Defomicron

Software, Hardware, Silverware


Metamicron Part II: Security and the Future

Metamicron is a series of articles about Defomicron. It’s very meta. If you haven’t already, read Part I.

HTTPS

Before I turned on the new design, I quietly enabled HTTPS, or HTTP Secure. HTTPS does two things: first, it ensures you, dear reader, that you are indeed connected to defomicron.net and not some low-life spoofing me; second, it encrypts all data sent between your computer and my server using a complex 2048-bit key. This prevents anyone with sinister intent from peeking at the traffic between your computer and my site, even if they have your WiFi password1.

Banks and social networks, and pretty much every login form you’ll encounter on the internet, have been using HTTPS for awhile now. In theory, that sounds great. All the data you want private is encrypted, so you’re safe, right? Right? Unfortunately, there is no such thing as an unbreakable encryption. There are steps we can take, sure, but we cannot assure ourselves of absolute safety. If one is dedicated enough (and with requisite resource), one can hack anything.

So here’s the rub: if we turn HTTPS on only for private stuff, we are effecively labeling which connections would be worthwhile for hackers to break into. Sure, it’ll be a challenge. But the payoff has a far greater likelihood of substantiality. By turning on HTTPS here, I am keeping your data just a little bit safer. While there is nothing you’d like to hide being sent between my server and your machine, hopefully we can confuse the seedier among us as to which connections are truly sensitive. If you’d like to read more about this theory, please read Tim Bray’s excellent article on the subject (which turned me on to it in the first place).

In the future, I think it will be standard for every website to use SSL. I wouldn’t be surprised if, in five years, our browsers warn us against visiting any site without a certificate. This is the second theme I tried to follow with the new Defomicron: future proofing.

I have also turned on HSTS2, which further protects you by informing your browser to always use the HTTPS connection when accessing Defomicron, even if someone unpleasant were to trick it otherwise.

Fonts

I have moved away from webfonts, mostly because they are a bandwidth hog. From now on, Defomicron will display in Gill Sans (if you have it installed), or Times New Roman if you don’t3.

Image Posting

While I’ve experimented with image-posting before, ultimately I’ve decided that posting images inline with the text on the homepage of Defomicron simple doesn’t look nice. I’ve now switched to Cabel Sasser’s excellent (and free for private use) FancyZoom. I plan to start using it regularly.

URL’s and Redirects

I purchased defomicron.com, and it now redirects to the .net. Just a little bit more future proof.

(Read Part I and Part III)


  1. More likely, when you’re connecting through a public access point. ↩︎

  2. That’s “HTTPS Strict Transport Security”, or “Hypertext Transport Protocol Strict Transport Security”; that’s right, an acronym within an acronym. ↩︎

  3. All internet-capable devices Apple sells come with Gill Sans preinstalled. ↩︎