outbreak

Sometimes creating a secure page is easy – you just change the http to https and you’re done. On other times you open the page in Internet Explorer and it starts complaining about unsecure items on the page. It’s annoying because many users get scared away thinking something wrong is going on. Or it’s just annoying since you don’t want to click ok every time you load a page.

To remove this alert follow these simple rules. After you do something reload. If there’s no more alerts you succeeded. Otherwise go on. If you get in a jam leave a comment and I’ll try to find one and add a rule.

1. Change all http:// resource links to https://. The doctype is not a problem. All others (images, css, javascripts, iframe pages) should be https://.
2. Change all about:blank links (yep, these are unsecure) to a blank file that exists and is a https:// link.
3. Install Fiddler and check if there are any hidden requests to http:// (it won’t show https:// requests with the default setting). Change them to https://
4. Check if any iframes have # for src or the src is left blank. Change them to something that is a https:// link and exists. Looks like # is actually an alias to about:blank.
5. Find any resources that return an error (404, 500). This one is tricky since it’s not really easy to set up an SSL proxy. Try checking the server’s access logs.

The trick behind these is that any data that comes from an unsecure source triggers the alert. Unsecure data might come from a http:// link OR a built in page. Built in pages are for example about:blank. BUT what you wouldn’t expect is that also Explorer’s built in error pages are unsecure. So if you get a 500 or 404 error and Explorer decides to display its internal error message you will get an alert.

This might not be all but I think it should be enough.

I read that ICANN is in the final stages of creating another top-level domain called .tel. The arguments behind it are that currently there is no way to get the latest contact information so companies and individuals will buy .tel domains to provide it.

Their argumentation can be summed up in these three points. Firstly not everybody has a website with a friendly and memorable URL that can be used as source of data. Secondly people cannot be identified by phone numbers because they change. People are identified by names hence their solution is perfect.

It doesn’t take a genious to see the arguments they make are very weak. If users don’t have a website now, why would they have it after the .tel domain is available? Yes, phone numbers change, domain names change, people move, companies die. URLs are hard to remember, so are emails and phone numbers. Names and faces are hard to remember. To make things worse there are people with same names, similar URLs, phone numbers and even faces. And there can only be one identified by a unique .tel domain. How does this lessen the confusion?

The thing that made me write this is the ignorance of the development of the web. Nowadays almost every communication device is also a web browser. Web pages use HTML as the foundation and HTML has an element called ADDRESS. This is what the specification says about the element:

The ADDRESS element may be used by authors to supply contact information for a document or a major part of a document such as a form. This element often appears at the beginning or end of a document.

This means that you can already do what they want to achieve by the .tel domain by using the ADDRESS element on your web page. If you want to make the contact information even more computer readable and be able to add other information you could just use hCard microformat. It’s based on a standard contact format and can be easily imported into all recent contact management software.

Since not many people use the ‘new’ TLDs are there any reasons to have .tel?