Encrypting the web for retrocomputers


Filed under Musings;
4 comments.

Earlier this month, for only the second time ever, I took the helm as host of the Retro Computing Roundtable podcast.

Whoever hosts an episode of RCR must come to the table with an opening topic: some issue that the co-hosts can debate and articulate in the show's first ten minutes. For this episode, I raised an issue inspired by this very website: should we support emerging web standards at the cost of backward compatibility with retrocomputers?

This matter landed on my radar when my two web hosts, DreamHost and WP Engine, started supporting Let's Encrypt, a source for free Secure Socket Layer certificates that would otherwise cost tens or hundreds of dollars per domain per year. SSL ensures that a user's online experience was secure, which historically has been important for sites trading in e-commerce, healthcare, and other confidential consumer data. But now, Google is giving a search engine ranking boost to any website that uses SSL, whether or not the site's contents and transactions would benefit from it. Since SSL certificates are now free and every site benefits from having one, there was nothing stopping me from applying them to all my WordPress blogs.
Let's Encrypt
I stopped short on Apple II Bits, though. This is a website about 8-bit and 16-bit computers, and the only browsers I know of for those machines — Contiki and Spectrum Internet Suite — support only websites that begin with HTTP, only HTTPS. Enabling SSL on Apple II Bits would mean that the website would no longer be accessible by the very computer the website is about.

How much should this concern me? Very little, suggested the hosts of RCR, arguing that few people surf the Web from their Apple II computers except as an amusement. Google Analytics supports this notion: examining the list of browsers used to access this website in the last year, I see 28 different browsers, from Chrome, Firefox, and Safari down to BlackBerry, Nintendo, PlayStation 3, Sony Vita, Amazon Silk, and even Cốc Cốc. But out of 13,520 sessions, I don't see a single one from a browser that identifies itself as running on an Apple II.

Besides, content can be intended for Apple II users without being accessible from an Apple II. The Retro Computing Roundtable is distributed as an MP3, and Juiced.GS is published in hardcopy; neither can be downloaded and consumed using an Apple II.

The World Wide Web is an evolving medium with emerging standards; thanks to the W3C, we rest assured that most modern browsers will comply with these standards, producing a uniform user experience. If webmasters make their best effort to comply with these standards, then we mustn't put the onus on them to accommodate browsers that do not or cannot meet these standards. Sadly, that may mean excluding the Apple II; fortunately, it's a price to be paid by no one visiting this site.

  1. I don't see a compelling reason to move to https. Google is not my first stop for search, and I don't really care about their weird ranking system. Let's Encrypt wants me to run yet more software, in this case acme on a web server, and what if, in the future, they start charging for this, or their site goes away. The w3c is a committee, and is not the be all end all of web standards. In my opinion so-called web-standards have devolved. My browser has had an option to block popup-windows for a long time, it is now circumvented by gobs of JavaScript that put up annoying dialog boxes atop of web pages. These are all problems that have little to do with the Apple II.

    Perhaps I am naive, as I like to bask in the simplicity of the days of the Apple II. Maybe I'll change the browser string in all my browsers to "APPLE ][" ;)

  2. Sven Mertens says:

    I am late at commenting on this. There already is a newer episode of the podcast and I haven't listened for a few weeks.

    So, in essence you think it is better to enforce the encryption – even though you don't need it – than to do nothing. So you exclude the possibility of somebody visiting the site on a cool piece of retro hardware, because this "never" happens?

    Just for fun, I just used an old Amiga-browser(I never owned an Apple ][) to visit your site. It can handle SSL, but only if you have additional software installed (which I haven't). I think it should be possible to configure the server to handle http and https requests at the same time. I don't see why google would penalise you for that. (I am curious as to what mmphosis is using for searching – a better algorithm would be really great.)

    But wouldn't it be cool if somebody figured out a way to implement the encryption on an Apple][? You'd probably need a IIGS to do it and it won't be fast …

    I recently saw this talk from I guy who was using a modern C++ compiler to write a version of Pong for the C64 – everything is possible. :-)

  3. Hi, Sven —

    Thanks for the comments. Given that Google rewards encryption, how does "even though I don't need it" apply to SSL? Perhaps my ranking is already awesome and can't possibly get any better? :)

    As for configuring the site to use both HTTP and HTTPS, I believe that is correct — the latter would be the canonical default, but someone who manually edits the address to use HTTP wouldn't be redirected.

    -Ken

  4. http://duckduckgo.com/
    http://ecosia.org/

    I agree with you Ken, providing both HTTP and HTTPS would be the way to go.

    "everything is possible"