Category: Web Development

Posted on

SSL What Why Where

What

SSL stands for secure socket layer.  It is the technique used to encrypt and secure data over the internet.  It is most known for use in web browsers.  When you go to a secure web site (known as http over SSL or https), you will see a little lock icon somewhere which shows you that the site is secure.  Things get complicated when you shop for SSL certificates where you can also get site seals or EV SSL and you’ll find a wide range of prices ranging from $30/year to over $1,000/year.

Terminology

  1. SSL certificate – A basic SSL certificate is all you need for a lock to be displayed in a browser.
  2. Site seal – If you purchase an SSL certificate, it often comes with a site seal which is a little graphic you can display on your site which will tell visitors that your site is secured by that SSL seller.
  3. “Deluxe” or “Premium” SSL – Most SSL sellers offer some more expensive version of SSL which is typically the exact same SSL certificate accompanied with a site seal or more advanced site seal.
  4. Multi-domain SSL – It is possible to purchase one SSL certificate that can work for multiple domains which makes it much easier to manage if you need to secure many domains.  This is typically only worth getting if you have a lot of domains.
  5. Extended Validation (EV) SSL – This is the latest and most expensive SSL which in addition to basic SSL will also cause a green security bar to be shown in the latest web browsers.  The green bar means the SSL purchase was verified as a real business which is supposed to make the visitor feel all warm and fuzzy inside.  Considering it isn’t that hard to make a fake business, I never get that feeling.  Also, less than 1/3 of browsers in use right now can show the green bar and most people don’t even know what it means yet.

Why

Without encryption, everything you send from your computer to a web server is totally readable by anything in between.  Things get even more unsafe if you are at an open wifi spot at a cafe where anyone around you can watch all the unencrypted data you are sending and receiving.  As a result, some actions such as site logins or purchasing online must be encrypted with SSL.

Where

There are several places you can buy SSL certificates.  Many are extremely overpriced for no good reason.  From cheapest to most expensive, I’d recommend the following:

  1. GoDaddy.com – The standard SSL from GoDaddy is $30/year and you can typically get a discount off of that with a promo code.  They also offer EV SSL for $500/year.  Sadly, that is relatively cheap for EV SSL.  One complaint I have about GoDaddy is their site to manage your SSL is ugly and confusing.  Another problem is they are not a top tier SSL provider so you have to install what’s called a certificate chain file in addition to the certificate.  If you can handle the extra work and poor site, they are the cheapest way to go and in the end, the SSL works the same.
  2. Geocerts – This is a site that resells GeoTrust certificates for cheaper than GeoTrust sells directly.  GeoTrust certificates are easier to install than GoDaddy because you don’t have to deal with a certificate chain.  They also make the process quick and easy.  Their basic SSL is $99 and their Premium is $129.  If you want a good site seal that is clickable that brings up a useful dialog box about your SSL, GeoTrust Premium is the way to go.
  3. VeriSign – These guys have been around for a long time and they do a good job but their prices are nuts.  $400 for basic SSL and $1000 for EV SSL.  If money is no object, you can consider them.
Posted on

Google Chrome Browser First Impressions

Today, Google has launched their own browser called Chrome.  There’s no doubt Google is trying to control all things on the web and this is yet another step towards that goal.  Their search engine is dominant and they’ve been trying to push online applications such as Google Docs.  By creating their own browser, they can more tightly integrate their web applications with the browser.  

Speed

The first thing I noticed when trying out Google Chrome was the speed.  It felt very fast to me so I ran some simple speed tests trying to render amazon.com using the latest Firefox and Safari.  Firefox and Safari were very similar taking slightly less than 5 seconds.  Chrome did the same site in less than 3 seconds.  There’s no doubt it is a fast browser.  Google claims it has the fastest javascript engine which may be the reason it loads faster than the other browsers.

Bookmarks?

Chrome tries to simplify their browser.  The end result is the default has no visible bookmarks, menus, or even a button to add bookmarks.  Type something in the address bar like “firef” and it will list the Firefox site that you can arrow down and select.  It does this even if you’ve never been there before so the browser has some intelligence about where you might be trying to go.  It is as if Google is saying bookmarks aren’t necessary.  Another feature saying you don’t need bookmarks is the most visited page which is the default page shown when you load.  It displays the 9 pages you visit most with thumbnails of each displayed so you’re one simple click away from your most favorite sites.  You can add a bookmarks toolbar but there is no menu of any kind.

Mac? Linux?

I expected Chrome to be lame and pointless since there are already several good browsers out there.  But its speed has impressed me and makes me want to see more.  Unfortunately, they have not released Chrome on Mac or Linux yet.  I’m sure they eventually will but it could be a while.

Endgame

Google recently extended their deal with Mozilla, makers of Firefox, until 2011.  Google pays Firefox to have google.com be the default search.  But what will happen then when Google no longer needs Firefox to point to their search?

Posted on

Mosso Cloud Computing

Mosso is a very ambitious web hosting solution designed to be infinitely scalable. It accomplishes this by clustering together as many servers as they need to handle their load.  For just $100/month, you get 50GB of storage and 500GB of bandwidth for as many sites as you want.  You can use some of the most popular web development technologies such as PHP, Ruby, Perl, Python, .NET, ASP, MySQL, and MS SQL 2005.  Because this is a clustered environment, you lose a few of the pleasantries that a dedicated server gives you such as shell access and root access to the server allowing you to run any processes.  On the other hand, you gain scalability and you don’t have to worry about managing your server.  If Mosso goes down, everyone notices so they address it as soon as possible.  The biggest problem is that it does seem to go down.

Mosso appears to be targeting less mission critical websites such as blogs that can afford to have a little downtime every now and then.  It is slower as far as web pages loading than using a dedicated server but on the other hand, if you grow in visitors, the speed will be the same whereas on a dedicated server, with increased visitors, your server may become overwhelmed.  For non-essential websites, Mosso appears to be a very nice hosting choice.

The most impressive aspect of Mosso is all the technologies they try to support.  Google has a very similar service called Google App Engine.  It only supports python though so it is very limited.  It can’t even support SSL certificates like Mosso can.  Amazon also has a cloud solution called EC2 but it is really only for tech experts.  It does not scale automatically by default like Mosso.  Instead, you have to turn on more servers as you need them.  You can program your Amazon servers to do this themselves but that’s part of why this is expert only.

It looks like we’re headed towards more scalable hosting solutions for the future.  Managing your own dedicated server is both difficult and time consuming. Mosso needs to work on their reliability and uptime but I think they are a company to watch since they seem further ahead than others when it comes to cloud computing.