We're on Discord! Please join our server now if you don't want to miss anything! (More info) | Join the UCC4 contest! (More info)

* WalrusIRC & Discord main room

If you have a forum account, have more than 4 posts and are not part of a restricted usergroup, then you can chat in our main Discord server room directly from here and continue using the forums at the same time. Or you can join our server directly and access many more discussion rooms!

Poll

Should we kill HTTP access support on CW and make the site HTTPS-only for security?

Yes
18 (85.7%)
No
3 (14.3%)

Total Members Voted: 21

Author Topic: Killing HTTP support on CodeWalrus (site would become HTTPS-only)  (Read 16954 times)

0 Members and 1 Guest are viewing this topic.

Offline Lionel Debroux

  • Full User
  • Join Date: Jan 2015
  • Location:
  • Posts: 241
  • Post Rating Ratio: +11/-0
    • debrouxl
    • 58/5891
Quote
What is the problem of letting people use HTTP if they want to?
The problem is, by now, there's no good reason to want to use HTTP ;)
And the fact that HTTP remains accessible (beyond permanent redirection to HTTP upon first request, that is), for users who want to use HTTP despite the fact that it's a bad thing, is a threat to the privacy of other unwitting users, those who are not yet aware of what's at stake.
Compatibility with thoroughly obsolete, long-unmaintained platforms (as are most smartphones and tablets, unfortunately) is a liability, not an asset. The right thing to do is to push these out of the way, not try and remain compatible with these pieces of junk (which already can't access a growing number of sites following best security practices, anyway). Our community has already done the right thing, with four of the five major sites using high-grade TLS settings. One of these four is pretty much dead due to its staff's behaviour, but still.

Remember, you never know what the surveillance state collecting information through pervasive monitoring (of network connections, of unique IDs drawn onto paper by printers, etc.) can use against you in the future. Anything which makes the surveillance state's job harder (slower, more costly) is a good thing. Let's Encrypt is a fantastic tool for widening the use of encrypted communications on the Web. On a more normative ground, the "Pervasive monitoring is an attack" RFC strongly suggests, if not mandates, that all future standardized protocols build defenses against surveillance state methods.
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TIEmu and TILP.
Co-admin of TI-Planet.

Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
I think DarkestEx's main concern is that HTTPS is extremely slow on his Internet connection, especially on CodeWalrus. But it isn't necessarily our fault, but rather ISP's in Germany. Or perhaps the German government just gets SSL connections through a filter? Or is that 100% impossible? That said, maybe they just throttles SSL connections on purpose to discourage their use. IIRC some governments even wanted to make encryption illegal.

But the thing is that this is 2016, not 1996. People have to adapt, especially that maybe, one day, new browsers will ditch HTTP support entirely.

According to the poll, it looks like we will focus on HTTPS support, but not block HTTP access entirely. Instead, HTTP users will login to CW at their own risk (if any) and CW staff will be asked to only use HTTPS to avoid site defacement.
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline DarkestEx

  • Super User
  • Join Date: Jan 2015
  • Location: Germany
  • Posts: 1346
  • Post Rating Ratio: +11/-2
    • @0xbmuessig
    • @muessigb
  • Gender: Male
I think DarkestEx's main concern is that HTTPS is extremely slow on his Internet connection, especially on CodeWalrus. But it isn't necessarily our fault, but rather ISP's in Germany. Or perhaps the German government just gets SSL connections through a filter? Or is that 100% impossible? That said, maybe they just throttles SSL connections on purpose to discourage their use. IIRC some governments even wanted to make encryption illegal.

But the thing is that this is 2016, not 1996. People have to adapt, especially that maybe, one day, new browsers will ditch HTTP support entirely.

According to the poll, it looks like we will focus on HTTPS support, but not block HTTP access entirely. Instead, HTTP users will login to CW at their own risk (if any) and CW staff will be asked to only use HTTPS to avoid site defacement.
SSL isn't particularly slow here nor is CW but it used to be for a few weeks. I don't think the connections are filtered or slowed down as it only applied to CW when it it was.

I don't like having features removed and I don't think http will ever be removed from browsers for compatibility.
  • Calculators owned: TI-84+, Casio 101-S, RPN-Calc, Hewlett-Packard 100LX, Hewlett-Packard 95LX
  • Consoles, mobile devices and vintage computers owned: Original Commodore 64C, Tektronix AWG2021, IBM X60s, IBM X60t, C64 DTV, Nintendo GameBoy Color, Nintendo GameCube, Xbox 360

Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
Ah ok, I thought it might have been due to some government bans or something.

And yeah we don't plan to remove any features unless nobody uses them. And even then we would ask users and if it involved data loss then we would at least make that data available in some forms.
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline Jkolade936

  • All Around Coolio
  • Super User
  • Join Date: Jan 2016
  • Location: Horseheads, NY
  • Posts: 1516
  • Post Rating Ratio: +9/-1
  • I'm an unknown loner. I try to change that.
    • Jkolade936
    • My Sprites and Walrii Collection
  • Gender: Male
And I think I'll be okay with this even when browsing from my Nokia. Apparently, I've been using HTTPS this whole time. :-|
  • Calculators owned: None of them. :'(
Does this qualify as a signature? 
The answer is "Sure."


Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
Does the entire site load fine on your side?

EDIT: on the topic of Nokia:

http://i1.kym-cdn.com/photos/images/facebook/000/232/787/4aa.jpg
« Last Edit: May 04, 2016, 01:22:50 am by DJ Omnimaga »
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline Jkolade936

  • All Around Coolio
  • Super User
  • Join Date: Jan 2016
  • Location: Horseheads, NY
  • Posts: 1516
  • Post Rating Ratio: +9/-1
  • I'm an unknown loner. I try to change that.
    • Jkolade936
    • My Sprites and Walrii Collection
  • Gender: Male
All but GIFs, which appear as non-moving images that must be downloaded to see movement. Like :walrii: . I can only see his first frame.

And I'm not sure what that picture is trying to say... :-|

EDIT: IRC also doesn't load for me. Stays on loading page and doesn't move on. Slows down the webpage.
« Last Edit: May 05, 2016, 02:15:11 am by Dudeman313 »
  • Calculators owned: None of them. :'(
Does this qualify as a signature? 
The answer is "Sure."


Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
That picture is a reference to an old Nokia 3310 meme. That phone is notorious for being nearly indestructible and somewhat heavy so people made lots of jokes about it and it spread on the Internet years ago. :P


Also at least you can see the :walrii: but it's a shame you can't use IRC.
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline DarkestEx

  • Super User
  • Join Date: Jan 2015
  • Location: Germany
  • Posts: 1346
  • Post Rating Ratio: +11/-2
    • @0xbmuessig
    • @muessigb
  • Gender: Male
All but GIFs, which appear as non-moving images that must be downloaded to see movement. Like :walrii: . I can only see his first frame.

And I'm not sure what that picture is trying to say... :-|

EDIT: IRC also doesn't load for me. Stays on loading page and doesn't move on. Slows down the webpage.
Just get a new phone. You can get the Moto E for under 80€. There are even cheaper offers if you buy them used.
  • Calculators owned: TI-84+, Casio 101-S, RPN-Calc, Hewlett-Packard 100LX, Hewlett-Packard 95LX
  • Consoles, mobile devices and vintage computers owned: Original Commodore 64C, Tektronix AWG2021, IBM X60s, IBM X60t, C64 DTV, Nintendo GameBoy Color, Nintendo GameCube, Xbox 360

Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
The problem @DarkestEx is I doubt his parents agree with you.
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline DarkestEx

  • Super User
  • Join Date: Jan 2015
  • Location: Germany
  • Posts: 1346
  • Post Rating Ratio: +11/-2
    • @0xbmuessig
    • @muessigb
  • Gender: Male
The problem @DarkestEx is I doubt his parents agree with you.
Some parents are just stupid moroons when it comes to certain things and I don't just mean phones.
  • Calculators owned: TI-84+, Casio 101-S, RPN-Calc, Hewlett-Packard 100LX, Hewlett-Packard 95LX
  • Consoles, mobile devices and vintage computers owned: Original Commodore 64C, Tektronix AWG2021, IBM X60s, IBM X60t, C64 DTV, Nintendo GameBoy Color, Nintendo GameCube, Xbox 360

Offline Streetwalrus

  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location:
  • Posts: 2903
  • Post Rating Ratio: +20/-0
I don't think you're the one to decide how parents should educate their children. You can do what you want with yours, but dudeman is only 12, which is pretty young for having a smartphone at all. It's not only a matter of money. I didn't even have a cellphone till I was 16 myself.
« Last Edit: May 09, 2016, 09:09:31 pm by Streetwalrus »

Offline aeTIos

  • Dabbler in C
  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location: Ede, NL
  • Posts: 1049
  • Post Rating Ratio: +12/-0
  • hi
    • r_vdijk
    • /u/aetios
    • aetios
  • Gender: Male
SSL isn't particularly slow here nor is CW but it used to be for a few weeks. I don't think the connections are filtered or slowed down as it only applied to CW when it it was.

I don't like having features removed and I don't think http will ever be removed from browsers for compatibility.
While it's not likely that http will be removed from browsers, it is very likely that webservers will lose http support thus killing its usage off to a minimum. The web is an unsafe place, that should be better. I forgot if I already stated my opinion on the matter but I'd all for removing http support. Thing is that I don't want to break the site experience for people.
ceci n'est pas une signature

Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
I don't think you should meddle in how parents educate their children. You can do what you want with yours, but dudeman is only 12, which is pretty young for having a smartphone at all. It's not only a matter of money. I didn't even have a cellphone till I was 16 myself.
Nah the issue with Dudeman313 parents is not smartphone restrictions, but rather the fact he is not allowed to play any video game at all, not even Tetris, Kirby, Mario Paint nor Wii Sports. It's not like those games are violent at all. Games are rated 6+ or 10+ in North America and the violent ones are rated higher. He is not allowed to frequent game-related forums at all either, even though in USA the legal age to sign up on a forum is 13 (and Dudeman313 now meets the legal age). From 8 to 15 years old I could play video games between 30 and 60 minutes per day. But yeah I guess it's their decision.
SSL isn't particularly slow here nor is CW but it used to be for a few weeks. I don't think the connections are filtered or slowed down as it only applied to CW when it it was.

I don't like having features removed and I don't think http will ever be removed from browsers for compatibility.
While it's not likely that http will be removed from browsers, it is very likely that webservers will lose http support thus killing its usage off to a minimum. The web is an unsafe place, that should be better. I forgot if I already stated my opinion on the matter but I'd all for removing http support. Thing is that I don't want to break the site experience for people.
Yeah this is why I think we should wait. I brought up the topic in case just the action of leaving it enabled was a security threat even for people who don't use it.
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline DarkestEx

  • Super User
  • Join Date: Jan 2015
  • Location: Germany
  • Posts: 1346
  • Post Rating Ratio: +11/-2
    • @0xbmuessig
    • @muessigb
  • Gender: Male
I don't think you're the one to decide how parents should educate their children. You can do what you want with yours, but dudeman is only 12, which is pretty young for having a smartphone at all. It's not only a matter of money. I didn't even have a cellphone till I was 16 myself.
That's not not point I am trying to make. Some parents are just over caring like forbidding their child to accept physical prices or similar things. While I bought my first cellphone with 13, I was forced to do so and personally didn't need one at the time. I can totally give my 50 cents here if I want to. And there are a ton of stupid parents out there, trust me there. My ones care enough but a still not too annoying. There are parents giving gun lessons to their children in murrica and ot letting their 11 year old son play 18+ titles.
  • Calculators owned: TI-84+, Casio 101-S, RPN-Calc, Hewlett-Packard 100LX, Hewlett-Packard 95LX
  • Consoles, mobile devices and vintage computers owned: Original Commodore 64C, Tektronix AWG2021, IBM X60s, IBM X60t, C64 DTV, Nintendo GameBoy Color, Nintendo GameCube, Xbox 360

 


You can also use the following HTML or bulletin board code to share it on your page or forum signature!


Also do not forget to check our affiliates below.
Planet Casio TI-Planet Calc.news BroniesQC BosaikNet Velocity Games