Announcement

Collapse
No announcement yet.

HTTPS For Phoronix.com

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #51
    Originally posted by jrdls View Post
    I can confirm this. Please fix this bug so I can enable HTTPS Everywhere on phoronix.
    I assume it will be fixed once upgrading to vBulletin 5.... Which will probably come this weekend if I find the time to make the theme and other non-VB4-compatible changes to it to make the upgrade.
    Michael Larabel
    http://www.michaellarabel.com/

    Comment


    • #52
      There have been cases of ISP's replacing ads

      Originally posted by Nextweek View Post
      You should be encrypting the traffic by default for all users especially the free ones. You need to make sure the HTML you send is the one that gets delivered. The most important part being your ID's in the adverts you send. A MITM attack can swap those ID's/Tokens for their own meaning you get no revenue from them.

      Your weak points are going to be public WiFi, Internet Cafes and ISPs that see another opportunity to make money without anybody knowing.

      A lot of talk about HTTP2 encryption talks about how clients don't need it, however the main benefit is authentication of the data that the publisher knows their works are not being hijacked in transit.
      Verizon only uses their tracking header to sell their own ads (and be tracked by Twitter and others), but there have long been reports of both ISP's and monetized wifi hotspots that intercept and block ads on webpages, then replace them with their own ads. I had never really thought of this as a reason for https given my own use case and privacy concerns, but oh yeah I can see this. In addition, ads injected by carriers without removing your own ads would increase the total number of ads on a page, and thus the incentive to block all ads. Most users would blame the websites and be unaware of their carrier's behavior.

      Comment


      • #53
        The images in the articles (e.g., https://www.phoronix.com/scan.php?pa...4-hawaii&num=2) don't show up w/ HTTPS, since I assume they are served over HTTP and Firefox doesn't allow mixed content. I'm guessing that's the same reason why the forum doesn't display properly over HTTPS - some stylesheets or JS files are probably still being served over regular HTTP.

        And... I don't mind the banner ads like you have in the forums, but the type of pseudo-popup ads on your main page and articles (which grey out the rest of the page) is basically the most annoying type of ad that you could possibly have, next to popup ads.

        Comment


        • #54
          I'm a subscriber, but I think you should have HTTPS enabled for everyone. I think the heavy handed approach tends to go down poorly with most people. Slashdot has subscriber-only HTTPS, and despite using the site often I am not a subscriber there.

          I think the value of proposition of Phoronix subscription as it currently is pretty fair - we pay you, you don't show us ads. We still have the choice of using adblock, but some of us pay you anyway because we want to support the work you do. HTTPS is increasingly moving towards something we expect as a base level of service from all websites, not something which should be subscriber only. Furthermore, if you were to disable HTTPS for users using adblock, I would drop my subscription on principle. I'm fine with paying you for good work, but I absolutely detest it when others try to push me down a certain path, and I suspect I'm not alone in that.

          Comment


          • #55
            Originally posted by plasmasnake View Post
            The images in the articles (e.g., https://www.phoronix.com/scan.php?pa...4-hawaii&num=2) don't show up w/ HTTPS, since I assume they are served over HTTP and Firefox doesn't allow mixed content. I'm guessing that's the same reason why the forum doesn't display properly over HTTPS - some stylesheets or JS files are probably still being served over regular HTTP.
            There are more cases quoted in
            http://www.phoronix.com/forums/showt...692#post486692

            Comment


            • #56
              Michael, at the time of writing while browsing to the home page via HTTPS, 2 articles will forward to HTTP:
              Fedora 22 KDE Delivers A Great Plasma 5 Experience
              Linux 4.1 Offers Potentially Dazzling Performance

              The rest of the articles correctly forward to HTTPS. This is viewable by hovering over the article to see the link it forwards to.

              Any ideas what that's about?

              Comment


              • #57
                I notice that the Login popout does not load in the Forums when I load them with HTTPS. It seems newer Firefox versions disable all HTTP content on HTTPS pages, and for some reason the login IFRAME is HTTP.

                Even more worrying the login IFRAME source redirects to HTTP if I load it in its own page as HTTPS. The login information is probably the most important bit to encrypt so that's weird.

                Comment

                Working...
                X