Whatever Security Update

A small piece of security information for you: Whatever (was well as the whole Scalzi.com) site, now operates using https, for extra added security. Mind you, as this site does very little in the way of transactions or anything security-critical, this may not be a big deal to anyone. On the other hand, Google sent me a note recently noting that unless I switched over to https, they’d start blasting “INSECURE” in the URL field of the Chrome browser, so, fine. Now it’s secure. Enjoy the securiosity! No, that’s not a real word. Even so.

26 Comments on “Whatever Security Update”

  1. The blog is now covered, but the root domain(s) of //www.scalzi.com and //scalzi.com come up as insecure due to mixed content, because you load the picture over HTTP. Also, I’m somewhat surprised you use a different cert provider for the main site (GeoTrust) than for the blog (Let’s Encrypt). Given that LE is easy and free, I would have guessed you’d simply flip them all to LE.

  2. whbeebe – Somewhere in the Orion Arm – I am a retired engineer who writes about photography, my pets, software development, computer languages, operating systems, embedded computers like the Jetson Nano, Raspberry Pi, Adafruit and Arduino devices, and whatever else may catch my interest.

    I’ve run my WordPress blog over https ever since WordPress offered it. That kept me from getting the Google virtual shoulder tap that seems to have annoyed you. Encryption over the wire is something we all need, and not just because we’re entering private and/or critical information. Any form that accepts input, such as this text box I’m now typing my “thinky bits” into, needs to be encrypted over-the-wire on general principals. I could go on and on about how important it is, and why you, of all people, should both practice and preach the good practice of over-the-wire encryption no matter what. Instead, I’ll direct you to one of you own, Cory Doctorow. He Gets It. Have a nice, long one-on-one conversation with him on this subject. Maybe he can help you Get It Too.

  3. I feel so much better now. Maybe Monday I’ll finally leave my home, secure in the knowledge that your security protocols will now keep the sun shining at full strength all morning and afternoon. Whew!

  4. I’ll be honest, I didn’t know that there was a scalzi.com. Not that there’s anything much on it, other than a cute doggo and links to Whatever.

  5. Hope Griffin Diaz – North Carolina – So, to borrow from a popular shirt, I love Jesus but I cuss a little. Well, a lot. In fact, I just don't believe Jesus really gives a shit about the word 🤬 I am married to the love of my life, Louie (aka Luis) and have an adult child, Christy. Reading transports me to places that are inaccessible to me right now. Whether those places address in space or in areas I'm unable to travel, I am grateful for books and authors who keep my mind occupied. I fancy myself an amateur gardener, I am owned by a large black purr machine maine coon cat named Samwise aka #SamSam and a Border Collie/Australian Cattle dog mix named Daisy. I knit. I craft. I sew. These are at my leisure and are hobbies. I don't take commissions nor do I do alterations. I'm an aspiring human being. I battle several mental illnesses including depression, major panic disorder, agoraphobia, germaphobia, claustrophobia, and some other assorted illnesses. I also have fibromyalgia and have had numerous traumatic brain injuries (into the double digits now). I am not able to drive at night.
    Jada Diaz

    I feel safer already.

  6. Seems everyone is falling for Google’s attempt to essentially take control of the internet using various ploys such as these. It’s extremely effective propaganda, adroitly deployed from a near-monopoly position.

    I’d urge everyone to read Dave Winer’s take (creator of RSS) on this.

    While HTTPS isn’t without its merits, if you believe that Google is actually doing this for security reasons or out of the goodness of its own corporate heart — well, that is not very realistic.

    Examine who wins and loses and why (for instance, Google penalizes non-HTTPS ad networks, which favors their own) in this obligatory “security” push.

    As usual, follow the money, and always ask cui bono?

  7. Everybody using encryption gives something akin to herd immunity to the people who really need it. The NSA and its ilk can’t just focus on the few who use encryption if everybody does.

  8. Dear Mike,

    Ummm…. so Google is trying to achieve Internet world domination by encouraging better security???


    (and they all moved to the other end of the Group W bench)

    pax / Ctein

  9. If’n ya don’t like Google, then don’t do it because Google asks. Do it because the EFF asks. And the Free Software Foundation/Gnu Project and the Debian Project and Software in the Public Interest. :)

  10. What whbeebe said.
    You’ve made it clear to the If-You’re-Not-With-Us You’re-Against-Us crowd that you’re not with them, so it never hurts to have all the securiosity you can get.

  11. As a Whatever fan, and founding executive director of the Tor Project (you know, that *other* Tor, at least within fandom, lol), I approve of this message. There’s a saying in security — “anonymity loves company.” The more information is running over the “wires” encrypted, the less the information that needs the security stands out. In a day when state security agencies aspire to spool off information for decryption slowly over time, it’s vital to make sure there is too much of it for them to keep track of.

    Not. Even. A. Little. Tin. Hat. These are things that should worry most of y’all, in the “age of Trump,” liberal, conservative, libertarian or anarchist.

  12. The little green padlock makes me feel so much better…..
    I’m not trying to be sarcastic, I’ve just really never worried about it before.

  13. Dave Winer is right. Google shouldn’t be trusted more than any other giant corporation (other than oil companies, coal and all those guys right?). But flagging sites that don’t use HTTPS? Really fail to see the downside for the end users on that one.

  14. Sometimes in the morning in the UK, this blog isn’t available. Is it due to this and me using the android default browser app? Or something else?

  15. Redirection is so lovely isn’t it?

    I’ve been using the HTTPS for several years on FB, so having to encounter elsewhere doesn’t bother me. Kind of like white noise for computers, in that you get so used to it that the only time you pay attention to it is when you get one of those insecure warnigs.

Exit mobile version