SpFx Proxy Debugging in a VM

The Problem My work laptop's image is full of spyware, bloatware, inventory management, anti-phishing and anti-virus applications. As time goes on between imaging, the bloat becomes worse until a relatively powerful i7 CPU, 16GB ram laptop with SSD slows to a crawl. Introduce a global pandemic and the necessity to use collaboration fat applications like Microsoft Teams, you end up with a very expensive and very hot to-the-touch terminal brick [Read More]

Use FireFox, DuckDuckGo. Donate to Mozilla

The new FireFox browser is incredible. Mozilla is the only browser organization which pretends to care about privacy. Set DuckDuckGo to your default search engine on all devices, all browsers. Download FireFox to all of your devices. Remove and deprecate all use of personal data harvesting browsers. If you are on desktop, also install uBlock origin. Have a nice day -Phil [Read More]

SharePoint Framework SPFx Node Version Compatibility Matrix

The SharePoint Framework has gone through many revisions since its introduction some time in early 2017. I have compiled this version matrix by scanning release notes of previous versions of the platform for future reference. At the time of writing I am unaware of any officially documented compatibility issues between versions of SpFx and Node. But it is probably a good idea to respect versions when building/deploying old web [Read More]

Hosting Secure Cloud WordPress with Caddy & Docker

Some notes from implementing Wordpress with Caddy and Docker Prerequisites There are a few prerequisites before Caddy will be able to negotiate a certificate from Let's Encrypt: 1. Valid domain name that you own 2. DNS configured to point your domain to your server 3. DNS propagated For more information on how to set up Caddy you can refer to the Caddy documentation or my articles on the subject SSL [Read More]

Restricting Files & Paths in Caddy

I received an email today from an independent security researcher which detailed a vulnerability in pdemro.com. I am using a pretty old version of the Ghost docker image which apparently serves a directory which is a Git repository (including a .git folder). The vulnerability exploited my permissive Caddy configuration to access the git HEAD. To reproduce, the researcher built a robot to hit websites at /.git/HEAD. Read all [Read More]