Server Name Indication (SNI)

I was browsing through Yusuf’s blog today and read in his post about enabling cheaper SSL hosting for the first time about Server Name Indication (SNI), as specified in section 3.1 of RFC3546.

Anyone who’s had to set up an TLS/SSL (let’s say secure) site knows that currently, a secure site must be hosted on a unique IP. If you need to host more than one SSL site, you need to have separate IPs for each secure site hosted. This requirement is present because pre-SNI, the server name is negotiated based on the DNS hostname only. SNI elegantly works around this requirement by adding another step to TLS negotiation. As part of the TLS handshake, the client tells the TLS server which hostname it is trying to connect to, and the hostname thus knows which certificate to present to the client. This is explained a lot more elegantly by Paul Querna.

SNI makes life better because secure hosting becomes more affordable. The cost of a secure certificate is often no longer the largest cost that secure sites must bear to be secure. One can get a certificate for $20/year. However, dedicated IPs are expensive. On a host such as Dreamhost, unique IPs cost $4.95/month. Add this up and it’s almost $60/year. If this extra cost can be eliminated a lot more businesses might be tempted to go secure, and this is a good thing for everybody.

So what’s the current state of browsers?

It’s no secret that as far as end users are concerned, backend features are not as sexy as features which are exposed in the UI, but I wonder whether if SNI support is added to Gecko/NSS before IE, if Firefox will suddenly become a lot sexier to businesses who don’t have an arbitrarily large IP space but are looking to standardise on a browser, or recommend one to their clients. Hey, it’s a much better solution than forcing an upgrade to Vista.

Community Building

A couple of months ago I blogged about the challenges faced by community projects. Something one of my friends who works on a mutual community project with myself and others wrote has driven me to write a little bit about what works well with community projects, because what he wrote resonates with a lot of my experiences:

[Our] volunteers come from varied backgrounds. Our earliest graphics work and page layout was done by someone going to medical school (cutting and slicing cadavers in the morning and slicing and dicing page-layouts/photographs at night). Our resident layout maestro who has a knack of determing browser bugs via impressive test-case reduction is an economics graduate. There are the usual suspects who have some paperwork by which they claim to know Computer Science 🙂 but they are very much a minority.

When I read this, I couldn’t help but also think of the Mozilla community, which is comprised of a hugely diverse set of people with varied backgrounds and interests, but all of whom share a common goal. When you look at a project like Firefox (or really any community project), I think there are two major (and related) barometers of its health:

  1. The ability of a project to draw contributors from outside its immediate field
  2. The ability of a project to harness the capabilities of its contributors and channel it into useful activity

The first of these has to do with the pull that a project has on people who have no intrinsic connection to it. One of the reasons that Firefox has been so successful is that it has drawn people who would not ordinarily be interested in a web browser and made converts out of them. Not only has it made converts, but converts who believe strongly enough in the software that they are willing to donate their time in order to make it better. It’s pretty easy to convince a developer that tabbed browsing is a great idea, but a lot more difficult to convey the same message to others. Yet, to a large extent Firefox has succeeded in this; and it has certainly succeeded in drawing active contributors, many of whom have never taken part in an open source project before (or any software project for that matter).

The issue of contributors aside, why has growth slowed from how quickly it was growing before? Because for the majority of web users, a web browser is boring. Users don’t care what program you enter the URI into, as long as the page loads. Apathy is now the biggest the biggest barrier, because now we have to win over the segment of users for whom computers are not a passion, but simply a tool (or even worse a chore). How does one win over the masses of people for whom anything to do with computers is executed from rote memory, rather than any sense of intuitive understanding (don’t underestimate the size of this group). Do we even want to cater to this group? I don’t really have a good answer for either of these questions.

The second barometer, how a project harnesses the eagerness of its potential contributors is really the crux. My understanding of Firefox contributors is that you can categorise them into four broad groups:

  1. Highly skilled, paid contributors
  2. Highly skilled, unpaid contributors, who donate significant amounts of time
  3. Less skilled, but enthusiastic and eager to learn unpaid contributors, who donate significant amounts of time
  4. Less skilled (or unskilled) unpaid contributors, who want to help in a small way that doesn’t require a large commitment

As always, the first three groups combined do the lion’s share of the work, but are always outnumbered by far by the fourth group. The first three groups can work without hand-holding and still work productively. It is the fourth group who need channeling. Because they want to help out in the short-term or just as a one-time thing, they often do not have an understanding of the project, and thus their genuine efforts are misdirected. As a worst case scenario, their attempts to assist can actually hinder the first three groups from going about their work. I remember during early 2004 when Firefox was picking up steam, all of a sudden Bugzilla’s “Today’s Bugs” lists became a swamp of rubbish, and significant efforts were required to parse through and sort out the useful from the garbage. A perfect example of misdirected efforts—people trying to help but actually hampering progress.

The situation has improved significantly. Efforts have been made to channel contributions to where they are most helpful, and as a result Reporter and Hendrix now exist. Systems such as these not only channel efforts to where they are required, but also provide useful information in aggregated form to the skilled contributors who are in a position to act on the feedback. When channeled in this manner, the fourth group of contributors become enablers. They provide supplementary data that helps the skilled contributors to triage problems and improve the product.

How well the capabilities of these passerby contributors is harnessed can make the difference between creating a group of enablers and creating pandemonium.

Going back to where I began, I think it is clear that variety amongst contributors is a hallmark of success. However, with variety comes a necessity to actively manage contributions so that they are complementary to each other.

The original post that sparked this one is part of a relatively new blog that talks mainly about the technical considerations that have gone into creating a community website and server infrastructure.

Getting Married and other Tidbits

My last blog entry was on July 8, a good two and a half months ago, I think my longest hiatus yet from blogging. Since then, things have been sort of a whirlwind on all fronts (in a good way, of course).

Most important on the list is that I got married on 15 August 2005, to Zainab Currim (now Ebrahim), who I have known for the last five years and been engaged to since December 2002! We had both been waiting for this for a long, long time, and it is amazing to finally be married.

When I say that I got married on 15 August, I should qualify this statement, because marriages for Muslims and Indians don’t work in the same way as they do for many of you who have grown up in a Western environment. For many of you, after the marriage ceremony in a church, there is a reception, and then that’s it. For us, it’s a bit more complicated. First we have what is called the nikah, which is the marriage contract itself, and is executed between the groom and the bride’s appointed representative, which is usually her paternal grandfather or father. Once the nikah is complete, the couple are legally married. However, that’s not the end of the deal. Prior to and after the consummation of the marriage, there are other traditional ceremonies that also take place, and it is these ceremonies that constitute the wedding celebrations.

So my nikah was performed on 15 August, but the wedding celebrations are yet to take place. They’ll happen this December in Mumbai (most of my extended family lives there) and Kolkata (Zainab’s family lives there), both in India.

The venue of our nikah was Najam Baug, a Dawoodi Bohra community hall that my great, great grandfather originally built along with his brother-in-law in 1886, and was recently rebuilt by our family and inaugurated on 15 August 2005 (my nikah took place during the inauguration).

I took on the task of designing the website for Najam Baug, and just completed it a couple of days ago. It’s the first website that I’ve designed from scratch (though I did use a CSS trick or two from ALA), and I’m pretty happy with the result. Designing the website just reminded me what a pleasure it is to design for standards-compliant browsers such as Firefox and Opera.

When it comes to rendering standards-compliant pages, these browsers Just Work™. Internet Explorer drove me crazy with its Screw Standards™ rendering mode. I spent hours making IE not totally screw up floats, and also a long, long time trying to figure out why content was just plain vanishing in IE. As it turned out, the vanishing content bug was IE’s notorious Peek-a-boo bug, which I was able to fix using Matthew Somerville’s line-height hack. After making all these efforts, the website now displays only acceptably in IE, but still not perfectly. For those of you who have IE, you’ll notice that there is a lot more whitespace than you see in other browsers. I still haven’t figured out how to fix this.

There’s still a lot more that’s happened in the past couple of weeks to talk about, but for now this is all I have time for. I hope that over the few days I can write a couple more entries. One of the things I want to write about is about using Firefox at work, and a few observations and challenges I’ve faced in being able to use it 100% of the time.

UChicago to Distribute Firefox and Thunderbird

Every year the University of Chicago’s Networking Services and Information Technology department (NSIT) distributes a connectivity package (CP) to all incoming students. This CP is also used by departments throughout the university. The CP, amongst other things, contains a web browser and an email client.

Starting this fall, all incoming students will receive a CP that is built around Firefox and Thunderbird. This means that any student who pops NSIT’s CP into their computer to set up university email services will have Firefox and Thunderbird installed on their computer! The same CP is also likely to be targeted at university departments for new deployments.

I graduated from UChicago last year, and it’s great to see my alma mater supporting and taking advantage of open source projects in this manner. UChicago is fortunate to have a group of people working at NSIT who understand the value that open source projects can offer them.

Challenges faced by Community Projects

Working on community projects can be one of the most rewarding types of volunteer work out there. This is for a couple of reasons, the most important of which is that these type of projects bring like-minded people together and from them build a vibrant community. Watching the community they create thrive is the greatest reward for the project contributors.

Another important reward is that contributors benefit from the exchange of ideas. Many heads are (usually) better than one, and decisions taken after group consultation are often the most well grounded in reason and are most likely to result in the best possible outcome for the community. Also, one learns a lot by following discussions amongst people who are experts in their own field. As long as the project is driven by active people who share similar goals and ideas, these projects always remain in good health.

The most severe challenges that these community projects face usually come months or years after their inception. Sometimes previously active members slowly become inactive, and often the ideas of the active members may evolve — sometimes in divergent directions.

Many people (particularly those involved in OSS development) believe labour is ‘replaceable’. As long as a process is documented, if a community contributor leaves the project, his shoes can be filled by anyone with the required technical expertise. I think this is a dangerous assumption to make. Finding a replacement who is willing and able to work on a volunteer basis, groks the group’s thinking and is technically capable is often harder than one might imagine. It’s easy to find people who meet two of these three criteria, but much harder to find the perfect match.

I think the second problem — divergent ideas — is the more severe of the two (and greatly exacerbates the first). As projects evolve (as they all do with time), contributors may develop different priorities or sometimes even different goals. A sufficiently motivated contributor often puts in extra hours for the benefit of the project to make up for the inaction of others. But divergence of goals or ideas at the most basic level can destroy this motivation.

I’m not sure what the best way is to solve these problems, I don’t see that there is a one-size-fits-all solution. Each project has to find its own unique way in the end.

I was motivated to write about this today because one of my friends, Yusuf, is facing similar issues with one of the projects that he’s involved in. His perspective on this issue is worth reading.

Netcraft Toolbar released for Firefox

The Netcraft Toolbar has been released for Firefox. I just got the following email from Netcraft:

We are pleased to announce the release of the Netcraft Toolbar for Firefox. You can download it from:

Note that you will be presented with a warning on the first attempt to download the software. You may have to click the “Edit Options…” button that appears at the top of the page and add the site “” to the list of allowed sites before you can install the toolbar.

We welcome your feedback and comments.

I’ve only had the toolbar installed for a couple of minutes, but I’ve already found a major problem — it doesn’t work with tabbed browsing at all. The toolbar always only shows information for the last page rendered in an active tab (but not pages rendered in the background in other inactive tabs). It doesn’t update when you switch tabs. Sometimes if tabs are loading in the background, it won’t load information for that tab at all, even when you switch to it. I’ve passed on these comments to Netcraft’s feedback address as well.

UPDATE: After playing around with this more, I’ve found that it actually breaks tabbed browsing in Firefox. When this toolbar is installed and you change tabs, the URI in the location bar does not update to that of the now active tab. It remains as whatever it was before the tab was changed. For now, this extension is definitely going on my not recommended list.

UPDATE 2: There is some conflicting information about whether or not this extension works correctly in Firefox 1.0.4. One of the commenters notes that it works for him, whereas another 1.0.4 user on Slashdot says that he seems the same behaviour as me.

UPDATE 3: Another commenter mentioned that it’s working for him in Firefox 1.0.4. I haven’t had a chance to test it myself, I’ve been swamped over the last couple of days, but I should probably give Netcraft the benefit of the doubt on this until (and if) more people chime in that it’s not working.

UPDATE 4: I had some time today, so I installed Firefox 1.0.4 and Netcraft Toolbar 1.0.1, the combination of which works perfectly fine. As far as I’m concerned, I think this is a great extension, and I highly recommend it to others who are considering using it. At the time of this update (2005-05-27 21:38 GMT +0800), it still has problems with latest-trunk Firefox builds, as I described in my original posting. I’m sure Netcraft will update their extension to be compatible with Firefox 1.1 prior to its release.

Netscape: CNET’s take and Trademark Violations

Saw two things while reading about Netscape on the web today. The first gem is from CNET:

Netscape lets the user customize his settings for individual pages–telling the browser, for example, to remember that he trusts a particular site. The user can also select Firefox or Internet Explorer as a backup browser, in case the site doesn’t render properly in Netscape.

It looks like CNET is a tad confused about how many rendering engines Netscape supports, and how Netscape uses them only as rendering engines, rather than full browsers. More interesting is the screenshot that they show, which gives users the option to render the page in “Firefox”, and also uses Firefox’s trademarked icon. Furthermore, Netscape’s release notes say:

The Netscape Browser

Version 8.0 – based on Firefox

The Mozilla Foundation’s trademark policy has this to say about the usage of its trademarks:

Those taking full advantage of the open-source nature of Mozilla’s products and making significant functional changes may not redistribute the fruits of their labor under any Mozilla trademark. For example, it would be inappropriate for them to say “based on Mozilla Firefox”.

It would seem that unless the Mozilla Foundation has granted express permission to Netscape for using the Firefox trademark in its software, Netscape is in violation of Mozilla’s trademark policy.

Netscape says Firefox is Outdated

ALERT: Your Current Browser Is Outdated.

The above screenshot is what I saw when I visited in Firefox today.

Amongst their claims is that “Netscape Browser 8.0 provides more security choices than any other browser.” Even if this is true, it does not make Netscape any more secure. It simply means that users are presented with more ways in which they can make their web browsing more insecure. Chief amongst these is the ability to use Internet Explorer as the rendering engine.

Whatever the case may be, I certainly find it disingenuous that Netscape is branding my copy of Firefox outdated. But then again it’s Netscape. Did we really expect anything else?

Book Review: Web Standards Solutions


Dan Cederholm’s Web Standards Solutions: The Markup and Style Handbook is a must read for those who are relatively new to web authoring and also for those who have been doing it for years, but are still authoring web sites using table-based layouts without or using minimal CSS.

Without invoking the argument that standards compliance is theologically better, Cederholm shows not only why standards compliant layouts are more practical, but also how practical standards compliant code can be authored.

He shows designers that standards compliance is not an end in and of itself, but is a tool that can and should be used in order to make website maintainence both painless and forwards-compatible through the separation of content (XHTML) and presentation (CSS).

Who should read this book?

This book is not for everyone. If you’ve never seen (X)HTML and/or CSS before, don’t expect to understand much of this book. The text assumes that the user has a basic understanding of both XHTML and CSS, and aims to show through examples why one implementation is better than another, but does not usually introduce the XHTML tags being used. In other words, this book will not teach you XHTML/CSS.

If you’ve been using (X)HTML and CSS for a couple of weeks, you’ll feel right at home.

What will I get out of reading this?

The format of the book is rather simple. The book is split into two parts. The first (and larger) part is dedicated to understanding how to write semantically-rich XHTML markup. The second part introduces the application of CSS for styling the XHTML. It doesn’t dwell on aesthetic considerations, but rather focuses on practical aspects of CSS-based design.

Most of the chapters follow the same format, which is based on Cederholm’s SimpleQuiz series. He first introduces a usage case, and then provides three or four different methods of coding that particular usage case. He then discusses the pros and cons of each method and summarises them neatly at the end of each chapter. Following the summary, most chapters have an “Extra Credit” section where further ways to extend the best method are discussed. In the first part of the book about XHTML markup, these sections typically include methods for using CSS to bring the plain XHTML markup to life.

The first part of the book discusses the following topics: Lists, Headings, Tables, Quotations, Forms, Anchors, Phrase Elements (such as <b>, <strong>, <i>, <em>, etc.) and finally how to minimise semantic markup by reducing unnecessary classes and <div>s.

The second part of the book discusses the following topics: the best methods for applying CSS to a document, stylesheets for different media, multi-columnar CSS layouts, image replacement of text, styling text, and styling the <body> tag.

Some of the more interesting things I learned from the book were:

  • How to create images that appear to change colour when you change the colour of your site using CSS.
  • How to style the <body> tag to show different layouts (for example, two-column versus three-column) while using the same CSS file.
  • How to serve different CSS files to different browsers.
  • How IE5 on Windows incorrectly parses its box model, and how to work around its incorrect parsing.

There are of course other things I learned as well, but I’m not going to repeat the contents of the entire book here.


If you’re new to web authoring but already have a basic grasp of HTML and CSS, or if you’re an experienced web designer but haven’t yet learned the ways of separating content from presentation, this book is for you.

If you’re interested in learning how to create sites that are easy to maintain and will be forwards-compatible with tomorrow’s software, then you should consider the methods that Cederholm describes.

Certainly, much of the information in this book can be had by scouring the web. But there are some things discussed that I hadn’t seen elsewhere, and it’s always useful to have information compiled in a logical and understandable manner, which is exactly what Cederholm does.

For more information about the book, head over to the book’s website where you can read the table of contents and a sample chapter. If you’re located in North America, use this link to buy the book.

Next on my reading list is Dave Shea and Molly Holzschlag’s book, The Zen of CSS Design.

Firefox adoption amongst High Schoolers

I just spoke to a friend of mine from the University of Chicago Graduate School of Business who’s the CEO of PrepMe, a startup firm that runs an online SAT prep course. He mentions that they’ve hired a new web designer to make their website “Mozilla-compliant” (his words, not mine) because about 12% of their visitors are using Firefox!

Given the likely demographics of their users (I think there’s a pretty decent chance that most visitors are kids in high school), it looks like Firefox is scoring big points amongst teenagers. I know it’s not big news — we’ve known this for a while but it’s always great hearing from content creators that Firefox adoption is growing and they’re having to adapt or be left behind.

It’s often hard to gauge the impact of Firefox based on raw percentages alone, but when someone tells you that they’ve had to make business decisions based on an increase in Firefox usage, that’s something concrete you can’t ignore.

Another friend of mine who helps to run some of the IT infrastructure for one of the largest Model United Nations conferences for high schoolers in the United States has also provided me with a day’s worth of their web server logs. I haven’t yet parsed it, but I hope to do so within a couple of days. The results should be interesting.

UPDATE (2005-09-27): PrepMe’s new standards-compliant website has gone live! Check it out!