Things that annoy me, number 543,321: Expired or no SSL certificates

Update: MPC finally got around to renewing their SSL certificate on the 15th May!  Alas, however, for mixed content delivery. 🙁

This is 2018, a year where IT infrastructure is constantly under attack, and privacy is king (except when it isn’t, and just you’ve given an app permission to slurp your data and sell it the highest bidder),  I’m a very strong advocate of making sure that ALL websites load over SSL by default because any form of input from the client (whether it be form filling – such as a local search engine, for example) will be sent over in plain text which gives anybody the opportunity to sniff the contents of the transmission.

SSL hasn’t had it easy, however.  We’ve had companies running certificate authorities compromised, SSL vendors compromised, key encryption algorithms weakened by increasing power of technology forcing everybody to switch to a stronger algorithm, and all manner of things in-between.  I’ve seen a lot in the 9 years I’ve been working in the hosting industry, and in the 9 months I’ve been working in e-commerce.  I’ve been using SSL on this blog for a considerable amount of time.  Whether paid SSL certificates, Let’s Encrypt, cPanel/Comodo issued certificates or through CloudFlare.

ALAS!

I’ve recently ranted (then deleted) about how a BBC Apprentice winner launched their brand new website without SSL, then added SSL but screwed loading assets over the secure connection, and a number of other issues that are super important in modern web site maintenance.   I also discovered ANOTHER Apprentice winner not loading their website over SSL by default, and with contact forms that send data over in plain text.  So much for that £250,000 investment!

Then, as I was just browsing the ‘net, I suffered problems browsing a major computer vendor’s web site where a third party service they use had an expired SSL certificate, leading to mixed content and warnings galore.

Now I’m stumbling across websites that have SSL, but are using a certificate from a Symantec distrust source which essentially means that anybody who bought a certificate from one of the vendors mentioned in the link prior to certain dates will need to have their certificate re-issued (or if it’s close to expiry, just renew it a little earlier than expected).

Despite the pain in the arse managing SSL brings, it is nevertheless very important.  Google will start downranking websites in their search rankings that don’t have it, and the likes of Chrome will eventually display a big unfriendly warning that a site is insecure if you do not load your site over SSL by default.  Chrome is still very much the dominant browser on the block right now, so I’d take notice of what they’re planning to do!

I shall give you an example of what I consider to be bad web site management.

So, former employers of mine, MPC (The Moving Picture Company), why has an Academy award-winning (amongst many, many other awards) failed to renew their SSL certificate which is still in place (some 216 days) on their web server?  This is sloppy!  Just removing it is a better thing to do than leaving an expired certificate in place.  I sincerely hope that they do not have any client facing logins off the main moving-picture.com because this would cause me to scream.

On a more positive note, their web server doesn’t accept SSLv3 connections.  But that’s perhaps the only good thing I can say about their set-up.

Bad Academy award winning company. Bad!
Red warning colour by Technicolor! Which will persist if MPC, like many other companies, do not take SSL seriously.

BTW, I did reach out to MPC about this, but to date (about a week now), no response and no action.

So unless MPC does something – and sooner rather than later – when a future of Chrome is released, www.moving-picture.com will display a great big Not Secure message.

If you run a website, blog, or whatever it may be – for crying out loud – take a look at your site’s SSL functionality.  Do you even have one?  If not, why not?  Sort it out right away!

Update: It’s not just MPC that’s got an SSL problem – practically all other than perhaps two or three Soho-based VFX companies don’t have an SSL certificate, or if you attempt to load the site over SSL, uses an invalid common name (e.g. the certificate of another domain).  Chrome will be switching on the Not Secure flag in July when Chrome 68 is released.  We’re on Chrome 66 at the moment.  Time is counting down..

Update on the update: And home.bt.com is another culprit that doesn’t load over SSL by default, and if you try to force it, returns mixed content (e.g. it won’t load certain assets over SSL thus you might as well just treat the whole connection as insecure).  Man, this is crazy.  If telecoms companies aren’t doing the right thing by default.. 


For a later blog post: Is Google becoming too dominant?  Are Google’s new Gmail security tools proprietary, and will it eventually make existing email standards obsolete?  Will RFCs aka “internet standards” be a thing of the past?

6 core blimey guv’nor, your 12 threads look mighty fine!

The Alienware desktop (an Aurora R7) arrived yesterday.  And jolly nice it is too.

Ignore the plastic on top, look at those lovely USB ports on top, including a USB-C port too.
And behold – a DVD drive! I can listen to CDs again!
More USB ports then there are stars in the heavens. Okay, just 10.
Since it is technically a gaming PC, I thought I’d bling things up a bit..

I also bought a Corsair Strafe Silent MX keyboard.  It’s a mechanical keyboard that utilises Cherry MX Silent keys, offering a much quieter experience above other types of mechanical keyboards that sound as if mice wearing stilettos are on a rampage across a wooden floor.  This keyboard feels great, and the colours are fully customisable.  Also includes special keys for gaming and tool to remove any keys on the keyboard for cleaning/replacement/custom keys.

Alongside that, I have a Corsair MX65 Pro gaming mouse.  It too lights up and is weighted.  This gives the mouse a much “sturdier” feel.  It makes the Apple Magic Mouse feel anaemic.  At first, it felt as if I were dragging a brick around, but about a minute later and after calibrating it, it felt as natural as anything.  The whole hand feels comfortable working with it.

To round things off is the 27″ Dell S2716DG monitor that is capable of 144Hz refresh rate, 2560×1440 resolution, and comes with Nvidia’s G-Sync technology for super smooth gaming.  It’s a shame the monitor isn’t an IPS display – thus blacks aren’t as good as they could be, and viewing angles do suffer a bit.  But overall it’s still a very good monitor.  I expect nothing less from Dell.  And speaking of gaming, the Nvidia GeForce 1080 Ti is nothing short of amazing.  Fortnite runs around 120-139fps at the highest resolution supported by the monitor.  I’ve not had a chance to time No Man’s Sky, but at Ultra settings, this thing seriously impresses.

The 8th generation Core i7-8700 processor with its 6 CPU cores and 12 threads do an amazing job of keeping up with everything I throw at it.  Watching four rows of graphs in the Task Manager when the system is doing something is quite impressive.

To think that the MacBook Pro which had cost MORE than this system, only had a dual-core processor (and 4 threads) and no discrete graphics card.  This is why I made the decision to go back to the PC, and on the desktop too.  Better hardware for the money.

Windows 10 is questionable in terms of value (I paid £46 to upgrade to Windows Pro because that is the version of Windows which supports drive encryption – Mac users get it built in with MacOS – but then again, you pay handsomely for lower spec hardware – you pays your money and you takes your pick).  I also paid £20 for a USB restore stick.  There is a bit of controversy over this as a PC recycler has just been fingered by Microsoft for selling CDs with Windows OS for the purposes of restoring the OS when the hard drive is wiped clean (which is freely available to anybody download and burn to a CD or USB stick from Microsoft’s site – albeit you’d still need to purchase an activation key, use the activation key found within your PC’s BIOS, or be in the position of a product key somehow).  I think Microsoft is being bloody stupid here, but then I think the same of most US IT corporations.  Too many lawyers, not enough sanity.

Overall I’m delighted with the new set-up.  It comes with 3 years on-site premium warranty as well, so no more trips to the Apple Store for me (which, in all the years of owning a Mac – I never had to go to – the iPad, yes, but not the Mac).

In these insecure times, which is the better product: BitDefender Total Security or ESET’s Internet Security?

The answer is: it depends on the platform.

I found ESET’s Cybersecurity Pro/Cybersecurity/NOD32 to be cumbersome under MacOS.  On network drives and WebDAV volumes, the access to files and documents were excruciatingly slow.  Local scan times took an age too.  So I had to give up and head over to BitDefender’s Total Security for the Mac.  While not quite as complete as it is for Windows, this is by far the best solution for Mac users.  It’s fast, unobtrusive and gets the job done, though it is a pity BitDefender Central couldn’t tell the difference between two MacBook Pros. 🙁

ALAS!

The same cannot be said for the Windows version.  I’d just taken delivery of part one of my Dell/Alienware order – an Alienware mechanical keyboard (oh so clicky!) and as it features programmable keys and lighting, it triggered a software install.  BitDefender, without telling me, falsely declared the software to be malicious and quarantined everything.  I could get stuff back from quarantine, but couldn’t whitelist it – so the BitDefender is now gone from my Windows machine.  In its place is ESET Internet Security.

Now, on lower end Windows machines, I’ve found ESET’s Endpoint software to be a blight on system resources – especially if you configure regular scans.  But on my current quad-core Alienware R3 machine, ESET Internet Security just flies.  Scanning is still rather slow, but you can happily leave it running in the background without slowing things down. (Another reason for me to leave the MacBook/Mac arena and go back to the land of the Windows/Linux PC – it’s just too bloody expensive to get a decent and powerful CPU with Apple – trying to get a Mac under budget for work was nearly impossible and I had to limit myself to dual core.)

I do have access to Sophos Home Premium, but the biggest problem I’ve found with that is that it’s controlled almost entirely online.  Give me local controls.  I’ve found Sophos’ business products to be excellent (especially Intercept X and their Ransomware protection) – but far too costly and complicated for the consumer.

Does Apple truly care about the desktop/laptop computer anymore?

I’m not so sure.

With the rumours of Apple looking to replace Intel processors with their own custom silicon around 2020, it made me think about Apple on the desktop/laptop and how comfortable it has been.  It’s like putting on comfortable slippers and lounging around wearing a smoking jacket, with a faux smoking pipe sticking out the corner of one’s mouth – occasionally removing it to make some witty quip about the state of the British Empire.  That is to say that the Mac, and MacOS, is getting tired, out of date and increasingly irrelevant.

Much of the innovation from Apple found in modern Macs and MacOS is from Apple’s mobile divisions – iOS.  The iPhone and iPad have been rolling out features to MacOS rather than the other way around.  MacOS’ new filesystem, APFS, first featured on the iPhone and iPad before it hit the desktop.  The processors (or rather, System on a Chip – SoC) have routinely beat the likes of the competition in the mobile market, and we’ve even seen them approach the performance of lower end modern Intel laptops.

So it makes sense for Apple to eventually move away from Intel and start using their own A-range of ARM processors.  But this is not without cost – I remember the transition between PowerPC and Intel and while it wasn’t too strenuous, it took some developers quite some time to roll out native code.  If the Mac went ARM, I can see the same thing happening: you’re stuck with a machine that is so new and shiny that so few apps can take advantage of the performance.

So I’ve decided now’s the time to swallow my pride and head back to the PC.  And that means having to (well, not HAVING to, but it’s better than Linux GUIs I’ve come across) embrace Windows 10.  Back in 2016 when I bought two machines – a Dell XPS and an Alienware R3, the experience of Windows 10 was dire , to say the least.  Just search this blog for my opinion at the time.   But work has convinced that despite the massive pain in the arse Windows is, it IS getting better – albeit slowly.

The hardware was went convinced me.  My MacBook Pro was a 7th generation Core i5 running at 3.1Ghz, 2 CPU cores, and had four threads.  Intel’s latest offering is 6 cores with 12 threads.  That includes desktop and laptop CPUs.  The MacBook Pro is limited to 16Gb RAM.  The SSD cannot be upgraded.   At work I recommended Dell to start replacing a fleet of low powered Windows machines.  For development work, I picked out the Dell 8930 which offers a 6 core Core i7 8700 processor.  And it looks beautiful:

6 core blimey, guv’nor!

RAM is easily upgradable to 64Gb DDR4 RAM – and you can see the M2 slot is perfectly capable of being upgraded.  Furthermore, this machine can accommodate up to 3 more 3.5″ hard drives. The machine comes with an NVIDIA Geforce 1050 Ti, which is a big step up from the integrated Intel graphics.

Dell has always been good at creating internals which give you easy access to the components.

So I’ve been very impressed with Dell’s latest desktop offering.  We’ve also had a Vostro laptop which is also extremely good and at a decent price range.  The one problem I encountered with it, however, was that Dell’s Windows 10 Pro image didn’t allow Windows domain users to access any of the installed software or Windows Store programs.  So I had to re-image the entire machine with fresh copy of Windows 10.  And this is where Dell is bloody marvellous: just download the System Manager and it’ll go off and find all the drivers your system needs.  It’ll also download and update the BIOS and other bits and bobs.

So after my experience at work, and having mulled over the possibility of Apple’s potential move to ARM processors among other concerns, I decided to buy a gaming PC.  I’ve ordered an Alienware (which is owned by Dell) Aurora R7 with an Intel Core i7 8700 processor, 16Gb RAM, 512Gb SSD boot drive, 2Tb 7,200 RPM secondary data drive, a top of the range Nvidia Geforce 1080 Ti with 11Gb RAM, 850 watt power supply, and the system is liquid cooled (closed loop).  Along with this is a 27″ Dell monitor with quad HD resolution, 144Hz refresh rate and supports Nvidia’s G-Sync.  I’ve already sold my MacBook Pro, and I am in the process of selling the other two laptops and other bits and bobs.  But it does mean I’ll have a top end system that will last a good few years (just like the Dell XPS desktop I had around 2001 which lasted ages – I gave it to my now former in-laws and it lasted them a good few years).

Still keeping the iPhone, Apple Watch and iPad Pro.  The iPad Pro is my new laptop (which became extremely useful on my previous cruise – more so than the MacBook Pro).  But as my contract starts to run out with EE, I may look at Android phones – though none of them have got to the point where they can give iOS or the Axx series of chips a run for the money.

At the moment I’ve transitioned everything to the Alienware R3 as a trial run.  Windows is actually behaving itself, and I’ve migrated Apple Photos over to Adobe’s Lightroom Classic CC (Adobe, for goodness sake, please give us Apple-like pricing for storage if you want us to use Lightroom CC in the cloud – your pricing is too expensive).  Still keeping with iTunes for Apple Music (which works remarkably well under Windows).