WWW posts page 31 - Blog

Security HTTP Headers

December 21st, 2015 at 04:22

I’ve been working on the HTTP headers my site sends recently. I had been working on performance / cache related headers, but after seeing mention of a security header scanner built by Scott Helme, I decided to spend a little time implementing security related headers on my site. I don’t really know these headers that well, so I added the headers it suggested and mostly went with the recommended values. I did read up a bit on what they mean though and modified the Content-Security-Policy as I saw fit.

I added most of the headers using a Symfony reponse event listener. This handles all of my HTML responses without sending the headers for other responses, where they aren’t necessary. The exception is the X-Content-Type-Options, which should be set for all responses. I set that in Apache configuration.

Continue reading post "Security HTTP Headers"

December 19th, 2015 at 01:21

in git tags versioning worflow

I don’t know why I didn’t realize this before, but git project versions can be managed just with tags rather than needing to create a branch for each point version. Packagist can go entirely by tags. I had been creating point version branches because Symfony does, but that’s really only needed if you need to continue updating a previous version. It’s overkill for small, one person projects. With a tag available, it wouldn’t be hard to create a branch later anyway if needed.

December 16th, 2015 at 02:20

in cli console symfony

Ooh, SymfonyStyle looks like it’ll make IO a lot easier for Symfony Console (CLI) apps.

Line Mode Browser, or progressive enhancement all the way back

December 13th, 2015 at 04:39

in browsers development lineMode oldBrowsers progressiveEnhancement support web

Progressive enhancement is a development strategy meant to provide older and / or less capable browsers with a working website while providing the more capable with a rich, full experience. It is often presented as a set of layers of support, with HTML at its base, then CSS added to that for styles, then JavaScript for advanced behavior. With this, it’s often posited that a well-crafted HTML experience can be used by any browser. However, for really old browsers from the early web, the new web provides many things that can make pages difficult to read, functionality unusable, or even entire sites inaccessible.

Today, I’m going to go back as far as I reasonably can in terms of browser support, to the second web browser ever made, and the first widely supported one, Line Mode Browser. I can’t look at the first, WorldWideWeb, because it was only made for NextStep and, as far as I can tell, isn’t accessible for me to test with. Line Mode is though. It was open-source by the w3c and kept available. I was able to get it with MacPorts with the ‘libwww’ package (run as www on the command line).

Line Mode was based on WorldWideWeb, and in fact was less featured, so it is likely to have any issues WorldWideWeb has and more. I will look at some issues that Line Mode has with modern web pages, and provide some solutions that will improve the abilities of even the oldest browsers to use a page.

Continue reading post "Line Mode Browser, or progressive enhancement all the way back"

December 6th, 2015 at 03:27

in site symfony upgrade

Symfony 3.0 has finally been released. I hadn’t even noticed for almost a week. It took some time, but I’ve updated my boilerplate and related bundles to use it. I then updated my site. I haven’t delved too far into 3 yet, but I like the new directory structure and profiler / dev toolbar.

December 6th, 2015 at 03:17

in aside tumblelog wordpress

Testing out WordPress’s “aside” format. I’m hoping it’ll work nice for short little posts like a tumblelog. Most of the time I have thoughts that might not be enough for a full titled post but that I still want to get out there. I have a Twitter account, but posting here is more IndieWeb.

Upgrading my Awstats setup

November 20th, 2015 at 00:45

in analytics script upgrade web

I don’t really monitor analytics for my personal sites that often besides for my blogs, for which I use wordpress.com’s analytics. I do have three open-source analytics programs set up for my main sites though: piwik, owa, and awstats. Awstats is the one I’ve tended to look at the least, probably because its interface isn’t as nice as the others and it doesn’t have as much data about visits. However, it is the only one that looks at actual server logs, so it should be the most accurate about basic visit information. The other two use JavaScript, one having an image fallback, so there’s the potential for them to miss visits.

I have my awstats set up as I described in 2010. I keep the configuration and the data separate from the install to make updates easier. However, it had been so long since I upgraded that I forgot how it was set up and fumbled a little before finding that article and figuring out what had to be done. In order to make it easier for next time, I created myself a simple little script to handle the upgrade for me:

Continue reading post "Upgrading my Awstats setup"

Testing the Monty Hall problem

November 19th, 2015 at 02:18

in code problem statistics test

I have always had trouble understanding and even believing the proposition of the Monty Hall problem. It feels like it is proposing that the probability of past events affect the probability of future events, like suggesting that a coin landing on heads will be more likely to land on tails the next time. Rather, it’s about the information provided by the circumstances. I still don’t intuitively understand it, but at least I have now verified for myself that the proposed probability approximates outcomes. I have created a PHP simulation of the game and script to iterate it numerous times.

The code allows testing other numbers of doors and number of doors for the host to reveal. Increasing the numbers shows increasing odds. Even if Monty opens less than all but the remaining door (obviously requires more than three total doors), it still increases odds by switching.

Continue reading post "Testing the Monty Hall problem"

ASCII art source code signature for my site

November 16th, 2015 at 22:49

in asciiArt development flare web

Sometimes I see sites with ASCII art hidden in comments in their source code. I’ve long admired the retro computer nerdiness of ASCII art. At times, I’ve wanted to add some to my site, but have been reluctant because of the extra bites it would add to page weight, the difficulty in making it look good, the lack of a subject I felt worth it, and the problems they can have with differing fonts and display widths. However, after adding an easter egg recently, I was more receptive to the idea when reminded about it by the source code of archive.org.

I spent some time this past weekend trying various different ASCII versions of my name. Some examples:

Continue reading post "ASCII art source code signature for my site"

Konami easter egg

November 8th, 2015 at 02:35

in development easterEgg javascript web

What web developer’s site is complete without an easter egg? Until today, mine didn’t have one, but I had long wanted something. Since I was struggling to make forward progress on what I had actually wanted to work on this weekend, and had just been reminded of the Konami Code, I decided it was finally time to add one. I had seen a friend do a key sequence easter egg on a site he built a while back, which had put the idea in my head. The Konami Code sequence has been used on several websites already (Digg and Vogue are two examples I could get to work), so why not mine?

A simple Konami Code script:

Continue reading post "Konami easter egg"