Category Archives: Web

Finally pulled the HTTPS switch!

That took a lot longer than I intended.

But I’ve finally made all of Hyperborea.org run over HTTPS.

It’s been possible to view the whole site over HTTPS ever since I turned it on for the admin area of this blog years ago, but I left HTTP as the canonical URL and didn’t redirect anything until I updated the Les Mis section, and later this blog. Now, any page you visit on this entire site should load over an encrypted connection.

(Well, any page except for the old Dillo RPMs page, since that minimalist web browser still only has experimental HTTPS support.)

The problem is when you have decades of hand-crafted web pages to go through, it can take a while to make sure everything embeds only secure or same-origin content. Every image, every script, every video. I had to update lots of absolute links, remove some widgets and ads, update other widgets, embedded videos and metadata…and just a bit at a time in my spare time.

Finally I switched on the redirects this morning. Even that took longer than expected, because I’d forgotten that mod_rewrite rules in a directory override any parent directory’s rules, so I had to copy the HTTP-to-HTTPS rewrite rule to each folder that had its own rewrite rules. Then I had to fix the interaction between mod_rewrite and ErrorDocument that was causing custom errors to redirect to the error template instead of loading it behind the scenes.

Redirecting HTTPS with Let’s Encrypt and Apache

The free TLS certificate provider Let’s Encrypt automates the request-and-setup process using the ACME protocol to verify domain ownership. Software on your server creates a file in a known location, based on your request. The certificate authority checks that location, and if it finds a match to your request, it will grant the certificate. (You can also validate it using a DNS record, but not all implementations provide that. DreamHost, for instance, only uses the file-on-your-server method.)

That makes it really simple for a site that you want to run over HTTPS.

Redirected sites are trickier. If you redirect all traffic from Site A to Site B, Let’s Encrypt won’t find A’s keys on B, so it won’t issue (or renew!) the cert. You need to make an exception for that path.

On the Let’s Encrypt forums, jmorahan suggests this for Apache:


RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* https://example.com$0

That didn’t quite work for me since I wanted a bit more customization. So I used mod_rewrite instead. My rules are a little more complicated (see below), but the relevant part boils down to this:


RewriteEngine On
RewriteBase /

# Redirect all hits except for Let's Encrypt's ACME Challenge verification to example.com
RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge
RewriteRule ^(.*) https://example.com/$1 [R=301,L]

These rules can go in your server config file if you run your own server, or the .htaccess for the domain if you don’t.

Continue reading

Sugary Smash Chronicle: Thoughts on King.com’s trademark brouhaha

The recent approval by the EU of King.com’s trademark on the words of their own title “Candy Crush Saga” for use in game and app titles, and the resulting flurry of infringement allegations, is of particular interest to me. Not as a CCSaga player, although I am one. (Level 491, used to comment on my levelup posts with helpful advice for other players, have accidentally spent real money but never won a level by using purchased powerups.) Not because I think it’s ridiculous, although I do. Not because I’m outraged about one more case of the big guy going after the little guy (“All Candy Casino Slots – Jewels Craze Connect: Big Blast Mania Land” excepted and notwithstanding), although I am. Not because I think CCSaga has used underhanded tricks to winkle money out of its players, or because I dislike the deliberate manipulation of addiction mechanisms by game developers, or because I resent the social gaming model for making participation as much a responsibility to your friends as a pastime for yourself. All relevant and true, but the real reason I’m following this story is that I’ve been involved with King.com since before CCSaga existed. I know where it came from, I’ve been watching its evolution, and I’m interested to see what this episode does for (or to) the company as a whole. Continue reading

Links: Unconventional Art, Private Browsing, Scott Pilgrim

Some recent linkblogging. (Thank you, StumbleUpon)

Art

Privacy

Scott Pilgrim

Please Check This Site on Your Phone!

A quick request, if I may: If you have a web-capable cell phone, would you please try to view this blog in it and let me know how it appears? I’m testing some plugins that should optimize the page for desktop, low-end mobile, and high-end mobile devices.

Please look at the main page and at least one post, then leave a comment below (still on the phone if you can) with the following:

  • What phone are you using? (RAZR, iPhone, etc. Specific model if you know it)
  • Can you load the site at all? (If not, what error do you get?)
  • Does it look like..
    1. The desktop version of the site (photo banner across top, full sidebar, complete posts on front page)
    2. A bare-bones page (plain background, mostly text, headlines only on main page, “Powered by WordPress. WordPress Mobile Edition” listed at the bottom of the page)
    3. A sleeker-looking list (grayish background, each post headline in a white rectangle, calendar image next to each headline, headlines on main page that expand to excerpts, dark banner across top, “Powered by WordPress with WPtouch” listed in footer)
  • Are you using the built-in web browser, or something you installed (Opera Mini, for example)?
  • Did anything not work?

If you can’t post a comment, please try one of the following:

  • Bring up the site on your computer to leave the comment.
  • Send me a Twitter direct message to @KelsonV.
  • Email me at kelson – [at] – pobox – [dot] – com.

I’m mainly trying to make sure that the detection code is working right, since I’ve got 3 different plugins (WPTouch, WordPress Mobile Edition and WP Super Cache) working together to manage it.

Thanks in advance!