SSL upgrade

This forum is for announcements about the site and the board, "how to" information, etc. Some topics will allow discussion, and some may have polls, but only moderators may post new topics.

Moderator: Groceteria

Post Reply
User avatar
Groceteria
Great Pumpkin
Posts: 1931
Joined: 04 Nov 2005 12:13
Location: In the breakroom
Contact:

SSL upgrade

Post by Groceteria »

I'm in the process of enabling SSL on the site (so you will not see all those "Not Secure" warnings. Things may look a little odd for a bit (e.g. images not loading properly) due to some glitches. I'm working on it.

The message board seems fine, FWIW.
User avatar
Groceteria
Great Pumpkin
Posts: 1931
Joined: 04 Nov 2005 12:13
Location: In the breakroom
Contact:

Re: SSL upgrade

Post by Groceteria »

Hopefully, this was all resolved by late Satutday.
User avatar
Andrew T.
Veteran
Posts: 689
Joined: 18 Oct 2007 14:26
Location: Minnesota's attic, Canada
Contact:

Re: SSL upgrade

Post by Andrew T. »

I was admittedly less than enthusiastic when the news about this first brewed several months ago. I'm glad you were able to pull this particular transition off without major disruption...but HTTP is the foundation of the open web and I've been very uncomfortable with the popular charge away from it.

Right now, site authors everywhere seem to be in a mad scramble to force HTTPS on visitors because Google has been threatening to downrank their websites in search results and flag them as "insecure" or "defective" in Chrome if they don't. It's disturbing that any company, much less an advertising company with a very dubious ethical record, has that kind of power. It's also disturbing that we're heading towards a web where the authority for validating a website is placed not with the site author, not with the visitor, but in the hands of anonymous entities like "DigiCert Inc." I know nothing about.

My other major concern with HTTPS is its epidemic of backwards-incompatibility. It wouldn't be so bad if HTTPS were a stable protocol that never changed, like HTTP...or if most servers behaved as they are supposed to, and go down a list of compatible protocols (TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0, SSL 2.0) to negotiate a connection that's compatible with the client. Sadly, that's not the case: Just a few days ago, RetailWatchers rolled out an implementation of HTTPS that appears to work with TLS 1.2 only. TLS 1.2 didn't even exist in most browsers five years ago...and if you try to visit their board on the most up-to-date releases of Firefox or SeaMonkey for Windows 2000 or PPC Macs, it'll look like this:
error.png
Groceteria fortunately doesn't have the same problem...for now. But I fear that Google will decide to flex their muscles and target multiprotocol-compatible HTTPS websites next, in the interest of coercing everyone to use Chrome on Windows 10 or an Android phone.

(Anyway, my chest feels lighter now...)
"The pale pastels which have been featured in most food stores during the past 20 years are no longer in tune with the mood of the 1970s."
Andrew Turnbull
klkla
Veteran
Posts: 364
Joined: 29 Jun 2006 18:39

Re: SSL upgrade

Post by klkla »

Andrew T. wrote: 27 Apr 2019 23:22It's also disturbing that we're heading towards a web where the authority for validating a website is placed not with the site author, not with the visitor, but in the hands of anonymous entities like "DigiCert Inc." I know nothing about.
What those companies do is verify the owner of site and then indemnify them for this purpose.

Https also make it harder for hackers to do bad things, as well.
Post Reply