Tag: web

Why every website needs a certificate: TLS, SSL, and the “not secure”

Here’s the short answer: YES! You need to secure your website. Here’s why…

Encryption

This is the most obvious reason. By using a security certificate, all traffic becomes encrypted. In other words, any data can only be seen by the customer and the server. Malicious eavesdroppers in the middle can only see where the traffic is headed and not the content.

It should go without saying, but if your site collects any kind of customer information you don’t have an option. Stop reading and go get a certificate immediately. Not taking the time to protect your users is not being a rebel — it’s grossly negligent and a betrayal of your customers’ trust.

Even those that do not collect sensitive information should consider locking down their site,  however.

SEO Optimization

Search Engine Optimization (or SEO) is a fancy marketing word for how well you rank on search engines such as Google. The exact details search engines use to rank sites is kept a secret, but search giants will share the occasional tip. Google has publicly announced that secure sites would be given a slight advantage.

Google Chrome’s “Not Secure” Warning

Can you tell Google is really trying to push an agenda here? As of January 2019, Chrome shows a warning on all sites that are not encrypted. This has absolutely no affect on how the site functions, but it may confuse users.

Okay, I’m on board, how do I make my site secure?

That depends. If you’re technically inclined, combine a Let’s Encrypt certificate with an NGINX reverse proxy.

For everyone else, all the common web hosts have packages for this (usually about $100/year). Talk to your hosting provider.

Certificate, TLS, SSL, HTTPS — WTF?

These terms are really all saying the same thing. To secure your site, you need a digitally signed TLS Certificate. Once it’s enabled and your site properly configured, your address will update from “http” to “https” short for HyperText Transport Protocol Secure.

Finally, that leaves us with SSL. Notice I mentioned you need a TLS certificate. That’s an acronym for the method of encryption the certificate uses. Long ago they used SSL, today they use TLS — but many marketing sites still use the terms interchangeably. This is technically incorrect, but welcome to the field of computer science. 🤷

Are you considering upgrading your site? Leave your questions below!

Posted on by Edward Atter 0

What is Node.JS, really?

You’ve heard of Node.JS (probably) but what exactly is it? Should you care? There has been a lot of buzz around Node.JS lately — and there’s traction to back it up. Some major companies have adopted the framework including PayPal, LinkedIn, Netflix, Uber, eBay, and many more.

As the name implies, Node.JS is powered by JavaScript. In brief, its an event driven framework that competes with the likes of PHP, Django, and other web technologies.

What is it used for?

Really, Node.JS can be used for just about anything. From dev tools to production deployments. Since Node runs server-side JavaScript, it’s just as capable as any other language. Support for reading ports and files — functionality that is usually restricted when running in the browser, is now available at your fingertips.

Realistically speaking, when people refer to Node.JS, they typically mean Node.JS + Express, essentially a web server. The entire stack can be handled this way, removing the need for Apache or NGINX. This framework can be a great choice for real-time applications and building a custom API.

What makes it so popular?

JavaScript is arguably the most popular language on the planet. Many programmers have a basic familiarity with the language; but the benefits don’t end there. Over 73% of websites rely on JavaScript for important functionality. It’s used to create the beautiful, interactive experiences we’ve grown accustomed to. Traditionally, this creates a divide between front end and back end development. While back end developers learn PHP, Java, or, gasp, C, front end developers learn JavaScript, HTML, and CSS. Not with Node.JS. Both front end and back end development can be done entirely with JavaScript. This simplifies the stack and eliminates impedance mismatch.

The need… the need for speed! Node relies on Chromium’s V8 engine. This means the JavaScript doesn’t stay as raw (and potentially slow) JavaScript. Instead, it’s compiled into machine code, much like C would be. This has huge implications for both performance and efficiency of the application. An uncorroborated post claims Walmart’s overall CPU usage never exceeded 1% after switching to Node.JS, even with over 200 million daily users.

A thriving community. Community support is truly top notch. Tutorials, guides, and troubleshooting information is available in abundance. The package manager, NPM is also top notch. Tracking and installing project dependencies could not be easier. Want bootstrap? Easy, npm install bootstrap. Similar to pip’s requirements.txt, you can create a config.json file outlying all the dependencies. Once complete, a simple npm install will ensure everything is ready to go.

Those of you that prefer NoSQL like databases can rejoice. MongoDB (and similar) are commonly used within a Node application and support is prolific. Object Role Modeling is quickly becoming the preferred method to develop in Node.JS — but not to worry, those that prefer standard relational databases have plenty of support too.

What’s the catch?

Node.JS is heavily event driven. I consider this both a pro and a con. Event driven programming (more on this in the next section) can be tricky at first and bugs can be hard to track down.

JavaScript doesn’t have a standard library. Sure, there are community packages for just about anything, but there’s not one package but six or more. Choice is not always good, with six ways to do things, there’s often 5 ways to do it incorrectly. The default packages included with Node.JS can even be replaced if you’re unsatisfied.

Production environments are much more complex than standard Apache/NGINX setups. Error handling is essential, since just one bug will crash the entire process. To utilize multi-threaded systems, one server should be started for every thread. This necessitates a local load balancer to share the same port and a method to cluster the separate instances.

Can we address this “event driven” thing?

This is best illustrated by analogy. Dan York has an excellent article explaining the event driven model. In his post he compares the situation to ordering fast food. In a traditional thread based model, one person would get to the front of the line, place an order and stand around waiting until his food was prepped; holding up everyone behind him. In contrast, an event based model would order the food, then step aside until he’s notified that his order is up. This way, the patron behind him can place an order immediately.

Here’s some pseudo code to illustrate the point. A traditional thread based model might look something like this:

var currentUser = db.getUser(userId);
console.log(currentUser);
doSomethingElse();

In contrast, an event driven model uses callbacks.

db.getuser(userId, function(user, error){
    if (!error) {
        console.log(user);
    } else {
        console.log(error.message);
    }
};
doSomethingElse();

The anonymous callback function is called only after the user information is retrieved from the database. In the event driven model, it’s likely doSomethingElse() will be executed before logging the user information. In the thread based model, of course, this would never happen. We’re stuck “waiting in line” for the database call (the thread blocks) before continuing with the program’s execution.

Do you plan on using Node.JS for your next project? Wish your company would make the switch? I’d love to hear your thoughts!

Posted on by Edward Atter 0