Forums: Rockclimbing.com: Security & Scams:
Https now supported, I suggest using when you log into RC from public wifi
RSS FeedRSS Feeds for Security & Scams

Premier Sponsor:

 


Partner Jeff
Owner

Dec 3, 2013, 6:21 PM
Post #1 of 13 (3860 views)
Shortcut

 
Https now supported, I suggest using when you log into RC from public wifi
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (3 ratings)  
Can't Post

Hey all,

https is now supported sitewide--to use it, just add a 's' to any RC url: https://www.rockclimbing.com

I suggest you use it whenever logging into RC from public wifi. Cell phones or your home/trusted internet doesn't matter much.

When you do this, you will probably see mixed-content warnings saying that some of the page content is insecure. That's because the ads aren't served over https. Afraid that's not something I can fix anytime soon, although thankfully it's also not a bid deal from a security perspective unless someone is really out to hack you.

Background:
When you access websites using http (sans the 's') your traffic to/from the website is sent in plaintext. That means anyone who is on the same wifi network can see which pages you're browsing on RC (not a big deal) plus any info you send the site, such as your password (very much a big deal).

When you add the 's' to the https, it encrypts the traffic to/from the website so only your computer and the website understands what you're doing, and anyone listening in on the wifi only sees garbled text.

In other words, http = firesheep fodder, https = no firesheep worries.

I stuck this message in General to make sure it gets seen by the site regulars, after a bit I'll move it to the Announcements/Site updates forum.

If you hit any problems with it, PM me the URL, the warning message if there is one, or a screenshot of the error.

Cheers,
Jeff
"Wearing my tinfoil hat this week"


(This post was edited by Jeff on Dec 3, 2013, 8:34 PM)


marc801


Dec 3, 2013, 7:02 PM
Post #2 of 13 (3828 views)
Shortcut

Registered: Aug 1, 2005
Posts: 2770

Re: [Jeff] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

The next step would be to automate it on the RC end as Google does and not force the user to remember to add the "s".


Partner Jeff
Owner

Dec 3, 2013, 8:33 PM
Post #3 of 13 (3803 views)
Shortcut

 
Re: [marc801] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

I wish it was that easy, but right now not forcing users over to https is a purposeful decision.

There's several drawbacks:

For one, using https adds latency because there's an extra trip between your computer and the website to setup the encryption, which isn't a big deal on desktops, but matters a lot on mobile/cell networks or areas with low quality internet (and we do have a sizable contingent of international users from such countries).

Secondly, many of the ad networks we currently use don't support https and I don't want to give the mixed-content warning to new site visitors because they'll think we're hacked and leave. As more networks add support to https, this will change.

Lastly, it also adds a little bit of extra strain on the servers and increases network traffic. Again, not a big deal when only those folks who need it turn it on, but it adds up when everyone uses it.


(This post was edited by Jeff on Dec 3, 2013, 8:45 PM)


marc801


Dec 4, 2013, 6:41 AM
Post #4 of 13 (3751 views)
Shortcut

Registered: Aug 1, 2005
Posts: 2770

Re: [Jeff] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

Jeff wrote:
Secondly, many of the ad networks we currently use don't support https and I don't want to give the mixed-content warning to new site visitors because they'll think we're hacked and leave. As more networks add support to https, this will change.
You realize that most of the latest version of modern browsers block the "unsecure" content by default, yes? Certainly Firefox and Chrome do. And who doesn't use an ad blocker these days? I even forgot that RC has ads. I don't think this is the issue you think it is.

Yes, there are performance issues with SSL, but that's another discussion.


sungam


Dec 4, 2013, 8:53 AM
Post #5 of 13 (3729 views)
Shortcut

Registered: Jun 24, 2004
Posts: 26620

Re: [Jeff] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

Jeff wrote:
That means anyone who is on the same wifi network can see which pages you're browsing on RC (not a big deal)
People could know that I visit the SPORT CLIMBING section? HOW IS THIS NOT A BIG DEAL?


Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.


marc801


Dec 4, 2013, 9:28 AM
Post #6 of 13 (3703 views)
Shortcut

Registered: Aug 1, 2005
Posts: 2770

Re: [sungam] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

sungam wrote:
Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.
+1
And the spam posts have all but disappeared. Keeping my fingers crossed.


jt512


Dec 4, 2013, 10:52 AM
Post #7 of 13 (3677 views)
Shortcut

Registered: Apr 11, 2001
Posts: 21893

Re: [sungam] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

Never mind. I was wrong.


(This post was edited by jt512 on Dec 4, 2013, 11:12 AM)


Partner macherry


Dec 4, 2013, 11:03 AM
Post #8 of 13 (3669 views)
Shortcut

Registered: Sep 10, 2003
Posts: 15808

Re: [jt512] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.

that does not bode well. i know in jeff's introductory thread posts were removed.


rocknice2


Dec 4, 2013, 11:08 AM
Post #9 of 13 (3668 views)
Shortcut

Registered: Jul 13, 2006
Posts: 1213

Re: [jt512] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.
Do you mean this post
What Not to Say

Jeff wrote:
moose_droppings wrote:
I one starred you as a welcome to the boards good will gesture, seemed like the appropriate thing to do.

Love you too moose_droppings. Although I am curious where in South Dakota you climb... I spent 6 summers in North Dakota, and the ranch where I worked had the highest hill for miles and miles around, which was nothing more than a 200 foot tall pile of dirt. You could onsight it in 2 mins if you hustled.


jt512


Dec 4, 2013, 11:13 AM
Post #10 of 13 (3659 views)
Shortcut

Registered: Apr 11, 2001
Posts: 21893

Re: [rocknice2] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

rocknice2 wrote:
jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.
Do you mean this post
What Not to Say

Jeff wrote:
moose_droppings wrote:
I one starred you as a welcome to the boards good will gesture, seemed like the appropriate thing to do.

Love you too moose_droppings. Although I am curious where in South Dakota you climb... I spent 6 summers in North Dakota, and the ranch where I worked had the highest hill for miles and miles around, which was nothing more than a 200 foot tall pile of dirt. You could onsight it in 2 mins if you hustled.

That is what I was thinking of. My mistake. Sorry, Jeff.


jt512


Dec 4, 2013, 11:13 AM
Post #11 of 13 (3656 views)
Shortcut

Registered: Apr 11, 2001
Posts: 21893

Re: [macherry] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

macherry wrote:
jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.

that does not bode well. i know in jeff's introductory thread posts were removed.

See above. I was mistaken.


Partner macherry


Dec 4, 2013, 12:21 PM
Post #12 of 13 (3630 views)
Shortcut

Registered: Sep 10, 2003
Posts: 15808

Re: [jt512] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

jt512 wrote:
macherry wrote:
jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.

that does not bode well. i know in jeff's introductory thread posts were removed.

See above. I was mistaken.


oops, he still removed posts from his introductory thread


Partner Jeff
Owner

Dec 13, 2013, 12:38 AM
Post #13 of 13 (3491 views)
Shortcut

 
Re: [macherry] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

Just to be clear, the posts that were hidden in the my "I'm the new owner thread" were hidden because they derailed the conversation. I had specifically asked that posts in that thread stay on-topic so I had zero compunctions about hiding posts that were either off-topic or a bit snarky--that just wasn't the appropriate thread. Otherwise, I haven't hidden any posts.

Doesn't mean that I won't, of course, but in general I'll lean toward a lighter moderation tone until I've had a chance to chat with folks and set out some better guidelines so that everyone's on the same page about what is and isn't acceptable.

I'm averaging about 8-12 hours a week working on site-related stuff, and majority of that bandwidth right now is going toward tech stuff, as there's a number of basic foundational things that need to get shored up... for example, automated off-site backups.


Forums : Rockclimbing.com : Security & Scams

 


Search for (options)

Log In:

Username:
Password: Remember me:

Go Register
Go Lost Password?
$13.46 (10% off)
$62.06 (10% off)
$49.46 (10% off)
$3.56 (10% off)



Follow us on Twiter Become a Fan on Facebook