Category: meta

If you try to read this blog using an https:// URL, your browser will probably warn you that the security certificate is not valid.

Why is this? It’s because I have hosted the blog on Red Hat’s OpenShift service and I haven’t yet installed my own security certificate. When you visit https://blog.foad.me.uk the connection is redirected to a server whose real address is <something>.rhcloud.com. The web server there currently provides a security certificate that cryptographically proves the content comes from rhcloud.com but doesn’t say anything about blog.foad.me.uk.

What does the warning mean? It means the certificate, and therefore your browser, can’t prove that the content you are seeing really comes from my domain. If you are connecting through a compromised network then it’s possible a man-in-the-middle attack could present a spoof web site that pretends to be blog.foad.me.uk. A spoof web site might try to trick you into giving it your credit card details, for example.

I’m working on setting up my own certificate.

Hmm… I’ve just started reading up about it and it looks a bit more complicated than I thought.

If you have tried to leave a comment on this blog and it didn’t work, I apologise.

Two days ago I found out that commenting was working properly only if you were signed in (e.g. with or or ) or if you were using an https:// URL (which has its own bug). Otherwise, the “Send” button either did nothing or in some cases displayed a “wrong Captcha code” error message even though you had entered the correct code.

I haven’t been able to find the root cause of the problem. I presume it is related to the wpDiscuz plug-in which I use to handle comments.

Yesterday I disabled the Captcha feature, which seems to have fixed the problem. As a bonus, that also lowers the barrier to leaving a comment. I have other spam protection measures in place. If those prove insufficient I’ll revisit the decision.

Thanks to R for reporting the problem.