Securing the bava

Well, it took a while, but all pages and content on this blog is now forced over https. This was one of the motivations for getting bavatuesdays in its own WordPress install, and this weekend I finally pulled the trigger. it was pretty easy, I installed Let’s Encrypt, added the force https code to the htaccess file, and ran the Insecure Content Fixer plugin. The last one did not seem to get everything, so from command line I ran the following in the directory via terminal to make sure all images load over //

wp --allow-root search-replace 'http://bavatuesdays.com/wp-content/uploads/' 'https://bavatuesdays.com/wp-content/uploads/'

That cleaned up over 12,000 links, and gave me a shiny green “Secure” lock icon:

I’m not entirely sure bavatuesdays needed to be https given no one logs in or out except me (although I guess that’s one big reason), and it’s not highly sensitive material in my mind. At the same time, the idea of encrypting one’s website is reasonable and getting into that habit with all our web properties seems sensible. But Dave Winer’s recent rationale for not going to https makes a strong case for resisting being forced by Google to play their game:

So now Google points a gun at the web and says “Do as we say or we’ll tell users your site is not secure.” What they’re saying doesn’t stand up to a basic bullshit-test. There’s nothing insecure about my site. Okay I suppose it’s possible you could get hurt using it, I’ll grant you that. But I could get hurt getting up out of my chair and going into the kitchen to refill my coffee cup. Life is insecure. When Google says my old site is insecure what they really mean is “This is our platform now, and you do as we say or your site won’t work.”

This, in turn, made me think perhaps securing the bava may be my kowtowing to the peer pressure/stigma to get the green icon in Chrome. I’m not sure this is my revolution when all is said and done-there are points to be made on both sides. Choosing to run an https site versus being forced reminds me a bit of helmet and seatbelt laws for your website. 25 years later we take putting on a seatbelt for granted, there is no fight in me on that front  anymore cause it just makes sense. Wonder if that will prove the case for https? Not sure, but for the meantime all content is being served over https, and if not necessary, there is something righteous about feeling secure on the web in this day and age 🙂

This entry was posted in bavatuesdays. Bookmark the permalink.

4 Responses to Securing the bava

  1. Tim Owens says:

    You do get the added speed benefit of http2 by going https http://www.http2.ea4.ninja/ so that’s something.

  2. When I was a senior in high school, my AP English teacher Mr. O’Connor a fiery anti-establishment book lover refused to wear his seat belt in 1989 because “the man” was telling him to. It took us teenagers about three months to irritate and annoy him so much that he finally relented and started to wear his seat belt everyday. And we checked too. He was also the distance track coach and friends would follow him to his car after practice.

    I guess it’s hard to envision Google as a bunch of idealistic teenagers bullying website owners to do the right thing. But I appreciate the analogy, it’s exactly where my mind went. Safety culture of the 80s reborn as web and privacy protocols.

    Now wouldn’t it be cool if a new set of idealistic teenagers started getting everyone to stop using Facebook and Instagram…

    Oh, and I secured my site a few months back using your tutorials posted here while working on someone else’s site. Glad you finally are wearing your internet seatbelt!

    • Reverend says:

      LOL, I am glad you enjoyed that. As a Long Island teen, thinking of transportation safety propaganda, the third rail 16 MM films they used to play in schools where the craziest things ever. Re-enacting kids getting electrocuted by the train tracks. Scarred for life.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.