Enabling SSL with Cloudflare

Finally, gordon-chan.net is fully run in HTTPS.

It is shame that as a webmaster I know how HTTPS is essential nowadays, even my website is not a e-Commerce site, it is also essential for SEO ranking.

Cloudflare is famous and a wellknown web performance and security solution company, apart from offering 1.1.1.1 DNS Service, sometime their domain price is also competitive than NameCheap and GoDaddy.

As I wish to get the site run under HTTPS, I know I need to setup SSL. Let’s encrypt is an option on my webhosting, however it requires me manually generate the cert every 3 months, and for every sub-domain, which is tedious process and I giveup or eventually forgotten over time.

Tonight when I try explore Cloudflare, and I find Cloudflare mentions they offer free SSL. I was thinking is there any plan subscription needed in order to enjoy it and insanely it is not. It is completely FREE.

So, I follow the step to turn my site into HTTPS, which basically involves:

1. Sign up a Cloudflare account (fair enough)

2. Login Cloudflare account, go to “Website”, click “Add a website”

3. Fill your domain for Cloudflare to search your web DNS config

4. In the Select Plan, scroll down for “Free plan”

5. Wait for Cloudflare look for your DNS records and review the DNS records that they found (You need to ensure the record are correct, and add any missing records)

6. Click “Continue”, Cloudflare will then show you the nameserver that you need to update in your Domain hosting. For my case is GoDaddy. I login to GoDaddy for my domain’s DNS Records. Be caution, once you update the nameserver, the DNS records in your Domain Host will gone. Therefore once again to ensure all DNS records are exists in Cloudflare. If things alright, update the nameserver and wait for its activation.

Normally the process need for 72 hours. Turn out, my whole process only need to wait for <10mins. I check all my sub-domain, login to my web hosting, and all work normal. What a magic!!!

Just to note, having a HTTPS site is not necessary mean your site is secured. It just ensure the communication between browser and your web server is secured. I came across some store owner with their eCommerce software with security risk and they didn’t apply patch, and turn out their website file being modified by malicious code and security risk exposed.

Wish this sharing helps you turn your website into HTTPS.

Useful blogs for continue advancing as a web engineer

As a web engineer, you need to keep yourself advance, learning from giant tech company is a good choice. Here are some of the blogs I follow:

https://shopify.engineering/
As a Shopify Expert, no doubt I need to follow what’s happening in Shopify Engineer world. By knowing how they continue scale up the platform or any news in advance on storefront rendering will help me plan about my development for development opportunities.

https://netflixtechblog.com/
How can a over-the-top content platform and production company support operating their platform / video delivering to numerous video consumers smoothly and gather the statistic to come up a big data analysis, their blogs share such golden insight.

https://medium.com/paypal-engineering
As a new joiner of PayPal (since Aug 2020), I start following the blog to know more about what is happening PayPal engineers are working on to improve our customers and merchants end-user experience so as to achieve the great 2021 initiatives.

https://engineering.fb.com/
Although someone would say Facebook start outdate, or suitable to adult but not teenagers, no-doubt FB is a social platform that backed up various technical advancement. The contribution on GraphQL / MySQL and articles about their data centers are really cool to follow.

https://eng.uber.com/
Uber famous in how they handle the huge live-time data in organising every transport / car moving. Their articles about how they architect their system, money movement, how they use latest technology to empower their system and services are awesome!

https://medium.com/asos-techblog
https://medium.com/ynap-tech
As an ex-fashion company tech person, I need to be aware of how other fashion company tech advancement. ASOS and Net-a-Porter Tech blog are 2 majors source of Tech nutrients I would absorb from so as to learn what advancement we could adopt.

Although the content in the blog / Medium mentioned above could be quite backend side, as a web engineer (I am try step into an area somewhere beyond frontend development), it is challenging but also they are valuable resources to learn from them, which often got insight like something they probably have been failed for lots of time and finally got overcome the technical bottlenecks. This kind of insight are essential for excelling oneself to achieve higher technical advancement. If you not yet start having such habit, act now and build up such habit~

Github remove Weak cryptographic standards

Since 23 Feb 2018, I find one of my work operation keep failing. In my workspace I have a Jenkins checkout Git repo which further run bower and Gulp for dependencies. It keeps saying Github fail to connect. The error say the HTTP protocol is not support, or cannot make HTTP connection. And turn out we find we fall to one of the scenario that our Jenkins server no longer able to get things from Github because Github disconnect the support of the following weak cryptographic standards:

  • TLSv1/TLSv1.1
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1

Ref: https://github.com/blog/2507-weak-cryptographic-standards-removed

Since the incident, I aware the linux server we have for our Jenkins is already kind of old.

Turn out we have to upgrade our Linux to have latest openssl, libcurl and git using `yum update openssl libcurl git`

I though the story is about to end after my colleagues upgraded the changes. Another side of the workspace dev buddies start complaining the failure of building the application. And they are actually working on VM which is CentOS 6.

After checking, our VM has CentOS 6 with openssl in 0.9, git with 1.7.2 version, both of them do not support TLS 1.2 (the version that supported by github from now on)

Therefore the way to fix the issue is to update these modules. Sadly, updating them in CentOS is not straight forward, and here are some command I ran to get them upgrade:

Update openssl (you may need sudo):

# cd /usr/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz
# cd openssl-1.0.2a
# ./config
# make
# make test
# make install
# openssl version

If you still find the version is incorrect, check which openssl to find which openssl is pointing at

Update GIT:

# yum install http://opensource.wandisco.com/centos/6/git/x86_64/wandisco-git-release-6-1.noarch.rpm
# yum install git

Hope this helps.

 

ref:

 

Shopify 收費不平宜但你還是可能選擇它的原因

上篇談及「利用 Shopify 架設網路商店的例子」,這一篇嘗試進一步協助剖析 Shopify 是否真正適合你。

shopify-google-search-onlineshop-result

雖然網路上伸手即有的一大堆網上服務平台可選,隨手一找這些也是你可能有興趣而又與 Shopify 相類似的網店平台:

  1. storenvy.com
  2. shopline.hk
  3. shopio.com
  4. volusion.com
  5. bindopos.com‎

基本上是即申請即可開店,又或是風格相近而又有名氣。

付費㗎喎!又唔係平

要找平宜的實在有許多選擇。這些平台的服務收費有分一次性成立費、月費、按交易收費、功能附加費等等。有些平台開店成本低至 HKD$500,月費HKD$50。(Shopify Basic Plan 要 USD $29 (~HKD$230) 另加交易手續費。)然而 Shopify 在這方面並不是平價網店服務平台。在商言商,一個服務供應商要有合理的收費才能支持其持續營運。有營利才能驅使平台有更穩健的發展。所以要是選擇的話, Shopify 不會是你的選擇。只因 Shopify 不是最貴的那一家,但要比它平宜的大有人在。

自主程度與開發者協作

那麼 Shopify 為何在云云選擇中被我看中?我被 Shopify 吸引的是其提供的自主度比其他平台優勝。它除了提供不同 Theme / Template 來讓技術能力較缺乏的用家選擇外,其自家的 Theme Configuration Tool 讓建立 Template 的製作者定義一些基本設定,讓其他不善編寫網頁的用家也能有自定義的空間。 除此之外,Shopify 自家的 Theme Editor 編輯工具再其自定義的功能之上,提供以 Liquid 這項 Template Language 讓開發者進行更進階的編程來製作更多樣化功能的網店。若果 Shopify 用戶想達到較複雜的網店設計而又沒有現成的 Theme / Template可選擇,有這類 Template Language 再找懂這項編程語言的網頁開發者協助便能達到他們的目的。Shopify 對開發者亦有很豐富的支援。除了完善的支援文件外,收益分成也是驅使 Shopify 開發者更積極協助其商家優化他們的網店,網店生意更好,他們所得的分成也會更多。

所以(利申),作為 Shopify 開發者 ,如果我為更多人建立 Shopify 網店,而他們的業務不斷發展收益增加,我也會漸漸有更多的分成收益。亦因為這種分成制度,讓 Shopify 開發者對 Shopify 有更多交流,以獲得更多支援、改進,讓他們為其客戶達到更多設計/功能目的。而 Shopify 開發者也務求與其客戶建立良好關係去優化他們的業務。換句話說,找一個 Shopify 開發者去開設網站能讓你的網店發展事半功倍。

歡迎你對 ShopifyShopify 的開發者協作計劃提出疑問以了解更多。

GoDaddy with good price but extreme poor support

The web hosting I am using is ICDSoft, but from time to time I will help people setting up website using other web hosting base on their requirement and the budget they can afford.

ICDSoft is very famous in her stable services as well as their extreme helpful support (Suresupport). And I never find them so helpful once I started using some other web hosting, namely, GoDaddy and Hostgator.

Hostgator comes to my eye-sight because of they open China market when I search for economic China web hosting. It does not cost much, but their admin panel is quite messy, and their support is also not fast enough in catering my inquiry. However, it is much better than GoDaddy.

GoDaddy is very famous in their domain sale, she often provides very cheap domain sale. But it also famous in their un-user-friendly admin panel, complicated control of your account. You are not only fail in using username to login your admin panel (you have to use the customer ID). And recently when I help my friend setup the Delux web hosting plan, it almost turns me crazy during the email setup. Therefore I seek for their online support.

After looking up the whole website, GoDaddy only provide Live chat or call-in support. There is no email support or online support ticket system for firing support ticket. I turn out opening the Live chat window and see the screen:

Screen Shot 2014-06-04 at 上午12.45.44

Screen Shot 2014-06-04 at 上午12.45.32

It turns out I waited an hour for a support expert to chat with me. And before I reach the expert, I already sort out the issue by surfing from the Internet.

To know that, [email protected] no longer work:

Screen Shot 2014-06-04 at 上午12.46.14And this is really poor to me, as I often wish to share screen or text file for resolving issue, and GoDaddy turns me down really deeply.

Well, my friends look for economic approach, I can only try harder to help them by myself.

A rough start of Google Tag Manager

I assume you have a rough idea what Google Tag Manager (GTM) is, if not, you may either read its official website, or watch the nice Introduction Video to get the brief idea.

Once you have a brief idea of it, it sounds like ‘Yeah! That is our choice and we need it to empower our marketing / site tracking strength and management.’ by marketer, or ‘Gosh! We have to implement it in order to off-load the work of various tag setup from IT Team to Marketing Team’ by I.T. Tech. I am a front-end web developer and often need to make suggestion / decision to confirm whether to go for an approach, and Google’s product often a nice choice to have, but probably not this time when I am writing this blog.

Somewhere over the WWW have people like blogger / SEO expert introducing GTM by coping / elaborating its good point (mostly the good points that mentioned by Google Tag Manager official website). But when you come to the analysis phase, you will find it lack of detail documentation to implement it when you need it a bit more advance.

My case is to start preparing the migration of Google Analytic (ga,js) to Google Universal Analytics (analytics.js) for my company’s E-Store, and I have no difficulty to setup the Containers, Tags, Firing Rules, Marcos for general site tracking using Google Universal Analytics tracking type. I can see the configuration I did in GTM start populating data to various report, mostly similar with what I can see in existing Google Analytics profile. However, for some case we need to have different tracking code with different value per several different page, then the problem I face is the grow of Firing rule. And the worse thing is, all the rules / tag are listed linear, without folder structure for organization.

Furthermore, leverage the tracking code deployment task from IT team to marketing team is not an ideal way in terms of site stability. If there is bug in tracking code and is being deployed without proper testing, the site will subject to the issue and the IT department often be the party who being blaming by site user instead of the marketing team.

I would advise IT team to implement Google Tag Manager to their website, and use it as a way to simplify their tracking code deployment, and keeping the account secret from non-IT team member, so as to avoid them from introducing issue to the site.

iOS6 與 Web Developer 的關係

自 21 SEP iOS6 釋出後,過了24小時左右,花了一小時自動更新,把手機轉到 iOS6 去。更新的原因,主要是因為它對 Safari 進行了若干改進。

在左圖你可以見到,Safari 的若干改進中,有前所未見的更新:支援照片上傳 (Support upload from media library) 。此前,因為 sandbox 原故,或是因為沒有做好 portal,手機隨了靠 native app 如 PhoneGap 來作搭橋方式,把資料送上去後台程式。現在連網頁都能夠上載相簿中的相片,甚至即是拍照,這可是一個不顯眼的突破。對於一般上網族,未必留意到這個改變,但對於網頁開發人仕,可不要忽略這個新功能。因為,這個新功能帶來的方便,可改寫你之前對某些認為一定要寫 native app 才做到的事情,變由拍一張照傳到後台,經後台分析而得出處理結果。

此外,對網頁開發員的另一個好消息(突破相對較小),是其 JavaScript 的執行效能。且看以下網站將 iOS5 跟 iOS6 進行的對比測試:
http://www.newmobilelife.com/2012/09/15/ios6-vs-ios5-safari-benchmark/

可看到網頁呈現的反應之差異。實際前往我公司的網上商店,可感受到網頁很快便能完整呈現。

當然,新 Safari 也同時帶來一些問題,就是對 POST Ajax 的 caching 處理跟 iOS5 。因而有些網站反映有一些問題出現。解決方法是添加一個不斷隨時間而變的數值到 ajax 作出回應的 function call 中: http://stackoverflow.com/questions/12506897/is-ios6-safari-caching-ajax-results

至於其他改進,也是使用層面中體驗經歷,也不用作深究了。

su – root password

As a Mac user, but not an expert linux user. Sometimes when you follow some online tutorial to teach you work out some installation or task, you may encounter an issue of ‘permission’ deny.

You may clever enough the think of ‘I not yet grant enough permission’ so then you try using a command ‘su – root’. However, if you use this first time, you may find the Terminal reply you ‘su: sorry’, which indicate your password is incorrect.

‘What?! I am the owner of my Mac and my account is admin!!!’ You end up with this anger, and double that your Mac is kidding. In fact, [ admin != root ].

The message is really telling you that the password is incorrect. It happens just because the password is empty. What you need to do is to setup the password for the root account. The command you need is ‘sudo passwd root’, set your password (please remember the password!!!). Once you set it, you can try login as root. Now you should grant the root permission.