PSA: May 2020 and the website
Hey everyone!
Firstly, apologies for not sending out newsletters recently. I hope that this one finds you well and that you're staying safe in the current global situation.
I wanted to send a newsletter out as a quick PSA regarding the website. The tl;dr (too long; didn't read) is that the website hasn't been hacked, I've moved web hosts and forgotten to take an HTTP header off.
Because of that, you might get browser warnings about not being able to verify the site when loading. See the full description as to what this actually is.
You'll need to tell your browser that you understand the risks in order to get through to the actual site, but should only have to do this the first time. After you've hit the website for the first time, the new certificate will be verified and you won't have to do it again.
Full Description
Let's learn a little about the HTTP Headers that the site uses before we continue - feel free to skip this part if you wish.
If you open the site in your browser, hit F12 to open the developer tools and look at the very first request, you might see a bunch of response headers listed
image source: https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor/request_details
The previous version of the website had used a header called https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security (sometimes shortened to HSTS). This header is designed to tell the browser that the page should only be served over HTTPS, it contains a value for how long the browser should only access the site over HTTPS for. In the case of the previous version of the website, this was set to 63072000 seconds (which is a long time).
Because I've moved the site from one host to another (from Digital Ocean to Netlify), the fingerprint of the website and its URL has changed. Because of that the browser fails the HTTPS validation check and tries to open the site with HTTP which it's not allowed to do - because of the HSTS header. Which is why you might get a "this site is insecure" error when you load the site.
As long as you continue through to the site on the first request (i.e click the equivalent of "I understand the risks") then the new HTTPS certificate will be added to your keychain, the site will be loaded over HTTPS, and you won't be prompted about it again.
If you're left worried about this change, please feel free to get in touch and I'll endeavour to prove to you that I still own and operate the website. You can reach out either by the show's twitter account or via my twitter account
New Design
Complicating matters ever so slightly, I'd also like to announce that there's a new design for the website.
I've been working on ways to make the website easier to use, and faster to load. And, if I'm completely honest, I'm not a fan of infinite scroll features - which is what the previous version of the site used. I've also added a search function and a press kit - which has some great stats on the show.
I feel like this design is a lot simpler and faster to load. And since I'm all about trying to reduce page load speed and make websites simpler to use, it felt like an easy (if slightly badly timed) choice to make.