Alternatively, join us on Discord.

Killing HTTP support on CodeWalrus (site would become HTTPS-only)

Started by DJ Omnimaga, April 06, 2016, 11:49:19 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Should we kill HTTP access support on CW and make the site HTTPS-only for security?

Yes
18 (85.7%)
No
3 (14.3%)

Total Members Voted: 21

Lionel Debroux

QuoteWhat is the problem of letting people use HTTP if they want to?

The problem is, by now, there's no good reason to want to use HTTP ;)
And the fact that HTTP remains accessible (beyond permanent redirection to HTTP upon first request, that is), for users who want to use HTTP despite the fact that it's a bad thing, is a threat to the privacy of other unwitting users, those who are not yet aware of what's at stake.
Compatibility with thoroughly obsolete, long-unmaintained platforms (as are most smartphones and tablets, unfortunately) is a liability, not an asset. The right thing to do is to push these out of the way, not try and remain compatible with these pieces of junk (which already can't access a growing number of sites following best security practices, anyway). Our community has already done the right thing, with four of the five major sites using high-grade TLS settings. One of these four is pretty much dead due to its staff's behaviour, but still.

Remember, you never know what the surveillance state collecting information through pervasive monitoring (of network connections, of unique IDs drawn onto paper by printers, etc.) can use against you in the future. Anything which makes the surveillance state's job harder (slower, more costly) is a good thing. Let's Encrypt is a fantastic tool for widening the use of encrypted communications on the Web. On a more normative ground, the "Pervasive monitoring is an attack" RFC strongly suggests, if not mandates, that all future standardized protocols build defenses against surveillance state methods.
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TIEmu and TILP.
Co-admin of TI-Planet.

DJ Omnimaga

I think DarkestEx's main concern is that HTTPS is extremely slow on his Internet connection, especially on CodeWalrus. But it isn't necessarily our fault, but rather ISP's in Germany. Or perhaps the German government just gets SSL connections through a filter? Or is that 100% impossible? That said, maybe they just throttles SSL connections on purpose to discourage their use. IIRC some governments even wanted to make encryption illegal.

But the thing is that this is 2016, not 1996. People have to adapt, especially that maybe, one day, new browsers will ditch HTTP support entirely.

According to the poll, it looks like we will focus on HTTPS support, but not block HTTP access entirely. Instead, HTTP users will login to CW at their own risk (if any) and CW staff will be asked to only use HTTPS to avoid site defacement.

DarkestEx

Quote from: DJ Omnimaga on May 01, 2016, 07:15:28 am
I think DarkestEx's main concern is that HTTPS is extremely slow on his Internet connection, especially on CodeWalrus. But it isn't necessarily our fault, but rather ISP's in Germany. Or perhaps the German government just gets SSL connections through a filter? Or is that 100% impossible? That said, maybe they just throttles SSL connections on purpose to discourage their use. IIRC some governments even wanted to make encryption illegal.

But the thing is that this is 2016, not 1996. People have to adapt, especially that maybe, one day, new browsers will ditch HTTP support entirely.

According to the poll, it looks like we will focus on HTTPS support, but not block HTTP access entirely. Instead, HTTP users will login to CW at their own risk (if any) and CW staff will be asked to only use HTTPS to avoid site defacement.

SSL isn't particularly slow here nor is CW but it used to be for a few weeks. I don't think the connections are filtered or slowed down as it only applied to CW when it it was.

I don't like having features removed and I don't think http will ever be removed from browsers for compatibility.

DJ Omnimaga

Ah ok, I thought it might have been due to some government bans or something.

And yeah we don't plan to remove any features unless nobody uses them. And even then we would ask users and if it involved data loss then we would at least make that data available in some forms.

Jkolade936

And I think I'll be okay with this even when browsing from my Nokia. Apparently, I've been using HTTPS this whole time. :-|
Does this qualify as a signature? 
The answer is "Sure."


DJ Omnimaga

Does the entire site load fine on your side?

EDIT: on the topic of Nokia:

http://i1.kym-cdn.com/photos/images/facebook/000/232/787/4aa.jpg

Jkolade936

All but GIFs, which appear as non-moving images that must be downloaded to see movement. Like :walrii: . I can only see his first frame.

And I'm not sure what that picture is trying to say... :-|

EDIT: IRC also doesn't load for me. Stays on loading page and doesn't move on. Slows down the webpage.
Does this qualify as a signature? 
The answer is "Sure."


DJ Omnimaga

That picture is a reference to an old Nokia 3310 meme. That phone is notorious for being nearly indestructible and somewhat heavy so people made lots of jokes about it and it spread on the Internet years ago. :P


Also at least you can see the :walrii: but it's a shame you can't use IRC.

DarkestEx

Quote from: Dudeman313 on May 05, 2016, 02:13:33 am
All but GIFs, which appear as non-moving images that must be downloaded to see movement. Like :walrii: . I can only see his first frame.

And I'm not sure what that picture is trying to say... :-|

EDIT: IRC also doesn't load for me. Stays on loading page and doesn't move on. Slows down the webpage.

Just get a new phone. You can get the Moto E for under 80€. There are even cheaper offers if you buy them used.

DJ Omnimaga


DarkestEx

Quote from: DJ Omnimaga on May 08, 2016, 03:48:13 pm
The problem @DarkestEx is I doubt his parents agree with you.

Some parents are just stupid moroons when it comes to certain things and I don't just mean phones.

Streetwalrus

I don't think you're the one to decide how parents should educate their children. You can do what you want with yours, but dudeman is only 12, which is pretty young for having a smartphone at all. It's not only a matter of money. I didn't even have a cellphone till I was 16 myself.

aeTIos

Quote from: DarkestEx on May 01, 2016, 01:14:34 pm
SSL isn't particularly slow here nor is CW but it used to be for a few weeks. I don't think the connections are filtered or slowed down as it only applied to CW when it it was.

I don't like having features removed and I don't think http will ever be removed from browsers for compatibility.

While it's not likely that http will be removed from browsers, it is very likely that webservers will lose http support thus killing its usage off to a minimum. The web is an unsafe place, that should be better. I forgot if I already stated my opinion on the matter but I'd all for removing http support. Thing is that I don't want to break the site experience for people.
ceci n'est pas une signature

DJ Omnimaga

Quote from: Streetwalrus on May 09, 2016, 09:00:41 pm
I don't think you should meddle in how parents educate their children. You can do what you want with yours, but dudeman is only 12, which is pretty young for having a smartphone at all. It's not only a matter of money. I didn't even have a cellphone till I was 16 myself.
Nah the issue with Dudeman313 parents is not smartphone restrictions, but rather the fact he is not allowed to play any video game at all, not even Tetris, Kirby, Mario Paint nor Wii Sports. It's not like those games are violent at all. Games are rated 6+ or 10+ in North America and the violent ones are rated higher. He is not allowed to frequent game-related forums at all either, even though in USA the legal age to sign up on a forum is 13 (and Dudeman313 now meets the legal age). From 8 to 15 years old I could play video games between 30 and 60 minutes per day. But yeah I guess it's their decision.
Quote from: aeTIos on May 09, 2016, 09:03:37 pm
Quote from: DarkestEx on May 01, 2016, 01:14:34 pm
SSL isn't particularly slow here nor is CW but it used to be for a few weeks. I don't think the connections are filtered or slowed down as it only applied to CW when it it was.

I don't like having features removed and I don't think http will ever be removed from browsers for compatibility.

While it's not likely that http will be removed from browsers, it is very likely that webservers will lose http support thus killing its usage off to a minimum. The web is an unsafe place, that should be better. I forgot if I already stated my opinion on the matter but I'd all for removing http support. Thing is that I don't want to break the site experience for people.
Yeah this is why I think we should wait. I brought up the topic in case just the action of leaving it enabled was a security threat even for people who don't use it.

DarkestEx

Quote from: Streetwalrus on May 09, 2016, 09:00:41 pm
I don't think you're the one to decide how parents should educate their children. You can do what you want with yours, but dudeman is only 12, which is pretty young for having a smartphone at all. It's not only a matter of money. I didn't even have a cellphone till I was 16 myself.

That's not not point I am trying to make. Some parents are just over caring like forbidding their child to accept physical prices or similar things. While I bought my first cellphone with 13, I was forced to do so and personally didn't need one at the time. I can totally give my 50 cents here if I want to. And there are a ton of stupid parents out there, trust me there. My ones care enough but a still not too annoying. There are parents giving gun lessons to their children in murrica and ot letting their 11 year old son play 18+ titles.

Powered by EzPortal