Presidential Candidate Website Survey Update

The race is now down to 5. (From 21!)

What’s changed in their website setups?

Donald Trump got rid of Flash, otherwise everything else appears to be the same.

Ted Cruz went from a A+ rating to just an A (lost HSTS?).

Nothing changed for John Kasich.

Hillary Clinton went from an inconsistent server setup with many IPv4 addresses to just 1 IPV4 address.   The www. redirect behavior (from without to it) does mess up HTTPS Everywhere and ssllabs tests.     A major plus is she added HSTS to her site, so her ssllabs rating is now A+.

Bernie Sanders added IPv6 support and HSTS to the main site.  Unfortunately a sha2 intermediate certificate prevents his site from going from A to A+.  And his donation provider has HSTS setup correctly and get’s an A+.

At this point in the campaign, only A ratings (ssllabs) are left!  The Democrats seem to have prioritized implementing HSTS, but neither appears to have gone for the preload list.

HSTS – Means you tell the browser to enforce SSL

You can find the raw data in this spreadsheet

I also included sub domains in this list, but it wasn’t as interesting as I hoped.

Planet Ubuntu endorses Bernie Sanders; Larry Lessig for Supreme Court?

The results of the Planet Ubuntu poll we’re
Democratic: 72% for Bernie Sanders
Republican: 27% for Rand Paul (has since dropped out*)
Independents: 46% for Jon Stewart

Who do you like the (republican) least?: 65% Donald Trump
* And otherwise it was a wash.

In other political news a few people have pitched Larry Lessig to be the next justice on the supreme court. We need someone tech savvy on the supreme court. Not to mention someone who wants to get money out of politics.
See video here.
Sign We The People petition here.

Presidential Candidate Website Survey

I surveyed the website security and a few other website technology factors for the candidates for US president.  Here is what I found.

Epic fail candidates:
Jim Gilmore, Bobby Jindal, George Pataki – they all ask for donations on an insecure page or one vulnerable to POODLE.   I would say these would be a much better insecure server story but none of these are considered major candidates.

Actually support IPv6:
Only Donald Trump, Ted Cruz, Rand Paul, Marco Rubio.

CloudFlare
10/21 sites use cloudflare as their CDN!  It looks like their is a difference in the plan/traffic tiers some of the candidates are in:
2 endpoints – Ted Cruz, Rand Paul, Mike Huckabee, Bernie Sanders, Jim Webb, Larry Lessig5 endpoints – Marco Rubio, Carly Fiorina, Jeb Bush, Donald Trump

Now, CloudFlare  gives you IPv6 and HTTPS for free, but apparently a lot of candidates aren’t bothering to turn them on?

Complicated…
The seemingly most complicated setups go to Hilary Clinton and Chris Christie. I’m not sure they are good setups – they show up as inconsistent to ssllabs.  I’m guessing they spent the most money/time on them though.

Other interesting stats
Wordpress – 11/21
Hosting: Amazon AWS – 4/21 – Linode 2/21
Redirects to HTTPS by default for main site – 16/21 (yay! this is the assumed default now – the candidates who don’t are Rick Santorum, George Pataki, Lindsey Graham, Jim Gilmore, Lincoln Chafee)
HSTS – 3/21 have it on, but only Ted Cruz has it on in a consistent way

Conclusion?
I’m guessing those who aren’t getting good website advice aren’t getting good campaign advice in general.  Not having HTTPS by default seems like it’s a good indicator for you not being a serious candidate.   I’m curious if the republican candidates with IPv6 enabled indicates anything about their tech teams and what impact that might have as the field progresses.

Disclaimer: I’m supporting Bernie Sanders and have volunteered to help them tech wise. All the test I did were pretty simple using SSLLabs , IPv6 Test and W3Techs.

You can find the raw data in this spreadsheet – presedentialwebsites

Happy Birthday to you – MP3 Decoding Patent

According to Wikipedia  (and a related patent analysis site) MP3 decoding is now patent free in the US!  Also last night Happy Birthday was determined to be in the public domain!

Happy Birthday to you!
Happy birthday to you!
Happy birthday to that MP3 Decoding Patent!
Happy birthday to you!

Theoretically that  means we can include MP3 decoding by default in Ubuntu and other Linux distros.  I’ll leave that to legal teams to decide…