I might be confusing them for someone else. American, right?
My quote was from the old DT Club Meeting 2015 thread where Matteo managed to get someone to speak up in favour of dodgy certificate authorities. Criminy Pete…
Enabling HTTPS?
-
SL89
- ‽
- Location: Massachusetts, USA
- Main keyboard: CODE 104
- Main mouse: Logitech M570
- Favorite switch: Cherry MX Green
- DT Pro Member: 0095
People clearly want https, and yet Mu keeps ribbing on 'zomg how do we pay for it' and 'no cert is better then a bad cert' despite not knowing the ins and outs himself. I'm sure the cert can be paid for, we have how many club members paying how much annually? And regarding the provider, I have to imagine that almost no effort has been spent on actually looking into it, while much ado has gone into decrying the desire for https.
-
Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
You underestimate the effort required to get a good rant out of me! It's very nearly zero. Implementing https across our highly customized and now unfortunately deprecated phpbb installation is worth about 7 lifetimes of my background grumblings combined, at a guess.
-
SL89
- ‽
- Location: Massachusetts, USA
- Main keyboard: CODE 104
- Main mouse: Logitech M570
- Favorite switch: Cherry MX Green
- DT Pro Member: 0095
Ok, well how about we talk about specifics of how much it would cost, how hard it would be to implement and which specific providers we can narrow it down. There was a vote in favor of it right?
edit: I know we have spoken of some specifics but we keep getting sidetracked by a plethora of what-ifs and other stuff instead of actual specifics.
edit: I know we have spoken of some specifics but we keep getting sidetracked by a plethora of what-ifs and other stuff instead of actual specifics.
-
Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
The trouble is we have just one guy who handles all of this stuff. You may have heard of him. And he's retiring this year. So far we have no idea who will replace him, and we haven't decided where to go now our phpbb branch is obsolete, or indeed who has the technical wherewithal to have an opinion that deserves consideration.
One of the reasons DT is so stable is because I don't monkey around with it. Top notch dev work is required. Aplenty. Quite besides https.
I agree that talk without action is pointless. I think Webwit needs to find his successor, tap him on the shoulder, and utter the appropriate incantation. Preferably somewhere imposing and creepy…
One of the reasons DT is so stable is because I don't monkey around with it. Top notch dev work is required. Aplenty. Quite besides https.
I agree that talk without action is pointless. I think Webwit needs to find his successor, tap him on the shoulder, and utter the appropriate incantation. Preferably somewhere imposing and creepy…
-
SL89
- ‽
- Location: Massachusetts, USA
- Main keyboard: CODE 104
- Main mouse: Logitech M570
- Favorite switch: Cherry MX Green
- DT Pro Member: 0095
That is a whole 'nother can of worms. I had no idea that Webwit was on his way out, can you link me to the relevant thread regarding that?
I appreciate that you don't monkey around with it, knowing limitations is more better then blundering forward and blowing things up.
If the hunt is on for a successor then all of this is a moot point until that happens. Are we looking internally, externally, hired gun? I mean, if we are that deprecated that https implementation is a herculean task then whoever gets tapped has quite the welcome party awaiting him.
I appreciate that you don't monkey around with it, knowing limitations is more better then blundering forward and blowing things up.
If the hunt is on for a successor then all of this is a moot point until that happens. Are we looking internally, externally, hired gun? I mean, if we are that deprecated that https implementation is a herculean task then whoever gets tapped has quite the welcome party awaiting him.
-
seebart
- Offtopicthority Instigator
- Location: Germany
- Main keyboard: Rotation
- Main mouse: Steelseries Sensei
- Favorite switch: IBM capacitive buckling spring
- DT Pro Member: 0061
- Contact:
Someone with the necessary skills for one.
I'm pretty sure we have DT users with those skills but it involves actual work and time.
Last edited by seebart on 01 Jan 2016, 18:30, edited 1 time in total.
-
Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
Here:
http://deskthority.net/club-discussions ... ml#p269257
Having just reread it, I see Webwit said he'd like to retire from DT's technical lead if there are strong candidates to replace him. Which indicates he won't retire if no one any good stands up! But he has less time these days, and the technical debt we've built up on this old phpbb branch is large and growing. So there's still a reckoning ahead. We really do need more than one duck on all this!
http://deskthority.net/club-discussions ... ml#p269257
Having just reread it, I see Webwit said he'd like to retire from DT's technical lead if there are strong candidates to replace him. Which indicates he won't retire if no one any good stands up! But he has less time these days, and the technical debt we've built up on this old phpbb branch is large and growing. So there's still a reckoning ahead. We really do need more than one duck on all this!
-
ramnes
- ПБТ НАВСЕГДА
- Location: France
- Main keyboard: KMAC LE
- Main mouse: Zowie AM
- Favorite switch: GPL 104 lubed 62g nixies
- DT Pro Member: -
Enabling HTTPS should be something like one or two lines to add in the web server configuration, I don't understand why we are talking about development work here.
-
Madhias
- BS TORPE
- Location: Wien, Austria
- Main keyboard: HHKB
- Main mouse: Wacom tablet
- Favorite switch: Topre and Buckelings
- DT Pro Member: 0064
- Contact:
When I had my webpage running it was just copying the content from /httpdocs to /httpsdocs
-
matt3o
- -[°_°]-
- Location: Italy
- Main keyboard: WhiteFox
- Main mouse: Anywhere MX
- Favorite switch: Anything, really
- DT Pro Member: 0030
- Contact:
I can technically do it as an emergency measure if webwit can't and we find no one else.
the problem that still stands is that 50% of the pages would still have mixed content (namely external images) that will cause the browser to whine.
the problem that still stands is that 50% of the pages would still have mixed content (namely external images) that will cause the browser to whine.
-
webwit
- Wild Duck
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
- Contact:
Let's first install a cert and Apache rules to do the following: if on https, rewrite http://deskthority.net* requests to https. Then we'll tackle issues. After this is done, we redirect everything on http to https.
I think external images don't cause a problem. I just installed https on my own server and tested it on three browsers, and it just changes the green color and/or lock icon on the address bar. Please test yourself:
https://server1.webwit.nl/test.html (with insecure image)
https://server1.webwit.nl/test2.html (no insecure image)
I think this is only for images, so maybe our youtube script will fail, I'll test that as well.
I think external images don't cause a problem. I just installed https on my own server and tested it on three browsers, and it just changes the green color and/or lock icon on the address bar. Please test yourself:
https://server1.webwit.nl/test.html (with insecure image)
https://server1.webwit.nl/test2.html (no insecure image)
I think this is only for images, so maybe our youtube script will fail, I'll test that as well.
-
matt3o
- -[°_°]-
- Location: Italy
- Main keyboard: WhiteFox
- Main mouse: Anywhere MX
- Favorite switch: Anything, really
- DT Pro Member: 0030
- Contact:
that's good!
isn't youtube over https already? shouldn't be an issue at all (unless the script links to a not protected domain)
isn't youtube over https already? shouldn't be an issue at all (unless the script links to a not protected domain)
-
webwit
- Wild Duck
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
- Contact:
This was implemented earlier today.
-
seebart
- Offtopicthority Instigator
- Location: Germany
- Main keyboard: Rotation
- Main mouse: Steelseries Sensei
- Favorite switch: IBM capacitive buckling spring
- DT Pro Member: 0061
- Contact:
-
matt3o
- -[°_°]-
- Location: Italy
- Main keyboard: WhiteFox
- Main mouse: Anywhere MX
- Favorite switch: Anything, really
- DT Pro Member: 0030
- Contact:
\o/
-
flabbergast
- Location: Southampton, UK
- DT Pro Member: 0120
- Contact:
Very nice, thanks webwit!
-
webwit
- Wild Duck
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
- Contact:
I changed the url we've registered there to https but it still gives an error. Submitted a support ticket. I bet they'll tell me to update to the latest version.
-
Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
Seems to work on everything I try. Nicely done!
I'd still like glass teletype access, but it's not a top priority…
I'd still like glass teletype access, but it's not a top priority…
-
bhtooefr
- Location: Newark, OH, USA
- Main keyboard: TEX Shinobi
- Main mouse: TrackPoint IV
- Favorite switch: IBM Selectric (not a switch, I know)
- DT Pro Member: 0056
- Contact:
Well, we haven't lost Lynx:
(Just build your Lynx with SSL, which in FreeBSD's port, is default.)
(Just build your Lynx with SSL, which in FreeBSD's port, is default.)
-
webwit
- Wild Duck
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
- Contact:
Only problem is IE on Windows XP:
https://en.wikipedia.org/wiki/Server_Name_Indication
(In short, we have multiple domains on one IP, deskthority.net, deskthority.com and deskthority.org, and SNI makes this possible if you run https on one of them, but IE on XP doesn't support that, it expects a unique IP for https. This could cause some intruding warnings.).
However according to our visitor stats, almost no one (< 0.01%) uses IE and XP.
https://en.wikipedia.org/wiki/Server_Name_Indication
(In short, we have multiple domains on one IP, deskthority.net, deskthority.com and deskthority.org, and SNI makes this possible if you run https on one of them, but IE on XP doesn't support that, it expects a unique IP for https. This could cause some intruding warnings.).
However according to our visitor stats, almost no one (< 0.01%) uses IE and XP.
