When you login to flickr, it greets you with hello in different languages. This morning, I saw the image above and was excited. Flickr greeted m in Serbian!
Wishlist Reviewed
Our wishlist hadn’t been reviewed since…well, since I put it up. I decided I’d revisit it with the website changes. I removed a ton of stuff and updated more.
By the way, this isn’t posted because I’m trying to get people to send us stuff. I wanted a notice on the wishlist that I had looked at it as of such and such date. But, I can’t make it show up there and not here. BOO….
Image from diamondgyzer via flickr
SSL Warnings– Need some Help
Is anyone else getting ssl mixed content warnings on the site? I’ve been getting them off and on; however, I can’t figure out what it is. Everything on the page looks to be delivered via https. Anyone (Bill, Alan) have any ideas?
[Update 2012-12-26 08:13:29] Here’s two posts that will need updating once I get this problem fixed:
SSL and Maxsons.org
Website Changes
[Update 2012-12-26 08:29:33] Something (my guess = disquis) was loading a resource from facebook (http://connect.facebook.net/en_US/all.js) via http. Stupid facebook…why wouldn’t they send that via https?? Anyway, I think I’ve disabled the login via facebook from disquis so this shouldn’t happen any more.
[Update 2012-12-26 08:33:21] Well, the error is gone but you can still login via facebook. ARG….
[Update 2012-12-26 19:48:53] I spent most of today working on the website. I think I’ve got everything sorted out with the mixed content messages.
Image from jeff_golden via flickr
Looking for Ideas
After I migrated the website to an updated platform and enabled SSL, I thought I should check for dead links. Well, I found and corrected a bunch…I have a bunch more to finish. In this process, I found many of my dead links were for sites that had either gone dark (meaning I couldn’t find anything about them), moved (and left some sort of redirect), or just updated their site. In some cases, I don’t really care; however, in others, I wish I had the stats or main idea the article was making. So, here’s my question for my readers that blog:
How do you think I should deal with content from other sites?
How do you handle it on your blog?
Also, when the sites went dark, I was removing the links from the text and adding a note at the end including the link (just not hyperlinked). What do you think about that idea?
Image from sheeshoe via flickr
At A&E
What a way to spend Christmas evening…at the a&e (that’s what they call the emergency room in England). Why am I here?
Well Cyndi wanted a food processor. I got her one. Themetal blade was in this plastic case tthing. What a stupid idea I said. Well, as was washing it I sliced my finger… quite nicely. So Cyndi said I should come.
So…here I sit on Christmas eve waiting to be seen.
[Update 2012-12-25 21:53:37] It took about an hour to get seen. And what did they do? Put some tape on it and give me a sling. A sling! I wanted to ask how I was supposed to drive home. On one hand, in the states, I would have wanted more for my $100 ER fee. My first reaction is to say I’m glad I didn’t pay. Then, I remembered the OUTRAGEOUS amount of income taxes I paid here to provide this “free” healthcare. I want more for my thousands! Oh, I also added the picture. Click it if you want to see it in more detail.
Christmas, Turkey, and More
Here in England, it seems to be the tradition for churches to have a Christmas Day service. Several families at church have started getting together for Christmas Dinner. Well, Cyndi and I said we would deep fry a turkey if there was intrest. Well, even though Lydia is sick, Isaac and I went because we had to cook the turkey. Well, it was a hit. Everyone liked it. Isaac and I had an ok time because Cyndi and Lydia weren’t there.
Image from henry alva via flickr
SSL and Maxsons.org
I’ve got the website, I think, all converted to force SSL every place. I’ve also redirected a TON of URLs via .htaccess files to secure equivalents. Here’s a rundown of what I’ve done:
Maxsons.org -> https://www.maxsons.org
files.maxsons.org -> https://www.maxsons.org/files
media.maxsons.org -> https://www.maxsons.org/files/media
update flickr pictures to use https in both the href and img src tags
The flickr stuff was fairly easy. I just had to run a couple of SQL queries to do a find and replace on a few fields in a few tables. By the way, if you care, the find and replace syntax for MySQL is:
update [table_name] set [field_name] = replace([field_name],'[string_to_find]’,'[string_to_replace]’);
—http://www.mediacollege.com/computer/database/mysql/find-replace.html
In general, the check I use in the .htaccess file looks like:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent]
In reality, it isn’t that easy. From how I’ve seen it work, if you have one .htaccess file in a directory, that overrides something higher up. That means I’ve had to put a .htaccess file in each of the directories for the domains above and test several cases of with www and https, without www and https, with www and no https, etc… for each case. I think I finally have it worked out. Worst case, the [L] directive doesn’t seem to be working. What does L do in a .htaccess file? Well, I think it is supposed to tell Apache to stop processing redirects. Mine keeps going.
Oh, and while the URL gets rewritten, it doesn’t reassign variables in the .htaccess file. That means you have to order things right so stuff works out. Here’s an example:
RewriteCond %{HTTP_HOST} host1
RewriteRule ^.*$ https://NewLocationHost1%{REQUEST_URI} [NC,R=perman$
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !host1
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent]
RewriteCond %{HTTP_HOST} ^DomainWithNoWWW$
RewriteRule ^.*$ https://DomainWithWWW%{REQUEST_URI} [R=permanent]
When you get to line 4 (RewriteCond %{HTTP_HOST} !host1) to do a generic check of is https turned on or off, you have to also check to make sure you aren’t coming from a different host (files vs media vs www). If you don’t, you’ll end up and rewrite using the generic %{HTTP_HOST} with a wrong host and get certificate errors.
Oh, one other thing I did, after I had all the redirection already done, was to insert the following line into my .htaccess files:
Header set Strict-Transport-Security max-age:31337
If you are wanting to do something similar, that looks like the better way to do it. From what I’ve read (at eff and wikipedia) that header, by itself, would force a browser that understood it to make a https connection. If it couldn’t, the page wouldn’t load. But, if the browser didn’t understand it, the page would load via http. So, if you are starting out from scratch and didn’t already have 30 lines of .htaccess written, try that. If it works, you are done…if not, then you can delve into .htaccess and mod_rewrite.
Now, why did I do this? Over the weekend, I did some reading regarding rights and the government. I found out that the 4th Amendment–protection against unreasonable search–doesn’t apply if you’ve shared the information with a third party. This means the government can get a list of the phone numbers you have dialed from the phone company with just a court order…they don’t have to get a warrant. Now, enabling https on my website doesn’t help there; however, it does allow me to use a feature of my new hosting plan (a dedicated ssl certificate) to make the logins for the website safe so prying eyes at Starbucks can’t see my username and password. Or, better yet, someone can’t sniff my login credentials when I get set up to blog from my mobile phone (or upload pictures). A bonus is that no one can read the other stuff as it goes over the wire…that means a “bad guy” government couldn’t sniff packets and find out what I’ve written. Now, they could go to the website and look…but what if I make some things public and other things not…then you have to have the ID and password to login to see what’s up.
Oh, by the way, the 4th Amendment stuff I mentioned above means I may look to stop using disquis for comments and go back to native comments. But, on the other hand, comments are already shared with a 3rd party so is there a reasonable expectation of privacy there? Probably not….
[Update 2012-12-26 08:12:01] I’m getting mixed content warnings. I can’t see what’s wrong…can anyone help? They are fixed.
[Update 2012-12-27 07:32:51] If you came here looking to see how % or $ work in htaccess files, check out this post where I give some examples and explain % and $ in htaccess files.
Image from legofenris via flickr
Articles
Since I’ve migrated the blog, you may notice some articles change order and menu items not work. I’m working on updating these things. If you can’t find what you are looking for, use the Search function (at the top right of the page or here).
[Update 2012-12-27 08:04:20] All the problems should be fixed; however, I’ve decided to use this page for a generic “I’ve made changes” page. There were some things I couldn’t redirect. For example, some code from way way way back in the day when I used phpNuke. I’ve sent those things here…You’ll have to search if you came from a link like that. Leave me a comment, if you would like, and I can work on fixing specific one off things…
Image from Jack Zalium via flickr
Lydia is Sick….
Last night Lydia nor Isaac slept well. This morning, they were really cranky. They slept all afternoon. We went to the Carol Service at church this evening when we got sent home because Lydia was a bit warm. Well, Cyndi and I didn’t think she was, but we came home anyway. Well, after eating a bit for dinner, Lydia promptly got sick on the living room floor.
[Update 2012-12-24 09:44:45] While I was messing around with the site, Lydia read the title of this post. Her reply: “I’m not sick.”
Image from kalexanderson via flickr
Need Ideas — Sleep
Cyndi and I are looking for some ideas on how to get Isaac to sleep longer (or at least stay in his room after he wakes up). He’s soon to be 3 so he can’t tell time or anything like that. Lydia does a good job.
Image from xtoq via flickr