*

Offline Toddler Thork

  • *
  • Posts: 2606
  • I am Toddler Thork. Hear me roar!
    • View Profile
Library not on https
« on: March 10, 2020, 08:31:15 AM »
Not sure why the SSL certificate doesn't extend to library.tfes.org, but being as it does extend to both forum.tfes.org and wiki.tfes.org, it's a bit odd.

Needless to say my browser freaks out and informs me that my computer will get coronavirus if I download any of the resources, making me less likely to do so.

Kind Regards,

Dr David Thork
Rate this post.      👍 6     👎 1

*

Offline Пардисфла

  • Administrator
  • *****
  • Posts: 6015
  • Professional computer somebody
    • View Profile
Re: Library not on https
« Reply #1 on: March 10, 2020, 09:23:28 AM »
The library hosts only public files, so there is limited value in having TLS there. Your browser is a hypochondriac.

The reason why our normal X.509 certificate does not apply to the library is that the library is hosted on S3, separately from our other services.

That said, there is no harm in having it. I'll look into it sometime as a low priority.
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Toddler Thork

  • *
  • Posts: 2606
  • I am Toddler Thork. Hear me roar!
    • View Profile
Re: Library not on https
« Reply #2 on: March 10, 2020, 09:49:08 AM »
The library hosts only public files, so there is limited value in having TLS there.
They are downloads and html pages.

I know this website isn't malicious. Do the people who just happen upon it, know that? Does google believe that? Its just about trust. Something tfes.org usually gets right.

Your browser is a hypochondriac.
I said as much in my OP. But not everyone who comes to our site is tech savvy and nor do they know that clicking on a link hosted here will be fine. They might choose to believe their browser over the website where there are people telling them the world is flat.

The reason why our normal X.509 certificate does not apply to the library is that the library is hosted on S3, separately from our other services.

That said, there is no harm in having it. I'll look into it sometime as a low priority.
Its been like this for years. Of course it is low priority ... but a little continued improvement is always welcome. We don't want to stop fixing things, otherwise you end up with a mess like the Davis/Shenton crap hole.

We may also find that google looks a little more kindly on some of our resource pages when it comes to serving search results.

ttfn
Rate this post.      👍 6     👎 1

*

Offline Пардисфла

  • Administrator
  • *****
  • Posts: 6015
  • Professional computer somebody
    • View Profile
Re: Library not on https
« Reply #3 on: March 10, 2020, 12:16:55 PM »
I know this website isn't malicious. Do the people who just happen upon it, know that? Does google believe that? Its just about trust. Something tfes.org usually gets right.

HTTPS makes no difference if the website is malicious. Indeed, if you don't trust the website owner, then HTTPS is entirely useless for security. What's the difference between fetching content from someone you know you don't trust, and a third party you don't trust?

HTTPS is only useful for protection against malicious third parties, as well as for a small boost to user privacy. If the party you want to talk to is malicious, all bets are off.

We may also find that google looks a little more kindly on some of our resource pages when it comes to serving search results.

Yes, Google is well known for bullying smaller websites into falling in line with their hype of the month.
« Last Edit: March 10, 2020, 12:21:52 PM by Parsifal »
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 10820
  • (>^_^)> it's propaganda time (◕‿◕✿)
    • View Profile
    • The Flat Earth Society
Re: Library not on https
« Reply #4 on: March 10, 2020, 04:29:29 PM »
HTTPS is only useful for protection against malicious third parties, as well as for a small boost to user privacy.
While you are obviously correct here, the third party scenario is a decent rationale to move to HTTPS. I do agree that the benefits wouldn't be massive, and that it could/should be treated as low-priority, but it's an improvement nonetheless.

Plus, you know I love to butter Google up.
Read the FAQ before asking your question - chances are we've already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!


*mic stays stationary and earth accelerates upwards towards it*