Back in April some jackass promised that there would be a follow-up post about migrating bsd-box.net to use the LetsEncrypt CA.
Oh right, that was me.
As usual life interfered, but here's the followup: The bsd-box.net server has been replaced with a shiny new machine, LetsEncrypt is still my CA of choice for this system, and a bunch of other things have changed. More below the jump.
Continue reading "A new server, and a few more words about LetsEncrypt."
Most if not all readers of my blog are probably aware of the Lets Encrypt project, which officially exited Beta this month.
For those of you not familiar with it, the basic premise is "It's the goddamn 21st century, and there is no reason every website shouldn't be available over HTTPS. We're giving away certificates for free, and giving you an automated tool to acquire and renew them. You have no more excuses!"
Most of you also know I was originally quite skeptical of this project: I'm not a huge fan of trusting third-party programs with my cryptography, and I like to ensure that I'm maintaining control of the impotant bits (like private keys) at all times. The final implementation however appears to be well-designed and reasonably secure, enough so that I have used it for this year's certificate renewal on bsd-box.net.
Continue reading "A few words about Lets Encrypt"
What follows is a brief description of the Lets Encrypt process on FreeBSD: Its successes, its failures, and some thiings I may be submitting patches for in the near future.
Tom Limoncelli (yes, that Tom) recently wrote a blog post that came to my attention by way of Twitter in which he lamented his bank's scheduled downtime and the implications of routine "weekend work" in terms of an organization's respect for the time and work-life balance of its sysadmin staff.
This was posted the "Rants" section of his blog and is obvisouly ment to be taken as slightly tongue-in-cheek alongside the idea that every sysadmin in geekdom's creation would really rather be watching the Star Wars movie, but it's broadly representative of an attitude I've seen emerging more and more in our profession: That sysadmin work should be viewed as a 9-to-5 gig. I in turn ranted a little bit about that on Twitter, but I think it merits following up with a longer form discussion, so let's have a blog post before the end of the year!
Continue reading "The Problem of the 9-to-5 Sysadmin"
Scott Hansleman recently posted a great piece on how people Do Internet Wrong - one which I heartily recommend everyone read because really you're all still making a mess of it.
We agree on 8 out of his 9 points:
- Redirecting a deep desktop link to a mobile home page is BAD AND WRONG
If I grab my iPhone and go to http://www.example.com/store/shinywidget I damn well want the page about shiny widgets.
Please don't redirect me to http://m.example.com/ with your crappy designed-for-a-mid-1990s-Blackberry "Mobile site" home page.
- Corollary: If I'm using a modern smart phone don't EVER send me to your crappy designed-for-a-mid-1990s-Blackberry "Mobile site"!
- Crippling your site and trying to force me to download your "Mobile App" is STUPID.
Again, I'm using a modern smartphone. The web page looks great and loads fast.
Your app? It SUCKS. It takes 5 seconds to load (splash screens are the work of Satan), crashes all the time, and it's harder to navigate than the website. Plus I know my way around the website - I use it EVERY DAY on my desktop and I just want to check that one item quick on my phone.
Let's not make this hard, OK?
(Every website out there that uses "TapTalk"? I'm looking at you right now and I'm NOT smiling.)
- Giant interstitial ads make me not want to use your site anymore
Scott called out Forbes on this (and they're a MAJOR offender - I cringe every time I want to read a Forbes article), but so many sites do this.
- Corollary: Modal ads that pop up after 30 seconds are even worse!
- Corollary: Interstitial or Modal ads that play obnoxious sounds merit the death penalty.
- Only being able to click the checkbox, not the label? Why do you hate me?!
Do some of these web developers know how small checboxes are on modern monitors? In Safari they're actually decent-sized, but the label is still so much bigger and easier to stick my mouse over and click on.
(CMS and "web application in a box" vendors - If your form labels aren't clickable you best be fixing that shit!)
- Breaking Links Is Bad
Nuff said? Yeah - I think so too.
- "Click the flag that represents your language"?
How about you just auto-detect it you lazy shit. Seriously.
- Corollary: GeoIP has been a thing for over a decade. Please don't make me tell you what country I'm in. (But DO let me override it if you get it wrong)
- I'm giving you my zip code. Can't you figure out my state?
Here's a hint: YOU CAN AND IT'S REALLY EASY. Lazy shits.
- Using width and height to make the browser resize images is WRONG
I'll allow a little fudge-factor here - you can scale down by 10% and I won't hate you.
If you're taking a 6 megapixel image and trying to scale it down to a 3-inch-by-3-inch box on your web page? No. Not acceptable. You can resize that on the server and not waste all my bandwidth, ThankYouVeryMuch.
By the way you're the one paying for this bandwidth - your users on consumer cable modems and FiOS can suck as much data as they want for a flat fee, but when you get featured on reddit and a million people are downloading that 4-meg JPEG image of your cat you better believe your ISP is gonna be charging you for all the extra transfer.
Continue reading "Stop Doing Internet Wrong!"