Site Notes

RTH Now Available on HTTPS

By Ryan McGreal
Published March 17, 2011

Update: as of February 6, 2012, RTH now uses its own dedicated SSL certificate.


Effective immediately, you can now access Raise the Hammer using the HTTP Secure protocol:

Note that the start of the URL is "https" instead of "http". HTTPS is a protocol that encrypts requests sent from the browser to the web server and web pages sent from the server back to the browser.

Because the communications are encrypted in an HTTPS connection, it is much more difficult for third parties to intercept and eavesdrop on your browsing activity, for example if you are using a shared public wifi network to access the internet. Tools like Firesheep demonstrate just how easy it is 'hijack' an unencrypted browser session on a public wifi network.

A few caveats:

This change is part of our ongoing efforts to make your use of RTH more secure.

Ryan McGreal, the editor of Raise the Hammer, lives in Hamilton with his family and works as a programmer, writer and consultant. Ryan volunteers with Hamilton Light Rail, a citizen group dedicated to bringing light rail transit to Hamilton. Several of his essays have been published in the Hamilton Spectator. Ryan also maintains a personal website and has been known to post passing thoughts on twitter.

7 Comments

View Comments: Nested | Flat

Read Comments

[ - ]

By MattM (registered) | Posted March 17, 2011 at 11:21:22

Looks good, thanks Ryan.

Reply | Permalink | Context

You must be logged in to vote on this comment.
[ - ]

By MattM (registered) | Posted March 17, 2011 at 11:25:56

Little note, for some reason the site keeps switching back to http. I think it happens after I submit a post. Happened twice now. Using IE 7/Windows Vista.

Edit: Confirmed, it happens as soon as I submit a post.

Comment edited by MattM on 2011-03-17 11:29:02

Reply | Permalink | Context

You must be logged in to vote on this comment.

By Ryan (registered) - website | Posted March 17, 2011 at 11:31:04 in reply to Comment 61055

Testing reply.

Edit - it's happening for me as well. I'll investigate.

Edit 2 - I think I know what's causing this: I bet the 303 redirect after posting a comment is hard-coded with http.

Edit 3 - I confirmed that this is due to a bug in the framework I'm using - web.py - in which 303 redirects automatically forward to plain http. I've filed a bug.

In the meantime, I've added a workaround to the code that posts comments to force the 303 seeother redirect to go to the right protocol. I'll have to do the same thing to the code that edits and deletes comments.

Edit 4 - I've updated the code than edits and deletes comments as well. This issue should be fixed now.

Comment edited by administrator Ryan on 2011-03-17 13:44:33

Reply | Permalink | Context

You must be logged in to vote on this comment.
[ - ]

By Undustrial (registered) - website | Posted March 17, 2011 at 17:29:11

Woot! I've been looking into HTTPS a bunch lately. Really rad stuff.

Reply | Permalink | Context

You must be logged in to vote on this comment.
[ - ]

By TnT (registered) | Posted March 19, 2011 at 18:43:28

Perhaps unrelated, but I've been having trouble posting of late getting "Internal Server Error."

Reply | Permalink | Context

You must be logged in to vote on this comment.

By Ryan (registered) - website | Posted March 20, 2011 at 12:35:02 in reply to Comment 61203

Hi TnT, can you email me with the details if that happens again? What URL you're trying to load, what you're trying to do (e.g. post a comment), etc. Thanks!

Reply | Permalink | Context

You must be logged in to vote on this comment.
[ - ]

By Ryan (registered) - website | Posted March 21, 2011 at 08:08:14

Ars Technica has an interesting write-up that considers the relatively slow uptake of https relative to http. In brief, https is slower because 1) it needs to be encrypted, and 2) intermediate servers can no longer cache results.

I'd add that the current high cost of an https certificate is another significant barrier to entry. RTH is able to use our hosting provider's certificate - which causes browsers to warn users that the certificate is unverified and might be fraudulent! - but if we were to get our own, it would cost around $200 a year, on top of the domain registration and hosting costs we already pay.

Reply | Permalink | Context

You must be logged in to vote on this comment.
View Comments: Nested | Flat

Post a Comment

Comment Anonymously
Screen Name
What do you get if you multiply 5 and 1?
Leave This Field Blank
Comment

Recent Articles

Article Archives

Site Tools

Feeds