https debate + the internet is getting too complicated

Posted on 28 February 2018

I’m writing late today because I’ve just restored my WordPress install after I’m pretty sure an extension I used to help me upgrade my site to https screwed up my htaccess file.

If that sentence doesn’t make sense to you, then it’s a pretty good demonstration of the problem of the internet becoming too complicated.
Frank Chimero picked up on this recently in a piece he published called “Everything Easy Is Hard Again“:

“So much of my start on the web came from being able to see and easily make sense of any site I’d visit. I had view source, but each year that goes by, it becomes less and less helpful as a way to investigate other people’s work. Markup balloons in size and becomes illegible because computers are generating it without an eye for context. Styles become overly verbose and redundant to the point of confusion. Functionality gets obfuscated behind compressed Javascript.”

Now, I’m no Frank Chimero but I learned everything I know about making a website in much the same way: I’d see a site and I’d use Firefox to look at the HTML code being used to make it look the way it did. Increasingly this isn’t possible because even something as simple as an image (which used to be <img> “the image source” </img> is hidden behind a bunch of complicated code.

This problem is also playing out in the debate over https. Too start with, let me just tell you, I barely understand what https is. What I do know is that when I first started using the internet, websites started with “http://” before getting to the “www”. Now more and more of them start with “https://”. And, apparently, “https://” is a more secure way of computers communicating with each other over the internet than the previous “http://” method. I don’t know why it is. But it is.

And because of that browsers like Google Chrome are starting to warn people when they are visiting a site whose address begins with “http://” instead of “https://” alerting them to the potential insecurities. On my own website I saw a note telling me that hackers could still my information, which makes no sense to my mind. But that warning was there. And so I decided to try and figure out how to get a padlock instead.

I succeeded and I’ll share the instructions at the end of this post. But this isn’t a how-to so much as it is a reflection on whether I did the right thing. Because as you can see in the screenshot above scripting.com, one of the oldest blogs on the internet, is still deemed as insecure and its owner, Dave Winer, has a very good reason why. You should just read the whole thing, but if I were to summarize it, it would be:

HTTPS is more secure than HTTP, but most HTTP websites aren’t actually insecure, and by making it look like they are Google and other https pushers are threatening to essentially cut off many early websites and, functionally, break a large part of the internet.
Ron Chester, another early website builder and, like me, someone who did it as a hobby rather than a career, wrote his own thoughts on it:

“I still don’t understand how my website has become so dangerous. I have recently searched for simple language that will explain the danger it is creating, but without success. There doesn’t seem to be anyone who actually cares whether I understand about this or not. The world and the Internet have moved on. Now big businesses use it to generate billions of dollars of income each year.

The technical people who make this possible enjoy big paychecks and communicate among themselves with their own special language and technical jargon that puts them among the elite, an unelected ruling class in our culture today. I’m not a part of that elite class of people. But you know what, I still have the best website with a Bob Dylan bibliography, even though it is now two decades out of date.

Many of the books there are still important books on the subject, even though there are also tons of other important books on the subject that have come out since May 1999, the end of my active work on that website. One day I will publish a much more comprehensive bibliography. And maybe I should encrypt it, so no one can read it.”

When I saw Ron’s post I had just finished my first attempt at moving my website to https. It seemed pretty easy, actually, and I told him so. I understood where he was coming from, but it is also worth noting that the half-hour I took me was significantly simpler than when I first learned how to install WordPress on a hosted server.

Then, yesterday, I went to write about https and I found out I couldn’t log in to my website. Working with customer support at my hosting service, it turned out that an extension I used to help me in the conversion had screwed up a file that required us to create a new administrator account in order to get in and fix things. Then I had to create myself as a user again and transfer ownership of the site back to me from the new account we made and fix a few other things here and there.

It wasn’t a major deal, but I’ve been doing this for a little while now. And it certainly was more complicated than just posting on Facebook or Medium or Twitter. And that’s sort of the problem Frank Chimero and Dave Winer and Ron Chester are getting at. The internet used to be simple enough that you could just screw around with it and start building websites, either as a career or as a hobby. But the complexity is taking off. I still have a grasp on them because I have the advantage of having learned in simpler times, but I honestly don’t know that I would be inclined to do this today given the availability of social networks. That’s why you see “the best blogs of our generation… being wasted in tweetstorms, Facebook rants, and reddit comments,” as Jason Koebler put it. That’s why you see entire business models being built and destroyed around Facebook’s algorithm changes. That’s why I’m trying to make an effort to contribute to an internet outside of these networked walls more, even if I have upgraded to https not fully sure of the consequences.

Converting your Bluehost-hosted website from http:// to https://

That’s the end of the post, but I also want to give the steps I used to move my site from http to https, because I think one of the best ways to help other people live on the internet outside of the major networks is to share advice and lessons openly. I don’t know if this is the best way, but it’s what I did and it worked (without crashing my website).

  1. Fortunately, Bluehost offers free SSL certificates for all of its WordPress sites. You need one of these certificates before becoming an https site. If you’re starting a new site with WordPress, Bluehost does this automatically– at least it did when I started my microblog page, but if you have an older site you need to follow the instructions over here.
  2. Next, you should force all web browsers trying to access http versions of your site to go to the https version. This is where I screwed up by using a WordPress extension. Don’t do that, I guess? Although there are probably some that work just fine, you can also do it manually so long as you know how to access and edit your htaccess file. If you don’t, you can google it or you can probably just use Bluehost support to help you. Then you need to add a few lines of code, which are found here.
  3. At this point, I think you should be all good? But if you aren’t, you can use whynopadlock.com to scan your site and let you know what other steps you need to take to have Google and Firefox tell visitors your site is secure, even if it already is. In my case I went in and changed some of the links in my website’s theme to be https instead of http but I’m pretty sure the code you used in step 2 should also take care of it (I didn’t find out about step 2 until I had already done step 3).

Filed under: blogging, how to

← Previous post: three-song runs Next post: Highly recommended  →







Back to top