Fix typo

Update deployment documentation

See merge request autonomic-cooperative/autonomic-cooperative.gitlab.io!19

.gitlab-ci.yml

@@ -25,5 +25,4 @@ deploy:
     paths:
       - public
   only:
-    - master
     - tags

CHANGELOG.md

@@ -1,9 +1,24 @@
 # Change Log
+
 All notable changes to this project will be documented in this file. The format
 is based on [Keep a Changelog] and this project adheres to [Semantic Versioning].
 
 [Keep a Changelog]: http://keepachangelog.com/en/1.0.0/
 [Semantic Versioning]: http://semver.org/spec/v2.0.0.html
 
+## [1.0.2] - 2017-11-05
+
+## Added
+- [#18]: Add shared account email.
+
+[#18]: https://gitlab.com/autonomic-cooperative/autonomic-cooperative.gitlab.io/merge_requests/18
+
+## [1.0.1] - 2017-10-14
+
+## Added
+- [#17]: Added automated Gitlab CI production builds.
+
+[#17]: https://gitlab.com/autonomic-cooperative/autonomic-cooperative.gitlab.io/merge_requests/17
+
 ## [1.0.0] - 2017-10-04
 - Initial Release

Makefile

@@ -1,18 +1,6 @@
 DEV_DIST_DIR:=dist
-PROD_DIST_DIR:=proddist
-PROD_REMOTE:=git@gitlab.com:autonomic-cooperative/autonomic-cooperative.gitlab.io.git
-PROD_BRANCH:=production
 
 devserver:
 	@echo "Serving development site from $(DEV_DIST_DIR)"
 	@jekyll serve --watch --incremental --destination $(DEV_DIST_DIR)
 .PHONY: devserver
-
-release:
-	@echo "Building production site into $(PROD_DIST_DIR)"
-	@jekyll build --destination $(PROD_DIST_DIR)
-	@echo "Resetting existing production branch"
-	@git push $(PROD_REMOTE) $(PROD_BRANCH) --delete
-	@echo "Pushing latest $(PROD_DIST_DIR) contents to the upstream production branch"
-	@git subtree push --prefix $(PROD_DIST_DIR) $(PROD_REMOTE) $(PROD_BRANCH)
-.PHONY: release

README.md

@@ -21,15 +21,39 @@ Please see [CONTRIBUTING.md] for the juicy details.
 
 # Make A New Release
 
-Firstly, you'll need to tag and push the latest HEAD with:
+Please add a new [change log] entry. This helps us track released changes easily.
+
+[change log]: https://gitlab.com/autonomic-cooperative/autonomic-cooperative.gitlab.io/blob/master/CHANGELOG.md
+
+Then, [tag a new commit] and send it upstream with:
+
+[tag a new commit]: https://git-scm.com/book/en/v2/Git-Basics-Tagging
+[semantic versioning]: http://semver.org/
 
 ```bash
-$ git tag -a <YOUR-VERSION-NUMBER> $(git rev-parse HEAD)
+$ COMMIT=$(git rev-parse HEAD)
+$ TAG=6.6.6  # enter your new tag
+$ git tag -a $TAG $COMMIT
 $ git push upstream master --tags
 ```
 
-Then make a release with:
+You can also use the [Gitlab tags UI] for this.
+
+[Gitlab tags UI]: https://gitlab.com/autonomic-cooperative/autonomic-cooperative.gitlab.io/tags
+
+Our [deploy] CI stage will push the new site to [the production branch].
+
+[deploy]: https://gitlab.com/autonomic-cooperative/autonomic-cooperative.gitlab.io/blob/d16aec42bd2ddd7449f55d9f06b03499cc660b22/.gitlab-ci.yml#L17
+[the production branch]: https://gitlab.com/autonomic-cooperative/autonomic-cooperative.gitlab.io/tree/production
+
+Watch the [CI/CD pipeline] to see that it builds successfully.
+
+[CI/CD pipeline]: https://gitlab.com/autonomic-cooperative/autonomic-cooperative.gitlab.io/pipelines
+
+Then head over to [fullyautomatedluxuryinfrastructure] and run:
+
+[fullyautomatedluxuryinfrastructure]: https://gitlab.com/autonomic-cooperative/fullyautomatedluxuryinfrastructure
 
 ``` bash
-$ make release
+$ ansible-playbook orgs/autonomic/gitlabpages.yml
 ```

bin/deploy

@@ -21,7 +21,6 @@ eval "$(ssh-agent -s)"
 ssh-add <(echo "$SSH_PRIVATE_KEY")
 echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
 
-# ./deploy.sh -m "Git tag: $(git describe --exact-match HEAD)"
+./deploy.sh -m "Git tag: $(git describe --exact-match HEAD)"
-./deploy.sh -m "Hello, World!"
 
 rm -Rfv .ssh

src/_includes/contact.html

@@ -3,7 +3,7 @@
   <header class="major">
     <h2>Get in Touch</h2>
     <p>Contact us to discuss your project's needs and arrange a consultation.</p>
-    <p><a href="mailto:autonomic@posteo.net">autonomic@posteo.net</a></p>
+    <p><a href="mailto:autonomic-coop@posteo.net">autonomic-coop@posteo.net</a></p>
     <p>
       If you use encrypted email, here is our <a href="{{ "/assets/pgp/autonomic-key.asc" | relative_url }}">PGP key</a>.
       Our key fingerprint is: <br/><code id="fingerprint">82FC 87C5 1A71 902F DC10 2CF5 4F90 D55B B24B 1147</code>

src/_includes/services.html

@@ -71,7 +71,7 @@
         <p>
           A grounded and principled understanding of the cybersecurity domain can ensure
           your organisation is not liable to any unwanted security threats. We provide
-          structured training.
+          structured training taliored to your threat model.
         </p>
       </li>
     </ul>

src/_posts/2016-09-23-our-founding-principles.md

@@ -1,8 +1,8 @@
 ---
 layout: post
 title: Our Founding Principles
-description: Autonomic Co-operative And Our Core Values.
+description: Autonomic Co-operative And Our Core Values
-image: pic01.jpg
+image: thinkpad.jpg
 category: values
 date: 2017-10-03
 ---

src/_posts/2018-01-11-spectre-and-meltdown.md

@@ -0,0 +1,150 @@
+---
+layout: post
+title: Spectre and Meltdown
+description: A Spectre Is Haunting Our Processors...
+image: spectre.jpg
+category: values
+date: 2018-01-11
+---
+
+Autonomic have now completed the process of applying patches to to all
+of our servers in response to the so called Spectre and Meltdown 
+vulnerabilities. Our upstream providers have also confirmed that they have
+patched their infrastructure. We will monitor the situation as it develops.
+
+We are currently super busy with clients so we decided to repost the
+excellent security bulletin from our friends over at [Rise Up](https://riseup.net/) 
+which goes into detail oh how to update various operating systems. All credit
+to them for the rest of this blog post.
+
+## The Facts
+
+As you have probably read, there are three related security problems in
+contemporary CPUs. These vulnerabilities open the potential for a
+nefarious program to steal passwords, secrets, and personal information
+from you computer, even if the program is just Javascript loaded from a
+web site you visit. These vulnerabilities are as serious as they sound,
+and you should take action to upgrade your software. 
+
+* The first flaw, called "Meltdown," affects nearly all Intel CPUs and
+has been fixed with updates to most operating systems. 
+
+* The two other flaws, called "Spectre," apply to nearly all CPUs built
+in the last 20 years, not just Intel, although they are more difficult
+to exploit. There are no permanent fixes for Spectre available at this
+time, although if you update your software you will make these attacks
+much less likely. 
+
+You should take *both* these steps now, for all your devices: 
+
+* Upgrade your web browser (see below). These fixes make the new
+attacks against CPUs more much difficult. 
+
+* Upgrade your operating system. There are updates available for
+Windows, macOS, and GNU/Linux that fix the Meltdown vulnerability for
+Intel CPUs and provide some mitigations for Spectre. Additionally, new
+releases of iOS and Android have mitigations for Spectre.
+
+Better fixes will continue to arrive in the next weeks/months for your
+operating system and software. Please keep your system up to date! 
+
+## Browsers 
+By updating your browser, you can make it significantly harder for an
+attacker to steal secrets off your computer using Javascript loaded from
+a web site you visit. 
+
+Firefox version 57.0.4 and later [includes mitigation measures](https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/) 
+against Spectre attack. 
+
+Edge has been updated to include Spectre migitations. When you apply the
+latest Windows update, you will get the new version of Edge. 
+
+Safari will be updated very soon, according to Apple. Check the App
+Store updates. 
+
+Chrome will include Spectre mitigations starting with version 64, to be
+released Jan 23. In the mean time, you can change your configuration to
+greatly mitigate [against the Spectre vulnerability by enabling](https://support.google.com/chrome/answer/7623121?hl=en)
+ "site isolation."
+
+Additionally, please see [Rise Up's better browsing guide](https://riseup.net/en/better-web-browsing) for
+instructions on best practices for securing your web experience (which
+will also help mitigate against these new attacks). 
+
+## Windows 
+For Windows 10, you must first upgrade any anti-virus software before
+upgrading Windows. [Failure to do so may make your computer stop working](http://www.theregister.co.uk/2018/01/04/microsoft_windows_patch_meltdown/).
+
+To upgrade Windows 10: 
+
+```
+Select the Start button, and then go to Settings > Update & security > Windows Update, and select Check for updates. 
+```
+
+Now is a good time to enable automatic updates: 
+
+```
+Select the "Start" button, then select "Settings" > "Update & security" > "Windows Update" > "Advanced options" 
+and then under "Choose how updates are installed", select "Automatic (recommended)". 
+```
+
+If you are running Windows 7 or 8, an update is also available. 
+
+## macOS 
+If you already have macOS version 10.13.2 then you are [protected against Meltdown](https://support.apple.com/en-us/HT208394). 
+Otherwise, to upgrade macOS: 
+
+```
+Open the App Store app on your Mac. Click "Updates" in the App Store toolbar, then use the "Update" buttons 
+to download and install any updates listed.
+```
+
+Now is a good time to check enable automatic updates: 
+
+```
+Select the Apple menu, then select "System Preferences" > "App Store" > "Automatically check for updates". 
+```
+
+Apple plans to soon release an update to Safari browser to provide some
+mitigation against Spectre. 
+
+## iOS
+Apple has said that iOS is affected by Spectre, and an update to
+mitigate against most of the new attacks has been released. If you have
+iOS version 11.2 or later, [then you are good](https://support.apple.com/en-us/HT208394). 
+
+To check for new updates, go to `Settings > General > Software Update.` 
+
+## Android 
+The bad news is that Android is vulnerable to Spectre and unless you
+have a Google-branded phone or run a custom firmware you might not get
+an update for months, if ever. However, the consensus among security
+researchers at the moment is that the Spectre attack is difficult enough
+that there are probably easier ways to compromise an Android device.
+Yeah? 
+
+There is one thing you can do now to make your Android device more safe
+against these new CPU attacks: 
+
+* Turn on ["site isolation" in Chrome](https://support.google.com/chrome/answer/7623121?hl=en)
+* Upgrade Chrome Browser after Jan 23. 
+* Alternately, use Firefox for Android. 
+
+## Debian/Ubuntu GNU/Linux 
+Run "Software Center" or "Software Updater." 
+
+Alternately, open a terminal and type: 
+
+```
+sudo apt update 
+sudo apt upgrade 
+sudo reboot 
+```
+
+## Fedora GNU/Linux 
+Open a terminal and type: 
+
+```
+sudo dnf --refresh update kernel 
+sudo reboot 
+```