Originally posted by jrdls
View Post
Announcement
Collapse
No announcement yet.
HTTPS For Phoronix.com
Collapse
X
-
Michael Larabel
https://www.michaellarabel.com/
-
There have been cases of ISP's replacing ads
Originally posted by Nextweek View PostYou should be encrypting the traffic by default for all users especially the free ones. You need to make sure the HTML you send is the one that gets delivered. The most important part being your ID's in the adverts you send. A MITM attack can swap those ID's/Tokens for their own meaning you get no revenue from them.
Your weak points are going to be public WiFi, Internet Cafes and ISPs that see another opportunity to make money without anybody knowing.
A lot of talk about HTTP2 encryption talks about how clients don't need it, however the main benefit is authentication of the data that the publisher knows their works are not being hijacked in transit.
Comment
-
The images in the articles (e.g., https://www.phoronix.com/scan.php?pa...4-hawaii&num=2) don't show up w/ HTTPS, since I assume they are served over HTTP and Firefox doesn't allow mixed content. I'm guessing that's the same reason why the forum doesn't display properly over HTTPS - some stylesheets or JS files are probably still being served over regular HTTP.
And... I don't mind the banner ads like you have in the forums, but the type of pseudo-popup ads on your main page and articles (which grey out the rest of the page) is basically the most annoying type of ad that you could possibly have, next to popup ads.
Comment
-
I'm a subscriber, but I think you should have HTTPS enabled for everyone. I think the heavy handed approach tends to go down poorly with most people. Slashdot has subscriber-only HTTPS, and despite using the site often I am not a subscriber there.
I think the value of proposition of Phoronix subscription as it currently is pretty fair - we pay you, you don't show us ads. We still have the choice of using adblock, but some of us pay you anyway because we want to support the work you do. HTTPS is increasingly moving towards something we expect as a base level of service from all websites, not something which should be subscriber only. Furthermore, if you were to disable HTTPS for users using adblock, I would drop my subscription on principle. I'm fine with paying you for good work, but I absolutely detest it when others try to push me down a certain path, and I suspect I'm not alone in that.
Comment
-
Originally posted by plasmasnake View PostThe images in the articles (e.g., https://www.phoronix.com/scan.php?pa...4-hawaii&num=2) don't show up w/ HTTPS, since I assume they are served over HTTP and Firefox doesn't allow mixed content. I'm guessing that's the same reason why the forum doesn't display properly over HTTPS - some stylesheets or JS files are probably still being served over regular HTTP.
Comment
-
Michael, at the time of writing while browsing to the home page via HTTPS, 2 articles will forward to HTTP:
Fedora 22 KDE Delivers A Great Plasma 5 Experience
Linux 4.1 Offers Potentially Dazzling Performance
The rest of the articles correctly forward to HTTPS. This is viewable by hovering over the article to see the link it forwards to.
Any ideas what that's about?
Comment
-
I notice that the Login popout does not load in the Forums when I load them with HTTPS. It seems newer Firefox versions disable all HTTP content on HTTPS pages, and for some reason the login IFRAME is HTTP.
Even more worrying the login IFRAME source redirects to HTTP if I load it in its own page as HTTPS. The login information is probably the most important bit to encrypt so that's weird.
Comment
Comment