Title photo
frugal technology, simple living and guerrilla large-appliance repair
Sun, 13 Apr 2014

Hiding directories in Apache with .htaccess

In my Ode system running on an Apache web server, I'm "exposing" the existence of the /documents directory by stashing HTML there for my site archive.

Normally only text files and images live in that directory, and Ode uses them to produce the HTML pages it serves out of another directory.

I'm not crazy about exposing the contents of directories that don't, for the most part, serve HTML. So I decided to disallow directory listings on my Ode site with this line in .htaccess:

Options -Indexes

Now my readers can see http://stevenrosenberg.net/documents/archive.html but not http://stevenrosenberg.net/documents and the entire structure under that.

Even if I do decide to move my archive file to another directory (and I am seriously thinking about doing that), it still seems like a good idea to block access to the "raw" directories in Apache.

Thu, 10 Apr 2014

After a year or so, back to Thunderbird

I stopped using stand-alone mail clients about a year ago.

This week I decided to give Thunderbird another try. I'm keeping it simple this time around.

I'm using Thunderbird for a single e-mail account via IMAP. No Gmail. No shared Google Calendar. No newsgroups (yeah, I said newsgroups, which I had running in Thunderbird my last go-round)

What pushed me back to a mail client was the lack of speed in my webmail client of choice, RoundCube, with my mail provider.

So I'm keeping it simple and enjoying the speed and ease of a traditional desktop mail client.

Thunderbird has seen quite an update in its UI since the last time I used it, and that's enough progress for an app that has seemingly been abandoned by its parent company/foundation Mozilla.

As long as they keep it patched from a security standpoint, I don't need any new features.

Wed, 09 Apr 2014

Fedora patches the OpenSSL 'Heartbleed' bug

It happened a day later than it should have, meaning Fedora got spanked by Debian, but the Fedora 20 patch for the OpenSSL 'Heartbleed' bug did roll onto my system today.

I would have liked Fedora to be ahead of Debian rather than behind it, but a day's delay isn't a deal-breaker. And I could have installed the OpenSSL update from Koji early if this were a server installation.

Overall, the free-software community's response to the 'Heartbleed' bug shows the power of open development and how these projects and products are stronger through transparency and sharing.

Tue, 08 Apr 2014

You might want to pay for an e-mail service like the OpenBSD-running Neomailbox

I don't look on the OpenBSD Misc mailing list very often, but today a message from that list introduced me to Neomailbox, which offers services that include secure, encrypted e-mail and anonymous web surfing for prices that are very reasonable.

So why would you want to pay for e-mail? Well, you do get what you pay for, and while services like Gmail have a lot to offer, one of those things is Google's servers crawling the text of your mail and serving you ads based on what's in there.

And while Google is continually boosting its use of encryption, there are plenty of reasons why you might want an offshore, encrypted mail service that you actually pay for.

Did I forget to mention that Neomailbox uses OpenBSD?

Neomailbox also offers an anonymous web surfing service that uses encrypted tunneling and anonymous IP to add a whole lot of privacy and security to your daily comings and goings on the Internet.

And they do offer discounts if you get both e-mail and anonymous web, plus additional "family" discounts.

If your paranoid (or have reason to be) and don't want to run these services yourself on either home or colocated servers, Neomailbox is definitely worth a look.

Wed, 02 Apr 2014

Hashover: A free-software alternative to Disqus and other hosted-commenting services

I’ve been waiting for this: Hashover is a free-software project that aims to replace hosted-comments services like Disqus and those offered by Facebook and others that keep your comments in their database.

Many, many blogging systems like Ode, which I use, and others like Pelican, Ghost and Octopress do not manage their own comments and most defer to Disqus to add a commenting platform.

But the problem is that Disqus is a third-party service that seeks to make money off of you. And you don’t control the comments.

So if you have a self-hosted blog, having comments that are not self-hosted seems like cheating.

I don’t know anything else about Hashover beyond what’s at their web site, but I am very excited at the prospect of an add-to-anything commenting solution like Disqus that you can host yourself.

It’s something we really, really need. And I’m glad it’s here.

More on Hashover:

Other free-software commenting systems?

I found: