The Flat Earth Society
The Flat Earth Society => Suggestions & Concerns => Topic started by: Rushy on September 14, 2014, 04:38:48 AM
-
As I'm not technically inclined to networking, how difficult would it be to have some form of secure connection, such as SSL/HTTPS? I can't login to the site from certain terminals because they run through a server that will reject unencrypted connections.
-
This is something I've been meaning to get set up for a while. I'll try get around to it soon, if it's causing access problems.
-
It's not a big deal, just wanted to throw it out there. I probably shouldn't be on here at work anyway.
-
This is now underway. I'd expect to have it sorted by the end of this month.
-
Won't performance suffer if everything is encrypted?
-
Won't performance suffer if everything is encrypted?
Do you notice when you log into your bank?
-
Won't performance suffer if everything is encrypted?
Do you notice when you log into your bank?
Yes. It takes like 15 seconds.
-
Yes. It takes like 15 seconds.
Do you ever login to a bank with a non-shitty website?
-
Yes. It takes like 15 seconds.
Do you ever login to a bank with a non-shitty website?
Good one. Okay, it's more like 6 or 7 seconds. It's simply a fact that load times will increase if the entire site is hosted through HTTPS. Whether or not the difference is negligible is debatable.
-
Yes. It takes like 15 seconds.
Do you ever login to a bank with a non-shitty website?
Good one. Okay, it's more like 6 or 7 seconds. It's simply a fact that load times will increase if the entire site is hosted through HTTPS. Whether or not the difference is negligible is debatable.
Is performance suffering the same as negligible?
-
Good one. Okay, it's more like 6 or 7 seconds. It's simply a fact that load times will increase if the entire site is hosted through HTTPS. Whether or not the difference is negligible is debatable.
Just go to one of your favorite sites and turn HTTPS on then tell me if you notice any actual latency difference. Reddit is a good example since either adding or deleting HTTPS:// before www.reddit.com will change the connection type.
-
Won't performance suffer if everything is encrypted?
Yes, but I don't intend to make encryption mandatory. It will be an option for those who want to use it (and possibly used by default for the registration and login forms, we'll decide that once we actually have HTTPS in place).
-
This is now underway. I'd expect to have it sorted by the end of this month.
As you'd have noticed, this wasn't done by the end of the month. At this point, I have no direct control over the process; I'm verifying my address with the SSL certificate provider, but the thing they've sent me to confirm it hasn't arrived yet. I wouldn't expect it to be too much longer, though, and once that's out of the way it's a strictly technical process.
-
Let's just hope that the notorious hacker 4chan doesn't hack us in the meantime.
-
Let's just hope that the notorious hacker 4chan doesn't hack us in the meantime.
But I'm already here.
-
They will get you with Lunix every time; damn hackers.
-
Good news: The postal article I was awaiting has arrived, and I am now in possession of it. I should be able to set this up when I get home tonight.
-
Done:
https://forum.tfes.org/
Completely optional at this point, and some links still go to HTTP versions of pages (mainly links we've added; SMF itself seems to do the right thing here for once). Enjoy your secure browsing.
I'll put up a proper announcement if there are no major issues reported within a day or two.
-
Done:
https://forum.tfes.org/
Completely optional at this point, and some links still go to HTTP versions of pages (mainly links we've added; SMF itself seems to do the right thing here for once). Enjoy your secure browsing.
I'll put up a proper announcement if there are no major issues reported within a day or two.
Oh goodie, I can post at work now. You've made a terrible mistake.
Thanks.
-
The heart isn't even bleeding. Thanks, Parsifal.
-
Not really a big deal, but when I have a secure connection enabled, the forum seems to think my own posts are "new" in threads. This doesn't happen with a normal connection, so I'm guessing it is related to the new feature.
-
Not really a big deal, but when I have a secure connection enabled, the forum seems to think my own posts are "new" in threads. This doesn't happen with a normal connection, so I'm guessing it is related to the new feature.
This happens to me as well.
-
Not really a big deal, but when I have a secure connection enabled, the forum seems to think my own posts are "new" in threads. This doesn't happen with a normal connection, so I'm guessing it is related to the new feature.
Yeah, I've noticed the same thing. I'll look into it when I have some time.
-
Not really a big deal, but when I have a secure connection enabled, the forum seems to think my own posts are "new" in threads. This doesn't happen with a normal connection, so I'm guessing it is related to the new feature.
Yeah, I've noticed the same thing. I'll look into it when I have some time.
It took me a while, but I got there.
https://github.com/TheFlatEarthSociety/forum.tfes.org/commit/aefc947c1829997fadf172bc19defdf6cd51818a
This was a nightmare to track down, but your posts will no longer be considered unread. Anyone interested is invited to test over HTTPS and report any brokenness. I'll probably switch to requiring HTTPS at some stage if there are no more problem reports.
Edit: I've now reported (http://www.simplemachines.org/community/index.php?topic=542245) the bug to the SMF devs. Hopefully it will be fixed in a future release.
-
It took me a while, but I got there.
Most people consider the term "a while" to vaguely reference a timeframe that isn't over a year.
Thanks, though.
-
Most people consider the term "a while" to vaguely reference a timeframe that isn't over a year.
Thanks, though.
w0w rude
-
Most people consider the term "a while" to vaguely reference a timeframe that isn't over a year.
Thanks, though.
w0w rude
I said thanks, that's as polite as it's gonna get, bucko.