Categories
Technology

Google and the power we give in exchange for security

A couple of weeks ago,  I received an email from Google. It read:

Chrome will show security warnings on http://burningbird.net

To owner of http://burningbird.net,

Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

The following URLs on your site include text input fields (such as < input type=”text” > or < input type=”email” >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.

http://burningbird.net/tag/foia/

http://burningbird.net/tag/standards/

http://burningbird.net/tag/epub/

http://burningbird.net/

The new warning is part of a long term plan to mark all pages served over HTTP as “not secure”.

Here’s how to fix this problem:

Migrate to HTTPS
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, only collect user input data on pages served using HTTPS.

Like many web sites, mine contain an input field that people can use to search through articles. It’s this search field that triggered the warning.

Categories
Technology

Integrating WordPress’ Multisite support

In the past, I’ve skipped between supporting multiple sites and only having a single site, here at Burningbird.

I like different domains and sites so that people can focus primarily on the topics they like. For instance, tech people may get a bit tired of my political writings, and those interested in the political writings may not care for in-depth overviews of JavaScript.

The main issue with multiple sites, though, is the amount of work to maintain the software for each site. In fact, that’s been a real pain in the past, and the reason I took down the individual sites.

Thankfully, WordPress has very good multisite support now. I can support different sites with different domain names, and you all have no idea it’s all fed by the same WordPress installation. More importantly, if I decide to subscribe to a security system for my site, such as Wordfence, I only need one subscription. Considering how much my site gets hammered on a daily basis, I’m definitely interested in increasing my security. However, security API keys are not cheap. They’re too expensive to get one for every domain.

I’m also eliminating all statically generated web pages. I just wiped out the old weblog.burningbird.net site. I thought about keeping some of the old content but then realized people have enough stuff to read, they don’t need to see stuff that’s 15 years old. In addition, I’m adding newer statically generated content into WordPress, in preparation for converting everything over to the secure version of HTTP, HTTPS.

As I add active content to new sites, I’ll post a note linking to them. Right now, I have active content here and at One Lawsuit.

Categories
Government Technology

They… are watching you

Today, Trump is likely to sign the latest in Congressional Review Act bills, this one to overturn a new FCC rule that would force ISPs to get permission from users to collect and share personal information.

The Senate was the first to toss the privacy rule, followed by the House. The vote was along party lines. Kudos to the Democrats for looking out for us, but the party-line Republican vote was a little surprising considering the number of libertarians among the Republicans. Libertarians have a real thing for privacy. I expect Rand Paul will have some explaining to do the next time he runs for re-election.

Categories
Technology

Tech: A Welcome Respite

It’s long past time for me to return to technical writing, if only because I need a respite from the battle against Trump and his evil minions.

It helps that there is a lot to be excited about—in a good way—in the tech world. The Node community seems to be moving beyond its early growing pains and is starting to stabilize. There’s still occasional drama, but not enough to make you scream in horror and run away.

My beloved SVG is really coming into its own with widespread support. I’ve been waiting years for this. There are great libraries to make it easier to build applications, but for me, the holdup has always been browser support. Now, I can party.

CSS! Can you believe what you can do with CSS now?  Not to mention that the W3C has really its act together when it comes to documenting what’s happening with specs.

Speaking of specs…HTML is no longer held hostage by a tin-plated dictator.  I’m sorry, did I say that out loud? I did notice that the working group mailing list is extremely quiet nowadays. This is because all the action has moved to GitHub. Probably more efficient. Not as fun.

Excellent news about the W3C and IDPF merging their efforts.

The vision to align Publishing and Web technologies and create a new roadmap for the future of publishing became official today with the announcement that the World Wide Web Consortium (W3C) and the International Digital Publishing Forum (IDPF) have combined organizations.

 

Categories
Technology

OnHub: Google’s Newest Miss/Hit?

Google is known for many things, including being wildly successful and a major cultural impact. But its path is also littered by the skeletal remains of failed projects.

Search, Maps, GMail, Chrome, Android, and some of the Nexus devices—not to mention its acquisition of the ubiquitous YouTube, as well as a successful set of hardware with recent purchases of Nest and Dropcam—are decided hits. But they’re matched by the misses, including Dodgeball, Notebook, Wave, Lively, Nexus Q, and Google Glasses. Reader was successful software that Google abandoned, and Google+ never has achieved the reach of Facebook.

Now we have a new entry into the Google sphere of products in which to dominate the world: OnHub. The question becomes, will it be a hit? Or another miss?