https...uck

Ars Technica has a longish post on the state of play regarding HTTPS. What it's good for, what it's not, who is pushing it, how browsers are reading it, etc.

The present humble website converted to https a couple of years ago after the divine Google decreed that it would be giving search preference to such sites. Since it's Google, there had to be an ulterior motive; the Ars article says it's because Google's competitors can't scrape search results from https -- is that true -- how creepy is that.

Being hustled in this fashion was horrible but for tommoody.us the only downside has been (i) paying some additional cash for the certificate and an IP address (still pretty cheap) and (ii) older pages with http image tags get the "partially secure" yellow warning flag in browsers.

To elaborate somewhat on (ii) -- according to the predominant, ultra-picky browsers, my posts with images prior to July 2014 don't rate the little green "secure lock" icon. The posts themselves are encrypted but because I used "http" in the text of the post at the time I uploaded the images, dumb browsers treat this as insecure, even though my host redirects all the http image requests to https before they reach the browser!

If I had better command line skills I would edit my MYSQL tables to convert all instances of "https://www.tommoody.us/images/..." in the text of posts to "https://www.tommoody.us/images/..." But I don't.

The Ars article mentions a change-in-the-works to the prevailing web protocol (W3C) that might solve this problem:

To prove that Barnes actually does care about URLs, he's the co-editor of a W3C specification that aims to preserve all those old links and upgrade them to HTTPS. The spec is known as HSTS priming, and it works with another proposed standard known as Upgrade Insecure Requests to offer the Web a kind of upgrade path around the link rot Berners-Lee fears.

With Upgrade Insecure Requests, site authors could tell a browser that they intend all resources to be loaded over HTTPS even if the link is HTTP. This solves the legacy content problem, particularly in cases where the content can't be updated (like, for example, The New York Times' archived sites).

Both of these proposals are still very early drafts, but they would, if implemented, provide a way around one of the biggest problems with HTTPS. At least, they'd prevent broken links some of the time. Totally abandoned content will never be upgraded to HTTPS, neither will content where the authors, like Winer, elect not to upgrade. This isn't a huge problem, though, because browsers will still happily load the insecure content (for now at least). [emphasis added by TM]

Probably by the time this W3C spec gets adopted Google will have forced us bloggers who aren't part of the Google Plus/Zuckerberg Hoodieverse to change our sites to something else entirely (moan).

Update: An emailer amends my statement "my host redirects all the http image requests to https before they reach the browser" to note that "your server sends a 302 redirect to the browser, telling it to make another request for the HTTPS url; the browser performs two requests." The point is the image is encrypted by the time it reaches the browser and the "yellow flag" designation is unfair.

The same emailer also suggests that I google "mysql change http urls to https" and thinks that leads to a non-command-line solution. Well, yes, that's the first thing I did, and Word Press recommends using phpMyAdmin to edit the MYSQL database. That requires what I called "command line skills" and I'm not comfortable with their suggestion, since every site has its own little nuances. I'd rather lobby for browser makers to be less aggressive about tainting sites with yellow flags.

Update 2: Thanks to mb for fixing this using phpMyAdmin -- those piss-yellow triangles no longer show up for my innocent, older posts.

"Mutator Folly"

"Mutator Folly" [mp3 removed -- please listen on Bandcamp]

Square or sawtooth waveforms run through the Mutator filter's stereo channels can be heard chugging and autopanning along throughout this tune. The synths and beats are all Ableton samples and presets, arranged around the "Mutator sessions."

Dem leaders are counting on Americans not knowing what the TPP is

We've been talking about the Trans-Pacific Partnership, a pro-globalist treaty that Pres. Obama wants Congress to approve after the election, during a lame duck session (I assume this still means he wants "fast track authority" to sign it without Congressional interference). The Clintons supported TPP before they stopped supporting it, clearly for the sake of election appearances, when Bernie Sanders made it an issue. Former Clinton Labor Secretary Robert Reich posted on his Zuckerberg Hoodie page (link via Naked Capitalism) the following conversation with a former fellow Clintonite. A good explanation of what's wrong with the treaty and why Dem fixers want it:

An acquaintance from my days in the Clinton administration, who has been advising Hillary, phoned this morning.

ACQUAINTANCE: “Don’t you think your blog post from last night was a bit harsh?”

[ROBERT REICH]: “Not at all. The Democratic Party is shooting itself in the foot by not officially opposing the Trans Pacific Partnership.”

ACQ: “But you know why. The Party can’t take a stand opposite the President’s. He’s the leader of the Party, for chrissake. And he wants the TPP.”

RR: “Yeah, because he sees the TPP as a way to limit China’s economic influence. So he made a Faustian bargain with big global corporations who want more protection for their foreign investments. But he’s wrong. The TPP won’t crimp China. Global corporations will give China whatever it wants to gain access to the Chinese market. The TPP ….”

ACQ: “Look, it doesn’t matter what you or I think. The President wants the TPP, and the Party isn’t going to oppose him.”

RR: “You mean Hillary won’t oppose him.”

ACQ: “Hillary won’t, and Debbie [Wasserman Schultz] won’t, and neither will Nancy [Pelosi] or Harry [Reid] or Dick [Durbin] or Chuck [Schumer].

RR: “But it’s terrible policy. And it’s awful politics. It gives Trump a battering ram. Obama won’t be president in six months. Why risk it?”

ACQ: “They don’t see much of a risk. Most Americans don’t know or care about the TPP.”

RR: “But they know big corporations are running economic policy. They think the whole system is corrupt. Believe me, Trump will use this against Hillary.”

ACQ: “He can’t. She’s inoculated. She’s come out against the TPP.”

RR: “But it’s her delegates who voted not to oppose it in the Democratic platform. Her fingerprints are all over this thing.”

ACQ: “I think you’re being too cynical.”

RR: “Actually, the real cynic is you.”