Archive for the ‘Web’ Category

Dragged by the roots

This one had me scratching my head for a while today. A client and an ex-client both contacted me with strange HTTP connectivity issues, which manifest as errors occurring on one server while the exact same code is working elsewhere. The logs revealed that a HTTPS connection was being rejected because the connection to the external site could not be validated. The problem was that the root certificates were out of date, and the external site was using Let’s Encrypt SSL certificates, which as of this month (October 2021) has a new compatibility restriction meaning their certs can only be validated by a client if the client trusts the ISRG Root X1 certificate. That restriction prevents functionality on iPhones running [click title to read more…]

Eggs and baskets

About a week ago a large chunk of the Web vanished for a few hours as Fastly experienced a major outage in their Web cache service. Popular sites like Reddit, the BBC, Amazon and much of the UK government online services suddenly presented blank pages. There was much finger-pointing for days afterwards, then Cloudflare goes down last Friday (more fingers pointing) and today with many of those fingers finally holstered we suddenly find ourselves in the middle of an Akamai outage. Fingers out and reloading!

The thing about these services is that they are mainly caches: intermediary services that optimise the delivery of content from the origin sites. Unfortunately, when they go down, the origin sites do not just go [click title to read more…]

Cookie monsters

“We value your privacy…” Yes, sure you do.

If they valued my privacy so much, they would simply not be using the 100s of tracking cookies on their site. My privacy is not valued, nor is anyone else’s. We’ve known this for a very, very long time. In recent times the biggest culprits of personal data harvesting have been forced to make this more obvious because of the EU’s privacy laws, particularly GDPR. They now have to display to visitors their use of cookies, and seek clear consent to proceed on that basis.

Nevertheless, I have observed that many major sites are flouting the law by not making the consent process clear, by using opt-out instead of opt-in, and by [click title to read more…]

npm Hell

A few years back I blogged about the RPM Hell (TreeTops, Jan 2012) that came about because of ineffective dependency checking. Needless to say, this reminded a lot of people about the infamous DLL Hell from many years prior. DLL and RPM dependency issues have generally been overcome with a variety of approaches and improvements in the tools and operating environments. Pushing functionality onto the Web or into the Cloud can help move the problem away from your local machine. After all, if the functionality is now just some JavaScript on a Web page then this shouldn’t be affected by whatever mess of libraries are installed on your local machine.

That worked for a while. Eventually the JavaScript workload grew [click title to read more…]

Stacking Up – part 2

In the first Stacking Up I looked at the bedrock of Internet/Web technology and showed that far from being stable it is more like flowing lava. Now I’m taking a quick journey through the frameworks that are layered on top of this lava, where naturally things are on fire.

Part 2 : Frameworks

First let me clarify what I mean by “framework”, as this is often a source of confusion. This definition is only in the context of Web-related technologies:

A framework is a set of generic software elements whose behaviour or characteristics are intended to be customized through extension, configuration and/or combination in order to assist the typical developer in the production of application-specific solutions. Through such customization, the [click title to read more…]