All Regions
Argentina
Australia
Austria
Belgium (fr)
Belgium (nl)
Brazil
Bulgaria
Canada (en)
Canada (fr)
Catalonia
Chile
China
Colombia
Croatia
Czech Republic
Denmark
Estonia
Finland
France
Germany
Greece
Hong Kong
Hungary
Iceland
India (en)
Indonesia (en)
Ireland
Israel (en)
Italy
Japan
Korea
Latvia
Lithuania
Malaysia (en)
Mexico
Netherlands
New Zealand
Norway
Pakistan (en)
Peru
Philippines (en)
Poland
Portugal
Romania
Russia
Saudi Arabia
Singapore
Slovakia
Slovenia
South Africa
Spain (ca)
Spain (es)
Sweden
Switzerland (de)
Switzerland (fr)
Taiwan
Thailand (en)
Turkey
US (English)
US (Spanish)
Ukraine
United Kingdom
Vietnam (en)
Any Time
Past Day
Past Week
Past Month
Past Year
Using HSTS with HTTP requests - willnorris.com
willnorris.com/2014/using-hsts-with-http-requests/
An
HSTS
Host MUST NOT include the STS header field in HTTP responses conveyed over non-secure transport. And this makes sense. The whole point of the header is to indicate to clients that they should always use a secure transport. If that's true, then you shouldn't ever send any content over non-secure channels. There's no real way to ...
Improving my HTTPS support
willnorris.com/2013/improving-my-https-support/
About a year ago, I switched this website to only serve traffic using HTTPS, and I'm happy to say that things have gone really smoothly in that time. There have been a couple of occasions that I've allowed HTTP traffic and removed the automatic redirect, but that was mostly to help debug clients that were having issues with SNI.
OpenID is not a provisioning engine - willnorris.com
willnorris.com/2007/openid-is-not-a-provisioning-engine/
In talking about the future possibilities of OpenID 2.0 and the Attribute Exchange extension, James Henstridge mentions, Imagine being able to update your shipping address in one place when you move house and having all the online retailers you use receive the updated address immediately. Or changing your email address and having all the bugzilla instances you use pick up the new address ...
Fetching Go Sub-Packages on Static Sites - Will Norris
willnorris.com/2015/go-get-subpackages-nginx/
Fetching Go Sub-Packages on Static
Sites
. One of my favorite things about Go is that there is no central repository for third-party libraries and code. Instead, import paths resemble URLs and the go get command can fetch packages from wherever it is that they are hosted. There is built-in support for popular services like GitHub and Bitbucket ...
Archive - Will Norris
willnorris.com/archives/
© Will Norris. Unless noted otherwise, text content is licensed under CC-BY 4.0 and code under an MIT License.CC-BY 4.0 and code under an MIT License.
Keeping Up - Will Norris
willnorris.com/2014/keeping-up/
I've spent this week trying to keep up with all that's been happening in the Indie Web the last few months. Inspired by Tantek's additions this week, I've now implemented fragmentions (), with similar styling to what Tantek is using.I spent my birthday writing a go webmention library and client, and this post is my first attempt at POSSEing using brid.gy.
WordPress Plugin Pet Peeve #2: Direct Calls to Plugin Files - Will Norris
willnorris.com/2009/wordpress-plugin-pet-peeve-2-direct-calls-to-plugin-files/
This is actually very similar to my first pet peeve of hardcoding the path to wp-content, in that it makes assumptions about where files are placed on the filesystem. Oftentimes, plugins need to handle certain kinds of requests, maybe for some specific protocol, or to handle an AJAX request. Some plugins will do this by making an HTTP request directly to one of the files in the plugin ...
Directed Identity vs Identifier Select - Will Norris
willnorris.com/2009/openid-directed-identity-identifier-select/
I initially started writing this post a couple months ago in response to the common misuse of the term "directed identity" I was seeing in the OpenID community. After reading Dirk Balfanz's guest post Users vs.
learning curves
willnorris.com/2003/learning-curves/
in one of the mailing lists i'm on, someone noted the difficulty in learning to use a particular program by saying how it had a "steep learning curve". well another user corrected him explaining how a "steep" learning curve actually refers to something is easy to learn, not difficult.
The Links We Lost - willnorris.com
willnorris.com/2012/the-links-we-lost/
Yesterday, I shared an article from Anil Dash entitled The Web We Lost on Google+. The article is great, and covers a topic that I have cared very deeply about for a long time. However, today I noticed that it turns out that I didn't actually share a direct link to Anil's article, but rather to a pocket.co shortlink that redirected to the article.
Tailscale devices with a custom domain
willnorris.com/2023/tailscale-custom-domain/
What I found was coredns-tailscale, a plugin for coredns that effectively maps Tailscale device names onto a custom domain. The coredns-tailscale project has been around for about a year, and I later discovered that it had been mentioned in the Tailscale newsletter from October 2022 . I guess I either missed seeing it or just wasn't looking ...
strong authentication and emailing passwords
willnorris.com/2007/strong-authentication-and-emailing-passwords/
So this afternoon, I happened across i@mdentity listed in the OpenID Directory.They seem to be some kind of identity provider in the UK that has their own authentication protocol that they have a small number of vendors using.
Tweet Archive - willnorris.com
willnorris.com/tweets/
This is an archive of all my tweets from @willnorris. They were deleted from Twitter in early 2023.
hCard is not a provisioning engine (for private data)
willnorris.com/2007/hcard-is-not-a-provisioning-engine-for-private-data/
Last week I wrote about how hCard is much more appropriate than OpenID for the provisioning use-case and Chris continued that discussion, questioning why we need SREG and Attribute Exchange when hCard works just fine.. So the question is, when OpenID is clearly a player in the future and part of that promise is about making things easier, more consistent and more citizen-centric, why would we ...
World Wide Web [of trust]
willnorris.com/2004/world-wide-web-of-trust/
So I spent Thanksgiving break with my brother and his wife in North Carolina. The drive was long (especially for the short couple of days that we spent there), but it was good all around.
wp-openid 2.0 released - Will Norris
willnorris.com/2007/wp-openid-20-released/
I'm sure people are tired of me talking about how soon this will be released, so I promise I'll shut up now. I've just tagged version 2.0 of wp-openid, a WordPress plugin which allows you to use OpenID for authenticating users and commenters.
Supporting WebFinger with Static Files and Nginx - Will Norris
willnorris.com/2014/webfinger-with-static-files-nginx/
So, my final nginx configuration for supporting WebFinger is: My first location block is an exact match for the well-known WebFinger path. Within that block, I first enforce that only GET and HEAD requests are accepted, all others receive a 405 response. This isn't required by the spec, but seems like a good idea.
WordCamp badge fail
willnorris.com/2013/wordcamp-badge-fail/
Last December, Matt Mullenweg linked to a post titled A lawyer's home base on the web is their blog, advocating the use of a personal website as your primary identity online.
Delta and the Security Question Anti-Pattern - Will Norris
willnorris.com/2008/delta-and-the-security-question-anti-pattern/
August 13, 2008 by Will Norris. High on my list of most aggravating anti-patterns is that of setting up (in)security questions. You know, where you have to choose three questions along the lines of: What is your father's middle name?
Email Etiquette: Replying to Mailing Lists - Will Norris
willnorris.com/2008/email-etiquette-replying-to-mailing-lists/
Most email clients support the idea of "threaded messages"… that is, the client can group together individual email messages that are part of the same conversation, or "thread". This is a particularly useful feature on mailing lists where multiple conversations are happening at the same time. For example, the following screenshot of the OpenID General Discussion list shows two ...
One step forward, two steps back - Will Norris
willnorris.com/2014/one-step-forward-two-steps-back/
After 9 years, 1 month, and 14 days with WordPress, I migrated my website to a new Jekyll-based setup this past week.I think that when you migrate from WordPress to Jekyll, you're required to immediately write about it, so here goes. There are a lot of reasons why people switch to static
site
generators like Jekyll.
Feedback