It’s possible to use multiple if statements in a row without chaining them with else if statements or a concluding else statement as the default condition. When you have multiple if conditions without any other control flow, multiple code blocks can be triggered by different conditions. In a normal if, else if, and else control flow, only one action will be triggered by the first condition that is satisfied. This is the most common control flow for simple programs and programming is taught this way because a chain of if blocks can result in multiple condition triggers. Sometimes multiple condition triggers are desirable and this is when you can use multiple if conditions. Since you aren’t limited to keeping the control flow unbroken with only if statements, you can add additional code between the statements, but for readability you should only do this if you need to.
Posts in category Technology
This article points out an apparent vulnerability with the Let’s Encrypt certificate authority for requesting free SSL encryption certificates. The process of securing websites is automated by using their Certbot application that automatically installs certificates and configures web servers when a new site is added. FOXDEV uses this service. The asserted vulnerability with LE certificates is the ability to get a certificate for a phishing or scam website. This isn’t a true vulnerability and LE isn’t giving criminals much more then they had before.
When a criminal orders a free SSL certificate from LE to use for a website, all they’re getting is an encryption certificate from a trusted authority that won’t alert browsers. It displays a green padlock in the browser, but this is a problem with user behavior, not a problem with the service itself. The problem can come up if a criminal makes a sub domain like this to use for a scam site: user-authentication.paypal.com.4433.service.example.com or paypal.com.4433.service.example.com. It appears to be a subdomain of paypal.com. Sub domains like this have already been in use by criminals to make websites look legitimate by including a real domain within a sub domain. These domains can be used with unencrypted websites. Most websites have been unencrypted until recently. Before LE was available, criminals could still buy a certificate from one of the authorities. They could even buy a wild card certificate and make an unlimited number of fraudulent sub domains. The only advantage that criminals have now is the ability to request certificates for free. Since they could still buy a wild card certificate before, this isn’t much of an advantage.
The solution to this problem is in reeducating user behavior. Big businesses have bragged on their websites about the security of their websites and directed users to look for the padlock icon to verify that the site they were accessing was real. Even before LE, any criminal could have bought a certificate for a fraudulent domain and used it to generate the same padlock icon. We need to educate users that HTTPS only encrypts their access and they still need to verify the last levels of the domain properly.
It can be configured to generate new topics automatically so comments will always appear each time you create a new page. This is exciting because it offers a way to embed comments with a single account for commenting without any need to rely on a third party system like Disqus. Using Disqus has been awesome for certain sites I’ve assisted where they have limitations on what they can set up. It gives you embedded comments that you can include on any page and users with a Disqus account can comment on any of your sites and every site that has Disqus. Having a unified account for commenting makes it much easier to users to engage with the site because they don’t need to register a new account to leave comments on every particular site that you run. For example, without embedding comments, users who want to comment need to register a new account on every WordPress site or wiki. They can’t even register if the site doesn’t have that feature. There are a small number of self hosted comment scripts that are designed to be embedded but none of them allow user registration so there is no way to know exactly who is posting, so the community can’t build up any reputation among members.
Even though Disqus is great, it’s a necessary evil. Everyone who uses it is reliant on it as a third party system. If the providers ever decide to stop serving, all the webmasters who use it are screwed. If the service were still offered but changes to it made it very undesirable, all the users would be stuck deciding whether to abandon it or continue with all the new problems. Here’s the biggest problem with using Disqus: they can track users of every site that it’s used on. That’s why many of the services are free. It’s very bad for the internet to have trackers on every site. The necessity of comments to a web page makes it worse. I don’t have much problem with adblockers, but blocking Disqus comments interferes with the content of the page.
Having the ability to embed forum topics as comments and to have new topics generated automatically per-page solves all of the problems I’ve had with online commenting systems.