Tags: http

Introducing Universal SSL

Great news from Cloudflare—https endpoints by default!

This means that if you’re planning on switching on TLS for your site, but you’re using Cloudflare as a CDN, you’ve got one less thing to change (and goodness knows you’re going to have enough to do already).

I really like their reasoning for doing this, despite the fact that it might mean that they take a financial hit:

Having cutting-edge encryption may not seem important to a small blog, but it is critical to advancing the encrypted-by-default future of the Internet. Every byte, however seemingly mundane, that flows encrypted across the Internet makes it more difficult for those who wish to intercept, throttle, or censor the web. In other words, ensuring your personal blog is available over HTTPS makes it more likely that a human rights organization or social media service or independent journalist will be accessible around the world. Together we can do great things.

Using ServiceWorker in Chrome today - JakeArchibald.com

It’s very early days for ServiceWorker, but Jake is on hand with documentation and instructions on its use. To be honest, most of this is over my head and I suspect it won’t really “click” until I try using it for myself.

Where it gets really interesting is in the comments. Stuart asks “What about progressive enhancement?” And Jake points out that because a ServiceWorker won’t be installed on a first visit, you pretty much have to treat it as an enhancement. In fact, you’d have to go out of your way to make it a requirement:

You could, of course, throw up a splash screen and wait for the ServiceWorker to install, creating a ServiceWorker-dependant experience. I will hunt those people down.

Anne’s Blog

Anne is documenting his process of going https:

  1. TLS: first steps
  2. TLS: issues with StartSSL
  3. TLS: issues with DreamHost
  4. TLS: deploy HSTS
  5. TLS: next steps

I’m really glad he’s doing this.

How to secure your site in an afternoon - Josh Emerson

Josh walks through the process he took to enabling SSL on his site (with particular attention to securing assets on CloudFront).

Daring Fireball: Rethinking What We Mean by ‘Mobile Web’

John echoes some of my recent thinking about what qualifies as a web browser and, by extension, what qualifies as the web:

We shouldn’t think of “the web” as only what renders in web browsers. We should think of the web as anything transmitted using HTTP and HTTPS. Apps and websites are peers, not competitors. They’re all just clients to the same services.

That said, I think he is perhaps underestimating the power of URLs. Addressability—particularly over an extended time period—remains the powerful feature of the web.

How to see through the cloud

This is a great explanatory piece from James Bridle in conjunction with Mozilla’s Webmaker. It’s intended for a younger audience, but its clear description of how web requests are resolved is pitch-perfect primer for anyone.

The web isn’t magic. It’s not some faraway place we just ‘connect’ to, but a vast and complex system of computers, connected by actual wires under the ground and the oceans. Every time you open a website, you’re visiting a place where that data is stored.

Jeremy Keith - What We Talk About When We Talk About The Web on Vimeo

My presentation from the Industry conference in Newcastle a little while back, when I stepped in for John Allsopp to deliver the closing talk.

Best Practices for Designing a Pragmatic RESTful API by Vinay Sahni

Design principles for APIs.

An API is a user interface for developers. Put the effort in to ensure it’s not just functional but pleasant to use.

Meet the Web’s Operating System: HTTP

A lovely description by Paul Ford of the Hypertext Transfer Protocol.

That simple handshake is the firmament upon which we have built trillion-dollar cathedrals and bazaars, the base upon which we construct other protocols and networks.

ROCA: Resource-oriented Client Architecture

I like these design principles for server-side and client-side frameworks. I would say that they’re common sense but looking at many popular frameworks, this sense isn’t as common as it should be.

Front-end performance for web designers and front-end developers by Harry Roberts

A really good introduction to front-end performance techniques. Most of this was already on my radar, but I still picked up a handy tip or two (particularly about DNS prefetching).

At this stage it should go without saying that you should be keeping up with this kind of thing: performance is really, really, really important.

Deploying New Image Formats on the Web - igvita.com

A well-reasoned argument for tackling image optimisation on the server, using content-type negotiation.

LukeW | An Event Apart: Spirit of the Web

Luke’s notes from my talk at An Event Apart in Chicago.

HTTP Compression use by Alexa Top 1000 | Zoompf

An in-depth analysis (graphs! data!) of how popular sites are using—or not using—compression.

Is the web dead?

View source.

REDbot: <>

Oh, this is very handy indeed: a quick lint tool for HTTP so you can see what kind of headers are being sent. There’s a bookmarklet in the footer too.


This is wonderful. A web server powered by people. Change the URL and a person will manually fetch the corresponding resource.

You can be part of the server team too.

loads.in - test how fast a webpage loads in a real browser from over 50 locations worldwide

A handy tool for checking page load times.

Client-side routing, the teenage years // James Aylett’s diary

James follows up on his previous excellent post on hashbangs by diving into the situations where client-side routing is desirable. Watch this space for a follow-up post on performance.

HTTP Archive

This is wonderful stuff: a long-term project to track the performance of high-traffic sites over time: oodles of lovely data and some quite shocking stats.

The Pushbutton Web: Realtime Becomes Real - Anil Dash

Anil Dash writes about the realtime web, calling it Pushbutton.

Shirky: In Praise of Evolvable Systems

A classic essay from Clay Shirky on the dumb nature of the web.

Hypertext Style: Cool URIs don't change.

Eleven years old and more relevant than ever.

HTTP errors - a photoset on Flickr

Friendlier HTTP errors.

Easy as Pie Ajax Requests - Create compelling ajax in minutes with simple examples. | Notes from Phazm

This is a good straightforward hands-on explanation of Ajax: succinct and clear.

AJAX Activity Indicators

Want to indicate that something is happening on a web page, like... oh, I don't know... an Ajax request or something? Here's a cornucopia of animated progress indicators.

perl.com: Using Ajax from Perl

My fellow Brightonian geek, Dom, has written an article about using Perl and Ajax.

For Many AJAX is Not Degrading, But it Must :: Off the Top :: vanderwal.net

"...it must degrade well. It must still be accessible. It must be usable. If not, it is a cool useless piece of rubbish for some or many people."

rest/ahah - Microformats

Who knew? The way I do my Ajax is a microformat. AHAH: Asynchronous HTML and HTTP.

Simon Bisson: Old dog learns new tricks

Ajax in The Guardian.

AJAX: Usable Interactivity with Remote Scripting

A nice introduction the XMLHttpRequest object by Cameron Adams.

Google Maps API Documentation

Documentation for the new Google Maps API. Unlike most web services, this one is run entirely over JavaScript.