Psychedelic coder from the hills.
134 stories
·
4 followers

¿Cuánto pesan los 39 billones de microbios que viven en nuestro cuerpo?

1 Share

Micrografia Al Microscopio Electronico De Barrido De Celulas De Escherichia Coli Foto Rocky Mountain Laboratories Niaid Nih Dp La cantidad de microbios que vive en nuestro cuerpo es tan espectacular que casi podemos afirmar que somos más un conjunto de microbios que un organismo individual: nada menos que 39 billones.

El peso total de todos estos microbios oscila entre uno y dos kilogramos.

Somos ellas

Según explica Ed Young, autor del libro Tengo multitudes:

Los seres humanos tenemos 1 célula de las bacteria por cada una de las nuestras, pero como ellas son significativamente más pequeñas, pesan menos. En total, los 39 billones calculados en las últimas estimaciones, equivalen a 1 ó 2 kilos a lo sumo.

Las bacterias que viven en nuestro cuerpo, y se aprovechan de él, superan en número a nuestras propias células constituyentes. La proporción es de más de 10 a 1. Tenemos 25.000 genes contenidos en nuestras células, pero poseemos 20 veces más de genes no humanos procedentes de las bacterias.

Sea como fuere, en nuestro cuerpo vive, o está formado por, más organismos distintos que personas hay en el mundo; incluso por más organismos que números de estrellas encontramos en la Vía Láctea.

También te recomendamos

El síndrome de Frankenstein y el coche autónomo: ¿por qué nos da más miedo que conduzcan solos los coches que los aviones?

Los problemas de nacionalidad de los microbios de nuestro cuerpo

Este pez, cual vampiro, rejuvenece cuando absorbe la caca de uno joven

-
La noticia ¿Cuánto pesan los 39 billones de microbios que viven en nuestro cuerpo? fue publicada originalmente en Xataka Ciencia por Sergio Parra .

Read the whole story
lardissone
73 days ago
reply
Pergamino, Argentina
Share this story
Delete

Happy Monday!This is how red foxes hunt in winter - listening...

1 Comment and 2 Shares


Happy Monday!

This is how red foxes hunt in winter - listening for tiny rodents beneath the snow. Sometimes they miss.

Credit: Department of the Interior

Read the whole story
ChrisDL
394 days ago
reply
yaaaassss
New York
lardissone
389 days ago
reply
Pergamino, Argentina
Share this story
Delete

HTTP Strict Transport Security (HSTS) and NGINX

1 Share

Netcraft recently published a study of the SSL/TLS sites they monitor, and observed that only 5% of them correctly implement HTTP Strict Transport Security (HSTS). This article describes how to configure NGINX and NGINX Plus to implement an HSTS policy.

What is HSTS?

HTTPS (SSL and TLS) is an essential part of the measures to secure traffic to a website, making it very difficult for an attacker to intercept, modify, or fake traffic between a user and the website.

When a user enters the web domain manually or follows a plain http:// link, the first request to the website is sent unencrypted, using plain HTTP. Most secured websites immediately send back a redirect to upgrade the user to an HTTPS connection, but a well-placed attacker can mount a man-in-the-middle (MITM) attack to intercept the initial HTTP request and can control the user’s session from then on.

HSTS seeks to deal with the potential vulnerability by instructing the browser that a domain can only be accessed using HTTPS. Even if the user enters or follows a plain HTTP link, the browser strictly upgrades the connection to HTTPS:

Chrome developer tools illustrate how an HTTP Strict Transport Security (HSTS) policy generates an internal redirect to upgrade HTTP to HTTPS
Chrome developer tools illustrate how an HSTS policy
generates an internal redirect to upgrade HTTP to HTTPS

How Does HSTS Work?

An HSTS policy is published by sending the following HTTP response header from secure (HTTPS) websites:

Strict-Transport-Security: max-age=31536000

When a browser sees this header from an HTTPS website, it “learns” that this domain must only be accessed using HTTPS (SSL or TLS). It caches this information for the max-age period (typically 31,536,000 seconds, equal to about 1 year).

The optional includeSubDomains parameter tells the browser that the HSTS policy also applies to all subdomains of the current domain.

Strict-Transport-Security: max-age=31536000; includeSubDomains

For example, the HTML response for https://www.example.com can include a request to a resource from https://example.com, to make sure that HSTS is set for all subdomains of example.com.

Configuring HSTS in NGINX and NGINX Plus

Setting the Strict Transport Security (STS) response header in NGINX and NGINX Plus is relatively straightforward:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

The always parameter ensures that the header is set for all responses, including internally-generated error responses. Older versions of NGINX (prior to 1.7.5 or NGINX Plus R5) don’t support the always parameter and do not set the header on internally-generated error responses.

Inheritance Rules for add_header Directives

NGINX configuration blocks inherit add_header directives from their enclosing blocks, so you just need to place the add_header directive in the top-level server block. There’s one important exception: if a block includes an add_header directive itself, it does not inherit headers from enclosing blocks, and you need to redeclare all add_header directives:

server {
listen 443 ssl;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# This 'location' block inherits the STS header
location / {
root /usr/share/nginx/html;
}

# Because this 'location' block contains another 'add_header' directive,
# we must redeclare the STS header
location /servlet {
add_header X-Served-By "My Servlet Handler";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_pass http://localhost:8080;
}
}

Testing HTTP Strict Transport Security with Care

Once a client is presented with the HSTS policy, it caches the information for the specified max-age period. During that period, the browser refuses to access the web service over unencrypted HTTP, and refuses to grant exceptions to certificate errors (if the site previously presented a valid, trusted certificate). If you specify the includeSubDomains parameter for an HSTS policy, these restrictions also apply to all subdomains of the current domain.

It’s practically impossible to back out an HSTS policy. When you test HSTS, use a very short max-age timeout and ensure you’re comfortable with the effects and the obligation to maintain an HTTPS version of your site. When you first go live with your HSTS policy, keep max-age small and increase it only when you’re confident about doing so.

Does Every HTTPS Response Need to Have an STS Header?

The goal is to present the HSTS policy to your users as soon as possible when they begin the HTTPS session. If they don’t receive the HSTS policy during the session, they remain vulnerable to future HTTP hijacking attacks.

The browser needs to observe the STS header only once, so it’s not strictly necessary to add it to every location block and every response. However, adding it to just the home page or login page is probably not sufficient, and if you add the header only to cacheable responses, a client might not see it. Make sure you cover as much of your URL space as reasonably possible, with special attention to dynamic (non-cacheable) content.

Running HTTP and HTTPS Versions of the Website Side-by-Side

Some sites run HTTP and HTTPS versions of a website within the same NGINX or NGINX Plus server, to make its content accessible through either protocol:

server {
listen 80;
listen 443 ssl;
...
}

This is not appropriate when using HSTS because you don’t want users to access content over HTTP. Instead, you want to redirect all HTTP website accesses to use HTTPS:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;

# Discourage deep links by using a permanent redirect to home page of HTTPS site
return 301 https://$host;

# Alternatively, redirect all HTTP links to the matching HTTPS page
# return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name www.example.com;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

Strengthening HSTS

A client is protected from HTTP interception after it has seen an STS header for the relevant domain within the declared max-age period.

However, HSTS is not a perfect solution to HTTP session hijacking. Users are still vulnerable to attack if they access an HSTS-protected website over HTTP when they have:

  • Never before visited the site
  • Recently reinstalled their operating system
  • Recently reinstalled their browser
  • Switched to a new browser
  • Switched to a new device (for example, mobile phone)
  • Deleted their browser’s cache
  • Not visited the site recently and the max-age time has passed

Source: Netcraft

To address this, Google maintains a “HSTS preload list” of web domains and subdomains that use HSTS and have submitted their names to https://hstspreload.appspot.com/. This domain list is distributed and hardcoded into major web browsers. Clients that access web domains in this list automatically use HTTPS and refuse to access the site using HTTP.

Be aware that once you set the STS header or submit your domains to the HSTS preload list, it is impossible to remove it. It’s a one-way decision to make your domains available over HTTPS.

Read More

For more details about HSTS, check out the following resources:

If you’re considering adding the STS header to your NGINX configuration, now is also a great time to consider using other security-focused HTTP headers, such as X-Frame-Options and X-XSS-Protection.

NGINX Plus has additional features for protecting your site from security threats and other issues, such as distributed denial-of-service (DDoS) attacks. To try NGINX Plus, start your free 30-day trial today or contact us for a live demo.

The post HTTP Strict Transport Security (HSTS) and NGINX appeared first on NGINX.

Read the whole story
lardissone
663 days ago
reply
Pergamino, Argentina
Share this story
Delete

Adam 2.0

2 Comments and 18 Shares
Adam 2.0
Read the whole story
lardissone
792 days ago
reply
Pergamino, Argentina
popular
793 days ago
reply
Share this story
Delete
1 public comment
dreadhead
793 days ago
reply
A+++
Vancouver Island, Canada
wreichard
793 days ago
No kidding. I think about this a lot.

The trouble with having two Apple IDs

1 Share

The public release of Apple's music subscription service 'Apple Music' brought my one major gripe with Apple's account system into focus again: The fact that Apple doesn't allow merging of Apple IDs will mess with your ability to make use of iCloud Family Sharing and the Apple Music Family Membership.

How to end up with two Apple IDs

I have two accounts with Apple. One is the iTunes ID that I created when I bought my first Apple device in 2004 — a 4th generation iPod, thankyouverymuch, and yes it still works nicely. The other was created when I bought my first Mac in 2008 and signed up for a MobileMe address.

When Apple introduced iCloud in 2011, all MobileMe accounts were converted into iCloud accounts and became Apple IDs, with all the capabilities of an Apple ID used in the iTunes and App Store. That's where the problems started because many users were left with two Apple IDs and no way to merge them.

Since Apple made this change, they've provided a way for their customers to use a different Apple ID for signing into iTunes and iCloud when setting up a new Mac or iOS device. It's inelegant, but it has worked well so far because iTunes, App Store, and personal content stored in iCloud didn't intersect until last year.

Where things get really inconvenient

When iCloud Family Sharing was introduced in June 2014, this configuration became a problem for anyone with two Apple IDs and the desire to share content with their family, because Apple doesn't provide a way to set up iCloud Family sharing for two different accounts. Depending on the way a person has been using the two Apple IDs, certain content is going to be permanently unavailable for Family Sharing.

Essentially, I can either decide to share my Apple Music subscription, along with my music, movie, TV, books, and app purchases with my family; or I can decide to easily and privately share calendars and photos — the latter is something we love doing in my family. And really, I don't want to have to decide.

Best case and worst case scenarios

Lucky for me, the case above is a best case scenario. I have diligently separated my iTunes/App Store purchases and data stored in MobileMe/iCloud from the get-go, resulting in all my media purchases being linked to my original iTunes ID from 2004(1) and all my iCloud data being associated with my MobileMe address from 2008(2).

Theoretically, anyone who is in the same situation can manually migrate personal data like calendars, events, reminders, notes, and contacts to the Apple ID/iCloud account that is linked to their iTunes and App Store purchases, and continue to use the other iCloud account for email(3), but the process is far from trivial.

The worst case scenario applies to all cases where a user hasn't made sure to make all app purchases with just one of the two accounts. Only Apple has the ability to accomplish anything here.

Pitfalls of merging Apple IDs

With my limited knowledge of Apple's account and data structures, there are two issue I can think of as to why they haven't come forward with a solution for this problem:

  1. Syncing complex data isn't easy and the potential for data loss or corruption is very high.
  2. Apple needs to make sure no one gains access to another persons data by merging Apple IDs.

Personally, I find the former issue to be much worse than the latter because the latter is a matter of effective authentication(4).

With all that said, merging the purchase history of two Apple IDs and the personal data in both accounts is not impossible, and should be solvable for a company like Apple.

  1. Which amouts to eleven years of occasional music, movie, TV show, book, and application purchases.

  2. These are thousands of emails in my MobileMe/iCloud account, associated with three different aliases that I use constantly. Also my PIM data and iMessage history.

  3. Apple allows users to sign in with more than one iCloud account on a Mac or iOS device. The secondary account can be used for email, notes, calendars, and reminders, but things like Family Sharing, Find my Device, iCloud Keychain, etc. can not be used with it.

  4. An idea for solving the latter problem would be to create a secure environment, like a dedicated iOS app in which a user can log in with both Apple IDs to authenticate themselves, preferably with more than just the login credentials. Only if the authentication is successful will Apple have the permission to actually initiate the account merging process.



Read the whole story
lardissone
849 days ago
reply
Pergamino, Argentina
Share this story
Delete

Coder Interview

1 Comment

Read the whole story
lardissone
973 days ago
reply
So true lately!
Pergamino, Argentina
Share this story
Delete
Next Page of Stories