An updated look at the BigDino web stack

Posted on
An updated look at the BigDino web stack

It's been some time since I've done a good ol' infrastructure post, and the Bigdinosaur.org web stack has evolved a bit over the course of 2018. We're still using HAProxy, Varnish, & Nginx, but the way these applications connect & how they communicate is very different from my 2017-era config. Here's a look under the hood.

Read more »

Farewell to HPKP, hello to DNS-01 and ECDSA

Posted on
Farewell to HPKP, hello to DNS-01 and ECDSA

A few months back I switched on HTTP public key pinning, a security scheme designed to make it more difficult for attackers to do nefarious things with the BigDino web server. HPKP is difficult to implement and comes with a long list of configuration pitfalls—and, as of today, I'm done with it.

Read more »

Grieving over the death of StartSSL

Posted on
Grieving over the death of StartSSL

What was once the web's best source for free SSL certificates is dead, killed by shitty unethical behavior by a shitty company called WoSign. So thanks, WoSign—thanks for wrecking StartCom and StartSSL. You destroyed something wonderful and useful to millions of people. Hope it was worth it, dicks.

Read more »