Brought to you by HTTPS

As you can see when you access this page, I’ve made the move to HTTPS. I detail the experience at my new technology-only site, Shelley’s Toy Box.

I upgraded my server before I made the move, and eliminated all the cruft. I also moved my DNS records over to my name registrar, rather than manage on the server.

All in all, the experience was challenging at times, but also interesting. It was fun tweaking with the tech, and I need to do more tech tweaking in the future.

One of the downsides to the move is removing my archived statically generated HTML pages. I now get, on average, over seven hundred 404 requests a day. The numbers will go down as I gradually add the older content into this site, and as search engines drop references to the missing pages. Still, I feel like one big link black hole right now.

The Wayback Machine is extremely helpful when it comes to recovering pages that, for whatever reason, I don’t have backups for. I even found a link to my earliest weblog, a Manila site, hosted by Dave Winer and Userland.  I was excited when I found the link. My reactions to the events of 9/11 were recorded in my Manila weblog, and I don’t have a backup of the old posts.

I could have dropkicked Dave Winer when I discovered all the pages have the same message:

Your crawler is hitting our servers too hard. Please slow down, it’s hurting the service we provide to our customers. Thanks. webmaster@userland.com.

Thankfully most of the pages for my many other sites and weblogs are intact. When I restore a page, I try to include a link to the Wayback Machine archive page, because the site also archived the comments.

Seriously, if you’re not donating to the Internet Archive, you should think about starting. It’s our history.

Google and the power we give in exchange for security

A couple of weeks ago,  I received an email from Google. It read:

Chrome will show security warnings on https://burningbird.net

To owner of https://burningbird.net,

Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

The following URLs on your site include text input fields (such as < input type=”text” > or < input type=”email” >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.

https://burningbird.net/tag/foia/

https://burningbird.net/tag/standards/

https://burningbird.net/tag/epub/

https://burningbird.net/

The new warning is part of a long term plan to mark all pages served over HTTP as “not secure”.

Here’s how to fix this problem:

Migrate to HTTPS
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, only collect user input data on pages served using HTTPS.

Like many web sites, mine contain an input field that people can use to search through articles. It’s this search field that triggered the warning.

Continue reading “Google and the power we give in exchange for security”

Integrating WordPress’ Multisite support

In the past, I’ve skipped between supporting multiple sites and only having a single site, here at Burningbird.

I like different domains and sites so that people can focus primarily on the topics they like. For instance, tech people may get a bit tired of my political writings, and those interested in the political writings may not care for in-depth overviews of JavaScript.

The main issue with multiple sites, though, is the amount of work to maintain the software for each site. In fact, that’s been a real pain in the past, and the reason I took down the individual sites.

Thankfully, WordPress has very good multisite support now. I can support different sites with different domain names, and you all have no idea it’s all fed by the same WordPress installation. More importantly, if I decide to subscribe to a security system for my site, such as Wordfence, I only need one subscription. Considering how much my site gets hammered on a daily basis, I’m definitely interested in increasing my security. However, security API keys are not cheap. They’re too expensive to get one for every domain.

I’m also eliminating all statically generated web pages. I just wiped out the old weblog.burningbird.net site. I thought about keeping some of the old content but then realized people have enough stuff to read, they don’t need to see stuff that’s 15 years old. In addition, I’m adding newer statically generated content into WordPress, in preparation for converting everything over to the secure version of HTTP, HTTPS.

As I add active content to new sites, I’ll post a note linking to them. Right now, I have active content here and at One Lawsuit.

They… are watching you

Today, Trump is likely to sign the latest in Congressional Review Act bills, this one to overturn a new FCC rule that would force ISPs to get permission from users to collect and share personal information.

The Senate was the first to toss the privacy rule, followed by the House. The vote was along party lines. Kudos to the Democrats for looking out for us, but the party-line Republican vote was a little surprising considering the number of libertarians among the Republicans. Libertarians have a real thing for privacy. I expect Rand Paul will have some explaining to do the next time he runs for re-election.

Continue reading “They… are watching you”

Tech: A Welcome Respite

HTML5 logo with cat claw scratch

It’s long past time for me to return to technical writing, if only because I need a respite from the battle against Trump and his evil minions.

It helps that there is a lot to be excited about—in a good way—in the tech world. The Node community seems to be moving beyond its early growing pains and is starting to stabilize. There’s still occasional drama, but not enough to make you scream in horror and run away.

My beloved SVG is really coming into its own with widespread support. I’ve been waiting years for this. There are great libraries to make it easier to build applications, but for me, the holdup has always been browser support. Now, I can party.

CSS! Can you believe what you can do with CSS now?  Not to mention that the W3C has really its act together when it comes to documenting what’s happening with specs.

Speaking of specs…HTML is no longer held hostage by a tin-plated dictator.  I’m sorry, did I say that out loud? I did notice that the working group mailing list is extremely quiet nowadays. This is because all the action has moved to GitHub. Probably more efficient. Not as fun.

Excellent news about the W3C and IDPF merging their efforts.

The vision to align Publishing and Web technologies and create a new roadmap for the future of publishing became official today with the announcement that the World Wide Web Consortium (W3C) and the International Digital Publishing Forum (IDPF) have combined organizations.