Monthly Archives: March 2015

Let’s Encrypt!

I started to write a draft of an article about Let’s Encrypt back in November, but quite finished it to my satisfaction.  In any case I would like to draw attention to the project as it gets closer to becoming live.  They just posted the draft of their certificate management policy so things are starting to heat up a bit which is kind of exciting!

If you’re not familiar with the project, here’s an overview of how it works.  But basically it’s an automated tool that web server administrators can install and use to generate, sign, manage, and revoke TLS certificates for sites they host.  It takes most of the human factor out of things and also helps implement some of the more esoteric features of modern TLS for HTTP.

In light of the news over the past couple of years and the complete ubiquity of the Internet and WWW at this point it’s fairly obvious that proper encryption of All The Things is long overdue.  There are a number of steps in that direction taking place right now (HTTP/2 standard is more or less final, 1024-bit roots have been widely superseded, OCSP stapling and HSTS are becoming much more widely deployed), but the biggest challenge I see is that, particularly for small website owners and businesses, properly implementing X.509 certificates for TLS is still enough of a pain that it’s largely avoided unless you’re somewhat savvy or paranoid.

I’ve read a few good blog posts and articles on the Let’s Encrypt project but for some reason it doesn’t seem to be getting that much mainstream coverage.  At first I was a bit leery of the idea that I hand certificate management over to a 3rd party system, but the more I’ve looked at it the more the idea seems solid.  Basically their assumption is that their tooling can handle certificate management better than the average web administrator can.  Combined with the fact that the project has major backing from folks like Cisco, Akamai, the EFF, and Mozilla I’m hoping that it gets major traction.  I know that I’m planning on adopting it early even though I have a couple of years left on the RapidSSL certs I’m currently using.

Oh and did I mention that it will be entirely free?

Moving the Dock on OS X

I just learned something about OS X that I didn’t realize was a feature. Then again, sometimes these days the difference between a feature and a bug is marginal!

At work I routinely run my Macbook connected to a second monitor, either at my desk for extra screen space while preparing the latest round of paperwork or when presenting at a meeting. From time to time, the dock (which I just keep at the bottom of my screen) seemingly snaps to the second monitor. This can range from mildly amusing to completely enraging depending on my state of mind and or caffeine level at the moment.

I just learned that this is actually a feature that I’ve been accidentally triggering with sloppy mousemanship. It turns out that you can move the dock on OS X to another display device simply by briefly holding your mouse cursor at the bottom of the device in question.

Now that I know this, what used to seem like a really annoying desktop environment bug has become a cool feature!

The more you know...