Tinkering under the hood
Kablam's underlying system is now relatively mature and very, very rock solid.
We've been consistently squashing bugs, analyzing hundreds of thousands of lines of log entries and making the site even faster!
But now we wanted to relook at the hardware that makes the site tick, adopt new standards and ensure Kablam, and the internet at large remains a safe place.
Effective immediately we've made the following changes to the infrastructure:
- We've migrated Kablam's DNS to Cloudflare. Whilst we currently aren't utilizing any content delivery or caching through their systems (that still runs with us), we are utilizing their DNS infrastructure, effectively increasing reliability from two servers to a huge, decentralized cluster. For those of you unfamiliar with DNS, its basically the GPS of the internet - it's the tech that turns 'Kablam.net' or 'Google.com' into a web page by finding the servers that look after that site.
- DNSSEC - We've turned on DNS Security. This is similar to the padlock you see on a page when you're using a credit card online. It verifies a number of things under the hood to make sure anyone attempting to forge the site get detected by your web browser. I won't go into huge details on this, but whilst this technology has been around for a while, its becoming a bigger and bigger deal. We've taken the stance to adopt this to help protect you - our users.
- SPF - SPF or 'Sender Policy Framework' Is a way for mail servers and providers to detect spammers & scammers trying to pass-off being someone they aren't. We've run this for a while but we are extending our configuration on this.
- DKIM - Domain Keys are a way that emails sign themselves as legitimate. If SPF verifies the server, DKIM verifies the email. DKIM dramatically increases trust within mail servers and clients (like gmail, hotmail.etc) and reduces accidental chance of being marked as spam (not that, that is currently something we're seeing) and increases deliverability into secure environments (like those of you that signed up with your work emails.... naughty, naughty). So its a win-win for us, whilst reducing the threat of spammers, scammers and malware peddlers attempting to fake email coming from us to trick you into giving up login details and/or downloading a virus.
- SSL - With an increase of government snooping, DNS/Browser hijacking and other malware on the rise, we are taking steps to start forcing traffic through SSL/ HTTPS. This is the same data transfer that you use for buying something online with your credit card, so the only major change is a green padlock will appear in your browsers URL bar. Whilst most of the large websites do this as standard, I will admit that we are slow to adopt this - our excuse is that our focus was primarily on getting the site up and running and then shift attention onto other areas of improvement. The backend of Kablam however has always been secure & protected.
Most of the above has already been put in place by the time you read this, DKIM *should* be in place by the end of April, and SSL should be in place by mid to end of May. Whilst, yes you can in principle buy an SSL certificate and install it into a web server, Kablam has *alot* of moving cogs and literally hundreds of thousands of lines of code. With that in mind, we have to meticulously test everything before pushing it live - especially as we will be forcing HTTPS. TL;DR - We don't want anything to break.
So there you go, a few updates going on behind the scenes to help protect you, the internet and Kablam!
Thanks for reading and being a part of the site!