Pinterest and using the X-Frame-Options header for security

Nancy was having some trouble getting her application to create Pinterest Rich Pins working. The validator tool (and tech support) were not very helpful. The error just said:

We were unable to retrieve any data from your URL.

Pinterest Validator tool failure

I tried verifying that there was no intra-AWS connectivity issues (Pinterest’s tool lives in AWS, but so does Nancy’s site),  but I could see in the Apache logs that Pinterest was getting an HTTP-200 OK response.

It then dawned on me that I had – in a fit of security consciousness – turned on click-jacking protection on all my self-hosted domains.

The only problem being, Pinterest uses an IFRAME to validate that your Rich Pins are correctly marked up with Schema.org tags. By using X-FRAME-OPTIONS: SAMEORIGIN, I was blocking the tool from framing the page, and thus validating the content.

Sure enough, turning the click-jacking protection off fixes it.

So, if you are seeing the error “We were unable to retrieve any data from your URL” with the Pinterest Rich Pins Validator, you may want to check your site to see if you’re using  X-FRAME-OPTIONS using SecurityHeaders.io’s handy tool.

Posted in tech | Tagged , , , | 1 Comment

Problems with external webcam and Mac OS X Mavericks & Yosemite

My main computer is a Mac Mini, so it doesn’t have a built-in iSight camera like Apple’s laptops and iMacs.

Since my beloved Firewire iSight camera died, I’ve been using a Microsoft LifeCam HD – recommended by many for use with Macs.

With both OS X Mavericks and Yosemite I’ve noticed that the auto-exposure is completely off in all applications – Apple’s own apps like Facetime and Photo Booth, as well as Microsoft’s Skype. As USB webcams are plug-and-play in OS X, there is no interface for adjusting settings, which is mighty annoying.

Here is what video performance is like on the LifeCam, compared to my MacBook’s built-in cam.

massively over-exposed - and no way to adjust it

massively over-exposed – and no way to adjust it

well balanced video, no need to tweak

well-balanced video, no need to tweak

Googling around, I found a post by Dominic Szablewski that addressed this exact issue. His free little app fixed the auto-exposure problem, although I’m not sure the fix will stick. Huzzah!

Posted in tech | Comments Off on Problems with external webcam and Mac OS X Mavericks & Yosemite

Henry Hate’s new site is live

Henry Martinez has re-launched his site, and it’s live at henryhatestudio.com

Posted in friends | Comments Off on Henry Hate’s new site is live

Sky Broadband blocking all non-Sky email via IMAP & SMTP

Sky Broadband LIMITED

not so unlimited, eh?

I do some IT support for a friend’s small business and they use my Dreamhost hosting for their email. All was working fine up until a few weeks ago, when all access via OS X Mail stopped working.

I thought it might be a transient thing and told them to use webmail, and went off on my hols.

Today I went over to see what was wrong, and having worked for a large ISP, I’m shocked to find that Sky Broadband are blocking desktop email for accounts that aren’t their own.

For residential ISPs, some blocking is to be expected. Port 25 is used to send email that requires no login, and in an effort to stop spammers abusing this system, most responsible ISPs block this particular port. But the ports used to send email that require a login are normally left open so that people can still use other email systems.

Sky – for reasons known only to itself – are blocking not only the means to send email using authenticated SMTP, but also seem to be blocking receiving email via IMAP. I have never known an ISP to do this, and I can think of no reason why a responsible ISP would seek to do this. The systems to send email can be abused by spammers, but I can’t think of any nefarious way to read email.

I verified that the block was happening by setting my iPhone up with the correct SSL secured settings. Using my 4G connection, reading and sending email both worked fine. Connecting to the Sky Broadband wifi stopped me reading and sending email.

Searching online, Sky have a FAQ about this. Their “fix” is to setup your Sky Yahoo mail account to spoof the address you are trying to use. Anyone who runs their own email system for business or pleasure should have a problem with this:

  • Yahoo Mail has a less than stellar reputation for security
  • Yahoo is often used by spammers, so it is very likely that Yahoo’s systems for sending email are going to be blacklisted than your own, if set up correctly
  • This breaks anti-spam systems like DKIM and SPF unless you make changes to your domain, which effectively says that people can trust emails as coming from you even if they come from one of the spammiest parts of the Internet
  • Using two systems for sending email (office and home) means that your IMAP folders can get out of sync

Anyway, in my opinion, this is draconian in the extreme. Rather than being motivated by security concerns, the fact that Sky are blocking secure and authenticated sending as well as reading email means that it must be an attempt to drive people to use the Sky Yahoo offering – perhaps to drive up advertising impressions?

 

Posted in tech | Comments Off on Sky Broadband blocking all non-Sky email via IMAP & SMTP