HTTPS by default

18 June 2010

So, my website at jeremy.visser.name is now SSL–enabled, and I am in the process of updating links and images to use the correct https:// scheme.

Why? Because Stephen Conroy’s dunderheaded attempts to encroach on our relatively open Internet will require ISPs to sniff HTTP traffic on IP addresses that happen to fall on the ACMA blacklist. Because the blacklist is secret and subject to change without notice, my US–based Linode could have all its HTTP traffic sniffed on a whim.

Aside from the Australian Government creating a root CA and getting that included in major browsers (like what the Chinese did), it is not possible for them to sniff SSL–encrypted traffic to my site. So, to improve the privacy rights of my readers, those who use my code, and myself, all pages and bzr repositories available on the jeremy.visser.name domain are now HTTPS–enabled.

GoDaddy have an free SSL certificate scheme for open source projects. Because I write a lot about my open source goings-on, and host code on this site, I wondered if I would be eligible for the scheme. Turns out my request was a little unorthodox, and their identity verification system wasn’t properly equipped to deal with third-level registrations on the .name domain, but after some consideration they went ahead and provided me with a free SSL certificate. Thanks, GoDaddy!

I should mention that I am using TLS-SNI to serve the HTTPS version of this site, which means if you are using Internet Explorer, Chrome or Safari on Windows XP, you will get certificate errors. Sorry — nothing I can do about that, unfortunately. Also, I have been told Safari users on Mac OS X are getting certificate errors. Sorry about that, but the certificate is trusted on every other TLS-SNI supporting browser I have tested it on, so not sure what’s going on there.

I’m not redirecting users from the HTTP to HTTPS version just yet for two reasons: (1) I’m not sure what the best approach with regards to Google juice is, and (2) in case users cannot access the HTTPS version, they can still force the HTTP version. I’ll probably start redirecting in the near future though.

Paranoid? Maybe. Far-fetched? Definitely not.

IPv6–enabled

19 February 2010

This blog is officially IPv6–enabled, as of a few days ago.

The server-side IPv6 connectivity is admittedly powered by 6to4, which is not quite the real deal, but given that the nearest 6to4 gateway is 0.8msec away, I couldn’t very well pass the opportunity to stress test my new Linode.

I’m a pretty firm believer in the fact that IPv6 adoption is absolutely essential to the continued health and function of the Internet. I’ve been IPv6 tunneling from my house for years, had native IPv6 at my house since November, and though I’m certainly not the first to do so, it’s time to IPv6–enable my blog.

WordPress 2.8.5, and a minor bug

22 October 2009

I should mention that WordPress 2.8.5 has been released. No security holes as such, but fixes some other issues that were discovered in the past few weeks.

While I’m at it, here’s a weird bug I only just noticed in the post editing screen: in the Publish postbox (the one that contains the Publish button), when I click one of the Edit links, the edit link disappears, and when I press Cancel, it reappears. That’s fine, but when I open the top Edit link and another Edit link, and I press Cancel on the one that’s not the top, the top Edit link reappears even though the top Cancel link hadn’t been clicked.

What a mouthful. Let me show you a video. (To be honest, this whole post was just an excuse for me to use the <video> tag for the first time. I even had to write a WordPress plugin to let me upload .ogv files. Now my website officially doesn’t validate any more — whee!)

Read more…

So, what do you think?

10 July 2009

I’ve updated the design of this blog — again.

If you’re reading this post via a syndication feed, then you’re missing out on my sUpEr l33t aRTiSTIC skillZ! The visual design is based on a design mocked up with Inkscape. It’s strikingly similar to a header I drew back when I used the K2 theme.

And yes, if you’re viewing this with IE6, you’re probably wondering why it looks like complete crap. But, then again, if you are using IE6, you’re probably not going to be remotely interested in what I have to say on this blog either. Go back to your daily routine.

The main goal of this redesign was not to liberally apply alpha-blended PNGs; nor to create the yes-I’m-annoying-you-on-purpose-Coolvetica header. It’s the Identi.ca and Delicious integration on the front page. (Yay!)

Another goal was to make the site a leetle more presentable. I’m a big fan of minimalism, and while I put lots of effort into my previous design, it used simple shades of grey, and, I have to admit, it was a bit drab. So, I’ve brightened it up with the Tango palette.

After the demise of Mugshot, my blogging, bookmarking, and microblogging were no longer being aggregated into a single stream. So I brought them right here, inline with my blog feed. I often see people’s Twitter or Delicious widgets on their blog sidebar, but never have I seen it displayed inline in the blog feed before; nor could I find a WordPress plugin to do the job for me.

Don’t ask how I implemented it, by the way. It’s not exactly elegant. (*cough* output buffering *cough*)

Two more things: If you’re using a browser that doesn’t contain the substring MSIE in its user-agent ID, you should be getting served by the application/xhtml+xml mime-type. Let me know if you hit any XML well-formedness errors. Also, comments have been made a little prettier, and I enabled two-level threading (which means you can reply to a comment, but no replies to replies).

So, what do you think? Pukeworthy? Let me know.

WP 2.8 Design Challenge: to free or not to free?

26 April 2009

I just read that WordPress is holding a design challenge for a brush-up of the current administration administration interface for the upcoming version 2.8. Here’s an mockup of what they’re looking for in a new design:

Matt T's mockup

I am very happy with the WordPress 2.7 interface, and I am even happier that it is going to be polished and made even better with 2.8.

Unfortunately, entrants to the challenge must be based on the .psd file by Matt Thomas, which in their own words is because:

We’re providing Matt’s .psd file for you to work from. Please do not create your own file and submit that, since if your design is chosen but your file isn’t in the right format, we won’t have time to let you fix it. Just edit over the layers.

The problem? .psd is the proprietary format of Adobe Photoshop, which is a proprietary program that costs hundreds of dollars that also only runs on other proprietary operating systems.

So because I choose to use free software for my day-to-day tasks which is morally better and technically superior (SVG is much better for such mockups), I and hundreds of other WordPress contributors would be unable to submit my designs for the competition because of the simple fact that they choose to be locked into a proprietary format.

Photoshop may be the most widely used mockup program among web designers out there. So what? It requires you to step into a world of proprietary non-free software that has ideals directly contrary to that which enabled WordPress to flourish in the first place, and expend hundreds of dollars that is simply unnecessary.

I don’t mean anything personal to anybody — at Automattic or Adobe — I just thought the folks at Automattic were into this whole open source thing.

Do not alienate the community that gives you your very existence.

The solution? Don’t just accept open formats created by free software; actively encourage their use — hire someone who knows how to use them.