Installing optional SSL

October 9th, 2017 11:48 AM
by
Filed under Musings;
Comments Off on Installing optional SSL

A year ago this month, I added SSL certificates to all my websites. Be it the ease and affordability of doing via Let's Encrypt, the paranoia of avoiding unencrypted communications inspired by Snowden, or the improvement to search-engine ranking provided by Google, it was an effortless and valuable addition all my sites.

Except this one. I spoke on the Retro Computing Roundtable and wrote on this blog about how evolving Web standards sometimes mean older technology is no longer grandfathered. In this case, no Apple II computer or browser currently supports (or may even be capable of accessing) SSL-encrypted websites. Even though my Google Analytics showed no such machines were accessing Apple II Bits, I was hesitant to disconnect this blog from the computer that inspired it.

Since then, Google stepped up its incentive to offer HTTPS encryption: starting later this month, any page or site with a text field — be it a contact form or a search box — that isn't encrypted will display a warning in Google Chrome. Whether this decision is reasonable or proper can be debated, but I can't ignore its consequences. Among visitors to this site, Chrome is the most popular, constituting 45% of sessions. For thousands of users to have a negative experience so I can accommodate a potential or even nonexistent audience is foolhardy.

Fortunately, as reader mmphosis commented, it's not an either/or proposition: a website can be configured to support both HTTP and HTTPS. This weekend, that's exactly the change I made to Apple II Bits' configuration. The canonical default for this website is still HTTP, but if you type HTTPS into your browser window (or have the EFF's excellent HTTPS Everywhere browser plugin enabled), you can now access the site via HTTPS as well.

In the future, I may investigate reversing those roles and making HTTPS the default but HTTP an option. In the meantime, I hope this compromise between old and new technologies is successful at serving a modern audience of retrocomputing enthusiasts.

Encrypting the web for retrocomputers

October 24th, 2016 11:53 AM
by
Filed under Musings;
4 comments.

Earlier this month, for only the second time ever, I took the helm as host of the Retro Computing Roundtable podcast.

Whoever hosts an episode of RCR must come to the table with an opening topic: some issue that the co-hosts can debate and articulate in the show's first ten minutes. For this episode, I raised an issue inspired by this very website: should we support emerging web standards at the cost of backward compatibility with retrocomputers?

This matter landed on my radar when my two web hosts, DreamHost and WP Engine, started supporting Let's Encrypt, a source for free Secure Socket Layer certificates that would otherwise cost tens or hundreds of dollars per domain per year. SSL ensures that a user's online experience was secure, which historically has been important for sites trading in e-commerce, healthcare, and other confidential consumer data. But now, Google is giving a search engine ranking boost to any website that uses SSL, whether or not the site's contents and transactions would benefit from it. Since SSL certificates are now free and every site benefits from having one, there was nothing stopping me from applying them to all my WordPress blogs.
Let's Encrypt
I stopped short on Apple II Bits, though. This is a website about 8-bit and 16-bit computers, and the only browsers I know of for those machines — Contiki and Spectrum Internet Suite — support only websites that begin with HTTP, only HTTPS. Enabling SSL on Apple II Bits would mean that the website would no longer be accessible by the very computer the website is about.

How much should this concern me? Very little, suggested the hosts of RCR, arguing that few people surf the Web from their Apple II computers except as an amusement. Google Analytics supports this notion: examining the list of browsers used to access this website in the last year, I see 28 different browsers, from Chrome, Firefox, and Safari down to BlackBerry, Nintendo, PlayStation 3, Sony Vita, Amazon Silk, and even Cốc Cốc. But out of 13,520 sessions, I don't see a single one from a browser that identifies itself as running on an Apple II.

Besides, content can be intended for Apple II users without being accessible from an Apple II. The Retro Computing Roundtable is distributed as an MP3, and Juiced.GS is published in hardcopy; neither can be downloaded and consumed using an Apple II.

The World Wide Web is an evolving medium with emerging standards; thanks to the W3C, we rest assured that most modern browsers will comply with these standards, producing a uniform user experience. If webmasters make their best effort to comply with these standards, then we mustn't put the onus on them to accommodate browsers that do not or cannot meet these standards. Sadly, that may mean excluding the Apple II; fortunately, it's a price to be paid by no one visiting this site.