Announcement

Collapse
No announcement yet.

HTTPS By Default For Everyone

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by Michael View Post

    Yeah unfortunately this new vBulletin theme is a mess and haven't been able to track down the URL source yet even when grepping all the files and searching the DB, but haven't spent too much time on it.
    My Firefox show that http://www.phoronix.com/phxcms7-css/phoronix.png is the only one not loaded via https in forum.

    Krzysztof

    Comment


    • #22
      you should also enable http2

      Comment


      • #23
        Anandtech also switched to https. What is the benefit of https on web sites that serve public information? I would argue that even for the forums is overkill. What kind of people would go into all the trouble to intercept your connection and steal your phoronix sessionid.

        Comment


        • #24
          Originally posted by zoomblab View Post
          Anandtech also switched to https. What is the benefit of https on web sites that serve public information? I would argue that even for the forums is overkill. What kind of people would go into all the trouble to intercept your connection and steal your phoronix sessionid.
          Some Linux users are overly-concerned about privacy and such... Only practical use really is for protecting login information on forums. Or in my case, just because Google favors HTTPS for SEO now.
          Michael Larabel
          https://www.michaellarabel.com/

          Comment


          • #25
            Originally posted by zoomblab View Post
            Anandtech also switched to https. What is the benefit of https on web sites that serve public information? I would argue that even for the forums is overkill. What kind of people would go into all the trouble to intercept your connection and steal your phoronix sessionid.
            The other big reason is that within the last ten years ISPs have been modifying web traffic, inserting web hooks and advertising that wasn't on the original page. HTTPS prevents any of that. Just don't make the mistake of installing your ISPs CDROM. It might install a MITM proxy and trusted certificate.

            From stories I've heard, I'm shocked at how scummy some companies are.

            Comment


            • #26
              Originally posted by zoomblab View Post
              Anandtech also switched to https. What is the benefit of https on web sites that serve public information? I would argue that even for the forums is overkill. What kind of people would go into all the trouble to intercept your connection and steal your phoronix sessionid.
              HTTPS can also potentially improve page load speed if you enable HTTP/2 based HTTPS. Looks like Phoronix is only using HTTP/1.1 based HTTPS so missing the HTTP/2 benefits.

              Also for mixed content non-https requests if you can't nail those down, you can also do it from server like via additional header https://www.w3.org/TR/upgrade-insecure-requests/

              specifics at https://www.w3.org/TR/upgrade-insecure-requests/#upgrading

              https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests


              oh: https://www.phoronix.com/forums/foru...-content-error
              Last edited by eva2000; 26 September 2017, 01:01 AM.

              Comment


              • #27
                Originally posted by phoronix View Post
                Phoronix: The Disturbing Results With Automated Fuzzing Of OpenGL Shaders
                [ ... ]
                http://www.phoronix.com/scan.php?pag...-Fuzzing-Paper

                The linked image can't be zoomed because it is referenced via insecure HTTP instead of enforcing SSL via an HTTPS-URL.

                Comment


                • #28
                  i see now http2 is enabled

                  Comment


                  • #29
                    Originally posted by davidbepo View Post
                    i see now http2 is enabled
                    Yep was enabled this morning
                    Michael Larabel
                    https://www.michaellarabel.com/

                    Comment

                    Working...
                    X