Activating HTTPS for Apple II Bits


Filed under Musings;
Comments Off on Activating HTTPS for Apple II Bits

In 2016, I mused how the Web's move toward encryption — specifically, free Let's Encrypt SSL certificates — was leaving retrocomputers behind.

In 2017, I installed a Let's Encrypt certificate on this website, but configured the domain to be a "dual front-end", accessible via both HTTP and HTTPS. Other than some issues when trying to submit comments — issues that stumped even my host's tech support — this arrangement has worked well.

Then, in 2018, I started working at Automattic. As a technical account engineer (TAE), I assist enterprise clients in migrating their websites to our WordPress VIP hosting platform. I've collaborated with many large news organizations around the world, some of whom come to us because their previous hosts' service or features didn't meet their needs. From learning those histories, and in my own experience as a webmaster, I've seen and heard horror stories about exploited users, passwords, code, infrastructure.

Any site and any CMS can get hacked, as I learned seven years ago with WordPress. Those hard lessons taught me to use security plugins, strong passwords, and other best practices. This mindset has served me well as a TAE, as a platform is only as secure as the software you put on it and the clients who use it.

Now I need to practice what I preach — not to be consistent, but to be secure. One of WordPress VIP's key features is security, which includes free, auto-renewing SSL certificates from Let's Encrypt, with additional HSTS headers to prevent man-in-the-middle attacks. I want that VIP level of security for myself, not because I think someone is out to get me or the Apple II, but because bots and spiders don't discriminate when seeking vulnerabilities.

But if I transition this website fully to HTTPS, what about the Apple II users that'll be excluded? In my annual report of this site's statistics, one granular detail I omit is web browser usage. In the first nine years of Apple II Bits, the most popular browsers were, unsurprisingly, Chrome, Safari, Firefox, and Internet Explorer, constituting a combined 92.44% of all traffic. The remaining 69 browsers each constitute no more than 1.3% of my traffic. There are plenty of browsers I've never heard of, like Rockmelt, Maxthon, Puffin, and Dolfin; several game consoles, including Sony's PlayStation 3 and Vita and Nintendo's 3DS; and mobile devices, from Nokia and BlackBerry.

In very last place on that list is "APPLE ][" with a single visit: on January 20, 2017, someone spent 45:52 reading seven pages on this site.

Maintaining compatibility between this site and its target audience was always more about principle; now, armed with WordPress experience and Google Analytics, I lean more toward the practical. Maintaining an insecure website isn't the best way to support the Apple II; better ways are to attend KansasFest, read/write for Juiced.GS, develop hardware and software, sell merchandise — and build secure websites.

In the march toward those goals, I offer my condolences to the one user from 2.5 years ago who I may never see again in that fashion. I value the appearance you made, and your singular place in my logs shall forever stand.