#intercepting and overriding and configuring | Explore Tumblr posts and blogs

howtousesoftethervpnonandroid · 1 year ago

Text

why is vpn not changing my location

🔒🌍✨ Get 3 Months FREE VPN - Secure & Private Internet Access Worldwide! Click Here ✨🌍🔒

why is vpn not changing my location

VPN location override failure

When using a VPN, ensuring your location is masked and your online activities are private is crucial. However, sometimes issues can arise, such as VPN location override failure, which can expose your actual location and compromise your anonymity.

VPN location override failure occurs when the VPN server you are connected to is unable to effectively mask your true geographical location. This can happen for several reasons. One common cause is technical glitches or malfunctions within the VPN server infrastructure, leading to your actual IP address being revealed.

Another reason for VPN location override failure could be due to improper configuration settings on either the user's device or the VPN server itself. If the settings are not configured correctly, the VPN may fail to reroute your internet traffic through the intended server location, thus disclosing your real whereabouts.

Moreover, geographical restrictions imposed by certain websites or services can also lead to VPN location override failure. Some content providers actively block VPN IP addresses to prevent users from bypassing regional restrictions, forcing the VPN to disconnect or reveal the genuine location.

To prevent VPN location override failure, it's essential to choose a reputable VPN service with a proven track record of maintaining user privacy and security. Additionally, regularly updating the VPN client software and ensuring proper configuration settings are essential steps to mitigate the risks of location exposure.

In conclusion, VPN location override failure can pose a severe threat to your online privacy. By understanding the causes of such issues and taking proactive measures to address them, you can enhance your digital security and enjoy a more secure internet browsing experience.

Inaccurate VPN geo-spoofing

Inaccurate VPN Geo-Spoofing: Risks and Remedies

Virtual Private Networks (VPNs) are widely utilized for bypassing geographical restrictions, enhancing privacy, and bolstering online security. However, a concerning issue arises when VPNs inaccurately spoof geo-locations, potentially exposing users to risks they sought to mitigate.

Geo-spoofing involves masking one's actual geographical location by rerouting internet traffic through servers located elsewhere. While this can be beneficial for accessing region-restricted content or securing connections, inaccuracies in geo-spoofing can lead to unintended consequences.

One prominent risk of inaccurate VPN geo-spoofing is compromised security. Users may believe they are browsing from a specific location, trusting the associated security protocols, when in fact, their true location remains exposed. This can leave sensitive information vulnerable to interception by malicious actors, undermining the very purpose of using a VPN.

Moreover, unreliable geo-spoofing can result in unintentional legal implications. Users may inadvertently violate regional laws or regulations by accessing content from a misrepresented location, leading to potential legal repercussions or content restrictions.

To mitigate the risks of inaccurate VPN geo-spoofing, users should prioritize reputable VPN providers known for reliable geo-location masking. Additionally, employing multiple security measures such as encryption and regularly verifying IP addresses can enhance protection against potential vulnerabilities.

Furthermore, users should remain vigilant and critically assess the accuracy of their VPN's geo-spoofing capabilities. Regularly testing geo-location accuracy through reputable online tools can help identify discrepancies and prompt adjustments as needed.

In conclusion, while VPNs offer valuable benefits for online privacy and accessibility, inaccuracies in geo-spoofing pose significant risks to users. By understanding these risks and implementing appropriate safeguards, individuals can maximize the effectiveness of their VPN usage while minimizing potential vulnerabilities.

Location tracking persistence with VPN

In today's digitally-driven world, privacy and security concerns have become paramount. As we navigate through the online realm, our every move is tracked by various entities, including websites, advertisers, and even malicious actors. One common method used to track users' locations is through IP address tracking. Your IP address can reveal your approximate location, making it easier for online entities to target you with location-based services or advertisements.

However, there is a way to enhance your online privacy and prevent location tracking - by using a Virtual Private Network (VPN). A VPN creates a secure and encrypted connection between your device and the internet, masking your true IP address and location. When you connect to a VPN server, your internet traffic is routed through that server, making it appear as though you are accessing the internet from a different location.

One of the key benefits of using a VPN is the ability to prevent location tracking persistence. Even if a website or online service tries to track your location through your IP address, they will only see the IP address of the VPN server you are connected to, not your actual location. This adds an extra layer of privacy and security to your online activities, helping you to browse the web anonymously and protect your personal information from prying eyes.

By utilizing a VPN, you can take control of your online privacy and prevent location tracking persistence. Whether you are concerned about targeted ads, location-based services, or simply safeguarding your private data, a VPN offers a simple yet effective solution. Protect your digital footprint and browse the web with peace of mind knowing that your location remains hidden from unwanted tracking attempts.

VPN IP address location mismatch

When using a Virtual Private Network (VPN), one of the primary benefits is the ability to mask your true IP address and appear as if you're accessing the internet from a different location. However, sometimes users may encounter a mismatch between the location reported by their VPN and their actual physical location. This discrepancy can raise concerns and confusion among users.

There are several reasons why a VPN IP address location might not match the user's actual location:

Server Location: VPNs typically route users' internet traffic through servers located in various countries. Therefore, the location reported by the VPN may correspond to the server's location rather than the user's physical location.

IP Geolocation Inaccuracy: Geolocation databases used to determine the location of an IP address may not always be accurate. Factors such as outdated information or errors in the database can lead to discrepancies in reported locations.

GPS Spoofing: In some cases, users may intentionally spoof their GPS coordinates to bypass location-based restrictions in certain apps or services. This can result in a mismatch between the user's physical location and the location reported by the VPN.

Network Configuration Issues: Technical issues with the VPN or the user's network configuration can also contribute to IP address location mismatches. These issues may include DNS leaks, routing errors, or connectivity problems with the VPN server.

Mobile Device Settings: On mobile devices, location services settings may affect the accuracy of the reported location. If the device's GPS or location services are disabled or inaccurate, it can lead to discrepancies in the reported location.

To address IP address location mismatches, users can try connecting to different VPN servers, ensuring that their VPN software is up to date, and checking their device's location settings. Additionally, users should be cautious when relying on location-based services or content while using a VPN to avoid any unintended consequences.

VPN server not masking location

When a VPN server fails to mask your location effectively, it can raise concerns about your online privacy and security. A VPN (Virtual Private Network) is designed to encrypt your internet connection and route it through a server in a different location, thereby masking your true IP address and location. However, there are instances where the VPN may not effectively hide your location, leading to potential privacy risks.

One common reason for this issue is the use of a poorly configured or unreliable VPN server. If the server is overloaded with users or lacks proper encryption protocols, it may not be able to effectively mask your location. Additionally, some VPN providers may inadvertently leak your IP address or location due to technical glitches or misconfigurations.

Another factor to consider is the possibility of IP address leaks through WebRTC (Web Real-Time Communication) protocols in certain web browsers. Even if your VPN is active, websites utilizing WebRTC may still be able to discover your true IP address, compromising your anonymity.

Furthermore, government censorship and surveillance in certain regions may pose challenges for VPN providers, leading to limited server options and decreased effectiveness in masking your location.

To ensure your VPN effectively hides your location, it's essential to choose a reputable provider with a proven track record of privacy and security. Additionally, regularly testing your VPN for IP leaks using online tools can help identify and mitigate any potential vulnerabilities.

In conclusion, while VPNs are powerful tools for enhancing online privacy and security, they are not immune to shortcomings. Users should remain vigilant and take proactive measures to address any issues related to location masking to safeguard their online anonymity.

0 notes

tech-battery · 5 years ago

Text

Tested: X570 Motherboards Can Overjuice Ryzen, But Rarely Do

HWinfo claims that X570 motherboards from a variety of manufacturers are guilty of underreporting power to Ryzen CPUs so the chips will go faster at stock settings, but at the possible expense of chip longevity. It doesn't appear that AMD condones the misreporting. However, in response, AMD said that it was investigating the issue, but it doesn’t believe the chips will suffer excessive wear during the warranty period. So, after we wrote an article about the software vendor’s claims and its new feature (designed to detect the problem), we set out to determine if the new test was accurate and if there was any imminent danger to the health of Ryzen CPUs from motherboard makers cooking the books.

After testing three different X570 motherboards, using a variety of settings, cooling solutions and even firmware, we found that, while HWinfo does shine a light on some issues, it can output inflated values that aren't representative of actual power misreporting. Of the three motherboards -- an ASRock X570 Taichi, MSI X570 Godlike and an Gigabyte X570 Aorus Master, only the Taichi showed a huge delta between reported and actual power that resulted in increased performance. Those settings resulted in higher clock rates, voltages, and heat output. And that issue, which happened with the reviewer BIOS, largely disappeared once we installed the latest firmware. The remaining relatively small variances of 10 to 15 percent are easily explained by factors such as VRM variations, though.

HWinfo says its new power deviation measurement, which is built into its free to download and use utility, provides a means for users to determine if their motherboard is lying to their Ryzen chips. You simply have to put your CPU under load by using any common multi-threaded test (Cinebench R20 is recommended), and then monitor the value to see its relation to 100%. The 100% value represents that the motherboard is feeding correct values to the Ryzen processor so it can modulate performance within expected tolerances, while lower values can indicate false power telemetry data.

Be sure to read the forum thread for a more detailed description of the firm’s recommendation on how to test your own processor with the tool, but until further adjustments to the software are made, you should take the results with a grain of salt.

Testing for Motherboard Cheats

After hearing the report that some motherboards were misreporting key power telemetry data to Ryzen processors, my mind immediately went to the ASRock X570 Taichi motherboard we evaluated for our Ryzen 7 3900X and 3700X review.

At the time, the Taichi was our lone X570 motherboard in the lab, so I put it through the paces to assess whether or not the motherboard was suitable for CPU testing. I spent several days testing with the motherboard and encountered a few problems, such as drastically inaccurate power readings from software monitoring applications and lower performance with the auto-overclocking PBO presets than I recorded at 'stock' settings.

Encountering difficulties with motherboard firmwares is certainly not an exception during an NDA period—in fact, it's often the rule. Both Intel and AMD platforms tend to suffer from these bugs early in the review process, and communication with either the chipmaker or the motherboard vendor usually helps iron out the initial missteps.

However, the issues we encountered with the Taichi remained unresolved after speaking with ASRock, so we switched to a late-arriving MSI X570 Godlike motherboard a few days before the NDA expired, spinning up the tests you see in our review today. That wasn't fun, but having to switch test hardware happens more than you might imagine.

We prefer to use software monitoring tools like AIDA64 and HWinfo for our power measurements, as they scrape the power consumption measurements directly from the sensor loop, thus removing VRM inefficiencies from the values and showing us exactly how much power the processor itself consumes. That allows us to derive in-depth power consumption and efficiency metrics.

Software monitoring is also great because we can trigger it during our scripted tests, thus simplifying and speeding the process for our large test pools that often include 15 different processors/configurations. Unfortunately these measurements can be gamed by motherboard vendors, so due diligence is key if you rely on software-based polling, especially in light of the misreported power telemetry issue with some AM4 motherboards.

Intercepting power at the EPS12V connectors (the eight-pin CPU connectors on the motherboard) is a good method for measuring power consumption. However, it doesn't measure the true amount of power flowing into the processor because VRM inefficiencies, typically in the range of 15% on high-end motherboards, come into play.

Modern processors also draw power from separate minor rails on the 24-pin connector for various functions, like memory controllers, graphics, and I/O interfaces. Those measurements aren't included in the measurements from the EPS12V connectors. The 24-pin also supplies power to the rest of the system, making it impossible to split out the amount of power dedicated to the CPU. We also don't have software-triggerable hardware that would enable scripting the measurements into our automated test suite.

In an attempt to get the best of both the hardware- and software-logging worlds, we use either Powenetics hardware or Passmark's In-Line PSU tester to measure power consumption at the EPS12V connectors (i.e., the two EPS12V connectors that supply the lion's share of power to the processor). As part of our usual evaluation process of a new motherboard for CPU testing, we validate that the sensor readings obtained from the logging software, like AIDA64 or HWinfo, plausibly aligns with the power readings that we intercept at the EPS12V connectors.

This can involve a bit of fuzzy math, as VRM inefficiencies can create deltas between the power delivered to the VRMs and the power that's fed to the processor. These deltas vary based on the components in each motherboard's power delivery subsystem (typically ~10% to ~15%), but massive inaccuracies aren't hard to spot, especially like those we charted out below.

The Overclocking Connection

First, we need to determine what would stand out as unsafe behavior. AMD doesn't provide an 'unsafe voltage' specification, instead defining three key limits for stock operation. The list below is reproduced word-for-word from AMD's CPU reviewer's guide:

"Package Power Tracking (“PPT”): The PPT threshold is the allowed socket power consumption permitted across the voltage rails supplying the socket. Applications with high thread counts, and/or ��heavy” threads, can encounter PPT limits that can be alleviated with a raised PPT limit.

a. Default for Socket AM4 is at least 142W on motherboards rated for 105W TDP processors

Thermal Design Current (“TDC”): The maximum current (amps) that can be delivered by a specific motherboard’s voltage regulator configuration in thermally-constrained scenarios.

a. Default for Socket AM4 is at least 95A on motherboards rated for 105W TDP processors.

Electrical Design Current (“EDC”): The maximum current (amps) that can be delivered by a specific motherboard’s voltage regulator configuration in a peak (“spike”) condition for a short period of time.

a. Default for Socket AM4 is 140A on motherboards rated for 105W TDP processors."

-- AMD CPU Reviewer's Guide

You can override those settings either manually or with AMD's auto-overclocking Precision Boost Overdrive. You can access this feature via either the BIOS or Ryzen Master software. Given the allegations of reliability implications due to increased voltages at stock settings, we set out to use this warranty-invalidating feature as a comparison point to the voltage and power thresholds that come as a byproduct of erroneous power telemetry.

Unfortunately, PBO typically doesn't deliver huge performance gains if you adhere to the basic presets. Motherboard vendors define these profiles, and some users have opined that the slim auto-overclocking margins could be due to the misreported power telemetry eating into the available overclocking headroom. The answer isn't quite that straightforward, but it does make sense that altered power consumption at stock settings could chew into the available overclocking margin.

At stock settings, AMD's Precision Boost 2 automatically exposes the most performance possible given the capabilities of your motherboard's power delivery subsystem and your cooler. Premium components unlock more performance, but that doesn't qualify as overclocking because these algorithms are constrained by the PPT, TDC and EDC settings during stock operation.

Engaging PBO overrides the stock settings for these variables. The basic "enabled (PBO on)" preset enables significantly higher PPT/TDC/EDC limits, but doesn't change two important settings: PBO Scalar or Clock.

PBO Scalar overrides the AMD default health management settings and allows increased voltage at the maximum boost frequency and lengthens boosting duration. Changing the PBO Scalar setting unlocks the best auto-overclocking performance, so the basic preset can be lacking.

You can also use the "PBO Advanced" profile that defines the limits of each motherboard based on the capabilities of the power delivery subsystem (as defined by the motherboard vendor). This setting exposes the highest PPT, TDC and EDC settings for the motherboard, but also doesn't change the PBO Scalar and Clock settings. However, this setting does allow you to change the PBO Scalar and Clock settings manually, with the former usually unlocking much higher auto-overclocking potential.

We used three profiles for our testing below. The 'Stock' settings consist of an explicit disablement of all PBO features, while 'Advanced Motherboard ('Adv. Mobo') means the profile that sets the highest preset PPT, TDC and EDC values for each motherboard, but doesn't change the PBO Scalar value.

Some motherboard vendors also include custom presets in the BIOS that include scalar manipulations, but those aren't available on all motherboards. To keep things consistent, we also manually adjusted all motherboards with the same settings that we've marked on the charts as 'Recommended.' This setting includes a manually defined Scalar and AutoOC Clock setting, as listed in the table below.

Unlike in our reviews, we also kept memory settings consistent between the various configurations to eliminate that as a contributor to higher performance.

A Tale of Two "Reviewer BIOSes"

The first chart in this series plots the amount of power reported by the SMU. This reflects the amount of total power the processor believes it is consuming, compared to the amount of power we recorded at the EPS12V connectors during five consecutive runs of the multi-threaded Cinebench benchmark on the ASRock X570 Taichi motherboard.

We measured these values at stock settings with the firmware provided to reviewers (p1.21) and the included stock Ryzen cooler for this first test, as AMD specs the processor for operation with its own cooler. The measurements from HWinfo, marked as 'Software,' don't align perfectly with the measurements from the Passmark In-Line PSU tester (marked as EPS12V) on the time axis due to differing polling, but it gives us a good-enough sense of the difference between the two measurements.

The first chart shows that the 3900X's SMU reports ~60W during the Cinebench renders, while our physical measurements record peaks around 180W. The CPU averaged ~165W under load. That's a massive ~3X delta between the amount of power coming into the EPS12V and the software-monitored values, which shows exactly why we chose not to use this board for our review.

The second slide in the album contains measurements from the reviewer BIOS (1015) included with MSI's X570 Godlike, and the software measurements align nearly perfectly with the observed power draw from the EPS12V connectors. We expect some losses from VRM inefficiencies, so this result is almost too good. Given that some power is fed from the 24-pin that we're not measuring, the results are far more believable than the values we received from the Taichi motherboard, though.

We spoke with MSI about the too-perfect measurements, and the company tells us that, for its initial BIOS, it used a reference CPU VDD Full Scale value derived from an AMD-provided test kit/load generator. This is the setting at the heart of the matter: the processor uses it to determine how much power it consumes.

The reference value resulted in the X570 Godlike over-reporting the power fed to the processor, which can actually result in slightly lower performance. Later, the company tested the parameter with a real CPU to fine tune it for the X570 Godlike's power delivery subsystem, so changes were made in newer BIOS revisions to bring the reporting more in line with the motherboard's capabilities. You'll see the impact of those changes when we test the new BIOS below. The HWinfo deviation measurement, which we aren't using for these tests, doesn't appear to take those rational changes into account.

The third slide measures performance with the Taichi motherboard, but this time we swapped out the stock cooler for an 280mm Corsair H115i AIO watercooler. This cooler gives the processor more thermal headroom, and you'll see the results of AMD's innovative Precision Boost 2 and PBO algorithms in the next series of tests.

The overarching conclusion from this first look is that ASRock's reviewer BIOS for the X570 Taichi vastly under-reported power information to the processor, thus allowing it to draw more power than the X570 Godlike, which actually over-reported its power use. As you'll see below, that equates to more voltage, heat, and performance from ASRock.

Given that all of the cores can run at different voltages at the same time, we plotted the maximum value recorded across the cores for each measurement to simplify the charts. We used the same approach for clock speed and use a non-zero axis for more granularity. When the processor is under load, most of the voltage and frequency values remain consistent among the cores.

The first three charts above outline the voltage applied to the Ryzen 9 3900X with the reviewer firmware. Luckily, the voltage scale is fixed, so these measurements are accurate regardless of any adjustments to the full scale current value that's at the heart of the issue. The first slide shows that the X570 Taichi, at stock settings, applies 1.3V to the processor while it's under load, while the X570 Godlike feeds the chip ~1.25V. That isn't much of a variation despite the ~20W delta in the cumulative measurements shown above, but there are obviously a lot of variations between how the respective motherboards handle power.

You'll notice that the preset PBO settings (PBO Enabled) result in lower voltage and clocks frequencies with the Taichi. However, when we adjust the PBO Scalar setting with our 'PBO Recommended' alterations, voltages rise along with clock speeds. In contrast, the MSI X570 Godlike operates to our expectations, with more performance coming as a result of the overclocked settings.

The original Taichi reviewer BIOS offers similar all-core boost speeds of around 4.125 GHz at stock settings with the H115i cooler, compared to the Godlike's 4.05 GHz. With the air cooler, clocks are mostly similar for the Taichi between its stock and PBO Recommended settings, while using the liquid cooler exposes more headroom for a slightly higher clock.

The impact to thermals is immediately obvious, with the PBO Recommended configuration producing far more heat (up to 92C) during the test with the stock cooler than the processors' stock settings. The 'PBO enabled' preset actually generates less heat on the ASRock board. It's noteworthy that the test with stock settings peaks in the 87C range during this test, but we'll outline lower temperatures with the Taichi motherboard in a series of tests with the latest available firmware.

Despite the higher heat and voltages from the PBO Recommended settings, the Taichi motherboard delivers less performance during the Cinebench run at stock settings. Now, PBO performance does vary based on the thermal headroom available to the chip, but it runs counter to our expectations to receive lower performance with overclocked settings.

For the Taichi, topping the 3900X with the Corsair H115i rectifies the disparity and provides the slimmest of performance gains with the tuned settings, but be aware that we're using a non-zero axis for the chart due to the remarkably slim deltas. There's an average uptick of 19 points, or a mere 0.24%. That surely isn't worth the increased voltage and thermals.

In this series of charts, we plotted the respective stock measurements with the reviewer BIOSes for both the MSI X570 Godlike and the ASRock X570. While each vendor obviously tunes its respective motherboard using many parameters, it's clear that the Taichi enjoys a performance benefit due to the misreported power telemetry. As a result, voltages, clocks, thermals and performance are all higher for the Taichi motherboard. Whether this is the result of an honest mistake or just overzealous tuning for the sake of a performance edge is debatable, but the misreporting appears to have been corrected in later BIOS revisions, as we'll see below.

Here's a series of charts for the Taichi with the latest firmware available on its public site. Again, we used both the stock cooler and an H115i AIO for the two configurations.

The deltas between the power consumption reported by the SMU and the EPS12V connectors has been reduced tremendously. The chip still consumes up to 160W under load compared to the reported value of 142W, but we can chalk that up to the expected VRM losses from this particular motherboard.

According to the HWinfo utility, the Taichi motherboard is still feeding incorrect power telemetry data to the SMU—the utility lists the deviation at ~7%. However, our measurements align more with our expectations of VRM losses, so the HWinfo data could be a misreport. (It's still unclear exactly how HWinfo determines deviation.)

The reduced Cinebench performance with the PBO settings when paired with the stock cooler also remain (the two PBO results overlap one another in the chart), while topping the chip with the H115i produces similar slight wins for the PBO Recommended configuration. The PBO Enabled configuration remains slower in all cases.

It's important to note that even with the adjusted power telemetry data, the power consumption we measured at the EPS12V connector remains in the low 160W range, which is fine given the expected VRM losses.

Gigabyte X570 Aorus Master

We have one other X570 motherboard in the lab, the Gigabyte X570 Aorus Master, so we gave it a spin through the same series of tests to gauge how it lands on the accuracy scale with the latest BIOS. We also wanted to see if it exhibits the same performance trends with the various PBO settings. The Aorus Master also tops out near 142W of power consumed, which aligns nearly perfectly with the software measurements. Given that we don't expect perfect efficiency figures from the power delivery subsystem, this implies the power reporting isn't optimized on the Aorus Master, creating a situation much like what we saw with the Godlike X570 - over-reporting that can actually lead to slightly reduced performance. We've pinged Gigabyte on the matter.

However, even without an obvious misreporting (probably over-reporting) of the power telemetry data, we still encounter the same condition of reduced performance when activating the PBO Enabled preset. It is noteworthy that the Aorus Master responds well to manipulating the Scalar variable and delivers more performance. We've also outlined the issues with the standard PBO profile to Gigabyte. The company has replicated the condition and is investigating further.

The "Control": MSI X570 Godlike

The MSI X570 Godlike is the lone motherboard we have in the lab that allows us to adjust the parameter that is responsible for altering telemetry data: CPU VDD Full Scale Current. This setting appears to default to 280A on the Godlike with the latest publicly available non-beta BIOS (1.8). Remember, the company says its value is accurate given fine tuning for its power delivery subsystem, so we tested by adjusting the 300A (listed as VDD Adjusted in the charts) value recommended by The Stilt in his forum post.

The SMU-reported and EPS12V measurements align closely in the first chart, which outlines the results of our 300A adjustment. The second chart, measured at stock settings with no VDD adjustment, clearly shows a delta between our recorded values and the reported power consumption, which now pegs at roughly 160W as opposed to roughly 140W with the adjusted VDD value. The behavior with the default 'Auto' setting is more in line with an expected result than the adjusted 300A values. In contrast, the adjusted 300A value shows almost no losses due to VRM inefficiency, which would be nice if true. But it isn't.

HWinfo hasn't shared information with us to clarify how it measures deviation, so the tool is a bit of a black box. The HWinfo tool reports a variance of 12% with the auto VDD settings above, implying that the tool makes its decisions based on reference full scale current values, and not those optimized by vendors.

In the third slide, the adjusted 300A VDD setting results in lower heat, and the successive charts cover reduced voltages, frequencies, and performance associated with the adjustment. We're more inclined to believe that, based on the physical measurements we've taken and the normal amount of expected VRM efficiency losses, MSI's auto VDD settings are closer to reality than suggested by the HWinfo deviation metrics.

We went ahead and plotted our now-standard battery of tests with the new Godlike firmware, leaving the VDD setting to Auto. The motherboard exhibits many of the same tendencies we see with the other boards with AMD's PBO presets. However, it does fare considerably better than other boards with the PBO enabled profile, merely matching the stock settings in most metrics.

Final Thoughts (For Now)

Modern chips rely upon accurate telemetry data, and HWinfo's new deviation feature helps shine a light on how some motherboard vendors have found a way to misreport power telemetry. Unfortunately, the inner workings of the tool aren't entirely clear, and HWinfo doesn't specify how it assigns the deviation value. From our testing, it appears the tool doesn't take what we would consider legitimate adjustments to the full scale current into account, which causes inflated deviation readings.

According to our sources, AMD has load generation tools that help motherboard vendors define reference values for power telemetry reporting, but those are more general settings that assume a ~5% overhead for the tolerance of VRM components. In practice, the tolerance can be up to 10%. As a result, motherboard vendors can fine tune the telemetry reporting for their unique power delivery systems, thus ensuring the correct amount of power delivery to the chip. The HWinfo deviation metric doesn't appear to take into account what we consider rational adjustments to power telemetry reporting. It appears, at least on the surface, that HWinfo's tool measures from some understanding of the reference values, but its method is unclear. The deviation metric is still a work in progress, but we noticed quite a bit of variation with some measurements, so your mileage may vary.

It's possible that intentionally manipulated power telemetry reporting can expose an extra performance edge and go undetected by both reviewers and common users alike, leading them to post erroneous power consumption results. We saw a pretty egregious example of incorrect reporting in our testing with a BIOS provided to reviewers that is also available to the public, so it remains important for reviewers to use physical power measurements to validate the results they get from software utilities. In fairness, we'd expect a more subtle change than what we observed with the Taichi reviewer BIOS if the company was out to trick reviewers, so it's debatable whether or not the changes to reporting were intentional.

AMD's auto-overclocking Precision Boost Overdrive (PBO) feature often causes performance losses in some workloads if you use the vendor-defined basic preset values, but the severity varies from motherboard to motherboard. We set out to use the PBO values as a reference for what unsafe settings look like (it does invalidate your warranty), but in many cases found the basic PBO presets resulted in lower performance. They need some work and currently aren't a good measuring stick. Even on motherboards that correctly report power, the basic PBO presets didn't provide any tangible benefit.

In contrast, manual changes (which we covered above) to the Scalar setting provide performance gains, and those are the better reference point for unsafe settings. The Taichi reviewer BIOS suffered from the worst misreporting, but it didn't result in power settings that match or exceed the settings imposed by our PBO profile with higher Scalar settings.

Misreported data can cause the CPU to run a bit harder (and hotter) during normal operation, but you shouldn't be too worried about the amount of power applied to your chip if your board is misreporting the telemetry data, though it does result in higher power consumption, voltage, heat, and clock speeds.

It's best to leave the assessment of the impact on Ryzen chip longevity to AMD or other semiconductor professionals that work in the reliability field, as a wide array of factors impact those metrics. Reliability metrics are based on modeling and information that we'll never see, and a complex matrix of factors also work into the equation. Some factors increase the rate of wear and trigger electromigration (the process of electrons slipping through the electrical pathways) faster, such as higher current and thermal density, but the impact of the two on one another doesn't scale linearly, and it varies depending on how long the processor stays in a heightened state.

A chip will age, and transistors will eventually wear out, even under optimal operating conditions. Still, while the increased power consumption we see due to the erroneous telemetry data could have an impact with heavily-used processors and reduce longevity, it boils down to how much the increased power and heat output speed the aging process.

It is plausible that there could be at least some impact to chip longevity due to manipulated power telemetry, but AMD's initial assessment is that it won't have a meaningful impact during the warranty period. We didn't find any glaring problems that would be cause for immediate alarm, and AMD's internal mechanisms work well to protect users from settings that would cause catastrophic failures. The company's engineering teams have also obviously studied the matter to some extent and haven't yet seen any adjustments that could result in significant degradation during the warranty period.

AMD's statement seemingly confirms that it wasn't aware of the manipulations. It will be interesting to see if motherboard makers end the practice, or if AMD finds that because the adjustments don't impact longevity in a meaningful way, the practice can continue. We'll keep an eye on newer BIOS releases as they trickle out for any significant changes to power telemetry reporting.

0 notes

anupbhagwat7 · 5 years ago

Text

Spring mvc integration with prometheus Example

In this article ,we will see how we can monitor spring MVC applications using prometheus tool . You wont get much documentation for this setup on web. Prometheus is mostly configured with spring boot easily. But in order to configure it with spring MVC based application , it requires some additional configurations - Prometheus Prometheus is a time-series monitoring application written in Go. It can run on a server, in a docker container, or as part of a Kubernetes cluster (or something similar). Prometheus collects, stores, and visualizes time-series data so that you can monitor your systems. You can tell Prometheus exactly where to find metrics by configuring a list of "scrape jobs". Applications that are being monitored can provide metrics endpoints to Prometheus using any one of the many client libraries available; additionally, separate exporters can gather metrics from applications to make them available in Prometheus. Metrics get stored locally for 15 days, by default, and any Prometheus server can scrape another one for data. Additionally, remote storage is another option for Prometheus data - provided there is a reliable remote storage endpoint. Benefits: The option of "service discovery" allows Prometheus to keep track of all current endpoints effortlessly. Outages are quickly detected .The PromQL query language is incredibly flexible and Turing-complete. There's also a very low load on the services monitored (metrics get stored in memory as they get generated), allowing fewer resources to get used. Additionally, Prometheus users can control traffic volumes, access metrics in the browser, and allow for easy reconfiguration. Step 1 : Spring MVC application pom.xml configuration Below prometheus dependencies are required in pom.xml for project - 0.6.0 io.prometheus simpleclient ${prometheus.version} io.prometheus simpleclient_hotspot ${prometheus.version} io.prometheus simpleclient_servlet ${prometheus.version} io.prometheus simpleclient_pushgateway ${prometheus.version} io.prometheus simpleclient_spring_web ${prometheus.version} com.fasterxml.jackson.core jackson-core 2.5.2 Step 2 : Spring MVC application web.xml configuration We need configure MetricsServlet to capture the metrics of our spring mvc application as below - PrometheusServlet io.prometheus.client.exporter.MetricsServlet PrometheusServlet /metrics Step 3: Add an interceptor class This will intercept all the requests coming to application and capture the metrics to be exposed to prometheus - package com.myjavablog.config; import io.prometheus.client.Counter; import io.prometheus.client.Gauge; import io.prometheus.client.Histogram; import io.prometheus.client.Summary; import org.apache.log4j.Logger; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * @author anupb */ public class PrometheusMetricsInterceptor extends HandlerInterceptorAdapter { private static Logger logger = Logger.getLogger(PrometheusMetricsInterceptor.class); private static final Histogram requestLatency = Histogram.build() .name("service_requests_latency_seconds") .help("Request latency in seconds.") .labelNames("systemId", "appId", "type", "name", "method").register(); private ThreadLocal timerThreadLocal; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { return super.preHandle(request, response, handler); } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { String name = this.getName(request, handler).toLowerCase(); String method = request.getMethod().toUpperCase(); timerThreadLocal = new ThreadLocal(); timerThreadLocal.set(requestLatency.labels(name, method).startTimer()); super.postHandle(request, response, handler, modelAndView); } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { super.afterCompletion(request, response, handler, ex); if (timerThreadLocal.get() != null) { timerThreadLocal.get().observeDuration(); } } @Override public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { super.afterConcurrentHandlingStarted(request, response, handler); } private String getName(HttpServletRequest request, Object handler) { String name = ""; try { if (handler != null && handler instanceof HandlerMethod) { HandlerMethod method = (HandlerMethod) handler; String className = ((HandlerMethod) handler).getBeanType().getName(); name = className + "." + method.getMethod().getName(); } else { name = request.getRequestURI(); } } catch (Exception ex) { logger.error("getName", ex); } finally { return name; } } } Step 4: Add prometheus initialization configuration This will expose the metrics to prometheus server - package com.myjavablog.config; public class PrometheusConfig { private static Logger logger = Logger.getLogger(PrometheusConfig.class); @PostConstruct public void initialize() { logger.info("prometheus init..."); DefaultExports.initialize(); logger.info("prometheus has been initialized..."); } } Step 5: Add an interceptor to spring-mvc.xml You need to first add the schema location as below - http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd Then you need to add below tag - Step 6: Add configuration to applicationcontext.xml Once all this configuration is done , you can add the application URL in prometheus. These parameters are useful to monitor your spring MVC application. Read the full article

#monitoring #prometheus #springmvc

0 notes

takeabreaktamil · 6 years ago

Text

EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption.

Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a list of who visits a particular site. Malicious DNS resolvers or on-path routers can also tamper with your DNS request, blocking you from accessing sites or even routing you to fake versions of the sites you requested.

A team of engineers is working to fix these problems with “DNS over HTTPS” (or DoH), a draft technology under development through the Internet Engineering Task Force that has been championed by Mozilla. DNS over HTTPS prevents on-path eavesdropping, spoofing, and blocking by encrypting your DNS requests with TLS.

Alongside technologies like TLS 1.3 and encrypted SNI, DoH has the potential to provide tremendous privacy protections. But many Internet service providers and participants in the standardization process have expressed strong concerns about the development of the protocol. The UK Internet Service Providers Association even went so far as to call Mozilla an “Internet Villain” for its role in developing DoH.

ISPs are concerned that DoH will complicate the use of captive portals, which are used to intercept connections briefly to force users to log on to a network, and will make it more difficult to block content at the resolver level. DNS over HTTPS may undermine plans in the UK to block access to online pornography (the block, introduced as part of the Digital Economy Act of 2017, was planned to be implemented through DNS).

Members of civil society have also expressed concerns over plans for browsers to automatically use specific DNS resolvers, overriding the resolver configured by the operating system (which today is most often the one suggested by the ISP). This would contribute to the centralization of Internet infrastructure, as thousands of DNS resolvers used for web requests would be replaced by a small handful.

That centralization would increase the power of the DNS resolver operators chosen by the browser vendors, which would make it possible for those resolver operators to censor and monitor browser users’ online activity. This capability prompted Mozilla to push for strong policies that forbid this kind of censorship and monitoring. The merits of trusting different entities for this purpose are complicated, and different users might have reasons to make different choices. But to avoid having this technology deployment produce such a powerful centralizing effect, EFF is calling for widespread deployment of DNS over HTTPS support by Internet service providers themselves. This will allow the security and privacy benefits of the technology to be realized while giving users the option to continue to use the huge variety of ISP-provided resolvers that they typically use now. Several privacy-friendly ISPs have already answered the call. We spoke with Marek Isalski, Chief Technology Officer at UK-based ISP Faelix, to discuss their plans around encrypted DNS.

Supporting privacy-protecting technologies is a moral imperative.

Faelix has implemented support for DNS over HTTPS on their pdns.faelix.net resolver. They weren’t motivated by concerns about government surveillance, Marek says, but by ”the monetisation of our personal data.” To Marek, supporting privacy-protecting technologies is a moral imperative. “I feel it is our calling as privacy- and tech-literate people to help others understand the rights that GDPR has brought to Europeans,” he said, “and to give people the tools they can use to take control of their privacy.”

EFF is very excited about the privacy protections that DoH will bring, especially since many Internet standards and infrastructure developers have pointed to unencrypted DNS queries as an excuse to delay turning on encryption elsewhere in the Internet. But as with any fundamental shift in the infrastructure of the Internet, DoH must be deployed in a way that respects the rights of the users. Browsers must be transparent about who will gain access to DNS request data and give users an opportunity to choose their own resolver. ISPs and other operators of public resolvers should implement support for encrypted DNS to help preserve a decentralized ecosystem in which users have more choices of whom they rely on for various services. They should also commit to data protections like the ones Mozilla has outlined in their Trusted Recursive Resolver policy. With these steps, DNS over HTTPS has the potential to close one of the largest privacy gaps on the web.

Published September 13, 2019 at 04:07AM Read more on eff.org from Blogger https://ift.tt/31iOqVl via IFTTT EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it? Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Supporting privacy-protecting technologies is a moral imperative.

Published September 13, 2019 at 04:07AM Read more on eff.org Electronic Frontier Foundation, Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?, IFTTT, Max Hunter

#IFTTT #Blogger #EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are

0 notes

neptunecreek · 6 years ago

Text

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Supporting privacy-protecting technologies is a moral imperative.

from Deeplinks https://ift.tt/2Q80hUP

#Deeplinks

0 notes

terabitweb · 6 years ago

Text

Original Post from Security Affairs Author: Pierluigi Paganini

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten).

Thanks to the leaked source code it is now possible to check APT34 implementations and techniques.

Contest:

Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organisations leads FireEye to assess that those sectors are a primary concern of APT34. The use of infrastructure tied to Iranian operations, timing and alignment with the national interests of Iran also lead FireEye to assess that APT34 acts on behalf of the Iranian government. (Source: MISP Project).

On April 19 2019 researchers at Chronicle, a security company owned by Google’s parent company, Alphabet, have examined the leaked tools, exfiltrated the past week on a Telegram channel, and confirmed that they are indeed the same ones used by the OilRig attackers. OilRig has been connected to a number of intrusions at companies and government agencies across the Middle East and Asia, including technology firms, telecom companies, and even gaming companies. Whoever is leaking the toolset also has been dumping information about the victims OilRig has targeted, as well as data identifying some of the servers the group uses in its attacks.

According to Duo, “OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016. Since May 2016, the threat group has introduced new tools using different tunneling protocols to their tool set” Robert Falcone of Palo Alto Networks’ Unit 42 research team wrote in an analysis of the group’s activities.

“Regardless of the tool, all of the DNS tunneling protocols use DNS queries to resolve specially crafted subdomains to transmit data to the C2 and the answers to these queries to receive data from the C2.”

Leaked Source code

The initial leaked source code sees three main folders: webmask, poisonfrog and Webshells_and_Panel. While webmask and poisonfrogseems to be single projects, the folder Webshells_and_Panel looks like wrapping more projects into a single bucket. But, for today, let’s focus on webmask.

WEBMask Focus

The webmaskk project, in my personal opinion, is an APT34 distinction since implementing their DNS attack core. APT34 is well-known to widely use DNS Hijacking in order to redirect victims to attackers websites. So let’s see what they’ve implemented so far on this direction.

The webmask project comes with both: a guide (guide.txt) and an installation script (install.sh). From the latter we might appreciate the NodeJS installed version which happens to be 6.X. This version was released on 2016-04-26 for the first time. Nowadays is still on development track as the name of “Boron”. According to the NodeJS historic versioning that project could not be dated before April 2016 since Nodejs_6.x was not existing before that date. The guide.txt file suggests two solutions (this is the used term) both of them base their ‘core engine’ on a developed DNS server, used as authoritative name servers to respond crafted ‘A’ records to specific requests. The attackers suggest to use solution2 (they write “use this” directly on configuration file), the one who implements DNS server in NodeJS language. On the other side the Solution1 uses python as DNS server. The following image shows the suggested Solution.

APT34: WebMask Project Suggested Solution

Some domain names and some IPs are used as configuration example. Personally I always find interesting to see the attacker suggested examples, since they lets a marked flavour of her. That time the attacker used some target artefacts (IP and DNS) belonging to ‘Arab Emirates’ net space while she used as a responsive artefact (the one used to attack) an IP address belonging to a NovinVPS service.

The guide follows on describing the setup of ICAP proxy server, used to proxy the victims to the real destination but trapping the entire connections. The attacker suggests Squid3 and guides the operator to install and to configure it. She uses as ICAP handler a simple python script placed into icap/icap.pyfolder. This script has been developed in order to log and to modify the ICAP/connection flow coming from squid3 proxy. Then a well-known Haproxy is used as High Availability service for assuring connections and finally certbot (Let’s Encrypt) is used to give valid certificate to squid3 (but it’s not a mandatory neither a suggested step).

DNS Server scripts

In the folder dns-redir 3 files are placed. A configuration file called config.json is used by dnsd.py. The python script implements a class named MyUDPHandler which is given to the native SocketServer.UDPServer and used as UDP handler. The script overrides only DNS A records if included into the overrides object (variable at the beginning of source code). In other words if the DNS request is an A record and if the requested name belongs to specific domain name, the script responds with the attacker IP address. The following image shows the main 3 steps of the override chain.

DNSD.py: Three steps DNS overriding chain

According to the guide.txt the suggested solution won’t be the dnsd.py, but the attacker would prefer the dnsd.js script. This script appears not externally configurable (it does not import config.json) so if you want to configure it you need to manually edit the script source code. The source is written in an classic style ECMAScript without any fancy or new operators/features introduced in ECMAScript6 and ECMAScript7. The dnsd.js performs the same tasks performed by dnsd.py without any specific change.

ICAP script

In the icap folder a python script called icap.py is placed. This script handles ICAP flows coming from squid3, extracts desired informations and injects tracking pixels. The python script implements a ThreadingSimpleServer as an implementation of SocketServer.ThreadingMixInwhich is a native framework for multi-threading Network servers. SocketServer.ThreadingMixIn needs a local address and local port to be spawned and a BaseICAPRequestHandler class as second parameter in order to handle ICAP flows. The attacker specialised that class by referring to the general ICAPHandler. Aims of the script is to log into separated files the following information: credentials, cookies, injected files and headers. It silently injects a tracking pixel into communications by adding the following javascript to HTML body.

script = ';$(document).ready(function(){$('');});'

If the parsed request is a HTTP POST the ICAPHandler tries to extract credentials through special function called: extract_login_password. The following image shows the process flow of the credential extraction.

ICAP.py: Credential Extraction Process

It would be interesting, at least in my point of view, to check the used patterns as login detection. For example the parsing function looks for the following “form names”:

logins = ['login', 'log-in', 'log_in', 'signin', 'sign-in', 'logon', 'log-on']

It also looks for the following user field names:

userfields = ['log','login', 'wpname', 'ahd_username', 'unickname', 'nickname', 'user', 'user_name','alias', 'pseudo', 'email', 'username', '_username', 'userid', 'form_loginname', 'loginname', 'login_id', 'loginid', 'session_key', 'sessionkey', 'pop_login', 'uid', 'id', 'user_id', 'screename', 'uname', 'ulogin', 'acctname', 'account', 'member', 'mailaddress', 'membername', 'login_username', 'login_email', 'loginusername', 'loginemail', 'uin', 'sign-in', 'usuario']

and finally it also looks for the following password fields names:

passfields = ['ahd_password', 'pass', 'password', '_password', 'passwd', 'session_password', 'sessionpassword', 'login_password', 'loginpassword', 'form_pw', 'pw', 'userpassword', 'pwd', 'upassword', 'login_password','passwort', 'passwrd', 'wppassword', 'upasswd','senha','contrasena', 'secret']

Interesting to see specific string patterns such as (but not limited to): form_pw, ahd_password, upassword, senha, contrasena, which are quite indicative to victim scenarios. For example strings such as: senha, contrasena,usuario, and so on seems to be related to”Spanish” / “Portuguese” words. So if it’s true (and google translate agrees with me) it looks like APT34 are proxying some connections that might have those username and password fields, which might refer to “Spanish”/”Portuguese” targets. But this is only a Hypothesis.

The icap.py is able to intercept basic authentication headers, cookies and general headers as well, implementing similar functions able to extract interesting information and eventually to modify them if needed. I wont describe every single functions but one of the most interesting function that is worth of being showed is the inject_RESPMOD which injects a tracking image into the ICAP flow. The following image shows the attacker’s implementation of the Injection_RESPMOD function.

ICAP.py: script injection function

The injected script is added to the HTML body and eventually is GZipped and shipped back. In such a way the attacker tracks who is landing to the target domain.

Interesting points

WebMask is >= April 2016 (From Installed Dependencies)

APT34 might target ‘Arab Emirate’ (From examples into config files)

APT34 might target Spanish/Portuguese (From code into the extract_login_password function )

APT34 might use NovinVPS (From examples into config files)

APT34 needs credentials for change Authoritative DNS (From guide.txt)

The original post is available at the following URL:

APT34: webmask project

About the Author: Marco Ramilli founder of Yoroi

I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna. During my PhD program I worked for US Government (@ National Institute of Standards and Technology, Security Division) where I did intensive researches in Malware evasion techniques and penetration testing of electronic voting systems.

I do have experience on security testing since I have been performing penetration testing on several US electronic voting systems. I’ve also been encharged of testing uVote voting system from the Italian Minister of homeland security. I met Palantir Technologies where I was introduced to the Intelligence Ecosystem. I decided to amplify my cybersecurity experiences by diving into SCADA security issues with some of the biggest industrial aglomerates in Italy. I finally decided to found Yoroi: an innovative Managed Cyber Security Service Provider developing some of the most amazing cybersecurity defence center I’ve ever experienced! Now I technically lead Yoroi defending our customers strongly believing in: Defence Belongs To Humans

window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = "3121199";

try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag("762221962", "300x250", "762221962"); }); } catch (error) {}

Edited by Pierluigi Paganini

(Security Affairs – APT34, DNS attacks)

The post Iran-linked APT34: Analyzing the webmask project appeared first on Security Affairs.

#gallery-0-5 { margin: auto; } #gallery-0-5 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-5 img { border: 2px solid #cfcfcf; } #gallery-0-5 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Pierluigi Paganini Iran-linked APT34: Analyzing the webmask project Original Post from Security Affairs Author: Pierluigi Paganini Security expert Marco Ramilli published the findings of a quick analysis of the…

#Security Affairs blog

0 notes

t-baba · 7 years ago

Photo

The Ultimate Beginner’s Guide to Setting Up & Running a WordPress Site

So you've decided to run a WordPress site but have no idea where to start? This tutorial is aimed at absolute beginners. Some IT knowledge will help but I presume you want to learn the essentials within a few hours. Let's get started.

Step 1: What Do You Want to Achieve?

A little planning goes a long way. Be honest with yourself: why are you considering WordPress? Do you want to:

create a business website?

document your life, hobby or interests?

start an amazing web design agency?

learn to write code?

do something else?

WordPress is flexible and runs almost a third of the web — but it's not ideal for every situation. A website or article library is perfect. Creating a social network or online shop is possible but there may be better options. Using WordPress to learn PHP could be a frustrating experience.

Presuming WordPress is appropriate, are you interested in the technicalities or would you simply prefer to write content? If it's the latter, a managed WordPress plan from SiteGround or an account at WordPress.com will get you running without the hassles of installation and server management.

The moral: define the problem before choosing a solution!

Step 2: Plan Your Content

Ideally, you should have all your content written before building a site. It's the best way to plan a structure and will influence your design. No one ever does that, but at least plan a few general concepts so you have somewhere to start.

Step 3: Purchase a Domain Name

A domain name is your primary web address, e.g. www.mysite.com. Keep it short and use keywords appropriate to your content. This can be tougher than it sounds; most good names were registered years ago.

Use a reputable domain registrar. Prices vary across countries and top-level-domain types (.com, .net, .org, .ninja etc), but expect to pay around $25 for a new domain for a couple of years. Buying a decent pre-registered domain from someone else can be considerably more expensive.

How to Choose a Domain Name for Your Business

How to Choose, Register and Make the Most of Your Domain Name

12 Tools to Help You Buy the Perfect Domain Name

Your Domain Name: Do You www or Not?

Step 4: Purchase a Hosting Plan

Your site needs to be hosted somewhere. Its files must be placed on a device which understands how to deal with web requests: a web server. You could serve everything from your desktop PC but it quickly becomes impractical.

Buy a suitable plan from a respected host such as SiteGround. A WordPress-compatible shared hosting plan costs a few dollars a month and you can upgrade disk space and bandwidth as traffic grows.

You will then need to 'point' your domain at your new web space. This is normally done by logging into your domain registrar's control panel then either:

Setting the host as the DNS nameserver, or

Changing the domain's DNS A records to point at the host's IP address.

All hosts and domain registrars provide guidance but you may need to seek expert assistance. Domain changes can take up to 48 hours to propagate so you may need to wait before moving to the next step.

Web Hosting & Domains

The Ultimate Guide to Choosing a Hosting Provider

What Sort of Hosting Should I Choose for My Website?

What Do I Need to Know About Hosting?

Step 5: Set Up SSL

Secure Socket Layer (SSL) certificates enable cryptographic protocols on your website so it is served over an https:// address rather than http://. All communication between your server and the user's browser is encrypted so it cannot be (easily) intercepted by a third party.

Configuring SSL is an optional step but highly recommended:

Browsers warn when a site is not secure especially when completing forms or sending data.

Search engines rank secure sites higher than non-secure equivalents.

SSL is essential if you eventually want a Progressive Web App which allows your site to be "installed" and work offline.

Adding SSL later is considerably more difficult. You may need to reinstall WordPress and search engine indexing can be affected.

There are no disadvantages. HTTPS can be added for free and is negligibly slower than unencrypted HTTP (it can be considerably faster when used with HTTP/2).

Hosts often allow you to install a certificate purchased elsewhere, but it's easier to use their own service. For example, SiteGround provides a free Let's Encrypt option in the security section of your site's cPanel. Click that, hit Install and SSL is enabled.

Why Every Website Needs HTTPS

How to Secure WordPress with SSL

What is HTTP/2?

Step 6: Install WordPress

WordPress is a complex application which requires:

A back-end MySQL database where your configuration, posts, comments and other information is retained. This must be installed and configured first. A database user ID and password must be defined so applications can store and retrieve data.

A large set of PHP files which form the WordPress application. These must be copied to the server prior to running a set-up procedure. This requests the database credentials before creating the database tables and initial data.

After installation, WordPress communicates with the database using the ID and password to enable editing and presentation of pages.

The majority of hosts provide cPanel - a popular website management facility. You can create your database, upload WordPress and install manually. For full instructions, refer to How to Create WordPress MySQL Databases on cPanel.

Fortunately, there is an easier option. Search or browse for the WordPress options in cPanel:

Click the WordPress Installer to open the installation panel:

Define the following settings:

https:// for the protocol if you enabled SSL in step 5. (You can also choose whether the domain uses the initial 'www' or not).

Your primary domain. (There will only be one choice unless you have multiple domains pointed at the hosting plan).

The directory should be left blank to install WordPress in the root folder. Only change this if you want to run it from another folder, e.g. https://ift.tt/2xAiIXx

The name and description of your new site.

Keep Multisite unchecked unless you're intending to run more than one WordPress site on the same space.

Enter an Admin Username and Password. You will use these to log into WordPress so ensure they're strong (NOT 'admin' and 'password'!) and you keep them in a safe place.

Enter your Email. WordPress uses this to send you notifications when necessary.

The other options can normally be left as the default settings. Hit Install and wait a few minutes for the installation process to complete. You will be given a link to the main site (https://mysite.com/) and the WordPress control panel (https://ift.tt/1VgZ4m9) where you can log in with your administrative username and password.

Step 7: Initial WordPress Configuration

Don't be tempted to start publishing content just yet! It's best to configure WordPress from the Settings menu before going further:

The following sections describe the basic WordPress settings but note that installed themes and plugins can override these options.

General

This pane allows you to change various aspects about your installation. The primary settings to change include:

The Timezone. This may default to UTC so choose an appropriate city instead.

The Date Format. Choose an appropriate option or enter a custom string using PHP's date format

The Time Format. Similarly, choose an option or enter your own.

Remember to hit Save Changes once finished.

Writing

The main settings to change in this pane are:

The Default Post Category. Post categories are defined in Posts > Categories.

The Default Post Format. WordPress themes often provide different post types such as standard articles, galleries and video pages. Choose whichever you will use most often.

Reading

The Front page displays setting allows you to set whether your latest posts or a static page is presented on the home page.

The other default settings are normally fine, although you may want to temporarily disable Search Engine Visibility during the initial stages of building your site. Don't forget to enable it before going live!

Discussion

This pane controls commenting. The main setting is Allow people to post comments on new articles which you may want to disable if you don't require comments.

The post The Ultimate Beginner’s Guide to Setting Up & Running a WordPress Site appeared first on SitePoint.

by Craig Buckler via SitePoint https://ift.tt/2EdJl9t

#CSS3 #HTML5 Branding #HTML5 Weekly #HTMLl5 demos #Javascript Branding #Javascript Weekly #Mobile #Mo

0 notes

ntrending · 7 years ago

Text

Protect your privacy online with these data-guarding browser extensions

New Post has been published on https://nexcraft.co/protect-your-privacy-online-with-these-data-guarding-browser-extensions/

Protect your privacy online with these data-guarding browser extensions

We all know that Facebook and other companies collect data about us. But that’s the tip of the iceberg. Web trackers, on everything from shopping sites to social networks, follow your online activities every time you dip a digital toe into the internet. These advertisers and other parties suck up data about our habits—and then sell it.

The pervasiveness of this behavior can make protecting your privacy seem like an impossible task. However, help is at hand: A number of browser extensions will warn you about web trackers, stop them from following you around the internet, and generally give you control over your data. We picked five of the best add-ons for fighting web trackers.

1. Facebook Container Extension

Facebook isn’t the only site guilty of losing user data, but it’s certainly the biggest player in the social networking space—and it’s very keen to monitor your movements. Even when you’re not on the Facebook site itself, web plug-ins such as the ubiquitous Like button can keep tabs on your activity.

To solve this problem, Firefox developer Mozilla has released the Facebook Container Extension, designed to…well, contain Facebook so it can’t follow you around other websites. Your personal identity on Facebook, which you use to like photos or share articles, gets locked within a virtual container that’s separate from the rest of your web activity. This prevents the social network from seeing what you do on other sites.

On the negative side, this means that Facebook tools outside of the site, such as embedded comments on an article or the ability to log in with your account, may not work properly. However, that’s a small price to pay for keeping Facebook’s tendrils out the rest of your web browsing. The only other downside is that this extension only works with Firefox.

Facebook Container Extension for Firefox only

2. Privacy Badger

The Electronic Frontier Foundation (EFF) is a non-profit dedicated to promoting user privacy. As part of that goal, they developed an extension called Privacy Badger, designed to block those tracking technologies that work across multiple sites. This prevents marketers from building up a comprehensive profile of your web habits.

Many advertising tracking technologies will recognize you on a bunch of unaffiliated sites. For example, the stuff you search for on Amazon not only shows up in your Amazon recommendations, but also makes its way into ads on Facebook and Twitter. Privacy Badger stops that from happening by letting you limit how much pages can track you. For every site you visit, Privacy Badger identifies any tracking tools and sorts them with a traffic-light system that indicates how intrusive each one is. Then it automatically disables or limits them individually.

Unfortunately, stopping certain trackers can break the functionality of a website—for instance, the ability to play videos might rely on the presence of a tracker. In that case, you can opt to override Privacy Badger’s controls. Despite the advanced blocking it performs, Privacy Badger is very simple to use. It’s also free, and you can find versions for most popular browsers.

Privacy Badger for Chrome, Firefox, and Opera

3. Ghostery

Ghostery is similar to Privacy Badger, but offers more control over what gets blocked—which also makes it more complex to use. If you’re willing to take some time to configure it, Ghostery will serve you well. If you’d prefer a quick and clean option, you should probably go with Privacy Badger.

In addition to blocking the ad trackers that monitor your movements across multiple sites, Ghostery can also deal with the code that handles site analytics, user interactions, social media plug-ins, audio and video players, commenting systems, and more. Basically, it will shut down any of the thousands of potentially annoying extras that load on top of websites—if you want it to. When you visit a site, click on the Ghostery icon in your browser to get a clean, clear look at what’s been blocked and what hasn’t. From here, you can opt to enable code on sites you trust, block everything that seems suspicious, or pause the blocking function temporarily.

These abilities make Ghostery hard to beat for comprehensiveness. Again like Privacy Badger, it’s free and available for most browsers.

Ghostery for Chrome, Firefox, Opera, Edge, and Safari

4. Disconnect

According to its introductory blurb, Disconnect helps you “say no to mass collection of your online activity and trackers that destroy your device performance.” Like Privacy Badger and Ghostery, it sniffs out tracking technologies in the websites you visit and makes sure they can’t watch what you’re doing.

You can block or unblock these nuisances with a great deal of granular control. For example, you could stop Facebook from watching your movements, but allow Twitter to collect this information. When you visit a site, click your browser’s Disconnect button to see what’s being blocked and how it’s impacting the site speed. The same view allows you to whitelist certain sites and trackers.

Although this extension has our least favorite interface, it’s undeniably effective, tackling social plug-ins, web analytics code, and ad trackers. It’s free for computers, but if you want to use it on a mobile browser as well, you’ll need to pay a one-time fee of $25.

Disconnect for Chrome, Firefox, Opera, and Safari

5. DuckDuckGo

You may know DuckDuckGo as an anti-Google search engine, which doesn’t track or record your queries. The same people also offer a browser extension, Privacy Essentials, that stops advertisers and social networks from following you across the web. Of all the extensions on this list, it’s the easiest to use: You don’t need to spend time configuring it, because DuckDuckGo will make the tracker-blocking choices for you.

One of the extension’s nice features is a privacy rating for every site you visit, so you can see who’s playing fair when it comes to data collection. In addition, it will automatically direct you to the encrypted (HTTPS) version of a website, which makes it harder for hackers to intercept the data passing between you and the site. This will improve the safety and security of your online browsing.

In addition to your computer, DuckDuckGo Privacy Essentials can work with the web browser on your phone. So it will extend data protection to your Android or iOS device—for free.

DuckDuckGo Privacy Essentials for Chrome, Firefox, and Safari

Written By David Nield

#DIY

0 notes

takeabreaktamil · 6 years ago

Text

EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Supporting privacy-protecting technologies is a moral imperative.

Published September 13, 2019 at 04:07AM Read more on eff.org from Blogger https://ift.tt/2ZUNngI via IFTTT EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it? Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Supporting privacy-protecting technologies is a moral imperative.

Published September 13, 2019 at 04:07AM Read more on eff.org Electronic Frontier Foundation, IFTTT

#IFTTT #Blogger #EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are

0 notes

takeabreaktamil · 6 years ago

Quote

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it? Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption. Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a list of who visits a particular site. Malicious DNS resolvers or on-path routers can also tamper with your DNS request, blocking you from accessing sites or even routing you to fake versions of the sites you requested. A team of engineers is working to fix these problems with “DNS over HTTPS” (or DoH), a draft technology under development through the Internet Engineering Task Force that has been championed by Mozilla. DNS over HTTPS prevents on-path eavesdropping, spoofing, and blocking by encrypting your DNS requests with TLS. Alongside technologies like TLS 1.3 and encrypted SNI, DoH has the potential to provide tremendous privacy protections. But many Internet service providers and participants in the standardization process have expressed strong concerns about the development of the protocol. The UK Internet Service Providers Association even went so far as to call Mozilla an “Internet Villain” for its role in developing DoH. ISPs are concerned that DoH will complicate the use of captive portals, which are used to intercept connections briefly to force users to log on to a network, and will make it more difficult to block content at the resolver level. DNS over HTTPS may undermine plans in the UK to block access to online pornography (the block, introduced as part of the Digital Economy Act of 2017, was planned to be implemented through DNS). Members of civil society have also expressed concerns over plans for browsers to automatically use specific DNS resolvers, overriding the resolver configured by the operating system (which today is most often the one suggested by the ISP). This would contribute to the centralization of Internet infrastructure, as thousands of DNS resolvers used for web requests would be replaced by a small handful. That centralization would increase the power of the DNS resolver operators chosen by the browser vendors, which would make it possible for those resolver operators to censor and monitor browser users’ online activity. This capability prompted Mozilla to push for strong policies that forbid this kind of censorship and monitoring. The merits of trusting different entities for this purpose are complicated, and different users might have reasons to make different choices. But to avoid having this technology deployment produce such a powerful centralizing effect, EFF is calling for widespread deployment of DNS over HTTPS support by Internet service providers themselves. This will allow the security and privacy benefits of the technology to be realized while giving users the option to continue to use the huge variety of ISP-provided resolvers that they typically use now. Several privacy-friendly ISPs have already answered the call. We spoke with Marek Isalski, Chief Technology Officer at UK-based ISP Faelix, to discuss their plans around encrypted DNS. Supporting privacy-protecting technologies is a moral imperative. Faelix has implemented support for DNS over HTTPS on their pdns.faelix.net resolver. They weren’t motivated by concerns about government surveillance, Marek says, but by ”the monetisation of our personal data.” To Marek, supporting privacy-protecting technologies is a moral imperative. “I feel it is our calling as privacy- and tech-literate people to help others understand the rights that GDPR has brought to Europeans,” he said, “and to give people the tools they can use to take control of their privacy.” EFF is very excited about the privacy protections that DoH will bring, especially since many Internet standards and infrastructure developers have pointed to unencrypted DNS queries as an excuse to delay turning on encryption elsewhere in the Internet. But as with any fundamental shift in the infrastructure of the Internet, DoH must be deployed in a way that respects the rights of the users. Browsers must be transparent about who will gain access to DNS request data and give users an opportunity to choose their own resolver. ISPs and other operators of public resolvers should implement support for encrypted DNS to help preserve a decentralized ecosystem in which users have more choices of whom they rely on for various services. They should also commit to data protections like the ones Mozilla has outlined in their Trusted Recursive Resolver policy. With these steps, DNS over HTTPS has the potential to close one of the largest privacy gaps on the web. Published September 13, 2019 at 04:07AM Read more on eff.org

http://take-a-break-tamil.blogspot.com/2019/09/eff-encrypted-dns-could-help-close_12.html

#IFTTT #Blogger #EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are

0 notes

takeabreaktamil · 6 years ago

Quote

http://take-a-break-tamil.blogspot.com/2019/09/eff-encrypted-dns-could-help-close.html

#IFTTT #Blogger #EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are

0 notes

takeabreaktamil · 6 years ago

Text

EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Supporting privacy-protecting technologies is a moral imperative.

Published September 13, 2019 at 04:07AM Read more on eff.org from Blogger https://ift.tt/31iOqVl via IFTTT Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Supporting privacy-protecting technologies is a moral imperative.

Published September 13, 2019 at 04:07AM Read more on eff.org https://ift.tt/eA8V8J

#IFTTT #Blogger #EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are

0 notes

takeabreaktamil · 6 years ago

Text

EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Supporting privacy-protecting technologies is a moral imperative.

Published September 13, 2019 at 04:07AM Read more on eff.org from Blogger https://ift.tt/2ZUNngI via IFTTT Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Supporting privacy-protecting technologies is a moral imperative.

Published September 13, 2019 at 04:07AM Read more on eff.org https://ift.tt/eA8V8J

#IFTTT #Blogger #EFF: Encrypted DNS could help close the biggest privacy gap on the Internet. Why are

0 notes