Tag Archives: websites

How To

Automatic redirect from HTTP to HTTPS

IIS (Internet Information Server) doesn’t have a way to automatically redirect HTTP traffic to HTTPS if SSL encryption is enabled for a site. So if you’ve got a site that users are supposed to access by typing in https://www.example.com, but they type in http://www.example.com or http://www.example.com or just example.com, they’re going to get a pretty ugly error message that looks like this:

What can you do? Well, there are two ways of going about it, and both of them are hacks, but they do the job just fine. I prefer method 2 myself.

Method 1:

Make sure the original site (the one with SSL encryption) is listening only on port 443 for the IP address you’ve assigned to it. Now create a separate site using that same IP address, and make sure it only listens on port 80. Create a single file at the root level and call it default.htm or default.asp. If you want to use HTML, then use a meta refresh tag. If you want to use ASP, use a redirect. I’ll give you examples for both below.

<meta http-equiv="Refresh" content="0;URL=https://www.example.com" />

or

<% Response.Redirect("https://www.example.com") %>

Don’t forget to enclose each line in its proper brackets. This method works great, but it has one shortcoming. If the site visitor chooses to go to http://www.example.com/somepage.htm, they’re going to get forwarded to the root-level of the HTTPS site, because that’s the nature of the script. It doesn’t differentiate between the page addresses. So you may ask yourself, isn’t there some other way of doing this? Yes, there is.

Method 2:

This method doesn’t require the creation of an additional site. All that you need to do for this is to create an HTML file — I call mine SSLredirect.htm — then point IIS to it using a custom error capture. First, here’s the code that you need to paste in that HTML file:


<script language="JavaScript">
<!-- begin hide

function goElseWhere()
{
var oldURL = window.location.hostname + window.location.pathname;
var newURL = "https://" + oldURL;
window.location = newURL;
}
goElseWhere();

// end hide -->
</script>

Once you’re done editing the file, save it to the root level of your site, or to the root level of IIS (c:\inetpub\wwwroot\). Saving it to that general location lets you use that same file to fix the HTTPS redirection problem for all of the sites you host on a single server.

Now, in IIS 6, right-click on the site in question, go to Properties >> Custom Errors, and double-click on 403;4. Select File for Message Type, then browse for the file you’ve just created and click on OK. In IIS 7, click on your site, then double-click on Custom Errors, locate the Add link in the top right-corner, and add an error for 403;4, as shown in the image below.

IIS 7 Error Configuration

Once you’ve done this, your sites should automatically transfer HTTP traffic to HTTPS when it’s required, and the visitors won’t be forwarded to the root-level of the site. Instead, the URL will be remembered, and the page will simply be re-loaded using the HTTPS protocol. Come to think of it, you could write this in ASP as well, and avoid potential problems caused by browsers that have JavaScript turned off, but this code should work just fine for a lot of people.

Standard
Lists

Condensed knowledge for 2007-06-01

Here are the weekend-ready goodies:

  • MS releases the Surface touchscreen computer. Previously code-named Milan, this puppy is manipulated using our hands — no mouse, no keyboard. You might say, whoopee, these displays have been around for years. True, but this is the first time they’re coming to the mass market, and what sets this device apart is that it interacts automatically with other wireless devices. If you put your wireless camera on the Surface, it’ll know to download all of the photos from the camera, wirelessly. If you put your cellphone on it, and it’s got a wireless connection, you can then drag that same photo to your cellphone. Same thing with videos. The built-in, automatic interaction is really, really cool.
  • Have you heard about the MINI Cooper D? It’s a sweet little car! (I have the Cooper S myself, but I’m already drooling for the D). The revised model will get up to 72.4 mpg! Wow!
  • Xerox has developed paper that you can re-use up to 50 times. You can print on it using UV rays, but the characters will start to fade after 24 hours, and when they’re completely faded, you can use it again. Now that’s what I call recycling!
  • A completely innocent American was arrested, handcuffed to a pillar, his feet were chained, and he was interrogated by the Secret Service, all for trying to pay with legal, new $2 bills. The man went to Best Buy to pay an outstanding balance for a stereo installation on his son’s car (after the store promised him it would be free, but charged him regardless), and when he decided to pay it with $2 bills, the clerk called the police, who then took him into custody and interrogated him. What’s more, he was handcuffed inside the store, in full view of everyone! Here’s my take on this… First, I don’t like Best Buy, because their prices are always higher than Circuit City and CompUSA. Second, their employees are rude and haven’t got a clue about the technology they sell. Third, that pathetic cashier owes the man a huge apology. Fourth, that cop who hancuffed and arrested the man shouldn’t be on the force. His powers of judgment are obviously subpar and he has no common sense. And fifth, the excuse of the police spokesman, Bill Toohey, is absolutely inadequate: “It’s a sign that we’re a little nervous in a post 9/11 world.” Just what does a $2 bill have to do with 9/11? That was their apology to the man? That’s it?!
  • The Rattlebuster is a really cool CD that plays vibration-inducing sounds at certain frequencies, helping you pinpoint the annoying rattles and vibrations in your car’s interior. As a MINI owner who’s had a persistent rattle in his dashboard for the past four years, a rattle that countless trips to the dealership couldn’t resolve, I can safely say that every MINI dealership ought to make this product a standard part of their diagnostic procedures.
  • Richard Marcus wrote a really nice piece for BlogCritics detailing what happens to the water in our environment when all of the medications that we take pass from our bodies into the sewers, then into lakes and rivers. The effects of the metabolized drugs on wildlife are shocking, and do not bode well for us, either.
  • Want to know the top ten passwords people use? Have a look at this, and try not to use one of them yourself, eh?
  • It pays to know your photographer’s rights!
  • Steve Jobs and Bill Gates met on the same stage and talked publicly for the first time in decades. What’s more, they complimented each other! 🙂
  • This is why I think public education is getting to be rotten to the core. The public school system endorses events like the one where Joel Becker (irresponsible dolt extraordinaire) from UCLA speak their dirty minds. This dude actually advised kids as young as 12 years old to have sex, do drugs and masturbate… Kids were forced to attend this event by their school, and it was only months after the fact, when pressed repeatedly by parents for an explanation and apology, that they admitted the subject matter was inappropriate. I have to wonder, where is our responsibility as adults to educate our children properly? How can we let the school system continue to chip away at the values we try to instill in our kids? How screwed up is this world when a person as irresponsible as Joel Becker is not only allowed to hold a professorship at UCLA, but also allowed to expound on the virtues of sex and drugs to young, impressionable children?
  • Hey, look, Screaming Beans! 🙂
  • A new spoofing/phishing technique has been spotted in the wild, where some sort of DLL attaches itself to IE, and when people surf legitimate URLs (like their bank website or PayPal), they get asked for unusual extra, private information. This thing isn’t yet detectable by anti-virus/anti-spyware programs, so be sure to follow this story as it develops. And if you get asked some strange questions the next time you visit your bank’s site, don’t answer them, call the bank to verify why they need that information.
Standard
Thoughts

How many of my photos were stolen?

For the moment, this is a rhetorical question. I’ve been re-thinking the way I publish my photos online in view of the recent and very prominent theft of Rebekka Guðleifsdóttir‘s photos from Flickr. Call me naive, but I really believed, and still would like to believe, that people will wish to stay legal and pay for the right to use my photos, especially for commercial purposes. That’s why I’ve been publishing my photos at full resolution. I wanted folks who weren’t able to pay (developing countries, for instance), or only wanted a nice desktop background, to be able to download a photo of mine and enjoy it without financial obstacles.

But I talked with my brother this morning, and he told me some things that made me think twice about my approach. He’s a professor at a university in Transylvania (Romania), and he does a lot of field research in ethnology and religion. He takes a lot of photos, and shoots a lot of video. When people ask him for copies of his work, he’s very nice about it and does so, hoping they’ll respect his academic work and cite him or ask for his permission when they use it. But he’s been finding out that they don’t. They’ll reuse his photos and his videos, and he won’t hear about it until he sees his work somewhere else. Just recently, someone entered one of his videos in a contest as their own creation, and he found out about it only after that person won. It was very disheartening. He’s now thinking of watermarking both his videos and photos, and of only publishing lower resolution copies on the Internet. He’s tired of constant theft and no attribution.

So I had to ask myself: how many of my photos have already been stolen? I haven’t yet heard of or seen a particular instance, but I also haven’t really looked around to see. It’s probably just a matter of time before I start finding my work in someone else’s portfolio, website or printed materials. When you combine high-resolution photos with people that have no respect whatsoever for someone else’s hard work, you’re asking for trouble. As much as I’d like to believe otherwise, good people, those that respect other people’s property, are few and far between, and it’s best not to tempt the thieves or uneducated ones by making good photos easily available.

I’ve taken some steps already. I used to upload to Flickr at full resolution. Not anymore. Since they offered Rebekkah no help whatsoever, and even deleted the photo where she complained of image theft, along with the thousands of comments that she received there, I’ve lost respect for them. If that’s how they’re going to treat one of their best users, then I sincerely hope they get what’s coming to them, and I hope it’s a wallop.

I may also start to watermark my images. As much as I hate this (it uglifies an image, imo), I’ll do it, just to make it harder to pass my photos around without crediting them properly. I may also start to copyright my photography with the Library of Congress, and pursue damages to the full letter of the law (up to $150,000 per incident).

Finally, I may also stop uploading at full res to Zooomr. I keep waiting for them to push out the Mark III upgrade, and it seems that every time Kris is ready to do it, something happens to stop it. This week was the third time the promised upgrade didn’t materialize, and I’m pretty disappointed. Mark III is supposed to have this really nice image theft prevention built in, so I could continue to upload a full res, but restrict the sizes available to casual visitors or even my contacts at certain resolutions, and only make the full res size available to buyers. But if Mark III doesn’t show up any time soon — and since Zooomr has no photo replace feature like Flickr — I may just delete all of my photos, or make them all private. I do not want to see my hard work go to waste.

It’s a real shame that we can’t function equitably as a society, at the local, state, national or global level. If only everyone would respect other people’s property (physical or intellectual), things would work a lot better. One would think the concept of property has been around long enough for most people and cultures to grasp it…

Standard
Reviews

Getting good site stats

I’ve been using both Google Analytics and FeedBurner‘s own Site Stats service simultaneously for the past couple of months, and I thought I’d give a comparison of the two.

They both use little JavaScript snippets that you copy and paste into your web pages. They’re both good at eliminating false traffic (bots, etc.). That’s where the similarity ends.

Google Analytics gives more detailed feedback that’s targeted toward marketers and webmasters. It’s also tightly integrated with Google’s AdWords program, so you can track the success/conversion of your campaigns. But, it’s got so many options and menus to dig through, that it’s hard to use overall. You really need to spend some time learning it.

On the other hand, FeedBurner’s Site Stats service is simple and easy. They present the data in a way that’s easy to understand. And while at first you may think you’re not getting all of the data that Google Analytics provides, in practice, I’m getting all the data I need. It’s just organized so much better, that I need to go through less menus to get at it.

Want to know the best part? FeedBurner’s Site Stats provides almost instant feedback on what’s going on with your site. Yesterday, one of my posts about Zooomr got dugg, and made it to Digg’s front page. It was already more than three hours since it had been dugg, yet Google Analytics provided me with no data to indicate the Digg traffic. FeedBurner was right on top of it. I’d been getting data almost instantly and could monitor the traffic very nicely. This has been the case all along. I’ve been using Google Analytics since May of 2006, and I knew there was a significant lag, so I couldn’t use it to monitor my live traffic — I could only tell what happened to my site afterwards.

As any web developer will tell you, the ability to monitor your site traffic live is a huge benefit. What’s even more important is the ability to get great customer service. FeedBurner provides that, and has done so from the start. When I email them, I know I’m going to get a reply from a real, live, person, not a bot, and not a canned reply. That’s really cool. That’s why, even though their Site Stats service is free, I opted to purchase their detailed feed stats, and pay a little every month for that. It’s much better to pay a little and get something worthwhile, than always go with free and get what you pay for.

Don’t get me wrong. I’m not knocking Google Analytics. It’s a great service. But Google’s getting bigger and bigger these days, and they’ve never made it very easy to get in touch with one of their “humans”. Just a few days ago, I had a question about my AdSense account, and needed to get in touch with a person, because I couldn’t find the answer in their documentation. I emailed them and got an auto reply back, which said I should reply back with certain further information if I wanted to reach a human. I did that, and I got what looked like a canned reply, so I’m not even sure if it was a human being, or another auto reply. Not fun, and my problem still didn’t get solved.

On the other hand, I know the FeedBurner folks. I met a few of them in person, and I know the others via email. They’re real, helpful people. So if I were to recommend a stats service to you, I’d say go with FeedBurner’s Site Stats. That is, unless you absolutely must monitor your AdWords conversion campaigns through Google Analytics. Or use both services, and do your own comparison. I think in the end you’ll be happier with FeedBurner, like I am.

Standard
Thoughts

How is your private data getting used?

I read the Red Tape Chronicles over at MSNBC on a regular basis, and one of their latest posts really struck a chord with me. We really have become a nation where everything gets tracked, whether we like it or not. To some extent, I don’t really care. If the government wants to tap into my phone calls, fine. Been there, done that. I grew up in communist Romania, and our phone was tapped. There’s nothing of real interest to strangers in my phone calls anyway. And besides, you’d have to be a sort of a peeping tom to want to listen in on strangers’ conversations, anyway. Not my type of job.

What really irks me is that every little footstep off the beaten path gets documented somewhere. Not that it’s happened to me, but say I get in a brawl and get locked up overnight, then sort things out in the morning. That little brush with the law may affect me for years to come, even though that’s not the type of person I am. I may regret it, I may not usually do those things, it may be that it just sort of happened, but it’s going to stay on my record. And the payback’s brutal. I may not get new jobs, and if I want to attend classes at some school, I may not be able to get in. It may even affect my credit history. It’s all because of a stupid system that tracks one’s every legal move with no discernment.

This whole mess wouldn’t be a bad thing if there were only one system, and updates to that system were handled properly. But no, there are hundreds and thousands of various government databases, and data from those databases flows into private background check databases and clearinghouses, until there are copies of that single incident all over the place. I may be able to get the government to edit out that little troublesome incident, but there’s no way to track down all of the other digital copies of that record and make sure they get changed. That’s VERY disturbing.

Just do a search on Google for background checks. There are a ton of websites where you can check details about anyone. It used to be that only law enforcement officials were able to conduct such searches, but now any Joe Blow with a credit card can find out information about anyone. That really gets my goose! What right does some freak somewhere have to know stuff about me? Exactly how have our public officials let this happen? You can find out anything: properties, debts, criminal record, demographic information and possibly income, address, phone number, marriage and birth information, anything. I find this VERY DISTURBING.

What’s worse, who knows where these businesses get their data from, and how often they update their information? Looks to me like most are fly-by-nite operations that only care about having a record about someone, not the record. If they list bad information about me, how do I go about changing it? I can’t possibly contact every single one of these shady operations. Yeah, I call them shady, because I think they have absolutely no right to my private information. Only licensed law enforcement officials (read certified and cleared government employees) ought to have the right to view my aggregated private information. Yet these people profit from MY private information by selling it to whoever wants to get it. This disgusts and angers me.

Anyway, what got me started down this warpath? Those of you who know me know that I like old movies. Remember scenes from those movies where people would get into brawls, or there’d be some misunderstanding, and they’d get booked? They’d spend the night in jail, get out in the morning, and be done with it. Everyone would laugh about it. That’s how it should be for the occasional offense. It should NOT affect one’s career, education and finances. Everyone messes up here and there. These mistakes should not be recorded for posterity, or if they are, they should not be made available to every idiot that wants to look at them. It just isn’t right. And no, I’m not talking about serious or repeat offences.

We may have modernized our data storage and retrieval, but we’ve lost our good, old common sense about how to use it.

Standard