|
|
|
|
Jeff
Owner
Dec 4, 2013, 2:21 AM
Post #1 of 13
(12462 views)
Shortcut
|
Hey all,
https is now supported sitewide--to use it, just add a 's' to any RC url: https://www.rockclimbing.com
I suggest you use it whenever logging into RC from public wifi. Cell phones or your home/trusted internet doesn't matter much.
When you do this, you will probably see mixed-content warnings saying that some of the page content is insecure. That's because the ads aren't served over https. Afraid that's not something I can fix anytime soon, although thankfully it's also not a bid deal from a security perspective unless someone is really out to hack you.
Background:
When you access websites using http (sans the 's') your traffic to/from the website is sent in plaintext. That means anyone who is on the same wifi network can see which pages you're browsing on RC (not a big deal) plus any info you send the site, such as your password (very much a big deal).
When you add the 's' to the https, it encrypts the traffic to/from the website so only your computer and the website understands what you're doing, and anyone listening in on the wifi only sees garbled text.
In other words, http = firesheep fodder, https = no firesheep worries.
I stuck this message in General to make sure it gets seen by the site regulars, after a bit I'll move it to the Announcements/Site updates forum.
If you hit any problems with it, PM me the URL, the warning message if there is one, or a screenshot of the error.
Cheers,
Jeff
"Wearing my tinfoil hat this week"
(This post was edited by Jeff on Dec 4, 2013, 4:34 AM)
|
|
|
|
|
marc801
Dec 4, 2013, 3:02 AM
Post #2 of 13
(12430 views)
Shortcut
Registered: Aug 1, 2005
Posts: 2806
|
The next step would be to automate it on the RC end as Google does and not force the user to remember to add the "s".
|
|
|
|
|
Jeff
Owner
Dec 4, 2013, 4:33 AM
Post #3 of 13
(12405 views)
Shortcut
|
I wish it was that easy, but right now not forcing users over to https is a purposeful decision.
There's several drawbacks:
For one, using https adds latency because there's an extra trip between your computer and the website to setup the encryption, which isn't a big deal on desktops, but matters a lot on mobile/cell networks or areas with low quality internet (and we do have a sizable contingent of international users from such countries).
Secondly, many of the ad networks we currently use don't support https and I don't want to give the mixed-content warning to new site visitors because they'll think we're hacked and leave. As more networks add support to https, this will change.
Lastly, it also adds a little bit of extra strain on the servers and increases network traffic. Again, not a big deal when only those folks who need it turn it on, but it adds up when everyone uses it.
(This post was edited by Jeff on Dec 4, 2013, 4:45 AM)
|
|
|
|
|
marc801
Dec 4, 2013, 2:41 PM
Post #4 of 13
(12353 views)
Shortcut
Registered: Aug 1, 2005
Posts: 2806
|
Jeff wrote: Secondly, many of the ad networks we currently use don't support https and I don't want to give the mixed-content warning to new site visitors because they'll think we're hacked and leave. As more networks add support to https, this will change.
Yes, there are performance issues with SSL, but that's another discussion.
|
|
|
|
|
sungam
Dec 4, 2013, 4:53 PM
Post #5 of 13
(12331 views)
Shortcut
Registered: Jun 24, 2004
Posts: 26804
|
Jeff wrote: That means anyone who is on the same wifi network can see which pages you're browsing on RC (not a big deal)
Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.
|
|
|
|
|
marc801
Dec 4, 2013, 5:28 PM
Post #6 of 13
(12305 views)
Shortcut
Registered: Aug 1, 2005
Posts: 2806
|
sungam wrote: Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.
And the spam posts have all but disappeared. Keeping my fingers crossed.
|
|
|
|
|
jt512
Dec 4, 2013, 6:52 PM
Post #7 of 13
(12279 views)
Shortcut
Registered: Apr 12, 2001
Posts: 21904
|
Never mind. I was wrong.
(This post was edited by jt512 on Dec 4, 2013, 7:12 PM)
|
|
|
|
|
macherry
Dec 4, 2013, 7:03 PM
Post #8 of 13
(12271 views)
Shortcut
Registered: Sep 10, 2003
Posts: 15848
|
jt512 wrote: sungam wrote: Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool. Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like. Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.
that does not bode well. i know in jeff's introductory thread posts were removed.
|
|
|
|
|
rocknice2
Dec 4, 2013, 7:08 PM
Post #9 of 13
(12270 views)
Shortcut
Registered: Jul 13, 2006
Posts: 1221
|
jt512 wrote: sungam wrote: Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool. Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like. Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.
What Not to Say
Jeff wrote: moose_droppings wrote: I one starred you as a welcome to the boards good will gesture, seemed like the appropriate thing to do. Love you too moose_droppings. Although I am curious where in South Dakota you climb... I spent 6 summers in North Dakota, and the ranch where I worked had the highest hill for miles and miles around, which was nothing more than a 200 foot tall pile of dirt. You could onsight it in 2 mins if you hustled. |
|
|
|
|
jt512
Dec 4, 2013, 7:13 PM
Post #10 of 13
(12261 views)
Shortcut
Registered: Apr 12, 2001
Posts: 21904
|
rocknice2 wrote: jt512 wrote: sungam wrote: Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool. Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like. Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated. Do you mean this post What Not to Say Jeff wrote: moose_droppings wrote: I one starred you as a welcome to the boards good will gesture, seemed like the appropriate thing to do. Love you too moose_droppings. Although I am curious where in South Dakota you climb... I spent 6 summers in North Dakota, and the ranch where I worked had the highest hill for miles and miles around, which was nothing more than a 200 foot tall pile of dirt. You could onsight it in 2 mins if you hustled.
That is what I was thinking of. My mistake. Sorry, Jeff.
|
|
|
|
|
jt512
Dec 4, 2013, 7:13 PM
Post #11 of 13
(12258 views)
Shortcut
Registered: Apr 12, 2001
Posts: 21904
|
macherry wrote: jt512 wrote: sungam wrote: Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool. Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like. Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated. that does not bode well. i know in jeff's introductory thread posts were removed.
See above. I was mistaken.
|
|
|
|
|
macherry
Dec 4, 2013, 8:21 PM
Post #12 of 13
(12232 views)
Shortcut
Registered: Sep 10, 2003
Posts: 15848
|
jt512 wrote: macherry wrote: jt512 wrote: sungam wrote: Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool. Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like. Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated. that does not bode well. i know in jeff's introductory thread posts were removed. See above. I was mistaken.
oops, he still removed posts from his introductory thread
|
|
|
|
|
Jeff
Owner
Dec 13, 2013, 8:38 AM
Post #13 of 13
(12093 views)
Shortcut
|
Just to be clear, the posts that were hidden in the my "I'm the new owner thread" were hidden because they derailed the conversation. I had specifically asked that posts in that thread stay on-topic so I had zero compunctions about hiding posts that were either off-topic or a bit snarky--that just wasn't the appropriate thread. Otherwise, I haven't hidden any posts.
Doesn't mean that I won't, of course, but in general I'll lean toward a lighter moderation tone until I've had a chance to chat with folks and set out some better guidelines so that everyone's on the same page about what is and isn't acceptable.
I'm averaging about 8-12 hours a week working on site-related stuff, and majority of that bandwidth right now is going toward tech stuff, as there's a number of basic foundational things that need to get shored up... for example, automated off-site backups.
|
|
|
|
|
|
|
|
|
