Computers

The last we all heard of Pebble, they had funded a successful KickStarter campaign to get the new version of their smartwatches out. They had the Pebble 2, Pebble Time 2, Pebble Round 2 in the pipeline. I was waiting for my Pebble Time 2 to arrive any second - the Pebble 2 had already been shipped.

Yesterday, I received not one but three updates. As Pebble put it, "due to various factors [...] Pebble is no longer able to operate as an independent entity." So they shut down operations. While Pebble gear is still available on Amazon and other sites, Pebble itself is not selling any more inventory, nor updating their products. Software is not going to be updated, either, and after a while the Pebble app is going to die, when the first OS incompatibility hits, best guess about a year from now.

What happened? Fitbit apparently agreed to buy out the developers, and not much else. Refunds are being processed: they were supposed to be done by March of 2017, but now they are saying December 16. That probably means a cash infusion from Fitbit before the deal can get fully consummated.

I cannot tell from the release what the driving force behind this decision was. Likely culprits:

  • The smartwatch segment is growing much more slowly than expected; even Apple admits it sells only about 2 million units a quarter, which completely crimped the market
  • There may have been problems developing the new models; in particular, the timing of the pledges required Pebble to get shipped units out by the end of the year. Maybe it was the impending deadline and the realization there were problems with the new devices that could not be addressed in a reasonable amount of time
  • As usual in the USA, a lawsuit may have prompted this; wearable devices have a way of causing skin rashes and similar ailments, and the Pebble is definitely not immune to that. Heck, even I developed more than one wrist rash after not taking off the watch for more than a day. This might explain why the blog article is adamant about the fact that only "certain assets" of Pebble were bought, pre-empting a lawsuit against the acquirer
  • There may have been some personal event going on, like a dissatisfied CEO or the like. 
Read more: Pebble Is Dead - What Now?

You probably noticed a microscopic difference when accessing the site: suddenly, when you type in mrgazz.com, you get redirected to the secure site, https://www.mrgazz.com. Why, and how?

First the why: Google announced it was going to prioritize search results according to the security of the site. That makes a lot of sense: "secure" sites have a modicum of respectability and require extra work compared to plain HTTP sites. You have to set up a secure server, which means you have to do more than simply point a DNS name to an IP address. 

If you think it's unfair that HTTP sites get downvoted, it's an argument that makes sense. At the very least, sites that have been running on HTTP for years should not be suddenly penalized because someone else abuses HTTP. But Google does what Google wants, and frankly the number of search hits this site gets is not a hot priority.

Setting up SSL on a web server is not tragic. In essence, you need a server certificate, you install it according to the instructions of the server, and you set up a separate web server instance that responds to secure requests. It's a bit of a pain, especially if you only have a single web site to transition, but it's not a huge stumbling block.

First, getting the certificate. What's that? It's a document (file) that certifies that you are who you say you are. When you connect to www.mrgazz.com using SSL, the web server presents this certificate (the public version of it) to your client (the browser), and the browser verifies it. Technically, the browser has a list of trusted authorities that are allowed to certify my certificate, and if one of those authorities says I am good, then your browser agrees. 

Which also means that you have to get an authority to certify you. For the longest time, this meant you had to fill out a form and pay money for a certificate to be issued. Certificates would last a year or so, then you'd have to go and renew. This was a double pain point: on one side, a whole year is a lot of time and lots of mischief can happen during that period. Ideally, certificates should last shorter. On the other hand, if you forgot to buy your new certificate, all browsers that connected to your site would suddenly sound alarm bells and tell the user that your site was fishy. They would also generally make it really hard to connect.

Let's Encrypt is a new project that has a completely different approach. Instead of making the web site owner fill out a form and make a payment, Let's encrypt matches who you are and who you say you are by running software on the web server. You install the Let's Encrypt client on the machine that runs the web server, then the software tries to connect to itself using the DNS name. If it succeeds, then it knows you are who you say you are. It then issues a certificate.

The most amazing thing about Let's Encrypt is not the approach, no matter how amazing it is and how wonderful it is not to have to pay $10 a year. What's really special is how easy it is to set up on the standard web servers on the Internet. If you run a latest-version Debian or Ubuntu, installing Let's Encrypt is as simple as:

sudo apt-get install python-letsencrypt-<webserver>

[Note: until recently you had to download an archive and install manually, which I really, really, really didn't like, because I had no idea what that package would so. Having a package file from the default repository makes me feel much better!]

Running the software for the first time is also completely braindead:

sudo letsencrypt --<webserver>

In my case (as in many), the webserver is apache:

sudo letsencrypt --apache

But letsencrypt comes in a variety of styles for the most common web servers on the Internet.

From the command prompt, you get into an interactive series of dialogs where you essentially confirm which ones of your available sites you want to convert to SSL, and whether you want to allow access to both HTTP and HTTPS or only to HTTPS.

Magically, letsencrypt will write new site rules to make your new SSL connection available. I tried it both with sites that had no SSL configuration at all, as well as this site, which ran a mix of secure and insecure sites, now all converted to secure. letsencrypt figured out how to change the configuration for both types and restarted everything, so that there was the absolute minimum downtime.

This is where I found the absolutely only downside of letsencrypt, and it's really not its fault. You can access this site, like many web sites on the Internet, under both mrgazz.com and www.mrgazz.com. The former is what geeks call the domain name, while the latter is the server name. If you want to know the difference, you must educate yourself on the Domain Name System and the beauty of A records and CNAMES. That's beyond the scope of this article. 

Suffice to say that letsencrypt refuses to generate certificates for domain names and will issue them only for server names. That means you cannot have https://mrgazz.com, because letsencrypt will not issue a certificate for that server.

You could go about it two ways, just as outlined in the dialog that letsencrypt presents: you could have https://www.mrgazz.com run independently of http://mrgazz.com. That is, users could connect to either independently. In that case, you don't have to do anything. 

If instead you want all traffic to your site to go to the SSL version, you need to do a little extra configuration: in the Apache configuration file, you will see this section:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mrgazz.com 
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

What this does is to take the requests sent to the insecure version and redirect them to the secure version. THe problem here is that it does so only for www.mrgazz.com, so you have to add mrgazz.com. Also, the rule redirects to SERVER_NAME, which would redirect to mrgazz.com. You need to change that, so that it always redirects to www.mrgazz.com. In the end, you get this section:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mrgazz.com [OR] 
RewriteCond %{SERVER_NAME} =mrgazz.com 
RewriteRule ^ https://www.mrgazz.com%{REQUEST_URI} [END,QSA,R=permanent]

Notice the [OR} at the end of the line. Once you reboot the server, everything is just as you wanted.

Extra points:

  • letsencrypt configures your secure web server almost flawlessly. When you check the configuration from a security perspective, you get an A rating for security.
  • letsencrypt security certificates can run multiple web server names from a single web server. You can put as many secure sites as you want on your web server, letsencrypt will configure them all correctly.

Ah, yes, my glamorous life of jet-setting and international travel! OK, so I barely managed to fly out to ski resorts this year, and instead of flying first class, business class, or any class at all, I had to make do with budget airlines and seats so cramped, my knees routinely touch the seat in front of me. Particularly annoying when you have a six-year-old in front of you who is bored to the point of kicking the chair during the entire trip.

The other thing that the cramped seats won't allow is typing on a full-size computer. There is simply no room, between the seat's angle and the tiny, half-size tray table. Which, incidentally, wouldn't fit a tray, either. Someone should sue budget airlines on their misuse of the word, tray table!

I can't fix airline seats, I won't want to afford expensive tickets, so I am left with two options: (a) not type while flying, and (b) get a small computer. Of course, I can also do both and get a small computer and not use it.

I researched for a while. What I wanted was something that I would use only while traveling and not as a primary computer. That meant it had to be economical. It also had to be lightweight (obviously) and sturdy (obviously). It needed to have a decent keyboard on which I would want to type for hours, and it had to run all the software I wanted to run even when disconnected.

I ended up with one logical choice for the hardware: a 10" tablet or Chromebook. I would buy a keyboard for the tablet and make do, or take the Chromebook as is.

Read more: Ubuntu on an ASUS Chromebook Flip

Subcategories

News on projects I have undertaken, either in open source (anonymous access) or closed source (requires registration).

Software I tested, ran, tried, use, etc.
Various content highlighting HOWTO do things that are not trivial
Comparisons between utilities and applications that do similar things.
Once I decided to move on to Joomla CMS, things started to be bleak. I couldn't find documentation, there were a few annoying bugs, etc.

In the end, though, I got the hang of it. I like it still much better than Typo3, CPGNuke, and all the other CMS systems I have used in the past. Mambo is fast, configurable, and extensible - and once you know how to use it, you start appreciating it real fast!
How to use some of the more fundamental tools in Linux. Sometimes you can do more with less...
All the tribulations and trouble I had to go through to make hardware run under Linux!!!
My experiences with various Linux distributions. Installing, running, selection of packages, ease of use, upgrades, etc.

My old blog on Blogger - now imported here

Old architecture blog on Blogger

A series of articles, each containing a list of compatible items in alphabetical order. Missing letters are indicated in the article title.