We Keep Coding

Automatically Host Content When Specific Nameservers

Basically, this is going to probably an incredibly generic and poorly crafted question. I do apologise in advance for that and hope you can look past that and potentially offer some solutions/help.
I am looking at starting a new project, which I guess functions similar to Shopify in a way. Users will pay a monthly fee and then get their own website which has a store-style thing on it.
I am comfortable with most aspects of making this, however, the one thing I'm not completely sure how to do is if they want to have a custom domain (which I assume most customers would). Based on my experience with services such as Spotify and Tictail, to do this I am going to have to get them to change their nameservers to my nameservers. After that, I'm not completely sure how it will function and how to set it up. All of the files for the sites are going to be pretty much the exact same so I don't need much to change there.
So basically my main question is, how would I develop it to automatically host certain content when someone sets their nameservers as my nameservers? I would like it to be completely automatic if possible, but I don't mind if there is a little manual input.
I'm super sorry if the question isn't worded properly or if it's confusing as I've never developed something like this. A simple point in the right direction would be much appreciated as I'm not too sure where to start with this.
Thanks

It depends on the server technology you use to provide such user related nameservers. If I understand you properly, you are looking to get something like:
# Your service runs here:
http://yourdomain.com
# For the user account (user specific application)
http://{unique_username}.yourdomain.com/
# Then you would have (for N users)
http://username0.yourdomain.com/
http://username1.yourdomain.com/
...
http://usernameN.yourdomain.com/
The way you have to avoid dns hijacking is to actually specify the nameserver in the server host configuration. There are many servers around which provide virtual host configurations to allow many different domain names in the same ip address.
As an example, in nginx this can be done using virtual hosts. In your case you would need to programatically create them. In order to do so, a file must be added to the folder /etc/nginx/sites-available. This could be a file called: /etc/nginx/sites-available/username0 with this content:
server {
listen 80
server_name username0.yourdomain.com;
root /path/to/app/;
...
}
So for your solution, you would create a file per customer user. In order to activate a new created virtualhost (server block), link it in the folder with path: /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-avaible/username1 /etc/nginx/sites-enabled/username1
sudo service nginx reload
Read more about dns hijacking here and have a look to virtual hosts implementations, like the nginx server blocks shown above, or the apache virtual hosts.
Good luck!

What should I use if xip.io is not an option in local install of Openshift?

The Openshift 'all-in-one' Vagrant box uses xip.io. The security team at my company has relayed to us that using 'xip.io' for a wildcard DNS could cause some security concerns. So given that 'xip.io' is not an option, how can I get this set up?

We ran into a similar issue at my company. The best answer, which is a bit dire, is that you'll need to set up your own custom DNS. Sorry to say because it is a bit annoying to do but not all that bad. Use this link, it should give you some guidance.
Basically, you'll need to /etc/dnsmasq.conf file to look like:
# Reverse DNS record for master
host-record=master.example.com,192.168.1.100
# Wildcard DNS for OpenShift Applications - Points to Router
address=/apps.example.com/192.168.1.100
The article goes into great detail. I'm not sure how network savvy you are, but if you're not, then I'd suggest roping in one of your ops guys to assist with this. Without a relatively good understanding of networking, setting this up would be quite difficult.

I understand that you can do this without requiring your own DNS.
Quickest way is to manually add required entries to /etc/hosts of your host system, mapping them to IP address that xip.io address would map to.
Alternatively set up dnsmasq something like the following.
$ cat /usr/local/etc/dnsmasq.conf
address=/.10.2.2.2.xip.io/10.2.2.2
address=/.ain1/10.2.2.2
address=/.10.1.2.2.xip.io/10.1.2.2
address=/.cdk/10.1.2.2
$ls /etc/resolver/
ain1 ain1-xip cdk cdk-xip ddns
$cat /etc/resolver/cdk-xip
domain 10.1.2.2.xip.io
nameserver 127.0.0.1
This is cut and paste from elsewhere and I don't use CDK myself so not sure about the IP addresses here, but I understand this shouldn't require you to set up separate DNS. The 'ain1' entry is for the OpenShift Origin all in one VM, which is equivalent to CDK for OpenShift, but using latest Origin upstream version.

2 NICs - selected traffic

I recently purchased another NIC for my computer so I could separate LAN-traffic from internet-traffic.
Long story short: How do I set it up to selectively use a certain NIC?
I'm using Windows 7 64bit, but am also interested in finding it out for Linux.
So far I found something concerning regedit with RandomAdapter = 1.
However that doesn't seem to be working as Skype is confused which card to use and general traffic still goes through the same NIC.
I also use a Switch behind my PC and between my router, but I am willing to invest in a... I forgot the 4-letter-combination capable switch that lets me utilize that function.
Could you please share your wisdom with me?
Any help is appreciated!
edit 01: Accepted solution by Amit:
So do I have to delete ALL routes and then make 2 new ones, one for each NIC ?
route -f
route ADD 192.168.X.IP1 MASK 255.255.255.0 192.168.X.X METRIC 10
route ADD 192.168.X.IP2 MASK 255.255.255.0 192.168.X.X METRIC 10
Is this correct?

For windows, this can be set up with the command line utility "route".
Open a command prompt, type route /? and go from there...

Many applications allow you to bind to a specific IP address, see the settings pages.

Using a SSl certificate [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
So, I'm brand new to creating a https-compatible site.
I'm currently working with a client with whom I developed a custom Facebook tab for; the files are currently hosted on my server which I have not purchased a security certificate for.
My client has a security certificate for one of their websites, which I do not have access to. My client sent me a text file with a combination of letters and numbers, and I have absolutely no idea what I'm supposed to do with it.
Anybody have any clue how I'm supposed to use it?

In short, you (probably) can't use it for that. But we need to check to be sure.
Background
As you know, SSL is used to secure the communication between two systems, one a server and the other a client (well, for the purposes of this communication link anyway). For the code that sits on initiating, client end of the communication channel to know that it's talking to the right server, it needs not just to have secure communication but also the identity of the server. (Without that, DNS spoofing or any number of IP-level tricks would be utterly massive problems.) This is where certificates come in.
Servers have a cryptographic identity (a public/private key-pair) that they use as part of the boot-strapping of the SSL connection which proves who they are. The public part of that is told to anyone who asks, and the server proves that it has private part through the fact that it can do the key-pair based cryptography (basically, that's mathematical magic, a.k.a. number theory). Then, all the client has to do to know whether to trust the connection is to work out whether they trust the identity stamped into the public key. This can either be by having been previously told directly “trust this certificate” or by the fact that it was digitally signed by someone it trusts (which is how the Certificate Authority system works).
A certificate is basically the public key of a key-pair, at least one digital signature, plus additional information. Examples of the additional information that could be there are the name of the host for which this is a certificate, the period of time for which the certificate is valid, who the administrative contact is, or where to go to find out whether the certificate has been withdrawn early. There are many other options.
What to do with a bare certificate?
With a bare certificate (in PEM format, as you say) all you can do is add it to your collection of trusted certificates or look at the information encoded within the certificate. So we'll start by looking at the information. For that, we use the openssl program (which has a horrible command line interface):
openssl x509 -in thecert.pem -text -noout
That will splurge a whole bunch of information out. The most important part is the “Subject” field; what or who is this certificate talking about? Since this is about HTTPS (which imposes a few extra constraints of its own) we should check whether that contains a hostname of some kind, and what host it is talking about.
Now you have the information to be able to figure out what's going on.
If the whole certificate matches up (especially the digital signature) with what you've already got deployed on your own HTTPS-enabled server, then your customer has just sent you back something you already have. Ho hum.
If the hostname is for a machine that you control and your customer doesn't (e.g., your development server) then your customer has just tried to get a certificate on your behalf. That's a bit of a no-no, but I advise taking it well — especially if you've not yet set up HTTPS. For the purposes of testing, you can get your own single-host certificate (that signs a public key where you've generated the private key yourself) for next to nothing. It's also a reasonable expense to bill your customer.
If the hostname is for the machine where the customer has told you they want to deploy your code in production, then they've just given you something you don't really need. I suppose it might be relevant for client code that wants to connect to the deployment server, but that's not as useful as all that; certificates expire, stuff moves round, and all sorts of things happen in production that can mean that it is useful to issue a new server certificate. Having to push updates to all the deployed clients just because someone accidentally deleted the server certificate without keeping a backup (a more common thing than you might wish) would Truly Suck. Thus, the deployment host certificate is not something you should need.
If its none of these, and it's a long lived certificate (check the Validity field from the information you printed out before) then it might actually be the certificate of a back end service that you're supposed to talk to. Or the certificate of a private CA that signs all the certificates of the back-end services that you talk to. (Are you doing this? I don't know, and I don't know your app, but it's quite possible.) In this case you would add the certificate to the list of trusted certificates in your code (the exact way depends on how your code handles SSL) and this is the only use I can think of for a certificate at the stage you're at.
Trouble is, I don't think (on the basis of what you write) that it's all that likely. Talk to your customer; security is something where you want to get it right, and use and trust of certificates is key to that.
If it's truly none of the above, talk to the customer and say you're a bit confused. I know I am in this case!

Make a CD run once [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
We're doing an "Amazing Race" kind of event, and thought it would be cool to have CDs that could only play once... like a "this message will self destruct in 5 seconds..."
Any thoughts on how to do this? I was thinking it could be a compiled HTML website that would write a cookie and only play once. I don't want to write to the registry (don't want to depend on windows, don't want to install anything, etc).
I also don't care if it's hackable... This is a one-time fun event, and I don't really care too much if people could remove the cookie or something.
Any other ideas?

If the content is HTML and run inside a normal browser window, then a cookie may work but there are caveats:
User runs the CD once when IE is the default browser. User runs at a later time, when Firefox is the default browser so cookie cannot be checked.
The browser's security settings may be locked down to prevent use of script so the cookie cannot be set (more of an IE problem).
An alternative might be Flash's equivalent of cookies, but if script was locked down then the same may be true for Flash.

If you used Flash to create the content, you could then use a wrapper program such as Zinc to produce cross-platform executables of the content.
Then, the Flash could use its version of cookies (local shared objects) to determine when the content has been displayed - write to the LSO the first time and read from it thereafter.

I would say encrypt (part of) the contents of the disc with a unique one time pad, that you request from a server that does a read directly followed by a delete of the decryption key. You could write an identifier on each disk so you can use multiple disks, each with a unique key.
This requires network access and some encryption tools, but a very simple implementation would do what you want it to do, is feasible, and it would be 'unbreakable' unless the one time pad is captured and stored.
If just for fun, this should be secure enough.

You can create a volatile registry entry. It will only exist untill the computer is restarted. This solution is very much "hackable", but it is simple and may suffice for what you want to do.
Take a look at the REG_OPTION_VOLATILE here.

Will the computers this is run on have internet access? You can easily load up a remote url (execute 'start http://yoururl.com' from autorun.inf), store the cookie and prevent it from being loaded again if the cookie exists.

If it's allowed to be hackable, then I'd just go with a simple solution of HTML + JavaScript, requiring (say) a GUID to enter, with some silly obfuscation in the code to validate the GUID.
What I mean by silly obfuscated validation is something like putting together a big array of ROT13'ed GUIDs, then adding code to only accept the Math.floor(PI * E + 32/(new DateTime()).getYear())'th GUID in the array, and ROT13 it again using sufficiently uncommented/unclear code, then check the user input against the result. Do it all in one line for kicks, or generate the GUIDs in some pseudo-random manner using a known seed... you get the idea :).
The only snag might be if IE doesn't allow local JavaScript? Hmm, looks like they'd need to deal with the InfoBar thing :(.

You could also set a registry key that would prevent playing, though this could be bypassed.

I think your best bet is to use Rewritable media for this. You can create your application easily, like HTML site or something like that, and after the last link or last page, however you decide to do you could execute a script with some command-line burner that would erase the rewritable media, or even write an ISO that you keep in CD with a text file or a flash that explains that the CD is lost forever.
Give a look at some Command Line Burners. Linux have several, that isn't worth to mention here, for windows you can use Cheetah CommandLine Burner among several others.
If you wish to do a CD without depending on the installed OS you should give a look at LIVE CDs. FreeDOS is a choice for "DOS Compatible applications" or my suggestioon you use a Linux live CD.
Also you will have several options for small HTTP servers, like lighthttpd and even browsers in several flavors from text interfaces to the graphical ones.
Good luck on the race :D. Great idea BTW!

Make a Java Swing application. That will not require Internet and it runs on Mac, Windows, and Linux. You can write to the file system for the lock. System.getProperty("user.home") gives you the home equivalent for the platform. You might have to include a jre in your CD.

Not quite what you're looking for, but you could put in on re-writable media and have an executable over-write itself (or part of itself).
I don't know if a CD-RW could do that automatically, or if you would have to look at cheap USB sticks.