Free Your PC Friday Special: Interwebz News & How-To's

Interwebs News & How-TosShow more

OpenSSL PSA
Drupal VS Wordpress: Which is Better?
Ever Wanted a FOSS, Encrypted Alternative to O365?

#internetsecurity #psa #update #openssl #cms #wordpress #drupal #office365 #cryptpad #selfhosted #FOSSnews #TechFreedom

PSA: Update Your Servers’ OpenSSL Version ASAP
There was a major flaw which got patched in the new version. There are several smaller flaws, but the main, big one could allow an attacker a vector to enact a denial of service attack on your server through a memory address confusion vulnerability. The new version resolves that issue, so update ASAP, y’all.

https://linuxsecurity.com/features/urgent-openssl-security-advisory

#security #internetsecurity #openssl #flaws #patched #updatenow #FOSSnews #TechFreedom

WordPress Vs Drupal: Which is the CMS to Rule Them All?
The undisputed king of Content Management Systems (CMS) is WordPress, currently, but let’s see what strengths Drupal has and why we might want to take a look at it over and against the king of the hill, which also happens to be FOSS.
Off the top, WordPress is easier to use and work with, because it is familiar (sounds a bit chicken & the egg to me), but Drupal is more customizable. Drupal is FOSS as well, though like WordPress, has paid tiers for greater support. Due to the law of supply and demand, though Drupal is a legitimate contender, it has fewer plugins, extensions, and themes than WordPress does. On the other hand, there are some huge tech-related companies which have build their websites via Drupal rather than Wordpress: AMD, Tesla, GE, and Nokia. It is commonly used amongst A-tier companies and even NGOs, such as Johnson & Johnson, The Royal Family, and The UN.
On the other hand, due to its ease of use, WordPress enjoys use on something like 43.1% of websites, worldwide. It is commonly used by individuals, bloggers, and small businesses, but not to be outdone, it also has its share of high-profile companies and organizations, such as Sony Music, the Walt Disney Company, and the Harvard Gazette. Ok, so having said that, why should you think about Drupal over WordPress? Most of you are not mega corporations or government organizations, but let’s take a look at this anyway, shall we?
Drupal Benefits
v Excellent SEO built-in
v Lightning fast
v Excellent and transparent security practices
v Functionality in the form of over 40,000 plugins and 2,500 themes
v Content Customization
v Flexibility for complex systems of content and organization
WordPress Benefits
v Very easy to use
Ø Just download and install any of the multitude of plugins, extensions, or themes to add functionality or beauty to your site
v SEO Optimizations
v Flexible
Ø You can literally do ANYTHING with a WordPress site, and fairly easily at that, add a forum, social networking, e-commerce, a blog, you name it.
v Advanced Blogging Features
Ø I use this, it is immensely helpful. I can’t imagine consistently doing what I do without those tools.
Drupal Drawbacks
v Much more finicky about updates, where WordPress can easily recover from a bad update, Drupal can break your whole site and take hours to repair if something breaks.
v Most of the well-known Drupal modules aren’t free
WordPress Whoopsies
v It is the big dog on the block, because so many sites use it, it naturally has a higher profile, which makes it a far more tempting target for bad actors to attack
v Can be slow in terms of loading times, particularly if a site uses too many heavy plugins or themes
v Most plugins are free, but can be a pain to manage when they misbehave after an update or something like that.
Bottom line is that your mileage will likely vary, and if you have the time to learn Drupal, it can reap dividends for your site, but if you have neither the time nor the desire to learn that much, WordPress is probably a better bet for you. Weigh your choices carefully, if you want to mess around and learn something new on a cheap hosting provider, or on a server you own, give Drupal a shot. If you are a mega-corp or a Gov’t agency/ NGO, Drupal may make more sense for you. If you are just an average Joe or Jane who just wants to have a web presence, WordPress is probably a better bet for you. I use WordPress for techfreedom.pro, matthewpatten.pro, phandl.com, and achristianmystic.com (my wife’s site). It is indeed flexible, but if you are easily confused, it may not be your best bet, either. If that is the case, then use a site builder like Squarespace or Wix to create your site, but be prepared for them to snoop on your site, and if you express opinions that are contrary to the accepted “truth”, then prepared to be deplatformed. If you build your own using something like WordPress, on a provider like Linode, DigitalOcean, or Epik, you will have a better chance of being left alone. Questions? Comments? Hit me in the comments.
https://www.rosehosting.com/blog/drupal-vs-wordpress-what-is-the-difference/
#interwebs #FOSSnews #WordPress #Drupal #CMS #vs #TechFreedom

CryptPad: Is it As Good As They Say?
Here’s how to get it set up on a VPS or even your own personal hardware:
Requirements before you start:
v Machine that is accessible from an outside network
v At least 2GB of RAM and 20GB of storage
v Domain name (and a sub-domain name) pointing to your server’s IP address
These are all met by something like a DigitalOcean droplet which would cost less then $20/month, simply attach the droplet to a domain you already own, which could cost as little as $.99/year, depending on the registrar, name, and extension (.com, .pro, .net, etc...). Ok,, so how do we get this done?
1. Set up your VPS or personal hardware with some server-friendly distro of Linux or other (Ubuntu or Fedora are common choices for this, with Ubuntu being the more popular of the two)
2. Start to grab the dependencies
a. Open the server’s console and enter the following
i. sudo gpasswd -a <new user, group>
ii. sudo apt install git nodejs npm nginx certbot python3-certbot-nginx
iii. then clone the cryptpad repo to the server
1. git clone https://github.com/xwiki-labs/cryptpad.git cryptpad
iv. CD to the new directory
1. cd cryptpad
2. git checkout -b 5.2.1
3. sudo npm install -g bower
4. Run both NPM and Bower to install Cryptpad from the git source you just copied
a. npm install
b. bower install
5. Then use certbot to establish SSL encryption for the server
a. sudo certbot certonly --standalone
b. Enter the root domain and the subdomain you want to link to the certificate
c. Create a Diffie-Hellman parameter file to assure that your instance is secure
i. sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
6. Configure Nginx on your server
a. sudo cp /home/$USER/cryptpad/docs/example.nginx.conf /etc/nginx/conf.d/cryptpad.conf
b. Modify that new file
i. sudo nano /etc/nginx/conf.d/cryptpad.conf
1. Comment out the line with include letsencrypt-webroot in it (add a # to the front of the line)
2. Modify the $main_domain and $sandbox_domain variables to reflect your root domain and sub domain
3. Modify $api_domain and $files_domain. To reflect your root domain
4. Change the server_name variable to both the root and sub domain
5. Change ssl_certificate and ssl_certificate_key to the location of your SSL certificate.
6. replace the value of the root variable with the location of your Cryptpad repository
7. COnfigure CryptPad
a. cp /home/$USER/cryptpad/config/config.example.js /home/$USER/cryptpad/config/config.js
i. Open that file with a text editor (doesn’t need to be nano)
1. change the httpUnsafeOrigin: variable to your root domain.
2. Change the httpSafeOrigin: variable to your subdomain
3. Add the following line of code immediately after the httpSafeOrigin: variable.
4. adminEmail: 'working_email@address.here'
b. Create Systemd service
i. Use nano to edit an extant service file
1. nano /home/$USER/cryptpad/docs/cryptpad.service
2. [Unit]
3. Description=Cryptpad Service
4. # Replace the username values with your own username.
5. [Service]
6. ExecStart=/bin/node /home/<user>/cryptpad/server.js
7. WorkingDirectory=/home/<user>/cryptpad
8. Restart=always
9. RestartSec=2
10. StandardOutput=syslog
11. StandardError=syslog
12. SyslogIdentifier=ramces
13. User=<user>
14. Group=<group>
15. Environment='PWD="/home/<username>/cryptpad"'
16. LimitNOFILE=1000000
17.
18. [Install]
19. WantedBy=multi-user.target
20. Save, then copy the file to /etc/systemd/system/cryptpad.service
a. sudo cp /home/$USER/cryptpad/docs/cryptpad.service /etc/systemd/system/cryptpad.service
ii. To enable that service, restart systemd, then run the other commands below
1. sudo systemctl daemon-reload
2. sudo systemctl enable cryptpad
3. sudo systemctl start cryptpad
4. sudo systemctl reload nginx
3. Congrats, it is now installed on your server, let’s run it and set up your admin account now.
a. You should be able to access it through your subdomain, something like docs.mydomain.com, and the application should be there.
b. Now, onto user creation
i. Click Sign Up on your instance
1. Enter username and password
2. Log in with those credentials
a. Click the user menu, then settings
b. Copy the pub key you see there into the following file
i. nano /home/$USER/cryptpad/config/config.js
1. Paste your key between the brackets on the admin keys: variable
2. Save the file and exit nano
c. Reload CryptPad through Systemd
i. sudo systemctl restart cryptpad
You now have an end-to-end encrypted collaboration suite which you control and can access from any computer with internet access. Congratulations. I’ll have to look into the process for Nextcloud next week, so that we have something to compare this with.
https://www.maketecheasier.com/create-self-hosted-office365-with-cryptpad/
#ineterwebs #privacy #security #encryption #selfhosting #cryptpad #howto #cryptpad #TechFreedom #FOSSnews