Mastodon

Have I Been Pwned

A 200-post collection

Implementing a content security policy with NWebsec, Azure Table Storage and Raygun

I love it when a whole bunch of different bits play really nice together, especially when it’s making things more secure. Today I decided to properly implement a content security policy (CSP) on Have I been pwned? (HIBP) and managed to tie in a whole bunch of nice bits to create what I reckon is a pretty neat implementation. Firstly, if CSP is new to you, go and read Scott Helme’s overview [https://scotthelme.co.uk/content-security-policy-an-introduction/] which is excellent. The tl;dr version...

Orchestrating massive parallelisation of Azure WebJobs for fun and profit

I’ve been having a few sleepless nights lately worrying about the big one. The big “what”, you ask? I mean another massive data breach the scale of Adobe back in 2013, you know, the one where they had a 153 million user accounts wander out the door. If I had to load those into Have I been pwned? [https://haveibeenpwned.com/] (HIBP), frankly I’m not sure how I’d do it. Or at least I wasn’t sure. When I first wrote about how I built the system [https://www.troyhunt.com/2013/12/working-with-154-mi...

Fail fast when the cloud fails you

It’s never real nice waking up to something like this: This was Have I been pwned? [https://haveibeenpwned.com] (HIBP) first thing my Saturday morning. The outage was accompanied by a great many automated email notifications and manual reminders from concerned citizens that my site was indeed, down. Having my Azure showcase site down at the very same moment as my Pluralsight course on Azure was launched – Modernizing Your Websites with Azure Platform as a Service [http://www.pluralsight.com/c...

Stories from the trenches: Sizing and penny pinching with Azure websites

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]How much capacity will you need for your app? Or asked another way if wearing the vendor hat, how much money ya got? We’re generally lousy at estimating infrastructure capacity requirements and even when a more scientific approach is taken (and it’s frequently not), we’re still l...

Understanding Azure website auto-scale magic

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I was helping out a consumer of Have I been pwned? [https://haveibeenpwned.com/] (HIBP) earlier today as they were trying to build up a profile of the pwnage state of their client base. This mean firing a heap of requests at the API [https://haveibeenpwned.com/API/v2] so that they...

Azure WebJobs are awesome and you should start using them right now!

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]No really, they’re totally awesome! I used Azure WebJobs [http://azure.microsoft.com/en-us/documentation/articles/websites-dotnet-webjobs-sdk-get-started/] in the very early days and whilst they served a purpose, I wasn’t blown away with them at the time. In fact I went on to use...

Have your customers been pwned? Would you like to know?

For the past year and a bit I’ve been building out features on Have I been pwned? [https://haveibeenpwned.com/] (HIBP) in response to things I think would be awesome and things I’m asked for. I’m constantly surprised at the ways people have found to use the data for good, which is a nice twist given that the data normally comes from very unpleasant circumstances. For some ideas on how the data has been used, have a look at the API consumers page [https://haveibeenpwned.com/API/Consumers]: variou...

Applied Azure: Infographic of how “Have I been pwned?” orchestrates Microsoft’s cloud services

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure] Remember the good old days when a website used to be nothing more than a bunch of files on a web server and a database back end? Life was simple, easy to manage and gloriously inefficient. Wait – what? That’s right, all we had was a hammer and we consequently treated every challen...

“Have I been pwned?” – now with RSS!

As feature releases go, this is not exactly a killer, but to my surprise it was one that was requested quite frequently. It turns out that people really wanted to be able to keep abreast of new breaches and pastes in Have I been pwned? [https://haveibeenpwned.com/] (HIBP) via RSS. Not only is that a perfectly reasonable request, but it was also an easy one to get on top of so here it is! There are two RSS feeds both linked in from various places on the site including in the navigation. For your...

Measure, optimise then measure again: further refining “Have I been pwned?”

As I’ve written in the past [https://www.troyhunt.com/2013/12/micro-optimising-web-content-for.html], I put an awful lot of effort into making Have I been pwned? [https://haveibeenpwned.com/] (HIBP) fast. Not just a bit fast, blisteringly fast and that includes when it’s under a huge amount of load [https://www.troyhunt.com/2014/09/10-things-i-learned-about-rapidly.html]. But there was something bugging me with the site when it came to performance and it was this: That’s right, 33 images loa...