I'm in the process of enabling SSL on the site (so you will not see all those "Not Secure" warnings. Things may look a little odd for a bit (e.g. images not loading properly) due to some glitches. I'm working on it.
The message board seems fine, FWIW.
SSL upgrade
Moderator: Groceteria
-
Groceteria
- Great Pumpkin
- Posts: 1840
- Joined: 04 Nov 2005 12:13
- Location: North Carolina
- Contact:
-
Groceteria
- Great Pumpkin
- Posts: 1840
- Joined: 04 Nov 2005 12:13
- Location: North Carolina
- Contact:
Re: SSL upgrade
I was admittedly less than enthusiastic when the news about this first brewed several months ago. I'm glad you were able to pull this particular transition off without major disruption...but HTTP is the foundation of the open web and I've been very uncomfortable with the popular charge away from it.
Right now, site authors everywhere seem to be in a mad scramble to force HTTPS on visitors because Google has been threatening to downrank their websites in search results and flag them as "insecure" or "defective" in Chrome if they don't. It's disturbing that any company, much less an advertising company with a very dubious ethical record, has that kind of power. It's also disturbing that we're heading towards a web where the authority for validating a website is placed not with the site author, not with the visitor, but in the hands of anonymous entities like "DigiCert Inc." I know nothing about.
My other major concern with HTTPS is its epidemic of backwards-incompatibility. It wouldn't be so bad if HTTPS were a stable protocol that never changed, like HTTP...or if most servers behaved as they are supposed to, and go down a list of compatible protocols (TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0, SSL 2.0) to negotiate a connection that's compatible with the client. Sadly, that's not the case: Just a few days ago, RetailWatchers rolled out an implementation of HTTPS that appears to work with TLS 1.2 only. TLS 1.2 didn't even exist in most browsers five years ago...and if you try to visit their board on the most up-to-date releases of Firefox or SeaMonkey for Windows 2000 or PPC Macs, it'll look like this:
Groceteria fortunately doesn't have the same problem...for now. But I fear that Google will decide to flex their muscles and target multiprotocol-compatible HTTPS websites next, in the interest of coercing everyone to use Chrome on Windows 10 or an Android phone.
(Anyway, my chest feels lighter now...)
Right now, site authors everywhere seem to be in a mad scramble to force HTTPS on visitors because Google has been threatening to downrank their websites in search results and flag them as "insecure" or "defective" in Chrome if they don't. It's disturbing that any company, much less an advertising company with a very dubious ethical record, has that kind of power. It's also disturbing that we're heading towards a web where the authority for validating a website is placed not with the site author, not with the visitor, but in the hands of anonymous entities like "DigiCert Inc." I know nothing about.
My other major concern with HTTPS is its epidemic of backwards-incompatibility. It wouldn't be so bad if HTTPS were a stable protocol that never changed, like HTTP...or if most servers behaved as they are supposed to, and go down a list of compatible protocols (TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0, SSL 2.0) to negotiate a connection that's compatible with the client. Sadly, that's not the case: Just a few days ago, RetailWatchers rolled out an implementation of HTTPS that appears to work with TLS 1.2 only. TLS 1.2 didn't even exist in most browsers five years ago...and if you try to visit their board on the most up-to-date releases of Firefox or SeaMonkey for Windows 2000 or PPC Macs, it'll look like this:
(Anyway, my chest feels lighter now...)
"The pale pastels which have been featured in most food stores during the past 20 years are no longer in tune with the mood of the 1970s."
Andrew Turnbull
Andrew Turnbull
Re: SSL upgrade
What those companies do is verify the owner of site and then indemnify them for this purpose.
Https also make it harder for hackers to do bad things, as well.