Just come across a very long but detail article talking about PayPal history, how it transforms and what it could be when I writing my blog about Fastlane:
It is shame that as a webmaster I know how HTTPS is essential nowadays, even my website is not a e-Commerce site, it is also essential for SEO ranking.
Cloudflare is famous and a wellknown web performance and security solution company, apart from offering 1.1.1.1 DNS Service, sometime their domain price is also competitive than NameCheap and GoDaddy.
As I wish to get the site run under HTTPS, I know I need to setup SSL. Let’s encrypt is an option on my webhosting, however it requires me manually generate the cert every 3 months, and for every sub-domain, which is tedious process and I giveup or eventually forgotten over time.
Tonight when I try explore Cloudflare, and I find Cloudflare mentions they offer free SSL. I was thinking is there any plan subscription needed in order to enjoy it and insanely it is not. It is completely FREE.
So, I follow the step to turn my site into HTTPS, which basically involves:
1. Sign up a Cloudflare account (fair enough)
2. Login Cloudflare account, go to “Website”, click “Add a website”
3. Fill your domain for Cloudflare to search your web DNS config
4. In the Select Plan, scroll down for “Free plan”
5. Wait for Cloudflare look for your DNS records and review the DNS records that they found (You need to ensure the record are correct, and add any missing records)
6. Click “Continue”, Cloudflare will then show you the nameserver that you need to update in your Domain hosting. For my case is GoDaddy. I login to GoDaddy for my domain’s DNS Records. Be caution, once you update the nameserver, the DNS records in your Domain Host will gone. Therefore once again to ensure all DNS records are exists in Cloudflare. If things alright, update the nameserver and wait for its activation.
Normally the process need for 72 hours. Turn out, my whole process only need to wait for <10mins. I check all my sub-domain, login to my web hosting, and all work normal. What a magic!!!
Just to note, having a HTTPS site is not necessary mean your site is secured. It just ensure the communication between browser and your web server is secured. I came across some store owner with their eCommerce software with security risk and they didn’t apply patch, and turn out their website file being modified by malicious code and security risk exposed.
Wish this sharing helps you turn your website into HTTPS.
As a web engineer, you need to keep yourself advance, learning from giant tech company is a good choice. Here are some of the blogs I follow:
https://shopify.engineering/ As a Shopify Expert, no doubt I need to follow what’s happening in Shopify Engineer world. By knowing how they continue scale up the platform or any news in advance on storefront rendering will help me plan about my development for development opportunities.
https://netflixtechblog.com/ How can a over-the-top content platform and production company support operating their platform / video delivering to numerous video consumers smoothly and gather the statistic to come up a big data analysis, their blogs share such golden insight.
https://medium.com/paypal-engineering As a new joiner of PayPal (since Aug 2020), I start following the blog to know more about what is happening PayPal engineers are working on to improve our customers and merchants end-user experience so as to achieve the great 2021 initiatives.
https://engineering.fb.com/ Although someone would say Facebook start outdate, or suitable to adult but not teenagers, no-doubt FB is a social platform that backed up various technical advancement. The contribution on GraphQL / MySQL and articles about their data centers are really cool to follow.
https://eng.uber.com/ Uber famous in how they handle the huge live-time data in organising every transport / car moving. Their articles about how they architect their system, money movement, how they use latest technology to empower their system and services are awesome!
https://medium.com/asos-techblog https://medium.com/ynap-tech As an ex-fashion company tech person, I need to be aware of how other fashion company tech advancement. ASOS and Net-a-Porter Tech blog are 2 majors source of Tech nutrients I would absorb from so as to learn what advancement we could adopt.
Although the content in the blog / Medium mentioned above could be quite backend side, as a web engineer (I am try step into an area somewhere beyond frontend development), it is challenging but also they are valuable resources to learn from them, which often got insight like something they probably have been failed for lots of time and finally got overcome the technical bottlenecks. This kind of insight are essential for excelling oneself to achieve higher technical advancement. If you not yet start having such habit, act now and build up such habit~
Since 23 Feb 2018, I find one of my work operation keep failing. In my workspace I have a Jenkins checkout Git repo which further run bower and Gulp for dependencies. It keeps saying Github fail to connect. The error say the HTTP protocol is not support, or cannot make HTTP connection. And turn out we find we fall to one of the scenario that our Jenkins server no longer able to get things from Github because Github disconnect the support of the following weak cryptographic standards:
Since the incident, I aware the linux server we have for our Jenkins is already kind of old.
Turn out we have to upgrade our Linux to have latest openssl, libcurl and git using `yum update openssl libcurl git`
I though the story is about to end after my colleagues upgraded the changes. Another side of the workspace dev buddies start complaining the failure of building the application. And they are actually working on VM which is CentOS 6.
After checking, our VM has CentOS 6 with openssl in 0.9, git with 1.7.2 version, both of them do not support TLS 1.2 (the version that supported by github from now on)
Therefore the way to fix the issue is to update these modules. Sadly, updating them in CentOS is not straight forward, and here are some command I ran to get them upgrade:
Update openssl (you may need sudo):
# cd /usr/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz
# cd openssl-1.0.2a
# ./config
# make
# make test
# make install
# openssl version
If you still find the version is incorrect, check which openssl to find which openssl is pointing at
The web hosting I am using is ICDSoft, but from time to time I will help people setting up website using other web hosting base on their requirement and the budget they can afford.
ICDSoft is very famous in her stable services as well as their extreme helpful support (Suresupport). And I never find them so helpful once I started using some other web hosting, namely, GoDaddy and Hostgator.
Hostgator comes to my eye-sight because of they open China market when I search for economic China web hosting. It does not cost much, but their admin panel is quite messy, and their support is also not fast enough in catering my inquiry. However, it is much better than GoDaddy.
GoDaddy is very famous in their domain sale, she often provides very cheap domain sale. But it also famous in their un-user-friendly admin panel, complicated control of your account. You are not only fail in using username to login your admin panel (you have to use the customer ID). And recently when I help my friend setup the Delux web hosting plan, it almost turns me crazy during the email setup. Therefore I seek for their online support.
After looking up the whole website, GoDaddy only provide Live chat or call-in support. There is no email support or online support ticket system for firing support ticket. I turn out opening the Live chat window and see the screen:
It turns out I waited an hour for a support expert to chat with me. And before I reach the expert, I already sort out the issue by surfing from the Internet.
I assume you have a rough idea what Google Tag Manager (GTM) is, if not, you may either read its official website, or watch the nice Introduction Video to get the brief idea.
Once you have a brief idea of it, it sounds like ‘Yeah! That is our choice and we need it to empower our marketing / site tracking strength and management.’ by marketer, or ‘Gosh! We have to implement it in order to off-load the work of various tag setup from IT Team to Marketing Team’ by I.T. Tech. I am a front-end web developer and often need to make suggestion / decision to confirm whether to go for an approach, and Google’s product often a nice choice to have, but probably not this time when I am writing this blog.
Somewhere over the WWW have people like blogger / SEO expert introducing GTM by coping / elaborating its good point (mostly the good points that mentioned by Google Tag Manager official website). But when you come to the analysis phase, you will find it lack of detail documentation to implement it when you need it a bit more advance.
My case is to start preparing the migration of Google Analytic (ga,js) to Google Universal Analytics (analytics.js) for my company’s E-Store, and I have no difficulty to setup the Containers, Tags, Firing Rules, Marcos for general site tracking using Google Universal Analytics tracking type. I can see the configuration I did in GTM start populating data to various report, mostly similar with what I can see in existing Google Analytics profile. However, for some case we need to have different tracking code with different value per several different page, then the problem I face is the grow of Firing rule. And the worse thing is, all the rules / tag are listed linear, without folder structure for organization.
Furthermore, leverage the tracking code deployment task from IT team to marketing team is not an ideal way in terms of site stability. If there is bug in tracking code and is being deployed without proper testing, the site will subject to the issue and the IT department often be the party who being blaming by site user instead of the marketing team.
I would advise IT team to implement Google Tag Manager to their website, and use it as a way to simplify their tracking code deployment, and keeping the account secret from non-IT team member, so as to avoid them from introducing issue to the site.
As a Mac user, but not an expert linux user. Sometimes when you follow some online tutorial to teach you work out some installation or task, you may encounter an issue of ‘permission’ deny.
You may clever enough the think of ‘I not yet grant enough permission’ so then you try using a command ‘su – root’. However, if you use this first time, you may find the Terminal reply you ‘su: sorry’, which indicate your password is incorrect.
‘What?! I am the owner of my Mac and my account is admin!!!’ You end up with this anger, and double that your Mac is kidding. In fact, [ admin != root ].
The message is really telling you that the password is incorrect. It happens just because the password is empty. What you need to do is to setup the password for the root account. The command you need is ‘sudo passwd root’, set your password (please remember the password!!!). Once you set it, you can try login as root. Now you should grant the root permission.