David A. Wheeler's Blog

Wed, 11 Mar 2015

Plans for HTTPS (SSL/TLS) on this site

Currently this website uses only HTTP, and does not support HTTPS. That means that users cannot trivially authenticate what they receive, and that in some cases users reveal to others what they are viewing on the site. (Technical note: HTTPS is implemented by a lower-level protocol; the current protocol versions of this protocol are named TLS, and the older ones are named SSL, but a lot of people use the term SSL to include TLS.) I would like to use HTTPS, but this website is entirely self-funded. I do have a plan, though.

My current plan is that I am waiting for Let’s encrypt to stand up and be ready. Once that gets going, I intend to use it to add support for HTTPS. I’d like to eventually only support HTTPS, since that prevents downgrade attacks, but I need to make sure that the TLS certificates and configuration works well. Also, I pay others to maintain the server; since I am not made of money, I necessarily use low-end cheap services. That will limit what I can do in terms of HTTPS configuration hardening. On the other hand, it should be better than the current situation.

The software I develop is generally available on SourceForge or GitHub, and they already provide HTTPS, so you don’t need to wait for that. Currently you have to log into SourceForge to get HTTPS, but that is expected to change, and for now just log in.

Anyway, I thought some of you might like to know that there is a plan.

path: /website | Current Weblog | permanent link to this entry

Mon, 13 Oct 2014

Twitter

My username on Twitter is drdavidawheeler, for those on Twitter who want occasional comments on computer security, open source software, software development, and so on.

path: /website | Current Weblog | permanent link to this entry

Thu, 08 Jan 2009

Moving hosting service at end of January 2009

I will be moving to a new hosting service at the end of January 2009. (I haven’t determined which hosting service yet.) In theory, there should be very little downtime, but it’s possible the site will be off for a little while. But if that happens, it will be very temporary - I’ll get the site back up as soon as I can.

path: /website | Current Weblog | permanent link to this entry

Sun, 04 Jun 2006

My upcoming presentations - Date change and a new page

I’m still giving a presentation at NovaLUG, but the date has been changed from July 1 to July 8 (2006). This is because July 4 is a U.S. holiday (independence day), and there was concern that some people might not be able to come. So it will now be July 8, 10am, “Free-Libre/Open Source Software (FLOSS) and Security”. Washington Technology Park/CSC (formerly Dyncorp), 15000 Conference Center Drive, Chantilly, VA.

This has convinced me that I need a page to help people find when and where I’m speaking, so that they don’t have to march through my blogs to get the information. So here it is…

Presentations by David A. Wheeler. Just click on it, and you’ll get the latest times, places, etc., of where to go if you just can’t find something better to do with your life :-).

path: /website | Current Weblog | permanent link to this entry

Wed, 29 Sep 2004

Sorry for the website unavailability…

For those of you who were trying to reach the website recently — sorry about that! The website was unavailable for a little while. The problem wasn’t on the website system itself, but on a communications link (at the ATM level) to the outside world. In any case, it’s obviously been fixed, and hopefully we won’t be having that kind of problem again…. at least for a very long time.

path: /website | Current Weblog | permanent link to this entry

Tue, 10 Feb 2004

Reorganizing the home page

I now have so much information on my website that I decided a little reorganization was necessary. Hopefully, you’ll like the new look and find it more helpful.

The main thing I’ve done is put the various links in multiple columns, so that more will fit on the screen or on paper. Also, I’ve added a way to quickly search this site for information (it uses Google).

I’m not done; I intend to soon add above the search capability a set of items like this:

My Blog | About Site | About Me | Contact Me

The home page is now automatically generated; I use a self-created XSLT script to extract the most recent blog entries (from /blog/index.rss), and use sed to update the front page with them.

path: /website | Current Weblog | permanent link to this entry