Dear readers and customers,
IT security for our consumers and clients always is one of the top priorities at AETHYX MEDIAE, your friendly and independent European online publishing house.
That’s why we started implementing and activating SSL on all our products and projects in spring 2017 already.
Since this month, for one and a half week or so, we also activated the last lock for securing our domains and the communication over the aether: HSTS.
As of 2020, the measurements to be safe and secure is now at the absolute maximum, technologically it looks like the following:
* SSL activated since 2017
* SSL enforced since 2017
* HSTS activated (and set to 16,070,400 seconds) since 2020
At the moment, this has to suffice as we can’t do more for domain security from our side.
Let’s hope it stays this way but who knows what the future of the web will bring.
We leave a lot of old and maybe beloved browsers (and browser versions) behind with these measures. But in the end we’ll all benefit from it: the developers as well as the users and consumers.
We’re not sure if people will remember why we had to do this stuff. But the open web is dead anyway, there is nothing we can change about it, at least since May 2013. Seven years ago, that is, a very long time now.
Stay safe out there! With or without us!
Greetings,
the aethyx staff
Good evening dear readers,
2013: whistleblower Edward Snowden flees from the NSA to Hongkong and then to Russia while informing the world about secret spy activities against American citizens as well as those of other countries
2017: we read about the Vault 7 series by Wikileaks informing the world about the biggest intelligence leak to this date in covering similar techniques by the CIA
Times are changing and they are changing fast.
So, in a small time frame of only 16 months, our “prophecy” become true unfortunately, that the open web, the open internet is dead. And believe us, we also didn’t want to hear or read this, but http, the de-facto web protocol we all love and grew up with, is deprecated by now. This is like, well, telling millions over millions of web developers & users, bloggers, online journalists, artists, etc. all over the world “if you use insecure http, you suck!” It’s not fair, it’s not even their fault. But we pay for the bills in the end.
So, this March 2017 we did heavy work, project wide, under the hood: we switched from http to https. Everywhere. You can count us now to the 50% (at least according to Firefox statistics) of the web which implemented and use it already. This was no easy part and still there are issues. Let’s give you an overview of some of the problems we faced:
- 1. after all, find free and good CA sites. The most promising project by now is Let’s Encrypt. Their work is in fact so promising and backed by heavy champions of the industry, they really could achieve their goal to encrypt the entire www
- 2. read about the redirect methods in your
.htaccess, if you didn’t know already about it. Otherwise your sites will crash/not use https - 3. eliminate mixed content: unfortunately Mozilla, Google and Apple won’t accept https 100% when you start using using it. You need to invest time to eliminate all your old links to documents, graphics, counters, etc. Double check your databases too. This will take most of your time maybe, but it should be worth it
- 4. Relax, drink a beer, enjoy sun. You finally made it!
Working with the internet today is almost entirely defined by working with the WWW. No matter what you do, the most of the stuff you do online you do via your web browser. Heck, even smartphone apps use the web as their platform.
We may have lost the fight to keep the web an open medium. Not a good sign. But we are still in fighting to keep it a secure medium. Which is, well, until someone in maybe 27 years from now on (remember, the web was born around 1990) will know new facts, read between the lines again and state “https is deprecated”!
Never stop fighing. Never.
Enjoy SSL everywhere,
the aethyx staff