Monday, December 12, 2016 moving to TLS

In an effort to increase security on the web at large scale, web browser vendors and other organisations such as Google are making changes which encourage web sites to move to TLS/SSL encryption. Even web sites which previously did not seem to need it – ones with static content only, and ones without any login / password functionality. This is good and fine – even if it's not a banking web site, it's good that third parties along the network can not observe or modify the content being downloaded. The Chrome web browser has started to label non-encrypted sites with an informative '(i)' symbol which warns the user that "Your connection to this site is not private", and will eventually make those warnings stronger. Google gives better ranking in the search results for https sites.

A real, practical issue right now is that the geolocation Javascript API is no longer available on non-HTTPS sites in recent Android and Chrome versions. This actually broke map center and tracking functionality on the web site.

I wholeheartedly support this movement, it will make the Internet a better place!

These days, with performance-improving developments such as ECDHE, GCM mode AES and hardware accelerated AES, running TLS on a web server is not much of a performance issue any more. Most of the CPU time will be spent on application logic, anyway.

The fun part is that HTTP/2, a new protocol used by modern web browser to access web sites, is only used over TLS/HTTPS – it is not available over plaintext connections. HTTP/2 is faster than older HTTP versions, and a surprising side effect is that a web site may well open up faster over HTTP/2 + TLS than over HTTP 1.1 without the encryption!

Picture not related. I just took it last summer. Kyyttö cows © Sappion luomu.
Before now, has only used TLS/HTTPS for its login and user account management pages. Fairly soon I will have a maintenance break on the servers, upgrade the operating system to the next major release, and install a new version of the software which supports access over both HTTP and HTTPS. To reduce duplicate content (same stuff being available over both HTTP and HTTPS) it will prefer HTTPS and nudge clients that way every now and then, but initially plaintext access should be possible, too. Later on, if there are no surprises, the nudges will gradually become stronger.

There are a few issues which need to be addressed. There are possibly a few Amprnet users accessing this site over amateur radio frequencies. On the other hand, they're then practically surfing the Internet over radio, and probably doing a few requests to other encrypted sites now and then, too, so maybe it's not a big problem for them.

Another thing is that apparently users in China can't access the Google Maps API over HTTPS, so those users would still need the plaintext access for now. I might make the site plaintext only, and bump those users that way, or something along that way. Maybe the Amprnet users can use that, too?

Sunday, October 9, 2016 iPhone/iPad app update: v1.6.2

Version 1.6.2 of the iPhone/iPad app went out yesterday evening. I've been adding a few features and fixes here and there on the weekends, but most of the larger changes in the code are actually under the hood and not yet visible for the users. I've also spent a good amount of time upgrading the web site backend and fixing a few bugs here and there.

Here are the visible changes in 1.6.2, all of them were recently requested by users of the app:

  • Tapping a station on the map multiple times switches the track line colour for that station.
  • Track line width can be adjusted in Settings. The default size is slightly thicker than the previous default.
  • The maximum tracked station tail/track length is now 6 hours.
  • Previously selected stations and addresses can be deleted by swiping the respective table row to the left.
  • Previously selected address search results are retained even if the application is killed manually by the user.
  • Some small visual adjustments (more space between "Beacon now!" and "Delete station" buttons, etc).

Some folks are also asking for a feature to track multiple stations at the same time, but that can already be done, since version 1.0 – just tap the '+' button on the additional stations info view to add them in tracking. This video demonstrates tracking many stations in the iOS app.

Here are some of the new features added in previous versions this summer:

  • Setting to hide/show station callsign labels on the map
  • Setting to disable (accidental) map pinch rotation
  • Latest packets of an APRS station can be viewed by clicking a new button in the station information view. Tap a packet to decode it using the packet decoder.
  • Filtering feature to control what is shown on the map, for hiding weather and AIS stations, for example. Complex custom filtering will be available in the future.
  • A feature to display road traffic information (traffic jams). The information can be hidden in Settings.

I'm also currently working on APRS-IS beaconing and messaging features, and arbitrary date/time range selection (with long time ranges), but they're not complete yet. Larger features take more time.

The app is already getting quite happy reviews, but it still needs a few features to really make it complete. The 5-star average rating and these reviews are for version 1.6.1, from users from the USA: