Announcement

Collapse
No announcement yet.

HTTPS For Phoronix.com

Collapse
X
Collapse
 
  • Page of 6
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 template Next
  • #21
    Originally posted by bpetty View Post
    Here are my thoughts... for what they are worth.

    HTTPS is over hyped. Use it for sensitive data only. I would not, for example, SSL encode an article. You lose router caching, incur a hardware performance hit all the while sucking more juice, etc. With hardware acceleration, maybe the cost is too minuet to tell. I'd be interested in your findings.
    1) With SSL it is possible to use SPDY (already) or HTTP/2 (when Apache or nginx will support it).
    2) HTTP/2 is the future, so HTTPS is the future.
    3) Websites with HTTPS are ranked higher by Google according to my experience (a website went from 5th page to 3rd page on Google) and their words:
    HTTPS as a ranking signal
    http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html
    HTTPS (HTTP with SSL/TLS) is a now a very lightweight signal — carrying less weight than other signals such as high-quality content. Over time, we may decide to strengthen the signal, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

    For these reasons, over the past few months we?ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal.
    4) Some Wi-Fi and mobile internet providers (Beeline) embed their ADs in all web pages.

    Comment

    • #22
      Originally posted by Zan Lynx View Post
      Of course Netflix is doing something like 40 Gbps from each of their servers. I doubt Phoronix is doing that much. And to even approach the performance level where AES-NI would be a problem Phoronix would have to switch to static pregenerated pages instead of dynamic content.
      40Gbps? Aren't they using Amazon EC2?

      Comment

      • #23
        I agree that using HTTPS in the main article site is not necessary, there are no secrets to protect. Forum *log in* should obviously be over HTTPS for everyone. Also, giving the option to use HTTPS by default on everything for Premium members or non-AdBlock users is also a good idea.

        Comment

        • #24
          A Premium only https would be rather stupid, if you can't afford it just don't enable it by default.
          I pay for Premium because I don't want ads and I don't want to be a leecher neither, not because of the features.
          Also, if someone starts disabling features or displaying annoying messages to ABP users this is the exactly the kind of things which drives me away from a community (ask CanonClubItalia). If I don't want to leave a community I simply make greasemonkey scripts, but no way I will pay for a Premium service if someone simply forces me to.

          Just my 2 cents.
          ## VGA ##
          AMD: X1950XTX, HD3870, HD5870
          Intel: GMA45, HD3000 (Core i5 2500K)

          Comment

          • #25
            It would be nice if the site worked fine for premium members without the need for adblock. I never really worked for me. Login in to forums and back every time when there's a new article wasn't a good option for me so I decided to give up at the end. I'm paying my subscription as a small thank you for your amazing job, but I'm relaying on adblock to actually use the site.

            Personally I use RSS to access the new articles and having the content served over SSL would be a welcome.
            Rob
            email: [email protected]

            Comment

            • #26
              Not everyone is using HTTPS Everywhere, so HTTPS should be the default and free for everyone. Although it is not a political/controversial site or so, even this information should be private and protected -- the user has the right. Since you indeed invest a lot of time, I have no problem to make a donation to cover the 150$ (even if, as some users mentioned, there could have been better and cheaper ways to get SSL). However I would like to see how much money has been reached so far, in like a diagram or so. I would only donate if at least a "A" rating (not "A-") (preferably "A+") is reached here https://www.ssllabs.com/ssltest/. I also disabled uBlock (if no popups).
              Last edited by opensource; 27 April 2015, 05:54 AM.

              Comment

              • #27
                Free SSL Certificates

                Free, legitimate SSL certificates are available from startssl.com, already.

                Comment

                • #28
                  I made a small donation/tip, as much to show appreciation for the effort of going with https as for the cost of the cert.

                  As for doing the login over https only and then dropping back to http for normal use, doesn't this mean that the authentication cookie can be sniffed?

                  Comment

                  • #29
                    Originally posted by speculatrix View Post
                    I made a small donation/tip, as much to show appreciation for the effort of going with https as for the cost of the cert.
                    Thanks!
                    Michael Larabel
                    https://www.michaellarabel.com/

                    Comment

                    • #30
                      Originally posted by ImNtReal View Post
                      Free, legitimate SSL certificates are available from startssl.com, already.
                      And https://buy.wosign.com/free/

                      Comment

                      Previous 1 2 3 4 5 6 template Next
                      Working...
                      X