Most if not all readers of my blog are probably aware of the Lets Encrypt project, which officially exited Beta this month.
For those of you not familiar with it, the basic premise is "It's the goddamn 21st century, and there is no reason every website shouldn't be available over HTTPS. We're giving away certificates for free, and giving you an automated tool to acquire and renew them. You have no more excuses!"
Most of you also know I was originally quite skeptical of this project: I'm not a huge fan of trusting third-party programs with my cryptography, and I like to ensure that I'm maintaining control of the impotant bits (like private keys) at all times. The final implementation however appears to be well-designed and reasonably secure, enough so that I have used it for this year's certificate renewal on bsd-box.net.
What follows is a brief description of the Lets Encrypt process on FreeBSD: Its successes, its failures, and some thiings I may be submitting patches for in the near future.
Tom Limoncelli (yes, that Tom) recently wrote a blog post that came to my attention by way of Twitter in which he lamented his bank's scheduled downtime and the implications of routine "weekend work" in terms of an organization's respect for the time and work-life balance of its sysadmin staff.
This was posted the "Rants" section of his blog and is obvisouly ment to be taken as slightly tongue-in-cheek alongside the idea that every sysadmin in geekdom's creation would really rather be watching the Star Wars movie, but it's broadly representative of an attitude I've seen emerging more and more in our profession: That sysadmin work should be viewed as a 9-to-5 gig. I in turn ranted a little bit about that on Twitter, but I think it merits following up with a longer form discussion, so let's have a blog post before the end of the year!
Redirecting a deep desktop link to a mobile home page is BAD AND WRONG If I grab my iPhone and go to http://www.example.com/store/shinywidget I damn well want the page about shiny widgets.
Please don't redirect me to http://m.example.com/ with your crappy designed-for-a-mid-1990s-Blackberry "Mobile site" home page.
Corollary: If I'm using a modern smart phone don't EVER send me to your crappy designed-for-a-mid-1990s-Blackberry "Mobile site"!
Crippling your site and trying to force me to download your "Mobile App" is STUPID. Again, I'm using a modern smartphone. The web page looks great and loads fast.
Your app? It SUCKS. It takes 5 seconds to load (splash screens are the work of Satan), crashes all the time, and it's harder to navigate than the website. Plus I know my way around the website - I use it EVERY DAY on my desktop and I just want to check that one item quick on my phone.
Let's not make this hard, OK? (Every website out there that uses "TapTalk"? I'm looking at you right now and I'm NOT smiling.)
Giant interstitial ads make me not want to use your site anymore Scott called out Forbes on this (and they're a MAJOR offender - I cringe every time I want to read a Forbes article), but so many sites do this.
Corollary: Modal ads that pop up after 30 seconds are even worse!
Corollary: Interstitial or Modal ads that play obnoxious sounds merit the death penalty.
Only being able to click the checkbox, not the label? Why do you hate me?! Do some of these web developers know how small checboxes are on modern monitors? In Safari they're actually decent-sized, but the label is still so much bigger and easier to stick my mouse over and click on. (CMS and "web application in a box" vendors - If your form labels aren't clickable you best be fixing that shit!)
Breaking Links Is Bad Nuff said? Yeah - I think so too.
"Click the flag that represents your language"? How about you just auto-detect it you lazy shit. Seriously.
Corollary: GeoIP has been a thing for over a decade. Please don't make me tell you what country I'm in. (But DO let me override it if you get it wrong)
Using width and height to make the browser resize images is WRONG I'll allow a little fudge-factor here - you can scale down by 10% and I won't hate you.
If you're taking a 6 megapixel image and trying to scale it down to a 3-inch-by-3-inch box on your web page? No. Not acceptable. You can resize that on the server and not waste all my bandwidth, ThankYouVeryMuch.
By the way you're the one paying for this bandwidth - your users on consumer cable modems and FiOS can suck as much data as they want for a flat fee, but when you get featured on reddit and a million people are downloading that 4-meg JPEG image of your cat you better believe your ISP is gonna be charging you for all the extra transfer.
This is going to be one of my rambling sysadmin-y entries talking about stuff that's probably of little general interest. Fair warning given.
There are two components that I would consider essential to proper system administration: GOOD Monitoring and Issue/Incident Tracking. It is imperative that you know when a problem arises (preferably before anyone else notices) and that you keep track of the problems you have encountered in order to spot troublesome systems and redesign them to stop bugging you.
Those of you who have worked with me know I have my prejudices in both of these areas, and that for the last few years I've settled on two pieces of software to fill these roles: InterMapper for monitoring and RT for issue tracking.
The major caveat of this pairing is that the two have no formal integration: InterMapper will happily send emails, and RT will happily accept emails and turn them into tickets, but RT doesn't know when InterMapper is telling it about the same problem twice, or that a previous issue has been cleared. The end result of this lack of integration is that you have a bunch of RT tickets for the same issue which need to be manually merged and resolved, and this manual bit bugged me enough that I actually took the time to fix it!