Link

FFS SSL

FFS SSL:

I just set up SSLTLS on my web site. Everything can be had via https://wingolog.org/, and things appear to work. However the process of transitioning even a simple web site to SSL is so clownshoes bad that it’s amazing anyone ever does it. So here’s an incomplete list of things that can go wrong when you set up TLS on a web site.

Now you start to add secure features to your web app, safe with the idea you have SSL. But better not forget to mark your cookies as secure, otherwise they could be leaked in the clear, and better not forget that your website might also be served over HTTP. And better check up on when your cert expires, and better have a plan for embedded browsers that don’t have useful feedback to the user about certificate status, and what about your CA’s audit trail, and better stay on top of the new developments in security! Did you read it? Did you read it? Did you read it?

It’s a wonder anything works. Indeed I wonder if anything does.

Without any doubt this is one of the better(?) rants about SSL/TLS that I’ve read recently. And given my own recent experiences in setting up SSL/TLS on another site I entirely empathize: it was a horrible experience that involved tracking down what was causing things to break, when they were breaking, and how to remedy them. It was a non-trivial learning experience and that was a very simple site. Large sites….well, I shudder to consider the work entailed in securing them.

(As a sidenote: yes, SSL/TLS is broken. But it adds friction to mass surveillance processes and at little cost to the visitor of websites/users of web services. It’s a pain for those delivering content, but that’s a pain that it’s arguably appropriate for those content providers to bear.)

Quote

The traditionally advocated uses for NFC have been to replace RFID chips in travel cards, such as the Oyster card in the UK, and RFID chips in credit cards, such as MasterCard’s PayPass.

The problem with these replacements is a simple one, however. Smartphone batteries run out. They do so with alarming regularity, and they do so at inopportune moments. I don’t care what phone you say you have, and I don’t care if you say it doesn’t happen to you, because it does. You end up staying out late, or you leave your charger at home by accident, or you just plain use the phone too much during the day, and then when you need the phone to work, it doesn’t because it’s out of juice.

The phone running out of power is bad enough when it means you don’t have maps and directions. That’s annoying. But even worse is the battery going flat when you need the phone for mass transit or paying for stuff.

And yet that’s precisely the value proposition that NFC offers: go out for a night on the town and get stranded with no money, no subway ride home. The only way to be safe is to take your credit card and travel card with you anyway, and if you’re doing that? Well you don’t exactly need NFC then, do you?

* Peter Bright, “Mobile World Congress is Mean Girls, and NFC isn’t going to happen”
Quote

…tablets have gotten so cheap that it’s hard to make a case that spending $500+ on a new Windows 8 machine is better than just keeping what you have and spending $200 on a cheap tablet. That goes double when the cheap tablet in question has hundreds of thousands more apps. Throw in an unfamiliar user interface, and you’re basically telling people to please leave the Microsoft Store.

* Pete Pachal, “The Problem With Windows 8

Windows 8 has a new design paradigm; to find programs’  settings you must hover your cursor to the right of the screen. There is no indication that these settings panels exist.

The new paradigm can be contrasted against the ‘early’ Metro paradigm in Windows Phone. Under the ‘old’ paradigm ellipses are used to indicate additional options. The translation of Metro to the desktop – insofar as ellipses are being removed – strikes me as a poor decision for two reasons:

  1. It breaks Metro UI tenants that Windows Phone users have learned;
  2. The Mail settings aren’t linked with any OS-wide settings (so far as I can tell), which means that if you don’t figure out the ‘hover to the right’ paradigm you can spend considerable time getting frustrated trying to just add a new mail account.

There has to be some indication to users that additional information (i.e. the settings panel) exists or the settings should be accessible in multiple locations. Failure to accommodate these needs should be understood as design failures insofar as UI parsimony is damaging the overall UX.

I Like The Apps, But Not The Design

A new version of the iPad is coming. The latest ‘craze’ around this version is whether or not it will come with a home button. To date, there’s been one particularly strong ‘In Defence of the Home Button’ post by Dave Caolo, which is effectively a listing of all the functions that Apple has tied to the singular button at the bottom of each iDevice.

This button isn’t going anywhere. And that’s really unfortunate, because better – or at least equivalent – options are out there.

The PlayBook is seriously lacking on apps. SERIOUSLY LACKING. But the hardware design of the device is stunning. I don’t need to pay attention to what is up, down, left, or right because of how RIM has integrated the bezel functionality. For a quick overview of the bezel options, check out the video below:

This isn’t to say that the Playbook is a winner hands down. Apple’s home button is linked to variety of accessibility options which are lacking on the Playbook. Also, Apple has a series of gestures that enable similar features as the Playbook, though I’m far less impressed at how they’re integrated. Because of how awkward these gestures tend to be, I tend to just use the home button, which can be incredibly inconvenient depending on the iPad’s orientation at the time.

My dream would be Apple getting creative and bringing the hardware design leadership of the Playbook to the app-rich iDevice environment. I’m not holding my breath through.