL/TLS
- TCP
- IP
HTTPS is nothing more than the HTTP protocol on top of SSL/TLS. Hence all of HTTP’s rules still apply. What does this additional layer actually give us? There are multiple advantages: we get authentication by having keys and certificates; a certain kind of privacy and confidentiality is guaranteed, as the connection is encrypted in an asymmetric manner; and data integrity is also preserved, as transmitted data can’t be changed during transit.
One of the most common myths is that using SSL/TLS is computationally expensive and slows the server down. This is certainly not true anymore. We also don’t need any specialized hardware with cryptography units. Even for Google, the SSL/TLS layer accounts for less than 1% of the CPU load and the the network overhead of HTTPS as compared to HTTP is below 2%. All in all, it wouldn’t make sense to forgo HTTPS for the sake of a little overhead.
As Ilya Grigorik puts it, there is but one performance problem:
TLS has exactly one performance problem: it is not used widely enough. Everything else can be optimized: https://t.co/1kH8qh89Eg
— Ilya Grigorik (@igrigorik) February 20, 2014
The most recent version is TLS 1.3. TLS is the successor of SSL, which is available in its latest release SSL 3.0. The changes from SSL to TLS preclude interoperability, but the basic procedure is, however, unchanged. We have three different encrypted channels. The first is a public key infrastructure for certificate chains. The second provides public key cryptography for key exchanges. Finally, the third one is symmetric. Here we have cryptography for data transfers.
TLS 1.3 uses hashing for some important operations. Theoretically, it’s possible to use any hashing algorithm, but it’s highly recommended to use SHA2 or a stronger algorithm. SHA1 has been a standard for a long time but has recently become obsolete.
HTTPS is also gaining more attention for clients. Privacy and security concerns have always been around, but with the growing amount of online accessible data and services, people are getting more and more concerned. For those sites that don’t implement it, there is a useful browser extension — HTTPS Everywhere from the EFF — which encrypts our communications with most websites.
The creators realized that many websites offer HTTPS only partially. The plugin allows us to rewrite requests for those sites that offer only partial HTTPS support. Alternatively, we can also block HTTP altogether (see the screenshot above).
Basic Communication
The certificate’s validation process involves validating the certificate signature and expiration. We also need to verify that it chains to a trusted root. Finally, we need to check to see if it’s been revoked. There are dedicated, trusted authorities in the world that grant certificates. In case one of these were to become compromised, all other certificates from the said authority would get revoked.
The sequence diagram for an HTTPS handshake looks as follows. We start with the initialization from the client, which is followed by a message with the certificate and key exchange. After the server sends its completed package, the client can start the key exchange and cipher specification transmission. At this point, the client is finished. Finally the server confirms the cipher specification selection and closes the handshake.
The whole sequence is triggered independently of HTTP. If we decide to use HTTPS, only the socket handling is changed. The client is still issuing HTTP requests, but the socket will perform the previously described handshake and encrypt the content (header and body).
So what do we need to make SSL/TLS work with an Express.js server?
HTTPS
By default, Node.js serves content over HTTP. But there’s also an HTTPS module that we have to use in order to communicate over a secure channel with the client. This is a built-in module, and the usage is very similar to how we use the HTTP module:
const https = require("https"),
fs = require("fs");
const options = {
key: fs.readFileSync("/srv/www/keys/my-site-key.pem"),
cert: fs.readFileSync("/srv/www/keys/chain.pem")
};
const app = express();
app.use((req, res) => {
res.writeHead(200);
res.end("hello world\n");
});
app.listen(8000);
https.createServer(options, app).listen(8080);
Ignore the /srv/www/keys/my-site-key.pem and and /srv/www/keys/chain.pem files for the moment. Those are the SSL certificates we need to generate, which we’ll do a bit later. This is the part that changed with Let’s Encrypt. Previously, we had to generate a private/public key pair, send it to a trusted authority, pay them and probably wait for a bit in order to get an SSL certificate. Nowadays, Let’s Encrypt instantly generates and validates your certificates for free!
Generating Certificates
Certbot
The TLS specification demands a certificate, which is signed by a trusted certificate authority (CA). The CA ensures that the certificate holder is really who they claim to be. So basically when you see the green lock icon (or any other greenish sign to the left side of the URL in your browser) it means that the server you’re communicating with is really who it claims to be. If you’re on facebook.com and you see a green lock, it’s almost certain you really are communicating with Facebook and no one else can see your communication — or rather, no one else can read it.
It’s worth noting that this certificate doesn’t necessarily have to be verified by an authority such as Let’s Encrypt. There are other paid services as well. You can technically sign it yourself, but then (as you’re not a trusted CA) the users visiting your site will likely see a large scary warning offering to get them back to safety.
In the following example, we’ll use the Certbot, which is used to generate and manage certificates with Let’s Encrypt.
On the Certbot site you can find instructions on how to install Certbot for almost any OS/server combination. You should choose the options that are applicable to you.
A common combination for deploying Node apps is NGINX on the latest LTS Ubuntu and that’s what I’ll use here.
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
Webroot
Webroot is a Certbot plugin that, in addition to the Certbot default functionality (which automatically generates your public/private key pair and generates an SSL certificate for those), also copies the certificates to your webroot folder and verifies your server by placing some verification code into a hidden temporary directory named .well-known. In order to skip doing some of these steps manually, we’ll use this plugin. The plugin is installed by default with Certbot. In order to generate and verify our certificates, we’ll run the following:
certbot certonly --webroot -w /var/www/example/ -d www.example.com -d example.com
You may have to run this command as sudo, as it will try to write to /var/log/letsencrypt.
You’ll also be asked for your email address. It’s a good idea to put in a real address you use often, as you’ll get a notification if your certificate is about to expire. The trade-off for Let’s Encrypt issuing a free certificate is that it expires every three months. Luckily, renewal is as easy as running one simple command, which we can assign to a cron job and then not have to worry about expiration. Additionally, it’s a good security practice to renew SSL certificates, as it gives attackers less time to break the encryption. Sometimes developers even set up this cron to run daily, which is completely fine and even recommended.
Keep in mind that you have to run this command on a server to which the domain specified under the -d (for domain) flag resolves — that is, your production server. Even if you have the DNS resolution in your local hosts file, this won’t work, as the domain will be verified from outside. So if you’re doing this locally, it will most likely fail, unless you opened up a port from your local machine to the outside world and have it running behind a domain name which resolves to your machine. This is a highly unlikely scenario.
Last but not least, after running this command, the output will contain paths to your private key and certificate files. Copy these values into the previous code snippet — into the cert property for certificate, and the key property for the key:
// ...
const options = {
key: fs.readFileSync("/var/www/example/sslcert/privkey.pem"),
cert: fs.readFileSync("/var/www/example/sslcert/fullchain.pem") // these paths might differ for you, make sure to copy from the certbot output
};
// ...
The post How to Use SSL/TLS with Node.js appeared first on SitePoint.
by Florian Rappl via SitePoint
Wednesday, April 8, 2020
Beware! Sim Swappers can hijack PayPal and Venmo to steal money and other private information
Despite clear warning from researchers, that safety measures should be applied to prevent the system from getting hijacked, some tech companies are still not taking security issues seriously, and they have to face the loss, and some have not even fixed the system. There are significant individual...
[ This is a content summary only. Visit our website https://ift.tt/1b4YgHQ for full links, other content, and more! ]
by Arooj Ahmed via Digital Information World
[ This is a content summary only. Visit our website https://ift.tt/1b4YgHQ for full links, other content, and more! ]
by Arooj Ahmed via Digital Information World
How to Add or Edit a Sidebar With Widgets in WordPress
Sidebars are a great way to add extra content and functionality to your website, without distracting from its core content.
Most WordPress themes feature a built-in sidebar, which may already contain some WordPress widgets, such as a search bar or a list of your most recent blog posts.
In this quick tip, I’ll show you how to customize your theme’s built-in sidebar, including adding and removing content, and customizing the content that’s already there.
Even if your theme features multiple built-in sidebars, these sidebars may not be the ideal fit for your website. If you’re feeling restricted by your theme, then I’ll also be showing you how to create a custom sidebar, and then place this sidebar anywhere on your website, including areas that aren't supported by your theme.
The Best WordPress Sidebar and Widget Plugins on CodeCanyon
Explore thousands of the best WordPress plugins ever created on CodeCanyon. With a low-cost one time payment, you can purchase these high-quality WordPress plugins and improve your website experience for you and your visitors.
What Is the WordPress Sidebar?
A sidebar is a widgetized area of your WordPress website, where you can display content that isn’t part of the main webpage. This secondary content is added to your website via widgets, for example, you might use a widget to display a list of your most recently-published blogs, a tag cloud, or a search bar.
Sidebars can be useful for helping visitors navigate your website, but they can also provide additional functionality. For example, if you created an online store then you might use the sidebar to display sliders that allow visitors to filter products based on price, category and delivery options. In this scenario, the sliders will always be within easy reach without distracting from the page’s core content. If you’re trying to monetize your website, then sidebars can also be an ideal place to display adverts.
Although the term “sidebar” suggests a vertical column that’s displayed alongside your main content, sidebars can appear in other locations, including above or below your website’s footer.
The location of your site’s sidebars will vary depending on your chosen WordPress theme, but towards the end of this article I’ll show you how to create a custom sidebar that you can place anywhere on your site, including in locations that may not be supported by your WordPress theme.
How to Add, Remove and Edit Sidebar Widgets
You can customize the sidebar via the Dashboard, or via WordPress’ Customizer.
How to Edit the Sidebar With Customizer
Let’s start with the Customizer method:
Log into your WordPress website, if you haven’t already. Then, in the left-hand menu, select Appearance > Customize. This will launch the Customizer tool.
In the left-hand panel of the Customizer, select Widgets.The panel will now display a list of all your website’s widgetized areas. The naming conventions may vary depending on your theme, but the sidebar will typically have the word sidebar in its title. When you find the sidebar widget, give it a click.
WordPress will now display a list of all the widgets that are currently housed within your sidebar. From here, you can perform the following tasks:
1. Bring Some Order to Your Widgets
You can change the order widgets appear in the sidebar, by grabbing a widget, dragging it to a new position, and then dropping it into this new location.
When you’re happy with your changes, click Publish.
2. Tweak a Widget’s Title
You can edit the text that appears above each widget, or even remove a widget’s title text entirely. To do so, just find the widget with the title that you want to edit, and then give it a click to expand this section.
- Make your edits to the Title text.
- Click Done.
- Make your edits public, by clicking Publish.
This widget will now be updated to display the edited title.
3. Remove Any Widget From the Sidebar
To remove a widget from the sidebar, click it to expand its section and then select the red Remove text.
The selected widget should now disappear. To make this change permanent, click Publish.
4. Enhance Your Sidebar, With Extra Widgets
Is the sidebar looking a little empty? WordPress supports a wide range of different widgets that you can add to your sidebars:
- Select the Add a widget button.
- Browse the list of available widgets. When you find a widget that you want to add, give it a click.
- Give this widget a title and complete any other configuration options that appear in the left-hand panel. Note that configuration may vary, depending on the widget you’re working with.
- Rinse and repeat for every new widget that you want to add to the sidebar.
- When you’re happy with your selection, click Done.
- To save your changes, click Publish.
The sidebar will now update to include all your new widgets.
If you want more widgets than what are included with vanilla WordPress you can try a WordPress widget plugin. These can let you add call to action buttons, calendars, weather forecasts, and more.
MailChimpHow to Create a Mailchimp Subscribe Form Widget for WordPress
WordPress20 Best WordPress Calendar Plugins and Widgets
WordPress11 Best Weather WordPress Widgets & Plugins
Customize the Sidebar From the Dashboard
You can also edit the sidebar from WordPress' Dashboard.
In WordPress’ left-hand menu, select Appearance > Widgets, find the Sidebar section, and then give it a click to expand. You should now be able to see all the widgets that make up this particular sidebar.
From here, you can make the following changes:
- Rearrange your widgets. You can change the order these widgets appear in the sidebar, using drag and drop.
- Change a widget’s title. Click to expand the widget’s corresponding section, edit the title text as required, and then click Done.
- Delete a widget. Click to expand the widget’s corresponding section, and then give the Delete link a click.
- Add a widget. In the Available Widgets section, find the widget that you want to add to the sidebar, and then drag and drop it onto the Sidebar section. Note that wherever you drop the widget, is where it’ll appear in the sidebar.
Want More Widgets?
Your WordPress account comes with a number of built-in widgets, but you can access even more widgets by installing WordPress plugins.
If you want more widgets to choose from, then check out our guide to the best WordPress widgets.
Not a Fan of WordPress’ Built-in Sidebars?
Many WordPress themes include some form of sidebar functionality, but you’ll be constrained by how the theme chooses to position its sidebars. If you feel restricted by your theme’s default sidebar(s), then you can add a custom sidebar to your WordPress website, with the help of a third party plugin.
In this section, I’ll show you how to create an entirely new sidebar, using the free Custom Sidebars plugin.
Install and Activate the Sidebar Plugin
To setup the Custom Sidebars plugin:
- In WordPress’ left-hand menu, select Plugins > Add New.
- Search for Custom Sidebars, and when the Custom Sidebars – Dynamic Widget Area Manager plugin appears, click Install Now.
-
When prompted, click Activate.
You’re now ready to create your custom sidebar!
How to Create a Custom Sidebar
Let’s create a custom sidebar, and place it on our website:
- In WordPress’ left-hand menu, select Appearance > Widgets.
- Select the Create a new sidebar button.
- In the subsequent popup, give your sidebar a name and enter a description.
- Click Create Sidebar and the new sidebar will appear under a dedicated Custom Sidebars heading.
You can now add widgets to the sidebar, by dragging them from the Available Widgets section. You can also remove, and edit your existing widgets, in exactly the same way you modified WordPress’ built-in sidebars.
When you create a custom sidebar, it won’t appear on your website until you give it a home! To position your sidebar, click Sidebar location.
In the subsequent popup, select where this sidebar should be placed on your website, and whether it should only appear on specific posts or pages. For example, you might choose to display your sidebar in Footer 1 for Posts only, or in Footer 2 for all Posts that are categorized as News.
When you’re happy with how your sidebar is configured, click Save Changes.
Your custom sidebar will now appear on your website. Alternatively, when you’re editing an existing Page or Post, or creating a new one, you can specify which sidebar to use:
-
When you’re editing the Page or Post, find the Sidebars section in the left-hand menu.
- Click to expand the Sidebars section.
- Use the dropdowns to specify which sidebar should be placed on this webpage, and where it should appear onscreen.
Now, when you press the Publish or Update button this webpage will go live, complete with your chosen
Conclusion
In this quick tip, we covered how you can edit your theme’s built-in sidebar, by adding, removing and tweaking WordPress’ wide range of widgets.
If you’re not a fan of your theme’s default sidebar, then I also showed you how to create an entirely new, custom sidebar, using a third party plugin.
The Best WordPress Themes and Plugins on Envato Market
Explore thousands of beautiful WordPress themes on ThemeForest and useful WordPress plugins on CodeCanyon. Purchase these high-quality WordPress themes and plugins and improve your website experience for you and your visitors.
Here are a few of the best-selling and up-and-coming WordPress themes and plugins available for 2020.
Inspiration15+ Best WordPress Portfolio Themes for Creatives.jpg)
WordPress17 Best WordPress Slider & Carousel Plugins of 2020-
WordPress20 Best WordPress Calendar Plugins and Widgets
WordPress Themes23+ Best Responsive WordPress Themes (For Sites in 2020)
WordPress24 Best WPBakery Page Builder (Visual Composer) Addons & Plugins of 2020
WordPress Themes20+ Best Coaching & Consulting WordPress Themes (2020)
by Jessica Thornsby via Envato Tuts+ Code
LinkedIn Tests A New Auto Messaging Feature for Premium Users
LinkedIn has been trying to make things a lot better for its users in a lot of different ways but the fact of the matter is that some of its top features are most probably going to be reserved for its premium users and the reason behind this is that these premium users are paying money for these...
[ This is a content summary only. Visit our website https://ift.tt/1b4YgHQ for full links, other content, and more! ]
by Zia Muhammad via Digital Information World
[ This is a content summary only. Visit our website https://ift.tt/1b4YgHQ for full links, other content, and more! ]
by Zia Muhammad via Digital Information World
Subscribe to:
Posts (Atom)