Other People Have Lives – I Have Domains

These are just some boring update notifications from the elkemental Webiverse.

The elkement blog has recently celebrated its fifth anniversary, and the punktwissen blog will turn five in December. Time to celebrate this – with new domain names that says exactly what these sites are – the ‘elkement.blog‘ and the ‘punktwissen.blog‘.

Actually, I wanted to get rid of the ads on both blogs, and with the upgrade came a free domain. WordPress has a detailed cookie policy – and I am showing it dutifully using the respective widget, but they have to defer to their partners when it comes to third-party cookies. I only want to worry about research cookies set by Twitter and Facebook, but not by ad providers, and I am also considering to remove social media sharing buttons and the embedded tweets. (Yes, I am thinking about this!)

On the websites under my control I went full dinosaur, and the server sends only non-interactive HTML pages sent to the client, not requiring any client-side activity. I now got rid of the last half-hearted usage of a session object and the respective cookie, and I have never used any social media buttons or other tracking.

So there are no login data or cookies to protect, but yet I finally migrated all sites to HTTPS.

It is a matter of principle: I of all website owners should use https. Since 15 years I have been planning and building Public Key Infrastructures and troubleshooting X.509 certificates.

But of course I fear Google’s verdict: They have announced long ago to HTTPS is considered a positive ranking by its search engine. Pages not using HTTPS will be tagged as insecure using more and more terrifying icons – e.g. http-only pages with login buttons already display a striked-through padlock in Firefox. In the past years I migrated a lot of PKIs from SHA1 to SHA256 to fight the first wave of Insecure icons.

Finally Let’s Encrypt has started a revolution: Free SSL certificates, based on domain validation only. My hosting provider uses a solution based on Let’s Encrypt – using a reverse proxy that does the actual HTTPS. I only had to re-target all my DNS records to the reverse proxy – it would have been very easy would it not have been for all my already existing URL rewriting and tweaking and redirecting. I also wanted to keep the option of still using HTTP in the future for tests and special scenario (like hosting a revocation list), so I decided on redirecting myself in the application(s) instead of using the offered automated redirect. But a code review and clean-up now and then can never hurt ๐Ÿ™‚ For large complex sites the migration to HTTPS is anything but easy.

In case I ever forget which domains and host names I use, I just need to check out this list of Subject Alternative Names again:

(And I have another certificate for the ‘test’ host names that I need for testing the sites themselves and also for testing various redirects ;-))

WordPress.com also uses Let’s Encrypt (Automattic is a sponsor), and the SAN elkement.blog is lumped together with several other blog names, allegedly the ones which needed new certificates at about the same time.

It will be interesting what the consequences for phishing websites will be. Malicious websites will look trusted as being issued certificates automatically, but revoking a certificate might provide another method for invalidating a malicious website.

Anyway, special thanks to the WordPress.com Happiness Engineers and support staff at my hosting provider Puaschitz IT. Despite all the nerdiness displayed on this blog I prefer hosted / ‘shared’ solutions when it comes to my own websites because I totally like it when somebody else has to patch the server and deal with attacks. I am an annoying client – with all kinds of special needs and questions – thanks for the great support! ๐Ÿ™‚

12 thoughts on “Other People Have Lives – I Have Domains

  1. Your post title made me laugh, especially when I realized that I had another nerdy interpretation of domains on my mind (this week’s mathematical adventure: moving functions from one plane to another). It is interesting how your sites have changed, especially your consideration of removing the social sharing! That’s a significant shift in your blogging approach. What has changed with the cookies that you’re thinking about this?

    • The cookies are as ‘bad as ever’ I guess, but next year I will be more accountable for them as a website owner – when the new EU General Data Protection Regulation will become effective. End users will be given much more control over their data, and e.g. tracking of users will be opt-in, so all common social media buttons and embedded ads will be not compliant. There should be exemptions for cookies for internal technical reasons, so WP’s own cookies would be OK. As a site owner you cannot simply defer to the platform provider but you need to set up proper contracts and make sure they are compliant, too.
      Instead of ranting about even more bureacratic burden for small businesses (by a regulation that actually tries to tame the big platform data krakens who are also the only ones that can effectively fix the issues with ‘cloud’ platforms) I try to see the positive aspects: I am yet again sifting through all my cloud and hosting stuff, check all the contracts, document even more, update my legal docs, do risk analysis, and get rid of unecessary and possibly intrusive things.

      The new regulation is valid for all business sites that ‘target’ users in the EU – so e.g. also the small Canadian business that perhaps sometimes theoretically might offer something for EU citizens would be affected.

      It seems that all major ‘cloud’ providers are already trying to make their solutions compliant – otherwise e.g. a company Facebook Page would be ‘illegal’ (something discussed for a long time in Germany, even given current data protections laws – there was one famous ruling of a local court…)) So there might be a chance that WP.com will come up with respective social media buttons – there are already custom-built buttons used on German sites but you would need to be able to install a WP plug-in yourself to use them. With such buttons you have to click twice: First to activate them (allowing als tracking by cookies), and second time to share the content. But I noticed that the sharing buttons here are hardly ever used. I never use such buttons myself but rather copy the link onto the social network, and remove weird query strings at the end before sharing. The elkement blog has so few views now that removing the button cannot make that worse, and the punktwissen blog has lots of views but the only related ‘social interaction’ is e-mails sent to us as a ‘response’. So I think nobody will miss the buttons.

      • I feel like I am living under a rock. (I suppose I am living under textbooks.) I didn’t even know about these changes. I see what you mean about small businesses. There was a brief time in which the internet seemed to offer accessibility to the marketplace for everyone, rather equally, but that has been diminishing for a few years now. I suppose this is the death blow for many.

        I recently read that the millennial generation is driving entrepreneurship, choosing to start their own businesses rather than work for others. This is due to many traditional companies not allowing for the flexibility people need to raise children or care for elderly parents. If this upcoming generation finds their businesses suffer or fail, there could be significant social and cultural changes that either significantly impoverish families, or decrease the number of young people having children.

        • Many ‘modern’ large companies state they offer more flexible work options – but I am not enough of an insider anymore to judge if this is true … or if it just means that you can work ‘remotely’ etc. *in addition* to an already challenging schedule. Then I see that ‘start-up culture’ is getting popular, even in my country whose culture has always been infamously risk-averse and ‘anti-entrepreneurial’ but I am still skeptical that bureaucracy will be tamed accordingly (both governmental and rules set by large suppliers and large customers). I am able see regulations like this cookie thing as an interesting technical challenge – and from the perspective of ‘implementing compliance pragmatically’ as we had done this for years, helping large enterprise clients to cope with regulatory demands … but would I be a small business in a totally different sector I think I would be in despair … not specifically about this regulation but it is just one of many.

          My prediction is rather that many traditional independent small businesses will become de facto parts of larger entities, as preferred partners, franchisees, or subcontractors – so that a ‘platform’ will take care of e.g. making websites or business applications using clients’ records compatible with ever changing regulations. So I think the ‘gig economy’ will be extended from freelancers and solo entrepreneurs to most small businesses. Actually, I have a post sitting in my Drafts exactly about all this, preliminary preposterous title ‘The Future of Small Business’ ๐Ÿ˜‰ … I don’t know how many times I’ve already re-written and edited it … to find a more positive twist… I am happy about our own evolution as a small business but I am reluctant to generalize and extrapolate as I might just have been in the right place at the right time for a few times.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s