Tag Archives: Web

Goodbye, Xmarks! (again)

I got an email from LastPass that they’re dropping Xmarks on May 1. Xmarks is a cross-browser bookmark sync service that I’ve used for a long time to keep Chrome, Firefox, IE, and Safari on multiple computers using the same set of bookmarks.

Once it’s gone I can still sync Firefox across devices, Chrome across devices, etc., but that doesn’t help with syncing Firefox, Chrome, etc. with each other.

That said, it’s been a bit flaky for a while:

  • Anytime I came back to a system without using it for a while, it would have trouble syncing and have to re-download everything.
  • Sometimes it gets confused by the different folder layouts.
  • Since Firefox dropped their old extension API, the new extension hasn’t worked well with my scheme that drops all cookies when I close the browser except those on sites I want to stay logged into.

Maybe someone will pick them up again, like when they planned to close down in 2010 but LastPass bought them and took it freemium. On the other hand, I’m not sure I would trust someone who wanted to buy them now. Maybe I should pull my data early.

Whatever the case: If you sync bookmarks across different browsers, what do you use? Would you recommend it?

HTTPS is a lot easier than it used to be.

The cost of implementing HTTPS on your own site is a lot lower now than it used to be. For instance:

  • Let’s Encrypt offers free certificates for any site, and some web hosts have software integration that make ordering, verifying and installing a certificate as simple as checking a box and clicking a button. (I’m impressed with DreamHost. I turned on secure hosting for some of my smaller sites a few months ago by just clicking a checkbox. It generated and installed the certs within minutes, and it’s been renewing them automatically ever since.)
  • Amazon now has a certificate manager you can use for CloudFront and other AWS services that’s free (as long as you don’t need static IP addresses, anyway) and only takes a few minutes to set up.
  • CloudFlare is offering universal HTTPS even on its free tier. You still need a cert to encrypt the connection between your site and CloudFlare to do it properly, but they offer their own free certs for that. They’ll also let you use a self-signed certificate on the back end if you want. (It’s still not perfect because it’s end-to-Cloudfront-to-End instead of end-to-end, but it’s better than plaintext.)

You may not need a unique IP address anymore. Server Name Indication (SNI) enables HTTPS to work with multiple sites on the same IP address, and support is finally widespread enough to use in most cases. (Unless you need to support IE6 on Windows XP, or really old Android devices.)

Now, if you want the certificate to validate your business/organization, or need compatibility with older systems, you may still want to buy a certificate from a commercial provider. (The free options above only validate whether you control the domain.) And depending on your host, or your chosen software stack if you’re running your own server, you may still have to go through the process of generating a request, buying the cert and going through the validation process, and installing the cert.

But if all you want to do is make sure that your data, and your users’ data, can’t be intercepted or altered in transit when connecting to reasonably modern (2010+) software and devices, it’s a lot less pain than it was even a year ago.

The hard part: Updating all your old links and embedded content. (This is why I’m still working on converting Speed Force and the rest of hyperborea.org in my spare time, though this blog is finally 100% HTTPS.)

And of course dealing with third-party sources. If you connect to someone else’s site, or to an appliance that you don’t control, you have to convince them to update. That can certainly be a challenge.

Expanded from a comment on Apple: iOS to Require HTTPS for Apps by January at Naked Security.

Moved to a faster server, ALMOST moved to NginX

As of last week, this site is being served to you by a shiny new SSD-backed VPS at DreamHost. I was hoping it would be running NginX as well, but try as I might, I couldn’t get WordPress in a subdirectory to play nice with NginX. Speed Force worked fine, but it’s at the top level of a site. Ramblings and Re-Reading Les Misérables aren’t.

Fortunately, the new virtual servers are faster and cheaper (newer hardware, after all), and with the rest of my sites running NginX I end up with about the same overall memory footprint for two VPSes so that I could put this back on Apache. I suppose that saved me time converting the zillions of .htaccess rules I’ve amassed over the years. And with the faster systems, they’re able to handle more complex/simultaneous actions without timing out or spiking memory.

Losing Opera to WebKit

Opera IconIt still feels like an April Fool’s joke, but Opera is in fact switching to WebKit and discontinuing their own engine, Presto.

I can sort of understand. They can stop worrying about the long-running headaches of browser-sniffing websites that assume Opera can’t do things that it can. They can focus their efforts on the features they want to add or enhance, instead of maintaining their own separate codebase.

But here’s the thing: Throughout its history, Opera has served as a check against monoculture, against a single engine dominating the web too thoroughly. And now, it’s embracing the engine that dominates the fast-growing mobile web.

Remember the bad old days when people just wrote for Internet Explorer, and there was basically no innovation in web browser capabilities? It took Firefox’s success to turn the tide, but Opera was there, needling the industry with things like the “Bork edition” which turned the tables on browser-sniffing websites. Opera was a constant reminder that no, the web isn’t just Internet Explorer and Firefox, or just Internet Explorer and Webkit, or just two flavors of WebKit. That it was worth building technologies to leverage cross-browser web standards instead of picking the current 800-pound gorilla and feeding it even more.

There’s a real value in having different engines approaching the web in different ways, because it prevents stagnation. And there’s real value in having different engines use different code, even when implementing the same capabilities, because that means when a security flaw is found in one browser, it doesn’t apply to all of them. I go into this in a lot more detail in the old, but IMO still relevant article, Why do we need alternative web browsers?

The problem, of course, is that as much as I appreciate that role for Opera, it’s never really been their goal. Opera’s purpose is to sell web browser-related services. In the past, an open web was necessary to do that. Now, they’re throwing in their lot with the front-runner instead.

That leaves Mozilla, whose mission actually is to promote an open web, to go it alone. Apple and Microsoft certainly don’t care. And Google only really cares to the extent that their services are available as widely as possible. And when you get onto mobile, all three prioritize getting you into their particular silo.

Webkit browsers are a dime a dozen. The only ones that really matter are Chrome and Safari, and Safari is a lot more important on iOS. Opera will soon be just like Dolphin, Rockmelt and others that I have to rack my brains to remember. Maybe it’ll be enough for the company to survive, but it won’t be enough to keep them relevant.

Farewell, Xmarks Bookmark Sync!

It’s not a huge surprise, with all the major web browsers adding their own bookmark sync services, but Xmarks (formerly Foxmarks) is shutting down in January.

I figure I’ll just use Firefox Sync, Chrome sync, Opera Link, etc. to share bookmarks between the desktop and laptop, but what I really liked Xmarks for was its ability to sync different browsers together. I’m always switching between Chrome, Firefox, Opera and Safari (and occasionally IE when I’m on a Windows box) and it’s nice to have them all on the same set of bookmarks.

I guess it’s back to periodically exporting from my main browser and importing in the secondary ones, unless I find a tool or find the time to read up on the bookmarks formats and write one.

Update: Xmarks lives!