Let’s Encrypt The World

lets-encrypt-logoI have been a big fan of free SSL certificate authority LetsEncrypt.org since it was in Private Beta. Now in Public Beta, and now being a Certificate Authority recognized by every major web browser, it’s time for you to start using it on your website!

The great thing about Let’s Encrypt is that it is free. Why? Because the sponsors behind it believe encryption is for the public good. And they are correct. No more do you need to pay $80/year or more for an SSL certificate through some company like GoDaddy. This all may sound too good to be true, but it isn’t.

Wait, what?

In case you are unfamiliar with what I’m talking about here, LetsEncrypt.org offers you free SSL (Secure Socket Layer) certificates for your website. This make your website secure and encrypted for your visitors, just like your bank does, by changing your site’s address from using http://  to https://.

Being a user of the WHM/CPanel web hosting tools for the handful of websites I run, I found a great set of instructions and scripts you can use to get this set up and running in that environment. Just follow the instructions in the WHM forum here. Be sure to set up the cron job so that your cert(s) get renewed automatically. If you forget, it’s very easy to do it by hand from the command line, but the cron job makes it so that you don’t need to remember.

Encrypt WordPress

If you are a WordPress website owner, you can configure it to use the SSL certificate by editing your site’s URL in Settings > General. I especially recommend this for WordPress admin area logins, but there’s not reason you shouldn’t be using SSL on your whole site anymore. This is especially true considering Google favoring SSL-enabled sites over non-SSL sites.

Redirect Traffic to HTTPS

Using an .htaccess file, you can set it up so that any traffic going to your http:// website is automatically redirected to your https:// version. This is the snippet I use in my .htaccess file for that:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Go forth and encrypt all the things!

We Cut The Cord!

cable tv photoAbout 3 weeks ago, we decided we were done paying Charter $120/month for the highest level TV package they had. When Rachael and I sat down to think about it, we realized that we really only care about a few things:

  1. College basketball (well, for me, anyway).
  2. HBO shows we like
  3. Jeopardy!

Everything else was peripheral, and we felt like we could live without it. We imagined more free time, more book reading, and more chances to talk to each other and interact amongst the family.

The New Way

I set out to find out the best way to go about this. After quickly discovering the Cord Cutters sub-Reddit, I was pretty well set. Here’s what we ended up with:

  • SlingTV account for $25/month (base package + extra sports channels). This covered most all of my college basketball needs, live CNN, and some other channels we don’t really care about.
  • HBONow through SlingTV for $15/month. While I signed up for this for one month, I think we may go to the HBONow version available through iTunes. That way, we can watch it on either of our AppleTV’s, of which we have two: one in the living room and one in the bedroom. The SlingTV app doesn’t provide for this. Either way, it’s $15/mo., and we can cancel it during the dry months when our favorite shows aren’t on.

That’s it for paid TV. We are at $40/month, and we will cancel Sling once college basketball season is over. That puts us at $15/mo for HBO.

What Else We Are Using

In order to use SlingTV decently, I hooked up my old Mac Mini to our main TV in the living room. I just launch the SlingTV app and we can browse through it with a wireless keyboard and mouse. This comes with the added bonus of doing whatever else we might do on a computer with the TV as the monitor.

I also found a website called USTVNOW.com that gives you all the broadcast networks for free. The local news is based in Philadelphia, but you get all the programming of ABC, CBS, NBC, Fox, and a few others. So we get Jeopardy!

USTVNOW.com does require you to be in another country, as it was geared towards US military and government people overseas to be able to get TV from the States. All I had to do was log in once from another country (thank you Tunnel Bear) and now it lets me in every time, at least until the browser cookie expires, but that is easily resolved.

We also have a Chromecast and the two AppleTV’s I mentioned before. The Chromecast makes it easy to watch Youtube or whatever we might have from another computer or a phone. The AppleTV’s let us watch Netflix ($9/mo) and we might sign up for Hulu ($8/mo).

Lastly, I found an AppleTV remote app, a remote mouse app, and a custom remote app for my phone that let me control my TV, AppleTV, and the Mac Mini, all from my phone.

Getting Used To It

The only qualms about all this have been some moments where the streams were jittery (especially USTVNOW during NFL playoffs), and not being able to channel surf the way we used to. However, we still get to watch the shows we like, I have yet to miss a Louisville basketball game, and the other benefits I mentioned have been working their way into our lives.

There have been some moments of frustration while we try to get used to this new way of life, especially during those “just want to veg out and channel surf” moments, but we are adapting, and realizing that there are better uses of our time.

Summary

We reduced our Charter bill significantly by going down to internet-only and ditching cable TV. It is 2/3 cheaper now!

Even if we pay for SlingTV, Hulu, Netflix. and HBONow all at the same time, we are still looking at less than half the cost of what we were paying to Charter.

This is an endeavor I highly recommend!

Photo by Mike Licht, NotionsCapital.com

The Slippery Slope of Encryption and Terrorism

encryption photoThis is really bugging me: Two nights in a row, on major news outlets reporting on the horrific attack on Paris, I have heard the reporters say things like, “the terrorists used encryption technology to ‘go dark’.”

I heard that on CBS evening news tonight (slightly paraphrased).

Last night on CNN, Poppy Sanchez (or whatever her name is) said that encryption was used to hide all of their communications, and that it was very concerning.

They are alluding to encryption as a bad thing because the terrorists used it to coordinate their attacks. They may have used automobiles too, but they didn’t seem concerned about that.

Why this attention to encryption irks me is because there has been a concerted effort by governments of the world (ours in the forefront) to get major tech companies (Google, Amazon, Facebook, more) to build so-called “backdoors” into encryption technology.

That means that if you send an encrypted message to someone, otherwise unreadable by anyone except the person you sent it to, it can still be read through this “backdoor” by the governments who are in cahoots with the tech companies, allegedly to be able to monitor communications amongst the bad guys.

You’d think that’s a good idea, right? Well, it’s been proven over and over again that backdoors get found and exploited by people who are not supposed to find them.

That is what hackers do, for better or for worse, and it’s usually for the better. You heard me correctly. Hackers find exploits and tell people about them so that they get fixed, and make everyone safer.

That is what my day job involves, actually. Sure, there are evil hackers who like to exploit these things for nefarious purposes, but that’s why we continue to find vulnerabilities and fix them.

The news outlets are pushing this idea that encryption is some dark arts majik that terrorists are using, while no one else would ever dare need such a thing. I worry that this will give the general public the wrong idea: that encryption = terrorism, so we need to do something about it.

What better time to push this idea than after a terrible tragedy?

I will link to my favorite article about encryption. It’s short, and it makes sense, and you should read it. For now, a quote:

Today, we are seeing government pushback against encryption. Many countries, from States like China and Russia to more democratic governments like the United States and the United Kingdom, are either talking about or implementing policies that limit strong encryption. This is dangerous, because it’s technically impossible, and the attempt will cause incredible damage to the security of the Internet.

–Bruce Schneier, in Why We Encrypt

 

Edit (9:4pm): I missed the story circulating about this exact topic, confirming everything above.

Photos by Encryptomatic,

What Does Facebook Know About You?

More than you probably thought possible.

A recently released study shows that computer-based personality judgements are more accurate than those made by humans.

This study compares the accuracy of personality judgment—a ubiquitous and important social-cognitive activity—between computer models and humans. Using several criteria, we show that computers’ judgments of people’s personalities based on their digital footprints are more accurate and valid than judgments made by their close others or acquaintances (friends, family, spouse, colleagues, etc.). Our findings highlight that people’s personalities can be predicted automatically and without involving human social-cognitive skills.

spy photoBy analyzing 150 of your “Likes” on Facebook, a computer can figure you out with more accuracy than your closest family members. Maybe it’s time to go back and see all the things you’ve chosen to “Like” on Facebook.

This is more important than it seems at first glance. You may think that it doesn’t matter what Facebook thinks about you. While that is debatable (and probably wrong), it’s what this data can be used against you for that is concerning.

Per a Newseek article about this study, one of the study’s authors talks about it:

…there are also dangers to having machines that can judge people’s personalities and emotional states, says Kosinski. “Like any other technology, this technology is morally neutral, but it can be used for a bad purpose,” he says. “For example, knowledge of psychological traits can help me exert influence over you.” The risk, he says, is that people will lose trust in cellphones and online environments, which is why he believes people should be given control over their own data and the authority to decide whether it will be shared with certain companies.

What you “Like” is only one aspect of the data that Facebook collects about you. It’s easy to overlook the fact that Facebook is watching and learning about you when you are not even using Facebook. Considering that millions of people don’t even know that Facebook is part of the Internet, this is quite profound.

 

Photo by JeepersMedia