HTTPS availability affects website’s Google ranking

Google has been pushing for wider HTTPS adoption for a while now – converting its own services, working on the SPDY/HTTP 2.0 protocols, etc.  Now, it seems, they want other people to start adopting HTTPS too.  And what’s better way than add it as a signal to Google Search rankings?

[…] over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Nice!  Especially for those selling SSL certificates…

HTTP/1.1 just got a major update

HTTP/1.1 just got a major update – somehow I missed this last month.

The IETF just published several new RFCs that update HTTP/1.1:

These documents make the original specification for HTTP/1.1 obsolete. As a HTTP geek, this is a big deal.

RFC 2616, which was written more than 15 years ago, was the specification everybody has implemented, and I suspect many of you occassionally have used as a reference.

HTTPie – command line HTTP client, a user-friendly cURL replacement

HTTPie – command line HTTP client, a user-friendly cURL replacement.

httpie

Main features:

  • Expressive and intuitive syntax
  • Formatted and colorized terminal output
  • Built-in JSON support
  • Forms and file uploads
  • HTTPS, proxies, and authentication
  • Arbitrary request data
  • Custom headers
  • Persistent sessions
  • Wget-like downloads
  • Python 2.6, 2.7 and 3.x support
  • Linux, Mac OS X and Windows support
  • Documentation
  • Test coverage

Akamai vs Incapsula – Comparison Review

Application Delivery Controllers (ADCs) are the current evolution of old school CDNs platforms tasked with responsibility not only for website’s performance, but also for its security and availability. By singlehandedly covering these mission crucial aspects of content and application delivery these technologies allow you to replace multiple appliances with one full service solution. With that, ADCs help eliminate many integration related issues, while also dramatically cutting down all setup, acquisition and maintenance costs.

In the world of ADCs, Incapsula is perhaps the most promising up-and-comer, a cloud-based service that seems to have the technology and the business sense needed to position itself at the same level as its legacy competitors.

It’s been almost two years since I last blogged about Incapsula. Now with recent announcement of its load balancing and failover features, I decided to update my review by pitching Incapsula against Akamai – a globally recognized CDN industry leader, who is also making a leap into the world of full service application delivery.

For this “head to head” comparison of Akamai vs Incapsula, I’ll be focusing on security, performance, availability and – of course – price of service.

You can find the full comparison here but for those of you who want to skip to the chase, here’s what I think about in a nutshell:

Akamai vs Incapsula: In a Nutshell

Incapsula simply offers more for less. You get all of the essentials you would expect, including a robust CDN, PCI compliant Web Application Firewall, DDoS protection and integrated high availability features (both load balancing and failover), all at very reasonable price point.

Not only that, but when compared with Akamai it looks like most of Incapsula features actually offer more, both in terms of their functionality and in term of their overall synergy. One great example is Incapsula’s Real Time view which complements its custom security rules engine and load balancing features by providing instant feedback on every action taken.

In fact, when looking at value for money, Akamai does not offer any tangible benefits – at least not for those who are looking beyond a CDN-only option.

On TLS performance

We have deployed TLS at a large scale using both hardware and software load balancers. We have found that modern software-based TLS implementations running on commodity CPUs are fast enough to handle heavy HTTPS traffic load without needing to resort to dedicated cryptographic hardware. We serve all of our HTTPS traffic using software running on commodity hardware.

Doug Beaver, Facebook
HTTP2 Expression of Interest

http2 explained

http2 explained – This document describes http2 at a technical and protocol level. Background, the protocol, the implementations and the future.

Some highlights:

  • The http2 spec is expected to ship in June 2014 (a month or two away!)
  • http2 is heavily based on Google’s SPDY
  • http2 is binary
  • http2 fixes a lot of issues with HTTP 1.1 (pipelining, head of line blocking, etc)
  • http2 brings new features (server push, block, reset)
  • http2 will keep the URL schemes (http and https)
  • http2 will mostly be implemented for https (via protocol negotiations in TLS)
  • http2 already has a variety of implementations: Firefox and Google Chrome (MSIE coming), cURL, Goolge, Twitter, Facebook.  Apache and Nginx expected.