Most if not all readers of my blog are probably aware of the Lets Encrypt project, which officially exited Beta this month.
For those of you not familiar with it, the basic premise is "It's the goddamn 21st century, and there is no reason every website shouldn't be available over HTTPS. We're giving away certificates for free, and giving you an automated tool to acquire and renew them. You have no more excuses!"
Most of you also know I was originally quite skeptical of this project: I'm not a huge fan of trusting third-party programs with my cryptography, and I like to ensure that I'm maintaining control of the impotant bits (like private keys) at all times. The final implementation however appears to be well-designed and reasonably secure, enough so that I have used it for this year's certificate renewal on bsd-box.net.
What follows is a brief description of the Lets Encrypt process on FreeBSD: Its successes, its failures, and some thiings I may be submitting patches for in the near future.
Redirecting a deep desktop link to a mobile home page is BAD AND WRONG If I grab my iPhone and go to http://www.example.com/store/shinywidget I damn well want the page about shiny widgets.
Please don't redirect me to http://m.example.com/ with your crappy designed-for-a-mid-1990s-Blackberry "Mobile site" home page.
Corollary: If I'm using a modern smart phone don't EVER send me to your crappy designed-for-a-mid-1990s-Blackberry "Mobile site"!
Crippling your site and trying to force me to download your "Mobile App" is STUPID. Again, I'm using a modern smartphone. The web page looks great and loads fast.
Your app? It SUCKS. It takes 5 seconds to load (splash screens are the work of Satan), crashes all the time, and it's harder to navigate than the website. Plus I know my way around the website - I use it EVERY DAY on my desktop and I just want to check that one item quick on my phone.
Let's not make this hard, OK? (Every website out there that uses "TapTalk"? I'm looking at you right now and I'm NOT smiling.)
Giant interstitial ads make me not want to use your site anymore Scott called out Forbes on this (and they're a MAJOR offender - I cringe every time I want to read a Forbes article), but so many sites do this.
Corollary: Modal ads that pop up after 30 seconds are even worse!
Corollary: Interstitial or Modal ads that play obnoxious sounds merit the death penalty.
Only being able to click the checkbox, not the label? Why do you hate me?! Do some of these web developers know how small checboxes are on modern monitors? In Safari they're actually decent-sized, but the label is still so much bigger and easier to stick my mouse over and click on. (CMS and "web application in a box" vendors - If your form labels aren't clickable you best be fixing that shit!)
Breaking Links Is Bad Nuff said? Yeah - I think so too.
"Click the flag that represents your language"? How about you just auto-detect it you lazy shit. Seriously.
Corollary: GeoIP has been a thing for over a decade. Please don't make me tell you what country I'm in. (But DO let me override it if you get it wrong)
Using width and height to make the browser resize images is WRONG I'll allow a little fudge-factor here - you can scale down by 10% and I won't hate you.
If you're taking a 6 megapixel image and trying to scale it down to a 3-inch-by-3-inch box on your web page? No. Not acceptable. You can resize that on the server and not waste all my bandwidth, ThankYouVeryMuch.
By the way you're the one paying for this bandwidth - your users on consumer cable modems and FiOS can suck as much data as they want for a flat fee, but when you get featured on reddit and a million people are downloading that 4-meg JPEG image of your cat you better believe your ISP is gonna be charging you for all the extra transfer.
I'm quite pleased - It doesn't solve the problem of the infected computers that comprise the botnets controlled by the folks hosted at McColo (so they could just start up again at another ISP), but at least it quiets the spam wars down for a few weeks. I'll take good news wherever I can get it :)
Now, all of you motherfuckers with unpatched virus laden computers listen up: You're just as bad... no, you're WORSE than the McColo's of the world -- Clean your shit up so they can't keep using your machines for cannon fodder. Anyone with half a brain knows that this is just a blip and they'll be moving their machines to a new home (probably offshore with more unscrupulous upstream providers - the kind that don't care enough to cut off spammers and child pornographers but are too big for our Tier 1s to just kick off the internet), so take this reprieve for what it is and patch the holes in your roof!