Hobocomp.com Blog
running out of a cardboard box since 2007

Shiny SSL certificate for hobocomp (and ericw.us/trow)

31 Jul 2011, 4:43pm


So. It's 2011. Kids are sniffing your HTTP traffic and Interrupting your Internet with cheap plaintext hax. There has been a simple solution to all of these problems for a while now: HTTPS. You might have heard it called SSL, or maybe even TLS. (Ironically, the HTTPS version of Wikipedia's page on HTTPS (or any page) contains an image loaded over HTTP, breaking the security that would be provided by HTTPS).

So to stop all the Man-in-the-Middle attacks depriving you, the hobocomp blog reader, with authenticated hobocomp content, hobocomp has now been upgraded with a brand new certificate!

I encourage all of you with websites to enable HTTPS on them (if only so your site can be a potential Telex NotBlocked).

Now, I know what you're saying. Mostly because I enabled your microphone using x-webkit-speech, but also because you're that predictable. "But Eric!", you whine. "HTTPS is hard. Google only barely does it, and it's still in Beta. Also, I'm poor and can't afford the luxary of actual signed certificates. And I heard it bogs down your web server doing all that encryption!"

I shall addresss these complaints, using an unordered list:

  • "Also, I'm poor" - Domain-validated HTTPS certificates can now be purchased for FREE, from StartSSL, and their public key is likely baked into your browser, meaning you'll get the lock icon without users having to accept a shady third-party's key. It's even supported by Flock. Have you even heard of Flock?
  • "It bogs down your web server" - Ok. Yes. Someone (i.e. your server and the client) is going to have to do all that processor-intensive key exchange, encryption, and decryption. And your fancy network card or transparent proxy isn't going to be able to cache your pages. But come on - Hobocomp runs out of a cardboard box, with a 5-year old single-core AMD processor, at a balzing 3682 bogomips, and it can STILL manage to do all that crypto. If your web server is being outperformed by a nomadic computer in a cardboard box, I shall taunt you a second time.
  • "HTTPS is hard" - Let's go shopping. Alternatively, you can run Ubuntu, and apt-get install apache2, and read the fine manual or search for yourself.
Note: Hobocomp is running both https://hobocomp.com and https://ericw.us/trow from a single IP. Normally, this doesn't work, but hopefully your browser supports Server Name Indication, and then it will!

Comments

Jtibbs [31 Jul 2011, 5:55pm]
lol... "bogomips"

 Poop [3 Nov 2011, 6:24pm]
YOURE SI8E HAZ BEEN HAXXXED!
<a href=http://www.porn.com>Link text</a>

Name
Comment