This Website is Secure and WWW Free

Good afternoon everyone, I wanted to bring up two technical issues about website hosting that I think are important.

Yes I know blogging about blogging is a bit lame but I believe in these issues and wanted to share it with everyone.

SSL Cert and No WWW

Privacy And Security

In this day and age privacy and security are more important than ever! Both private companies and government agencies are routinely tracking your Internet activity.

It's time to take your privacy and security back! All Internet traffic needs to be encrypted! As such this website is running in HTTPS mode. If you look in the address bar you will see that there is a padlock icon indicating that you are using HTTPS to connect to this site.

HTTPS is a secure and encrypted version of HTTP. The main problem until recently is that HTTPS is expensive. Expensive in monetary cost and in computer resources.

To setup HTTPS you needed to buy what is called a SSL Certificate. A SSL Certificate is a basically an authenticated encryption key and there are only a couple of companies, called Certificate Authorities, that are in control of them. They like to charge a lot of money and make you jump through a lot of annoying hoops to get that key. Depending on the company and the type of cert it can cost anywhere from roughly $100 to over $2500 per year!

Thankfully, there are currently two companies working to provide truly free SSL Certs.

The first is StartSSL and the one I am currently using. Their process is still a bit complicated to go though but they truly free basic SSL Certs with 1 year expiration.

Another one that I am looking forward to is Let's Encrypt. They are a brand new certificate authority that is being founds in collaboration by Mozilla, Cisco, Akamai and The Electronic Freedom Foundation. Let's Encrypt once live is going to transform the Internet. They are building a completely automated system for creating basic SSL Certs that will allow every site to easily obtain and setup HTTPS in seconds.

The other issue was that encryption took extra computer power and until the last few years it did require having a much larger server to handle the overhead. Thanks to the ever increasing growth of computers this is no longer a valid reason to dismiss HTTPS.

Sure I know some are thinking that this is just a silly personal blog, there's nothing on here that would require the need of a secure private connection. Technically yes that's true but think about this.

If you only use encryption for important stuff then by doing so you are actually flagging to governments and other less than friendly groups the very data they want to get a hold of. If however everything was encrypted then they can't tell what data is secret banking information and harmless pictures of cats! It sure makes their jobs a lot more difficult if they end up wasting time tracking your cat viewing activity!

For those running Firefox, Chrome or Opera browsers the EFF has an extension, HTTPS Everywhere, that you can install that will make your browser attempt to connect to all sites using HTTPS. Don't worry it won't break anything if a site doesn't support HTTPS.

Being WWW Free

This is more of a personal opinion but having www in a domain name is outdated and redundant.

To understand why the www is even there requires a bit of history of the Internet and domains.

lets breakdown a FQDN (Fully Qualified Domain Name), say mine "www.alanbarber.com"

".com" is a TLD (Top Level Domain) or gTLD (Generic Top Level Domain)

It's basically an classification structure that has no meaning today. Way back when in the early days there were only a few TLDs. ".com" for commercial businesses, ".org" for non-commercial, ".net" for networks and Internet Providers, ".edu" for educational institutions, and ".gov" for US government agencies. Back then you were limited to the TLD based what type of organization you were.

Now however there are hundreds of TLDs and outside of a select few TLDs anyone or anything can get a domain name in that TLD.

"alanbarber" is properly known as the domain. This is the company name, personal name, etc. It's just a simple identity.

"www." is called a sub-domain or hostname. This has historacly been the name of a physical server that provided a service and the name was often used to define what the server did. "www" indicated a World Wild Web server, "mail" an email server, "ftp" a file transfer protocol server, etc, etc.

There were no rules you had to setup names like this but convention formed over time to use this method.

Now the domain system is nothing but a fancy phonebook that list domains and the network addresses of the servers that has services for that domain. It's a bit more complicated that that but it works well to think of it like that for non technical people.

The problem is, in this modern time, typing in "www." in a browser is redundant! I'm using a browser so logic would dictate that I want to connect to a world wild web server. Why do I need to tell it that?

Well it turns out there isn't any technical limits that let you setup what is known as a naked domain entry in the DNS system.

As such I have setup my website to run naked and include a redirect for www.alanbarber.com to go to alanbarber.com.

I think it looks nicer and is more modern.

Tags: Meta No WWW HTTPS SSL Security EFF Privacy Encrypt

Sunday, July 26, 2015 ⇧ Back to top