Write.as uses an old, insecure version of Nginx

Hey guys!

So I’m a paid subscriber of Write.as and I use it for my blog. I performed a routine security audit on my infrastructure and noticed that the version of Nginx that Write.as ships with their version of Write Freely is outdated and insecure. Are there any plans to update this to the latest version in the name of being privacy-respecting? Thanks!

Is there any news regarding this?

Might be nice to enable HTTP2 support as well. I was recently asking about how things are hosted

Is Write.as served by Nginx, Apache, or something like that? I noticed that testmysite.io reports that HTTP2 is not enabled, but should be a one-line fix in Nginx config or there’s the more bleeding-edge approach https://h2o.examp1e.net/ :wink:

1 Like

interesting . imho theres far too much uncertainty already introduced by stuff like standardizing ssl via dns and all of the emergent things which go against the general grain of the ietf draftspecs and some things cern is working on / working out… this would only add a wee bit much too much complexity and the potential for fractalized loci therein with respect to the experiential topology would decimate a potential macro adoption curve, or a useful trackable one for solid development.

too many kinds of soup noodles ruins software interoperability and congruence, whereas with human expression it is quite desirous.

hope that perspective helps a bit.

The internet has grown and evolved a bit since HTTP1.1 sadly haha

HTTP/2 has been an approved IETF spec for years and is already widely apoted. There’s not a more popular standard that this is trying to competed with. This is the mainstream.

Not asking for an implementation, just a config file change to enable something already implemented in the server software.

Fractalized loci of what?

2 Likes

OH!!! its the updated draftspec. pardon me i understand this now. thank you. :slight_smile:

loci of users- that remark is now irrelevant by the updated understanding of what you were actually talking about. :laughing:

Just a heads up that we’re running a more up-to-date version of nginx now, and have enabled HTTP2!

2 Likes