revolutions

HTTP is sometimes OK

posted on 22 July 2023

The 2021 post Plaintext HTTP in a Modern World by joshua stein elucidates some of the reasons I’m not entirely keen on forcing HTTPS for reading websites. Old computers and old browsers won’t be able to use encryption strong enough to still be useful today. But that’s no reason to stop them from anynomous access to websites where users mostly read or view content and aren’t able to submit credentials or personal information. Like, for example, blogs.

I have a 10-year-old browser still installed (Opera 12.16) which cannot read Wikipedia anymore. I don’t expect to be able to log in to Wikipedia, but reading text and viewing images should be possible with a browser released in 2013. That’s not ancient history. We had good CSS then!

That’s a reason why I have HTTPS enabled on this domain, but not automatic redirecting to HTTPS. The only thing I was unsure about was how to let visitors know that there is an HTTPS version of the site available, without force-redirecting everyone. I was thinking of having two sets of HTML pages generated, one to be served over HTTP with a warning banner and a link to HTTPS at the top of the page; and the other to be served over HTTPS without the banner. But the post by joshua shows a cleaner solution: the Upgrade-Insecure-Requests HTTP header. The header indicates the browser’s preference for HTTPS, and as of 2023 the fact that the browser knows about this header also implies that the browser supports a currently-secure encryption level – so browsers that send it can be upgraded to HTTPS, and browsers that don’t can get the response over HTTP. Presumably they’ll change Upgrade-Insecure-Requests: 1 to Upgrade-Insecure-Requests: 2 once more recent encryption algoriths are deprecated and browsers of 2020 or 2023 have to be cut off from HTTPS.

Do keep your login forms on HTTPS though!

There was also the 2018 post Securing Web Sites Made Them Less Accessible by Eric A. Meyer which featured discussion which pointed out a problem with leaving HTTP open: it allows tampering of the content between server and client, for example ads injected by ISPs. I’m not entirely sure where I fall on this. On one hand, I can see site authors not wanting their content to be changed in transit. On the other hand, if the choice is between an old browser getting possibly-tampered content or getting no content, is the possibly-tampered content still more useful? And, the conditional upgrading using Upgrade-Insecure-Requests seems to offer a kind of herd immunity: if 99.5% of traffic is using HTTPS, the effort of injecting ads or tracking into 0.5% of requests might not be worth it, at least from a commercial perspective. Targeted injection (like for websites useful for activists) might still happen, but a locked-down old browser being used to read general-purpose web content for hobby reasons seems reasonably safe.

Like all old protocols, HTTP will eventually cease to be useful. But there’s no reason to make it happen earlier than necessary.

0202122

posted on 22 July 2023

Na Ars Technica jest dzi? artyku? o dial-upie, wi?c przypomnia?y mi si? i moje pierwsze kroki w sieci. Rok 1998, us?uga dial-up TPSA, 0202122, op?ata nie miesi?cznie, a co 3 minut – 29 groszy. Po 22 i przed 8 rano by?o pó? ceny, jako dzieciak po 22 nie podpada?o, wi?c pami?tam wstawanie rano i w??czanie komputera “na dole”.

Pr?dko?ci na dial-upie by?y na dzisiejsze standardy absurdalnie niskie, cho? do tekstu starcza?y, wi?c tylko multimedia i ?ci?ganie oprogramowania zajmowa?o. I p?acenie za czas, w którym tylko czyta?em, troch? nieszcz??liwie wychodzi?o. By?o oczywi?cie ?ci?ganie tylko nag?ówków w usenecie, pisanie emaili offline, ale zupe?nie wygodne to nie by?o.

Obecnie moje, do?? wolne, po??czenie internetowe jest oko?o 500 razy szybsze ni? dial-up 56k. Mo?e nie przypadkowo RAM w moim komputerze te? 500 razy wi?kszy ni? tamtejsze 32 MB, cho? nie wiem czy szybszy.

Wliczaj?c inflacj? z?otego od 1998 roku i obecny kurs dolara kanadyjskiego, za obecny miesi?czny koszt mojego (nietaniego) po??czenia móg?bym po??czy? si? (pomi?dzy 22 a 8) na oko?o 28 godzin w miesi?cu, czyli nieco mniej ni? godzin? dziennie. Przynajmniej mia?bym miej czasu na doomscrolling.

A poszukuj?c informacji ku potwierdzeniu moich wspomnie? znalaz?em stron? która nadal ma informacje i komentarze z roku 2001: GSM Online.pl (jakby znikn??o, jest te? w Wayback Machine), jak równie? seri? artyku?ów z 2011 r. która opisuje m.in. te? moje pierwsze zetkni?cia z polskim internetem: Polbox, Frico, KKI.

(Teraz jest rok 2023, a mój system blogowy zepsu? polskie literki. Nie wiem jak mu si? to uda?o. Naprawi? pó?niej.)

Quick Heat and Carbon Numbers

posted on 7 April 2022

I was thinking about carbon emissions and calculated some rough estimates for our house.

Between December 11, 2020 and December 12, 2021, we used 2031 cubic metres of “natural gas” (mostly methane) to heat our house and provide domestic hot water. (The heated area is about 120 square metres, the house is double brick and largely uninsulated.)

This seems to correspond to about 21 MWh or 75 GJ of energy, and as a rough approximation 4400 kg of direct carbon dioxide-equivalent (CO₂eq) emissions. (Numbers rounded due to uncertainty in conversion rates, emissions values, and exact properties of gas being delivered to our house. Extracting and transporting the gas also causes emissions, but this seems to be at least within order of magnitude.) Our gas bills for this period were about $1000 (all dollar figures CAD).

Electricity Map / Tomorrow gives CO₂eq emissions goal to meet Paris Agreement objectives of limiting global warming to 2°C by 2100 as below 5 tons per person per year by 2030, and below 2 tons by 2050. Atmosfair gives 1.5 tons CO₂ per person per year until 2050 for a 1.5°C warming goal.

With three people in the house, our per-capita emissions from burning gas are around 1.5 tons, using up 30% of our 2030 yearly carbon budget and most to all of our 2050 yearly carbon budget.

At a very simplified glance, replacing gas with purely resistive electric heating would drop emissions by at least half, and possibly up to five times: Ontario’s electricity carbon intensity usually varies between 30 and 100 kg CO₂eq per MWh, depending on grid load and how windy it is. (Currently highest intensity is during summer due to cooling load, but with a wider shift to electric heating the winter peak might also approach these levels.) 21 MWh of electricity would then cause about 600 to 2000 kg of emissions for the house per year, or about 2.5 to 3.5 tons CO₂eq less than gas.

With our effective electricity price of about 12 cents per kWh (excluding flat fees, but including per-kWh delivery and taxes), and effective gas price of about 43 cents per m³ or 4 cents per kWh, swapping to purely resistive electric heat would cost us a premium of about 8 cents per kWh, and higher use would push us into a higher price tier adding another 2 cents per kWh. 10 cents per kWh would then add up to $2100 extra per year, or average of $175 per month. Roughly calculated, this is about $0.70 per kg of CO₂eq avoided.

Of course, there are much better options than purely resistive electric heat. Heat pumps aren’t a perfect fit for our house, because our old cast-iron radiators work best with high water temperatures, and heat pumps work best with lower water temperatures. Ontario’s winter low temperatures can also push air-source heat pumps to limits of their efficiency. Ground-source heat pumps are an option, but at higher capital costs and substantially more installation work. But on the whole, it should probably be feasible to do all domestic hot water heating (if using a tank heater) and probably about half to two-thirds of space heating using electric heat pumps, supplementing with resistive electric when it’s particularly cold.

Outside of heating season, our use — which was then entirely domestic hot water — seems to average out to about 1.5 m³ per day, which is about 15 kWh or 54 MJ per day. Since our hot water use doesn’t change much over seasons, our yearly hot water use seems to be about 5.5 MWh or 20 GJ, meaning about 15.5 MWh or 55 GJ is used for heating.

A basic heat pump used for space heating would likely be about 3 times more efficient than resistive heating. (Assuming HSPF 9.8 for a system based on a MXZ-3C24NA2, which is primarily aimed at cooling, but this should be a decent initial reference. Resistive electric has HSPF 3.4.)

Using a heat pump like this to provide 5.5 MWh for domestic hot water and two-thirds of 15.5 MWh for space heating would then use about 5.3 MWh of electricity, and the remaining one-third of space heating would add about 5 MWh, for a total of roughly 10 MWh of electricity per year. This would bring our house electricity emissions down to about 300 to 1000 kg CO₂eq per year (3.5 to 4 tons less than gas), and our cost premium compared to natural gas to about $1000 per year, or average of $83 per month. The operating cost per kg of CO₂eq avoided is about $0.27. (There would also be a capital cost of the new devices and installation.)

For further comparison, carbon offsets from a respectable offset provider like Atmosfair cost about 23 euro per 1000 kg of CO₂, which is about $31, which is about 3 cents per kg offset, or about nine times cheaper. But we’ll have to lower our own emissions at some point. A realistic solution would improve our house insulation, sealing, and heating efficiency before diving into heat pumps, but this post offers some baseline numbers for more comparison later.

Tags: energy, house

Pandemic diary: August

posted on 15 September 2020

I’ve decided to write up my experiences and thoughts during the COVID-19 pandemic. I’ll focus on Toronto because that’s where I live and on Ontario because medical data is more reliable on this level and some policies come from Ontario. Canada is another superset but there are large regional differences within Canada.

I’m going to start from now, because if I start from the chronological start I will probably never get to a publishable state. This is as of August 28, 2020:

August was calm in Ontario. New confirmed cases and new deaths seem flat, with about 8 confirmed new cases and about 0.1 to 0.2 deaths per day per million people. Testing is flat but appears sufficient with around 1500 to 1750 tests per day per million people having around a 0.5% positive rate. (HowsMyFlattening dashboard seems to be a good place to get useful figures.) There is the tension of “is it coming back”… there are nervous glances at British Columbia, at Alberta, at Germany, at Spain, for examples of second waves or wavelets.

We hope that the relative downtime is used to strengthen and prepare for next wave. But we’re also skeptical and apprehensive, not least because of the experience of wasted relative downtime in February when it should have been clear this will be serious.

But overall we’ve managed so far. Ontario has had less deaths than any of our geographical neighbours except Manitoba. The health system was not overwhelmed, there was no scary triage and no refrigerated trucks supplementing morgues.

But at the same time, that’s not a very high bar. We’ve had many more deaths than comparable regions like British Columbia or New South Wales, less similar regions like Germany or Norway have also clearly done better, and we are very far behind global leaders Taiwan or Vietnam. Initially, Ontario and Toronto were confident that we will be ready, that we’ll be really good because we’ve had the experience of SARS. That turned out to be a completely false confidence. Our PPE stocks were low; our testing was extremely low; our tracing was underfunded and likely underprepared.

There were decisions that in retrospect are clearly wrong, and some that were probably suboptimal. If mandatory masks make sense in July then why didn’t they make sense in April? Maybe the science wasn’t 100% clear, but its use as a precaution – reducing respiratory contact to reduce a respiratory disease – seems extremely obvious, yet Toronto and Ontario didn’t even strongly advocate it let alone mandate it until July.

After a record-hot July, we’ve got a normal-hot August. A lot of people are outside. We’re not really, due to Reasons; though we did go down to the lake a couple of times and I spent some time trying to tend to our garden.

But what is coming? Fingers crossed…

Tags: covid-19, pandemic diary

Toronto leaders: We need more space. Please open up the streets to people

posted on 24 May 2020

I sent this letter to Mayor of Toronto and the Councillor for the ward I live in.

Dear Mayor Tory, dear Councillor Cressy,

I was upset at reports of crowding in downtown parks over the weekend. The reports and images highlight the need for more space for people in our city. Health leaders have said that being outside, active and exercising, is important for everyone’s health – but there is no room for that in too many parts of Toronto.

On Saturday it was simply impossible for pedestrians to cross the street at Queen and Strachan while maintaining a safe distance from others. It remains impossible for many to reach the waterfront or a park while safely distancing. The sidewalks and crosswalks are too narrow.

Most people living downtown do not have the option of spending time outdoors in backyards or rooftop terraces.

If downtown Toronto is to remain a vibrant place to live, we need more public space.

We need wide-ranging action extending ActiveTO Quiet Streets program to close more streets to all but local traffic, and enforcement of those regulations.

We need connections between dense downtown neighbourhoods like Queen West, King West, Liberty Village, nearby parks like Stanley Park, Garrison Common, and yes, Trinity Bellwoods, and the lakefront parks. We need serious action to provide more space to those who need it.

At a time when most non-essential businesses are not allowed to be open and some of those allowed to open are choosing not to for safety reasons, it is unreasonable and short-sighted to provide space for cars (going where exactly?) at expense of healthy outdoors options for people.

Toronto’s recovery from this crisis will not be led by cars.

I am calling on you to implement lane closures on streets like Queen, King, and Dufferin. I am calling on you to close Strachan Avenue to through traffic, as it is simply too narrow. I am calling on you to close Bathurst Street south of the bridge, taking advantage of bridge construction which will anyway block through traffic to create an avenue for people to reach the lake. Portland Street and Dan Leckie Way could become an active transportation spine overnight.

There are many more locations that should be improved – these are merely those I’m most familiar with. It behooves us to ask of every street: is Toronto best served by reserving it for cars?

Thank you.

Tags: covid-19, toronto