A very quick note this week: Shady Characters now runs exclusively over HTTPS. What does this mean? Well, rather like my recent post about how references work here on the blog, my hope is that very little will change — other than an extra ‘s’ in the site’s address.
Briefly, “HTTP” stands for “HyperText Transfer Protocol”. This is one of the basic technologies on which the world wide web runs:* it comprises a finite series of verbs that describe actions and a near-infinite collection of addresses (“Uniform Resource Locators”, or URLs) describing the things on which those verbs act.1 As an example, the verb GET retrieves a resource such as a web page; conversely, POST and PUT create and update resources such as comments. When you type an address that starts with http:// into your web browser, you know that your computer will use the HTTP protocol to access it.
“HTTPS”, then, stands for “HTTP Secure”.2 That extra ‘s’ signals that all traffic between your web browser and the remote computer, or web server, which sends those HTTPS pages to you, is cryptographically scrambled so that no-one else can tell what information is exchanged between the two. This is precisely why banks and other financial institutions were among the first to embrace HTTPS — neither the state of your finances nor your instructions as to what to do with them are vulnerable to eavesdroppers.
For Shady Characters, moving to HTTPS means two things. First, all shadycharacters.co.uk web addresses now start with https:// rather than http://. Second, no entities involved in the communication of data between this website and your web browser can inspect the data that flows between them. In particular, the exact address that you happen to be viewing at any given time (such as https://www.shadycharacters.co.uk/series/the-pilcrow/ or https://shadycharacters.co.uk/books/the-book/) remains hidden, as do any messages that you might send to me via the Contact page.†
It could be argued that HTTPS is overkill for a blog like Shady Characters. That said, the web is inexorably moving in the direction of enhanced security and privacy and HTTPS is a non-negotiable part of that movement. I want to provide visitors with the same assurances of security that you would expect of any other responsibly-run site. Separately, HTTPS is a prerequisite for using the newest version of the HTTP protocol and, although shadycharacters.co.uk doesn’t support it yet, it should eventually provide a nice bump in performance. Web pages will feel snappier as well as being more secure.
And that’s it! Feel free to carry on browsing as normal. You don’t even have to update your bookmarks, since the site itself will automatically redirect you from plain old http:// addresses to shiny new https:// ones. Let me know if you have any questions or comments, and thanks for reading!
- 1.
-
Fielding, R, and J Reschke. “Hypertext Transfer Protocol (HTTP 1.1): Semantics and Content”.
- 2.
-
Fielding, R., and J Reschke. “Hypertext Transfer Protocol (HTTP 1.1): Message Syntax and Routing”.
Comment posted by Athel Cornish-Bowden on
What https means to me is that I can no longer access Shady Characters from my office computer. I just get messages like “Safari can’t open the page ‘https://shadycharacters.co.uk’ because Safari can’t establish a secure connection …”. Why can’t Safari do this? Because it’s version 4.1.3 (2010). Why am I running an old version of Safari?Because it’s the last version that will run under OS 10.4.11. Why don’t I update my operating system? Because I want (need) to be able to run Classic programs.
Other users may not have these exact objections to https, but I’m sure I’m not the only person who is unconvinced that the stampede to https is to everyone’s benefit.
Incidentally, I can get to https://www/lloydsbank.com/…, so I wonder if the problem is that servers I can’t connect to are incorrectly configured.
Comment posted by Keith Houston on
Hi Athel — thanks for the comment! I’m sorry you can’t access Shady Characters from your office computer.
A web search suggests that this might be a problem with Safari. I found this Apple forum link that suggests a few things to try. In addition to what is written there, have you tried an alternative browser? If all of that fails, please feel free to send any additional details or log files you can find my way via the Contact page.