CityRider

Pardon Our Mess During Renovations

27 Years at the Same Location

It's difficult to believe it's been 27 years since Larry and I created CityRider. The original goal was to provide ourselves with space to practice with the then new web technologies without having to depend on the kindness of our corporate overlords.

When we started this in 1997, many companies hadn't fully embraced the promise of the web and it was difficult and expensive to get a sandbox to practice on. Especially true at a time when the standards were so fluid and browsers were heavily dependent on plug-ins to create modern experiences.

To say the least, a lot has changed over the years but this space hasn't. Unfortunately, it became the story of the cobbler's children who had no shoes. What we did in our careers didn't carry over to this space and it became sadly neglected.

It Was Time for a Change

The original platform for CityRider was badly outdated and couldn't support the direction the modern web had taken. So it was time for a wholesale change across all fronts.

The goals were to provide a secure and modern website platform that would easily integrate with a CICD pipeline. Administration access had to support modern authentication, such as U2F or WebAuthN; strong passwords alone were not going to cut it! The platform had to support managing the security headers, content delivery network, IPv4 and IPv6, DNSSEC, SSL, and CAA.

In short: table stakes for modern websites.

Creative Destruction

To get back up to speed, wholesale change was required. All domains were consolidated into a single new registrar to simplify management. Similarly, so were the nameservers and web platforms. All websites were given a shiny new SSL and added to a CDN. Functions were also added to give each response modern security headers.

The full list of changes, as verified by https://en.internet.nl/, include:

• Modern address (IPv6)
  • Name servers of domain
    • IPv6 addresses for name servers
    • IPv6 reachability of name servers
  • Web server
    • IPv6 addresses for web server
    • IPv6 reachability of web server
    • Same website on IPv6 and IPv4
• Signed domain name (DNSSEC)
  • DNSSEC existence
  • DNSSEC validity
• Secure connection (HTTPS)
  • HTTP
    • HTTPS available
    • HTTPS redirect
    • HSTS
  • TLS
    • TLS version
    • Ciphers (Algorithm selections)
    • Cipher order
    • Key exchange parameters
    • Hash function for key exchange
    • TLS compression
    • Secure renegotiation
    • Client-initiated renegotiation
    • 0-RTT
  • Certificate
    • Trust chain of certificate
    • Public key of certificate
    • Signature of certificate
    • Domain name on certificate
• Security options
  • HTTP security headers
    • X-Frame-Options
    • X-Content-Type-Options
    • Content-Security-Policy
    • Referrer-Policy
• Route authorisation (RPKI)
  • Name servers of domain
    • Route Origin Authorisation existence
    • Route announcement validity
  • Web server
    • Route Origin Authorisation existence
    • Route announcement validity

Looking to the Future

With a modern platform and consolidated services, CityRider is better positioned to explore the future of the internet.