Category: Tech

Posted on
by

I finally moved the public side of this blog over to HTTPS last weekend. Traditionally I’ve preferred to put public info on HTTP and save HTTPS for things that need it – passwords, payment info, login tokens, anything that should be kept private — but between the movement to protect more and more of the web from eavesdropping and the fact that tools are making it harder to split content between open and encrypted sides (the WordPress app sometimes gets confused when you run the admin over HTTPS but keep the public blog on HTTP), I decided it was time.

The last sticking point was putting HTTPS on my CDN, and I’d decided to try getting Let’s Encrypt and CloudFront working together over the weekend. Then Amazon announced their Certificate Manager for AWS, which took care of the hard part. All I had to do was request and approve the (domain-validated) certificate, then attach it. Done!

Downside: Because I opted for the SNI option on the CDN, rather than pay the premium to get unique IP addresses on every CloudFront endpoint, the images won’t work with older browsers like IE6. (Server Name Indication is a way to put more than one HTTPS site on the same IP address.)

On the other hand, the cert I have on the site itself is SHA2-signed (as it should be, now that SHA-1 is no longer sufficient), so it wouldn’t work with older browsers even if I turned off the CDN and kept the images on the server.

It’s the first time I’ve actually broken the ability of older browsers to see any of my personal sites. I’ve broken layouts, sure, but not completely cut them off. In general I’d rather not, but I think I’m OK with it this time because

  1. SHA1 really does have to go, SHA2 is well-established, and it’s not like I’m providing downloads of modern browsers or a critical communications forum for people who are stuck with ancient hardware/software because that’s all that’s available to them.
  2. SNI has been around for TEN YEARS.

And as it turns out, DreamHost’s ModSecurity rules block IE6 to begin with, so the whole site’s already broken in that browser.

So I guess next time I redesign I can finally drop any IE6 workarounds. :shrug:

Posted on
by

I woke up to ten or so first-time comments* in the moderation queue at Speed Force this morning. As I started reading them I was briefly confused: they were well-written, specific comments about comic books….that had nothing to do with the posts they were attached to. Complaining about Bendis’ writing on an interview with Paul Ryan (the artist, not the politician). Gushing about an Ultra-Humanite figure on a review of a Flash comic. Tips on finding exclusive Aquaman figures on a Flash TV episode review.

Then I felt strangely nostalgic, because I hadn’t seen this sort of spam in a long time.

As near as I can tell, the spammer finds a related site, scrapes comments from it, and pastes them into the target site. To what end I’m not sure, because the comments all linked to Facebook profiles. Most comment spam seems to be about link generation to prop up a spamvertised site in search rankings. But sure enough, when I searched for phrases from the spammy comments, I found the originals on a Daredevil fan blog, an action figure site, an artist’s blog, and so on.

I’ve got to give the spammer a little credit for two things:

  1. Finding actual comics-related blogs to scrape comments from.
  2. Inserting typos to make it harder to match. Though Google’s pretty good at fixing those.

In the end, though…

*plonk!*

*I have WordPress set up so that first-time commenters always go through moderation, while returning commenters are allowed through unless they trips a filter.

Posted on
by

The thing that takes me longest to set up on a new phone is the notification settings. It’s configured in each app individually, and it seems like everyone wants to get your attention.

Too many notifications end up one of two ways: tuned out so you don’t notice the important ones, or so much of a distraction that you can’t focus on anything. There are studies showing how long it takes to get your train of thought back after interruptions.

I pare audio alerts down to calls, text messages, and work-related IMs. Then I set custom alert tones for each and for specific phone numbers, so I know instantly which it is. (Assuming of course I remembered to turn on the sound, and it’s not drowned out by ambient noise.) Unfortunately every new phone or OS comes with a different set of alert tones, so it’s a pain to either transfer over the old tones or get used to the new ones.

I have silent email alerts. Social media, but only some sites and only replies or mentions that I might be expected to react to. (Not Facebook, though.) Sure, I want to know if someone’s commented on one of my photos or posts, but I don’t need it to break my concentration. I don’t need an alert for every new post on some site, or every new follower, or some auto-generated roundup.

And it takes me forever to find all those settings, turn off everything else, and change the audio for what’s left. Sometimes it’s several days before something pipes up the first time. I suspect I’m not done yet.

As much as we make all these things interactive, they’re still asynchronous. Except for calls and active chat conversations, I’m better off checking in on email or Twitter or Facebook on my own schedule, not when I’m in the middle of something else.

I can distract myself just fine. I don’t need my phone to do it for me.

Posted on
by

It shouldn’t make any difference that Twitter renamed Favoritesā˜… as Likes♥. It’s a coat of paint. But labels do matter. Just like “friend” and “follower”, “like” and “favorite” (and hearts and stars) conjure up different expectations.

Twitter says, “You might like a lot of things, but not everything can be your favorite.” Paradoxically, I find “likes” to be more specific. The star-and-favorite model comes out of Internet Explorer*, and modern browsers still use stars for bookmarks. This made “favorite” seem a little more versatile, anything from a stamp of approval to a simple check-back-for-later.

“Like,” on the other hand….

After years of requests for a “dislike” button, Facebook finally admitted that “like” isn’t sufficient to respond to everything, and will be expanding to multiple reaction buttons. I know Twitter keeps trying to be more like Facebook, but c’mon — even Facebook knows people don’t want to “like” sad news.

*Microsoft didn’t want to call their bookmarks “bookmarks.” Nobody wanted to use the same terminology as anyone else back then. They tried to call links “shortcuts” too.

Posted on
by

Clouds and timing squashed the “supermoon” and “blood moon” effects here, but it was still the most unusual lunar eclipse I’ve experienced.

Usually I’ll stay up late or get up early and go outside to watch the eclipse by myself. Last year I took my then-three-year-old son out to watch an eclipse around midnight.

Tonight’s eclipse got underway before local moonrise, and I wanted to see it as soon as possible. So J. (now four and a half) and I went out to an intersection in a residential neighborhood near the top of a hill with a clear view of the eastern horizon. We arrived at sunset, and two other people were looking eastward: a woman with a camera and full tripod, and a man with binoculars. The four of us all set up on a triangular traffic island on the northern side of the intersection.

Flat layers of clouds streaked the sky, and we worried that there might not be much to see at all, but it was only a few minutes before a slightly-off crescent moon rose due east of us, right in line with the street. Continue reading