[Annoucement] dotTech now has secure logins and a mobile versionDecember 14, 2011 21 Email article | Print article
Earlier today I made an announcement about some potential downtime while I make some changes to dotTech. Well the changes have been made and hopefully almost no one had any downtime. This announcement is intended to inform everyone about the new improvements made to dotTech.
It has been a long time coming but it is finally here – a mobile version of dotTech. Well, technically speaking, dotTech did have a mobile version for a short amount of time over the summer. However, I had made many custom modifications to it; then later I updated the script and forgot all my custom modifications would be lost. Once my custom modifications were lost I disabled the mobile version.
Anyway, the mobile version of dotTech is back. It is a fully functional dotTech in mobile form. To use the mobile version, all you have to do is visit http://dottech.org on a mobile device – smartphone or tablet – and the mobile version will be automatically loaded for you. If you prefer to use the desktop version of dotTech on your mobile device, scrolling to the bottom of any page on the mobile version of dotTech allows you to disable the mobile version.
The mobile version works on all major smartphone and tablet platforms (Android, iOS, BlackBerry, Windows Phone 7, Bada OS, WebOS, Symbian, etc.). Yes, that includes the iPhone and iPad. If you find you own a smartphone or tablet that the mobile version of dotTech does not work on, please let me know so I can fix it.
Prior to today all logins on dotTech were conducted over HTTP, i.e. non-encrypted logins. For a blog, not having secure logins isn’t a big deal. After all, your login information on a blog (that you aren’t an administrator of) isn’t very important; you shouldn’t be using the same username and password as your important logins so even if your blog login gets hacked it isn’t a big deal. (If you are using the same username and password for dotTech as your important logins, you need to read dotTech’s advice about tiered logins.) The issue was that at times I found myself using unsecure WiFi networks; and as an administrator of dotTech, it is critical to ensure the safety of my login credentials. So I recently decided it is time to setup secure logins for dotTech.
For setting up logins over HTTPS I had two options. The first option was using self-generated SSL certificates. The advantage of self-generated SSL certificates is they are free and still provide secure logins. The disadvantage, however, is no browser accepts self-generated SSL certificates — all browsers display a warning to users that they may be visiting an unsecured page because the certificate is not recognized/accepted. So if I went with self-generated SSL certificates I would have secure logins without having to pay anything but I would risk scaring away dotTechies.
The second option was purchasing a SSL certificate from a leading SSL certificate authority. This would obviously cost me money but would ensure users don’t get any sort of warning when logging in.
I decided to go with the second option.
I did my research and ended up purchasing a SSL certificate from PositiveSSL, a Comodo company. Now I know I have had a run in with Comodo in the past. However, Comodo is one of the leading and most trusted SSL certificate authorities in the world so I felt secure purchasing from them. Plus, frankly speaking, I got a good deal for the first year. I may switch to a different certificate authority in an year’s time — depends on if I am happy with Comodo or not. If I do end up switching, it will only be a back-end change and will have absolute no affect on dotTech or dotTechies.
The earlier post about potential downtime is actually because of this SSL certificate. I had to make some DNS changes to dotTech to ensure the SSL certificate would work properly. DNS changes can cause downtime because it takes time to propogate the DNS change around the world. Luckily I picked up a few tricks from past experiences regarding making DNS changes so I was able to make the DNS change with little to no downtime.
Anyway, the point of this whole spiel is to say all logins and new registrations on dotTech are now done over a secure connection. This includes logging in from anywhere on dotTech — including the forums and mobile version of dotTech. This does not include e-mail notifications, the contact Ashraf form, or the tip us form because e-mail addresses/contact and tip forms are not considered critical data and there is no need to secure that data transfer.
At this moment in time I have disabled viewing dotTech articles in HTTPS simply because HTTPS causes extra load on the server; and there is absolute no need to be reading a blog in HTTPS. This means viewing articles and submitting comments won’t be over HTTPS. (Take note if you logged into dotTech prior to posting a comment or reading an article your login was done securely, i.e. username and password are safe.)
Aside from the above two major improvements to dotTech, there are some others changes, too:
- The button on the bottom-right of dotTech that used to take you to the top of the page is no longer available. The button was breaking secure connections and thus I have disabled it. I am looking into bringing in a different button and/or fixing the button to not appear on secure pages.
- The script that is used to allow dotTechies to receive e-mails when a new comment is posted on an article has been updated. Now it is easier than ever to manage your comment e-mail subscriptions. Simply click on the Manage your subscriptions link located at the end of each e-mail notification you receive…
…and you will be allowed to modify your subscriptions:
In addition to the revamped subscription management, you can now easily subscribe to receive e-mails when a new comment is posted on an article without ever commenting the article. To do this simply click on the subscribe to comments via e-mail without commenting link at the bottom of the comment form…
…enter your e-mail address and you are good to go.
Oh, and yes I now have the ability to make the checkbox for subscribing to follow-up comments via e-mail be checked by default. However, I am not going to enable this because I know for a fact subscribing people to follow-up comments by default would drive most people mad and probably push them to hunt me down with a pitchfork. I like my eyeballs, thank you very much.
If you encounter any bugs regarding the new changes (mobile version, secure logins, or new comments e-mail subscription system) please let me know so I can fix them. You can drop me an e-mail or post a comment below.
That is all for now. If I make any more major changes to dotTech I will be sure to let everyone know. Feel free to reflect on these new changes in the comments below.