HTTPS

What's Hot
This is more a message for the admin team, but I wasn't sure who would be in charge of this sort of thing.

In July, Chrome is going to start marking all HTTP sites as Insecure and I feel this might negatively affect the forum.

Is there any plans to migrate to HTTPS?
0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
«1

Comments

  • wibblewibble Frets: 1083
    It's a 5 min job with letsencrypt, altough I suspect a few links need to be fixed for mixed content warnings

    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • prowlaprowla Frets: 4896
    Plain http should be being phased out in general.
    (IMHO)
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • olafgartenolafgarten Frets: 1648
    Yeah, I imagine the main issue will be image links, they should be loaded through a proxy page setup on the site to serve them over https
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • BigMonkaBigMonka Frets: 1763
    Always be yourself! Unless you can be Batman, in which case always be Batman.
    My boss told me "dress for the job you want, not the job you have"... now I'm sat in a disciplinary meeting dressed as Batman.
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • digitalscreamdigitalscream Frets: 26458
    edited April 2018
    To answer all the possible questions on this...

    Did you know about this?
    Yes, we're aware.

    Why don't you just put a cert on it? It's a few minutes' work.
    No, it's not. The forum software doesn't work with HTTPS yet, because of moronic PHP developers who can't get their heads around simple stuff. Unless you'd like to use a forum without an editor, without images and without any kind of media embedding capability (and that's just the start).

    Are you going to do anything about it?
    Yes, it'll be sorted. There are only a few components left which I need to fix, but they're pretty fundamental to the operation of the site (like the editor, for example).

    So the site will be totally HTTPS-happy?
    No, we're not going to be able to escape the warnings totally, because the very nature of a forum where people can embed content means mixed content has to be considered an acceptable compromise.

    Can I help?
    At this point, it would be more time-intensive to have a volunteer join in, because the codebase is quite sprawling and takes ages to get the hang of. It would mean me checking over the volunteer's work with a fine-toothed comb, which is pretty much the same as doing it myself in the first place.

    What's the plan?
    Right now, there are a number of options - one of them is moving to the latest version of Vanilla and then re-implementing all of our changes to it (since they won't accept anybody's fixes - not exactly ideal, in an open source project), and then fixing all of the plugins to make them HTTPS-safe. This also means jumping two PHP versions, which doesn't fill me with joy either. This would probably fix our ReCAPTCHA issues too.

    The other option is to carry on patching the version we have in the hope that we can get something HTTPS-safe out there. When? Soon (tm).
    <space for hire>
    0reaction image LOL 1reaction image Wow! 3reaction image Wisdom
  • randellarandella Frets: 4088
    wibble said:
    It's a 5 min job 

    The only five-minute jobs in software are the ones that have been time-estimated by someone in HR. 
    1reaction image LOL 0reaction image Wow! 9reaction image Wisdom
  • webrthomsonwebrthomson Frets: 1029
    randella said:
    wibble said:
    It's a 5 min job 

    The only five-minute jobs in software are the ones that have been time-estimated by someone in HR. 
    or sales :)
    0reaction image LOL 0reaction image Wow! 4reaction image Wisdom
  • randellarandella Frets: 4088
    edited April 2018
    randella said:
    wibble said:
    It's a 5 min job 

    The only five-minute jobs in software are the ones that have been time-estimated by someone in HR. 
    or sales
    @webrthomson - thankfully we don’t have any of those at my current place. I do have fond memories of other organisations that did though. “Weekends? You’re in web dev now, bitch!” ;)
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • webrthomsonwebrthomson Frets: 1029
    randella said:
     “Weekends? You’re in web dev now, bitch!” ;)
    :) just spat my tea out reading that - been there too!!!
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • frownfrown Frets: 32
    Still not HTTPS a year later?
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • darthed1981darthed1981 Frets: 11673
    frown said:
    Still not HTTPS a year later?
    Lee (digitalscream) pretty much codes this place by himself, for no financial gain, in his spare time.  He has had a load of stuff to deal with as well.

    I can live with a few warnings in chrome to cut him some slack ;)
    We have to be so very careful, what we believe in...
    0reaction image LOL 0reaction image Wow! 4reaction image Wisdom
  • digitalscreamdigitalscream Frets: 26458
    frown said:
    Still not HTTPS a year later?
    No, because there are only two solutions:

    1 - Upgrade to the latest version of Vanilla. That would, under normal circumstances, take about three months of testing and rewriting shitty code, and rebuilding the server with new versions of practically everything.
    2 - Write something better. That would, under normal circumstances, take about three months of development.

    Unfortunately, I've had...rather a lot to deal with in the last year with many implosions in my personal life. Things are gradually getting back to normal, and work will restart on the rewrite next month.
    <space for hire>
    0reaction image LOL 0reaction image Wow! 2reaction image Wisdom
  • digitalscreamdigitalscream Frets: 26458
    frown said:
    Still not HTTPS a year later?
    Lee (digitalscream) pretty much codes this place by himself, for no financial gain, in his spare time.  He has had a load of stuff to deal with as well.

    I can live with a few warnings in chrome to cut him some slack ;)
    Thank you :)
    <space for hire>
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • KittyfriskKittyfrisk Frets: 18385
    Sounds like training some help might be appropriate?
    “Always two there are, no more, no less. A Master and an apprentice.” 

    Hope things look up for you soon.
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • digitalscreamdigitalscream Frets: 26458
    *cough*
    <space for hire>
    0reaction image LOL 0reaction image Wow! 1reaction image Wisdom
  • sixstringsuppliessixstringsupplies Frets: 429
    tFB Trader
    *cough*
    Ah good stuff. Well done. I converted my website over to https last year and it was an utter ballache. I can’t begin to imagine how it was with the fretboard and the endless pages...
    For Modders, Makers, Players

    https://sixstringsupplies.co.uk/

    Our YouTube Channel for handy "How-To" Wiring Tutorials
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • digitalscreamdigitalscream Frets: 26458
    *cough*
    Ah good stuff. Well done. I converted my website over to https last year and it was an utter ballache. I can’t begin to imagine how it was with the fretboard and the endless pages...
    I had another stab at it earlier in the week, and by sheer luck found a couple of Vanilla "features" which seemed like they might be causing a bit of an issue. Then there was a bastardised version of a Javascript library that wasn't playing ball, and suddenly...it works :)

    That doesn't mean I won't be finishing the rewrite. It just means I can get you lot off my back while I do it :D
    <space for hire>
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • sixstringsuppliessixstringsupplies Frets: 429
    tFB Trader
    I can only repeat, well done again :) I think I had to remove every non https element on mine (every link, every external link, hosted photo/diagram. It took a solid day and a half non-stop. 
    For Modders, Makers, Players

    https://sixstringsupplies.co.uk/

    Our YouTube Channel for handy "How-To" Wiring Tutorials
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • FunkfingersFunkfingers Frets: 14323
    digitalscream said:
    suddenly...it works :)
    Is this why the default typeface has changed?
    Be seeing you.
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
Sign In or Register to comment.