Archive for the ‘Web’ Category

A decade later

Every now and then I have to pull out all the stops and migrate legacy systems to the latest-and-greatest, leaping over several intervening versions of programming languages and platforms. Recently I have been migrating systems that have been stable for a decade or more but need to be upgraded in order to avoid their underlying systems going completely out of support. There are several technologies involved, but three of them are “old friends” and while I am looking at the migration process I am also astounded by the many positive changes that have occurred in the past decade. While most of the changes don’t have much effect on process, some of them are quite significant. Some changes are minor, but [click title to read more…]

Dragged by the roots

This one had me scratching my head for a while today. A client and an ex-client both contacted me with strange HTTP connectivity issues, which manifest as errors occurring on one server while the exact same code is working elsewhere. The logs revealed that a HTTPS connection was being rejected because the connection to the external site could not be validated. The problem was that the root certificates were out of date, and the external site was using Let’s Encrypt SSL certificates, which as of this month (October 2021) has a new compatibility restriction meaning their certs can only be validated by a client if the client trusts the ISRG Root X1 certificate. That restriction prevents functionality on iPhones running [click title to read more…]

Eggs and baskets

About a week ago a large chunk of the Web vanished for a few hours as Fastly experienced a major outage in their Web cache service. Popular sites like Reddit, the BBC, Amazon and much of the UK government online services suddenly presented blank pages. There was much finger-pointing for days afterwards, then Cloudflare goes down last Friday (more fingers pointing) and today with many of those fingers finally holstered we suddenly find ourselves in the middle of an Akamai outage. Fingers out and reloading!

The thing about these services is that they are mainly caches: intermediary services that optimise the delivery of content from the origin sites. Unfortunately, when they go down, the origin sites do not just go [click title to read more…]

Cookie monsters

“We value your privacy…” Yes, sure you do.

If they valued my privacy so much, they would simply not be using the 100s of tracking cookies on their site. My privacy is not valued, nor is anyone else’s. We’ve known this for a very, very long time. In recent times the biggest culprits of personal data harvesting have been forced to make this more obvious because of the EU’s privacy laws, particularly GDPR. They now have to display to visitors their use of cookies, and seek clear consent to proceed on that basis.

Nevertheless, I have observed that many major sites are flouting the law by not making the consent process clear, by using opt-out instead of opt-in, and by [click title to read more…]

npm Hell

A few years back I blogged about the RPM Hell (TreeTops, Jan 2012) that came about because of ineffective dependency checking. Needless to say, this reminded a lot of people about the infamous DLL Hell from many years prior. DLL and RPM dependency issues have generally been overcome with a variety of approaches and improvements in the tools and operating environments. Pushing functionality onto the Web or into the Cloud can help move the problem away from your local machine. After all, if the functionality is now just some JavaScript on a Web page then this shouldn’t be affected by whatever mess of libraries are installed on your local machine.

That worked for a while. Eventually the JavaScript workload grew [click title to read more…]