Blog bug: invalid security certificate

If you try to read this blog using an https:// URL, your browser will probably warn you that the security certificate is not valid.

Why is this? It’s because I have hosted the blog on Red Hat’s OpenShift service and I haven’t yet installed my own security certificate. When you visit the connection is redirected to a server whose real address is <something> The web server there currently provides a security certificate that cryptographically proves the content comes from but doesn’t say anything about

What does the warning mean? It means the certificate, and therefore your browser, can’t prove that the content you are seeing really comes from my domain. If you are connecting through a compromised network then it’s possible a man-in-the-middle attack could present a spoof web site that pretends to be A spoof web site might try to trick you into giving it your credit card details, for example.

I’m working on setting up my own certificate.

Hmm… I’ve just started reading up about it and it looks a bit more complicated than I thought.

Blog bug fixed: inability to leave a comment

If you have tried to leave a comment on this blog and it didn’t work, I apologise.

Two days ago I found out that commenting was working properly only if you were signed in (e.g. with or or ) or if you were using an https:// URL (which has its own bug). Otherwise, the “Send” button either did nothing or in some cases displayed a “wrong Captcha code” error message even though you had entered the correct code.

I haven’t been able to find the root cause of the problem. I presume it is related to the wpDiscuz plug-in which I use to handle comments.

Yesterday I disabled the Captcha feature, which seems to have fixed the problem. As a bonus, that also lowers the barrier to leaving a comment. I have other spam protection measures in place. If those prove insufficient I’ll revisit the decision.

Thanks to R for reporting the problem.