Category Archives: Computers/Internet

Badgered Over HTTPS

I’ve been checking in on redirected & dead links lately, a few minutes here and there, updating, replacing, and removing where appropriate. And I’m happy to see that a lot of sites have moved to HTTPS. News sites, online stores, social networks, personal sites, publishers…. Not everyone, of course, but it’s a lot easier than it used to be. Now more than half of all web traffic is protected from eavesdropping and alteration when used across insecure networks.

The one that made me laugh, though: Badger Badger Badger. Now there’s a flashback!

It’s a silly animation loop that went viral back in 2003. The canonical site is still around…and even they upgraded!

So Much for the Pebble Smart Watch

For a long time I’ve thought that if I wanted to get a smart watch, it would be a Pebble, because they actually understand that a smart watch needs to work as a watch. So when they announced their Kickstarter for the revamped Pebble 2 and Pebble Time lines this summer, I decided it was time to try out wearable computing. My Pebble 2 arrived in late October, just in time for LA Comic Con, and I’ve been figuring out how best to use it over the past month and a half. I feel like I haven’t really found the watch’s full potential yet, but I’m not sure what point there is now, because I’m not sure how long it’ll be supported.

Today they’ve been bought by FitBit, and will be discontinuing the entire hardware line as FitBit picks up the software, cloud services (for now), and part of the development team.

Getting to Know the Smartwatch

Pebble 2 does work great as a wristwatch. You only need to charge it once every 5-6 days, and the screen is always on, so you can see the time and date at a glance. I’ve already gotten back into the habit of glancing at my wrist for the time instead of reaching into my pocket and pulling out a bulky phone.

Third-party watch faces range from the aesthetic (mimic classic designs) to the informative (cram every bit of time, weather, and health tracking data you can onto the main view) to the whimsical (show time using a binary counter, or Pac-Man, or the dots on a pair of dominoes). My six-year-old loves picking new designs and seeing them show up on my watch, but I keep coming back to the basic one because it works for the key thing a watch needs to do: let me tell the time quickly.

Notifications and calendar events are a key use case for a smart watch, but you have to manage them. I always pare down my phone’s audio notifications in order to avoid getting distracted, and that goes double for something that buzzes on my wrist. Once I got it down to just texts, calls and calendar appointments, it helped me avoid missing texts…for a while. Eventually I started missing them anyway. I’m not sure whether they’re not reaching the watch or my brain has started tuning it out.

When I do catch them, though, it is nice to see a preview of the message so that I know whether I should pull my phone out right away or it can wait a few minutes.

Fitness tracking is most useful if you have an actual workout routine (which I don’t) or you wear the watch constantly. It checks your heart rate every 10 minutes, counts steps, and tracks sleep and deep sleep. The watch shows your current status, and the phone app tracks daily, weekly and monthly stats. It’s interesting, but I can’t wear the watch 24/7 because the wristband ends up irritating my skin. A nicer watchband might help, but it might not, since I need to wear it tightly to keep the heart rate sensor in place.

I haven’t explored the Pebble app ecosystem as much as I could (but who knows how long it’ll be around). A few things I’ve looked at:

  • Music control is nice: you can pause and skip your phone’s music player using actual physical buttons.
  • I don’t want to play games by tilting my wrist.
  • Transit apps would be helpful if I rode the bus or train more often.
  • There’s a to-do list app that syncs with Google Tasks, which seemed great at first…but it’s a lot easier to pull up the tasks on my phone and look at a dozen items at a time than to scroll through three items on a tiny screen.

And that brings me what I think is key for smartwatches:

What a Smartwatch Needs to Do

To really be useful, a smart watch needs to be better than a phone at certain tasks. Cases where it definitely works:

  • Always-on at-a-glance info. Time/weather/step counts/etc. most of the time, with notifications and events as they occur.
  • Health/activity sensors.
  • Quick actions. Dismiss a reminder, or reply to a text message with a pre-canned “OK.” Menus are a pain, but I can imagine voice commands would help a lot.

If it takes longer to do something on the watch than to dig out your phone, unlock it, and do it there, the watch has failed at that task. If the watch makes it more convenient, then it’s succeeded.

Using WP-CLI with WordPress 4.6 on DreamHost

I use WP-CLI from time to time to do maintenance on my WordPress sites that I host on a DreamHost VPS. But today I tried to run the search-replace function and found that wp wouldn’t run. Instead I got this error:

Fatal error: Call to undefined function apply_filters() in /path/to/wp-includes/load.php on line 317

It didn’t take long to confirm that WordPress 4.6 had changed things around, breaking the version of WP-CLI on my server. As it turns out, WP CLI 0.24 fixes this, but DreamHost is running 0.24-alpha.

So I tried installing the current version locally on my account, only to get a different error:

Fatal error: Class 'Phar' not found in /path/to/wp-cli.phar on line 3

I found this article very helpful for enabling PHAR support on a DreamHost VPS. I went into ~/.php/5.6/phprc (create this file for your version of PHP if you don’t have it) and added:

extension=phar.so
phar.readonly = Off
phar.require_hash = Off
suhosin.executor.include.whitelist = phar

Once I verified that it would work by running /usr/local/bin/php-5.6 wp-cli.phar --info, I took the opportunity to (a) override the wp command with the local one and (b) make sure it used php 5.6 by adding the following alias to my .bash_profile:

alias wp='/usr/local/bin/php-5.6 ~/bin/wp-cli.phar'

This won’t be needed once DreamHost updates their WP-CLI package, but for now, it solves my problem faster than waiting for a response from tech support.

Out with the old tech, in with the…slightly less old.

I finally removed the floppy disk drive from my desktop. I don’t know why it took me so long, except that it wasn’t in the way of anything. Living with a small, inquisitive child means either making hardware changes at night or keeping the work brief, and timing it so that he still has enough metaphorical spoons to keep his hands to himself.

Continue reading

HTTPS is a lot easier than it used to be.

The cost of implementing HTTPS on your own site is a lot lower now than it used to be. For instance:

  • Let’s Encrypt offers free certificates for any site, and some web hosts have software integration that make ordering, verifying and installing a certificate as simple as checking a box and clicking a button. (I’m impressed with DreamHost. I turned on secure hosting for some of my smaller sites a few months ago by just clicking a checkbox. It generated and installed the certs within minutes, and it’s been renewing them automatically ever since.)
  • Amazon now has a certificate manager you can use for CloudFront and other AWS services that’s free (as long as you don’t need static IP addresses, anyway) and only takes a few minutes to set up.
  • CloudFlare is offering universal HTTPS even on its free tier. You still need a cert to encrypt the connection between your site and CloudFlare to do it properly, but they offer their own free certs for that. They’ll also let you use a self-signed certificate on the back end if you want. (It’s still not perfect because it’s end-to-Cloudfront-to-End instead of end-to-end, but it’s better than plaintext.)

You may not need a unique IP address anymore. Server Name Indication (SNI) enables HTTPS to work with multiple sites on the same IP address, and support is finally widespread enough to use in most cases. (Unless you need to support IE6 on Windows XP, or really old Android devices.)

Now, if you want the certificate to validate your business/organization, or need compatibility with older systems, you may still want to buy a certificate from a commercial provider. (The free options above only validate whether you control the domain.) And depending on your host, or your chosen software stack if you’re running your own server, you may still have to go through the process of generating a request, buying the cert and going through the validation process, and installing the cert.

But if all you want to do is make sure that your data, and your users’ data, can’t be intercepted or altered in transit when connecting to reasonably modern (2010+) software and devices, it’s a lot less pain than it was even a year ago.

The hard part: Updating all your old links and embedded content. (This is why I’m still working on converting Speed Force and the rest of hyperborea.org in my spare time, though this blog is finally 100% HTTPS.)

And of course dealing with third-party sources. If you connect to someone else’s site, or to an appliance that you don’t control, you have to convince them to update. That can certainly be a challenge.

Expanded from a comment on Apple: iOS to Require HTTPS for Apps by January at Naked Security.