Rants, raves, and geeky nonsense!

Google HTTPS Everywhere: A Case for SSL Certificates

| Posted | Comments | , ,

Note: This post has also been published on

A few years back, Google announced their HTTPS Everywhere initiate at Google I/O 2014. Their message was clear: in an effort to promote better security and privacy on websites, HTTPS as a ranking signal will be used more and more in the years to come. Recently, it was announced that Google will start indexing HTTPS pages by default, effectively favoring them over non-secured pages. I’ve been questioning the reasoning for Google’s emphasis on HTTPS since it was announced, trying to understand the reasoning, and what it all means for my clients. I’ve come to the conclusion that Google’s HTTPS Everywhere initiative is a good thing.

Now, many SEO experts, online marketers, and other have jumped on this claiming that everyone now has to install an SSL certificate on every site. Many of the claims just seemed bogus, like the sky was going to fall if your website didn’t have an SSL certificate on it. At first, I was highly skeptical and didn’t understand the need to put a cert on every site. At the time of the announcement it felt excessive, especially on sites that don’t have any functionality that would require securing information with encryption. Not only that but Google was clear that the bump one would get from this was relatively minor. It just isn’t a strong ranking signal. At least not yet.

Setting aside any misinformation and bogus claims, there are some highly legitimate reasons why you should install a SSL certificate on your website:


One of the key benefits of HTTPS is the ability to protect users from eavesdroppers. All data is encrypted between the server and browser thus making it really difficult for a hacker to intercept and steal any information. This is especially important if you are capturing any visitor information using a form on your website. Without a SSL certificate, any unencrypted information passed over a series of networks could potentially be interrupted, captured, and collected which is no bueno! Regardless of how passive you think the forms on your website might be, if you’re using them in an unencrypted manner be very mindful of how your visitors might take to having that information being captured by someone other than you.

Another key benefit lies in the ability to inform the user that the site they are accessing is who they say they are. A SSL certificate can be validated by the domain or the organization. This helps the visitor of your website know that the domain they are on is legitimate and gives them a greater level of confidence in performing certain tasks on your website…like filling in and submitting a contact form.

If you have a personal site, Facebook app, a simple contact form, or the like, you can probably get away with having a Domain Validation (DV) SSL certificate. Otherwise, if you run a business then it’s worth looking into either an Extended Validation (EV) or an Organization Validation (OV) SSL certificate. The difference is primarily in the extra steps required to validate your company. OV and EV SSL certificates do cost more but they also imply more trust which might be good for your business…especially if you’re running an e-commerce site.


Security is by far the biggest reason to have a SSL certificate installed on your website. If you are using any sort of CMS at all, you need to secure and encrypt transmissions to and from your website. There isn’t a month that doesn’t go by when I don’t hear about a security issue and/or patch being issued for one of the more popular CMS platforms (cough! WordPress!). Most of these involve either SQL Injection or Cross-Site Scripting (XSS) hacks. Granted, having a SSL certificate won’t alleviate all hacks but it might help to curb off attacks that can’t be done due to the encrypted nature of an HTTPS connection.

Another security problem has to do with the potential for javascript injection at wi-fi hotspots. Within the last year or so, there have been numerous reports of advertising injection on free wi-fi hotspots. AT&T, Comcast, and Time Warner are all guilty of this behavior. In fact, I recently stumbled on a TWC wi-fi hotspot and received this ad:

Did TWC just hack my website?

This has opened up a huge can of worms! The problem I have with this is that if companies with free hotspots can do this what’s to stop a hacker from setting up a fake hotspot that does the same thing? Imagine hopping on what you think is a free TWC hotspot, visiting an unencrypted site, only to learn that your computer just got hacked or, worse, the site you just visited gets hacked!

Google is aware of this and other issues related to the hacking of websites. In fact the whole HTTPS Everywhere initiative revolves around the idea that if every site you visit is encrypted then hackers can’t hack your or them so easily. Thus if I visited a site with a SSL certificate installed I would not have seen that TWC ad on their hotspot. After all, how can they circumvent the loading of a script if the communication between me and the server is encrypted?

Let’s be clear though: Having a SSL certificate alone does not make you invulnerable to hacking. It will certainly slow down a hacker but, even then, if there’s a way to hack your site even with encryption in place a good hacker will know how to exploit it. Regardless, the cost of running a website without encryption is higher than without. Bottom line is that a SSL certificate is a relatively cheap deterrent from hackers on your website.


I’m going to be frank: Not having a SSL certificate installed on a website is getting close to being considered irresponsible. If you are capturing visitor information on a form in an unencrypted manner (Which I have been doing for years! Sigh.) then you’re doing something wrong. It’s so easy to simply say “It’s just a simple contact form!” and not encrypt the page with an SSL certificate. But in doing so you do your visitors a great disservice. Beyond that, there are other privacy and security issues that go well beyond just the encryption of form submissions. The cost of having your visitor’s personal information stolen or your website getting hacked is so much higher than the cost of a SSL certificate each year. In most cases, you can secure a personal site for as little as $10 a year. There’s just simple no excuse not to do it anymore.

Be nice to your visitors and enhance their experience with better privacy and security on your website! Install a SSL certificate and be a part of the HTTP Everywhere initiate! :)

Star Wars: The New Canon

| Posted | Comments | ,

Star Wars: Aftermath

So, I just finished reading Star Wars: Aftermath. Good book! After reading it, I have some thoughts about all the new Star Wars books, comics, and TV shows since Disney acquired Lucasfilm.

Some weeks ago I decided to jump in and start reading all the Star Wars books that are part of the new canon. I've been reading all the new Marvel Comics books and have enjoyed them thus far...just hadn't read any of the novels.

For those that don't know, when Disney acquired Lucasfilm they decided to hit the reset switch on the Star Wars universe, effectively throwing out all continuity built up with previous books, comics, TV shows, games, and more. What was known as the Extended Universe now became the Legends continuity. Looking at the timeline of Legends media it's easy to see why Disney made that decision. Granted, some fantastic stories can be found within the Extended Universe. However, with hundreds of stories written there would be no way for new films to be created that fit in with that universe. As such, creating a fresh start is the most logical thing to do.

Upside of this is that a whole new audience can jump in and enjoy the new canon without having to invest a whole lot of time and money. I thought about jumping in on the Extended Universe books and comics but felt just overwhelmed by the sheer number of titles out there. The new canon feels a lot more approachable. Not only that but it feels like Disney and Lucasfilm are making a consorted effort to keep the timeline of canon media tidy and neat without screwing up the continuity of the universe.

Given that Marvel Comics is now in charge of the comics (Dark Horse Comics was the previous licensee for years) I wonder if Marvel's experience of managing large amounts of continuity is at play. Kind of feels like it, especially after reading Aftermath along with all the current Star Wars comics by Marvel.

Aftermath is interesting in that, while it has a pretty large story, it's not overreaching or presenting large ideas that could potentially create continuity problems. The goal seems to be to fill in the gaps between movies and show how the Empire tried to manage themselves and continue on after the destruction of the second Death Star as well as the death of both the Emperor and Darth Vader. It's good fun and gives us a solid series of stories that will eventually lead to the formation of the First least that's how it appears. Aftermath is actually the first in a trilogy of books so it'll be interesting to see what happens in the next two books. We might not necessary see the formation of the First Order but we'll at least get a glimpse into the continued downfall of the Empire that eventually led to the First Order.

And that's just Aftermath! The comics are even more fun! From the main Star Wars comic, to Darth Vader, to the various mini-series comics devoted to characters like Lando, Leia, Chewbacca, and Kanan (from the Star Wars Rebels TV series), the comics give us a more in-depth look at characters we know and love without completely stomping on the continuity created by the films. The latest issues of Star Wars have been particularly interesting, especially as they relate to Han and Leia's relationship. I'm not giving anything away. Let's just say that rather interesting wrinkle is presented that leaves Leia at pause as to what kind of a guy Han really is. Scoundrel!

So, what's next? Well, I'm already halfway into Before the Awakening and plan on reading The Force Awakens novelization. After that, probably will dive into The Rise of the Empire which includes both Tarkin and A New Dawn. Suffice to say, I'm looking forward to reading the rest of the new canon books. :)

Ch-Ch-Ch-Changes: Happy New Year 2016!

| Posted | Comments | , , , , , , , ,

So, here we are with a new year upon us. Time to reflect on the previous year, what we've learned, and what has changed. As a web designer and developer, quite a bit has changed since the beginning of last year.

For starters, I've adopted a new CMS platform called Statamic and have made it my go-to CMS for smaller sites that don't have a ton of complex content requirements and relationships. The interesting thing about Statamic is that it's a flat-file system, meaning that it doesn't use a database. This makes Statamic inherently more secure compared to the likes of <ahem!> WordPress. Granted, there are other flat-file systems out there that are worth considering (ie. Grav, Kirby, Pico, and others) but I ended up coming back to Statamic, especially after the version 2 beta was announced. I'm looking forward to seeing how I can leverage Statamic as a worthwhile alternative to more popular platforms. I have ideas on how to do it. Just a matter of putting a plan in place and going for it.

I continue to use SilverStripe as one of my CMS platforms of choice, especially for projects that have complex content requirements with lots of relationships. SilverStripe closed out the year by released a stable 3.2 version of the CMS and framework. Like Statamic, I'm looking forward to finding better ways to leverage how I market SilverStripe to my clients.

For front-end design, I still continue to use Bourbon as my go-to Sass library for projects that require a heavy amount of design customization. I still use Twitter Bootstrap for some projects but I'm also looking forward to checking out the new version of Foundation (version 6). I built a few sites on previous versions of Foundation and found Bootstrap to be easier to deal with. However, I'm very curious about this new version so I'll be checking it out to see if they improved some of the quirks that made previous versions weird to work with.

I've also adopted the use of Pattern Lab on one project. So far, the experience has been quite positive and my partners seem to really like it as well. It was a little weird and quirky to work with at first but, once I found my groove, I found that it can really improve your workflow and process. The whole Atomic Design methodology is quite interesting and presents a better way to approaching the whole content-first/mobile-first way of thinking. Creating a whole design system with modular components feels like a much better approach compared to what I had been doing for sure.

Another big change is switching from Sublime Text to Atom as my code editor of choice. This wasn't an easy choice. I've been using Sublime Text for some time now and really liked it for it's speed and flexibility. Honestly, there was really no need to switch. The main reason I switched is...well...I was greatly concerned with the lack of progress with the Sublime Text 3 Beta. I had been using the version 3 beta for nearly two years and, in that time, it just felt like new versions were being released at less and less frequency. At the time of this writing, the last beta 3 release was released in March 2015. I'm not the only one with concerns about the longevity of Sublime Text. Reading the posts on the Sublime Forum reveals that a lot of developers are just as concerned as I am. As such, I felt it was time to jump ship and find another text editor that is similar to Sublime Text but offers more support and more frequent updates. Atom most certainly fits that bill and, while it's not a 100% carbon copy of Sublime Text, it definitely gets the job done.

Last year was certainly an interesting year for continued learning and reading.

I started learning more about different javascript frameworks and libraries, completed one project using Knockout and started some online learning on Ember. This year, I plan on learning more about React which I think will be a good alternative to Knockout for projects that don't need a heavy handed framework like Ember but a simple library that can snap into any page on a website.

I've read some of the books by A Book Apart and plan on finishing all of them in the first quarter of this year. I'll also be revisiting a few books that have received new editions: Hardboiled Web Design: Fifth Anniversary Edition and Adaptive Web Design Second Edition. Also, after seeing Star Wars: The Force Awakens (If you haven't seen the movie...shame on you! What's wrong with you?), I have a renewed interest in reading more novels and plan on catching up on all the latest Star Wars books. Hope to read at least one book every two weeks.

Perhaps the biggest change for me is realizing that I have to take my business to the next level. 2015 was an interesting year for Soulcraft Group. I'm continuing to work with some great partners and establish more relationships with wonderful clients. But with that comes change in terms of how I approach my business. I started off wanting Soulcraft Group to be more or less a network of different companies and people all coming together to accomplish the same goal: to design and build online solutions for small to mid-sized businesses with an emphasis on quality. While that is still true, I've also come to the conclusion that I need to market Soulcraft Group for what it really is, namely me. Once I came to that realization, it became clear how I need to market my little company: as a full-blown marketing and design agency. My partners will continue to be a part of the way I market my company. While I'm good at web design and development, I'm terrible in other areas like online marketing, social media, video production, and other things that I suck at. You can expect a modest update to my site and how I market my services.

So, that's it for the year! Looking forward to the new year with exciting things to come! :)

Why we don’t use WordPress anymore

| Posted | Comments | , , ,

Interesting post on Medium that sums up my top reasons for not using WordPress. Lately, I’ve been thinking about the popularity of WordPress. It’s by far the most popular CMS platform on the web, which makes it a big target for hackers. Seems like lately I've been seeing more and more and more stories about XSS (cross-site scripting) vulnerabilities with WordPress. For the types of sites most web designers and developer use WordPress for, I wonder how much interest there is for more modern, more secure alternatives. Modern platforms like SilverStripe, Statamic, and October offer far more flexibility while maintaining security.

The Internet IS broken

| Posted | Comments |

Wrote a response to an op-ed commentary on the Chicago Tribune’s website entitled “The Internet isn’t broken. Obama doesn’t need to ‘fix’ it.” by Ajit Pai and Joshua Wright. The argument is being framed wrong. The problem isn't Net's infrastructure.