Just say no to DRM

Microsoft has announced that it will be closing its DRM-encumbered ebook store, with the consequence that its customers’ ebooks will “no longer be available to read”.

I don’t buy ebooks with DRM (nor anything else with DRM, for that matter), but apparently lots of people do, and many seem to be content - even proud - to buy ebooks with weak DRM, which they expect to be able to remove.

I don’t do that, and I’d urge anyone that does to reconsider.

Let’s Encrypt without port 80

To obtain a Let’s Encrypt certificate, you have to prove that you control the domain name(s) the certificate will cover. The simplest and most common way to do this involves placing a special file at a special URL on your website, which Let’s Encrypt then checks by making an HTTP request to your server on port 80. Most popular ACME clients such as Certbot can easily automate this domain validation method.

Unfortunately, this doesn’t work in the case where port 80 is closed.

Electronic voting

With the impending demise of Google+, I went through my posts there and found exactly one that I considered to be worth saving from the chopping block. Here it is; originally posted in May 2014.

TV3’s Vincent Browne is, disappointingly, the latest to jump on the bandwagon suggesting that Ireland ought to take a step backwards and repeat the disastrous attempt to introduce electronic voting.


Dear people building websites

If you’re going to make me spend thirty minutes of my life reading your mind-numbing terms and conditions, at least have the courtesy to set your session timeout to longer than thirty minutes.

Letter to Michael McDowell about online voting

Dear Mr. McDowell,

I received your materials outlining your priorities for Seanad Éireann and was dismayed to learn that you advocate “online voter registration and voting”.

Voting in Seanad Éireann elections is at present conducted by means of a postal ballot. Postal voting already presents a variety of serious threats to the confidentiality and integrity of the ballot. Online voting would solve none of these problems, exacerbate most of them, and introduce some new and unique problems of its own.

Alternatives to SSH agent forwarding

SSH has a handy feature called agent forwarding that allows you to log in to a remote server and use the keys loaded into your local ssh-agent as if they were on the server. Unfortunately, this useful feature has a downside: it’s not safe to use on servers you don’t trust. Here are some alternatives.

Sandboxing outgoing email

While you’re testing email functionality on a website, you don’t want to accidentally send out mails to all your (or your clients’) end users! There are a few ways to prevent this. Here’s the simplest one I’ve found so far. It allows you to redirect all outgoing email from PHP to a local user (you, for example), so that you can read it with any ordinary mail client. You can also redirect to any arbitrary external email address you own.