Split Opera, Hold the Viking Helmets

Opera RingThe reporting is a bit confusing, but it looks like the Opera web browser has been sold to a Chinese consortium. The group wanted to buy the Norwegian company outright, but the bid failed, and they fell back to an alternate deal.

According to NewsWeb:

The following business units of Opera will be included in the Transaction:

· Mobile Browser, including Operator Co-brand solutions
· Desktop Browser
· Performance and Privacy Apps
· Opera’s technology licensing business outside of Opera TV
· Opera’s 29.09% ownership in the Chinese joint venture nHorizon

The Consumer Business will be reorganized into a separate company structure. For
clarity, the following businesses are not included in the Consumer Business or
the Transaction:

· Opera Mediaworks
· Opera Apps & Games (including Bemobi)
· Opera TV

It’s a shame to see Opera broken up and dispersed…but in a way, that already happened years ago. When they switched to WebKit in 2013, they lost what made them unique and (IMO) valuable: They’d been a solid third-party (well, fourth-party) that helped keep the web from collapsing back into a monopoly. Within a year the community portal was gone as well.

Since then I’ve only bothered with the desktop browser occasionally when I need to test multiple sessions at once. I used to keep a copy on my phone for times when I was stuck on a slow connection, but these days the cell network in my area is a lot faster. When it gets slow, it’s also unstable, so compression doesn’t help much.

VivaldiI think I will check out Vivaldi again, though. Founded in part by Opera co-founder Jon von Tetzchner, it started as a new home for the Opera community. When I first checked out their browser, it was a really rough preview, but it’s at 1.2 now. While it’s using Blink as the rendering engine, they seem to be trying to innovate through the UI instead, with a heavy emphasis on customizing everything.

(via Slashdot)

Free Shavocado!

Free Shavocado

This sign used to say FRESH AVOCADO. But for several years, it’s said something more like FRE SH AVOCA DO. I’m not 100% certain, but I think they may have actually moved the SH further from FRE and toward AVOCADO a few times…and now they’ve finally just added another E.

After I posted it to Instagram, a friend on Tumblr pointed out that the #Free Shavocado tag already exists. I found a short video of the sign in its “FRE SH AVOCA DO” state, narrated by someone giggling and saying, “Come to Del Taco! They have free sha-VA-ca-doo!” Even funnier: The restaurant updated the corporate sign between then and now without correcting the spacing.

Or maybe that’s when they decided to “fix” the spelling instead!

Out with the old tech, in with the…slightly less old.

I finally removed the floppy disk drive from my desktop. I don’t know why it took me so long, except that it wasn’t in the way of anything. Living with a small, inquisitive child means either making hardware changes at night or keeping the work brief, and timing it so that he still has enough metaphorical spoons to keep his hands to himself.

Continue reading

HTTPS is a lot easier than it used to be.

The cost of implementing HTTPS on your own site is a lot lower now than it used to be. For instance:

  • Let’s Encrypt offers free certificates for any site, and some web hosts have software integration that make ordering, verifying and installing a certificate as simple as checking a box and clicking a button. (I’m impressed with DreamHost. I turned on secure hosting for some of my smaller sites a few months ago by just clicking a checkbox. It generated and installed the certs within minutes, and it’s been renewing them automatically ever since.)
  • Amazon now has a certificate manager you can use for CloudFront and other AWS services that’s free (as long as you don’t need static IP addresses, anyway) and only takes a few minutes to set up.
  • CloudFlare is offering universal HTTPS even on its free tier. You still need a cert to encrypt the connection between your site and CloudFlare to do it properly, but they offer their own free certs for that. They’ll also let you use a self-signed certificate on the back end if you want. (It’s still not perfect because it’s end-to-Cloudfront-to-End instead of end-to-end, but it’s better than plaintext.)

You may not need a unique IP address anymore. Server Name Indication (SNI) enables HTTPS to work with multiple sites on the same IP address, and support is finally widespread enough to use in most cases. (Unless you need to support IE6 on Windows XP, or really old Android devices.)

Now, if you want the certificate to validate your business/organization, or need compatibility with older systems, you may still want to buy a certificate from a commercial provider. (The free options above only validate whether you control the domain.) And depending on your host, or your chosen software stack if you’re running your own server, you may still have to go through the process of generating a request, buying the cert and going through the validation process, and installing the cert.

But if all you want to do is make sure that your data, and your users’ data, can’t be intercepted or altered in transit when connecting to reasonably modern (2010+) software and devices, it’s a lot less pain than it was even a year ago.

The hard part: Updating all your old links and embedded content. (This is why I’m still working on converting Speed Force and the rest of hyperborea.org in my spare time, though this blog is finally 100% HTTPS.)

And of course dealing with third-party sources. If you connect to someone else’s site, or to an appliance that you don’t control, you have to convince them to update. That can certainly be a challenge.

Expanded from a comment on Apple: iOS to Require HTTPS for Apps by January at Naked Security.