Forums: Rockclimbing.com: Security & Scams:
Https now supported, I suggest using when you log into RC from public wifi
RSS FeedRSS Feeds for Security & Scams

Premier Sponsor:

 


Partner Jeff
Owner

Dec 3, 2013, 6:21 PM
Post #1 of 13 (3211 views)
Shortcut

 
Https now supported, I suggest using when you log into RC from public wifi
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (3 ratings)  
Can't Post

Hey all,

https is now supported sitewide--to use it, just add a 's' to any RC url: https://www.rockclimbing.com

I suggest you use it whenever logging into RC from public wifi. Cell phones or your home/trusted internet doesn't matter much.

When you do this, you will probably see mixed-content warnings saying that some of the page content is insecure. That's because the ads aren't served over https. Afraid that's not something I can fix anytime soon, although thankfully it's also not a bid deal from a security perspective unless someone is really out to hack you.

Background:
When you access websites using http (sans the 's') your traffic to/from the website is sent in plaintext. That means anyone who is on the same wifi network can see which pages you're browsing on RC (not a big deal) plus any info you send the site, such as your password (very much a big deal).

When you add the 's' to the https, it encrypts the traffic to/from the website so only your computer and the website understands what you're doing, and anyone listening in on the wifi only sees garbled text.

In other words, http = firesheep fodder, https = no firesheep worries.

I stuck this message in General to make sure it gets seen by the site regulars, after a bit I'll move it to the Announcements/Site updates forum.

If you hit any problems with it, PM me the URL, the warning message if there is one, or a screenshot of the error.

Cheers,
Jeff
"Wearing my tinfoil hat this week"


(This post was edited by Jeff on Dec 3, 2013, 8:34 PM)


marc801


Dec 3, 2013, 7:02 PM
Post #2 of 13 (3179 views)
Shortcut

Registered: Aug 1, 2005
Posts: 2762

Re: [Jeff] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

The next step would be to automate it on the RC end as Google does and not force the user to remember to add the "s".


Partner Jeff
Owner

Dec 3, 2013, 8:33 PM
Post #3 of 13 (3154 views)
Shortcut

 
Re: [marc801] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

I wish it was that easy, but right now not forcing users over to https is a purposeful decision.

There's several drawbacks:

For one, using https adds latency because there's an extra trip between your computer and the website to setup the encryption, which isn't a big deal on desktops, but matters a lot on mobile/cell networks or areas with low quality internet (and we do have a sizable contingent of international users from such countries).

Secondly, many of the ad networks we currently use don't support https and I don't want to give the mixed-content warning to new site visitors because they'll think we're hacked and leave. As more networks add support to https, this will change.

Lastly, it also adds a little bit of extra strain on the servers and increases network traffic. Again, not a big deal when only those folks who need it turn it on, but it adds up when everyone uses it.


(This post was edited by Jeff on Dec 3, 2013, 8:45 PM)


marc801


Dec 4, 2013, 6:41 AM
Post #4 of 13 (3102 views)
Shortcut

Registered: Aug 1, 2005
Posts: 2762

Re: [Jeff] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

Jeff wrote:
Secondly, many of the ad networks we currently use don't support https and I don't want to give the mixed-content warning to new site visitors because they'll think we're hacked and leave. As more networks add support to https, this will change.
You realize that most of the latest version of modern browsers block the "unsecure" content by default, yes? Certainly Firefox and Chrome do. And who doesn't use an ad blocker these days? I even forgot that RC has ads. I don't think this is the issue you think it is.

Yes, there are performance issues with SSL, but that's another discussion.


sungam


Dec 4, 2013, 8:53 AM
Post #5 of 13 (3080 views)
Shortcut

Registered: Jun 24, 2004
Posts: 26608

Re: [Jeff] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

Jeff wrote:
That means anyone who is on the same wifi network can see which pages you're browsing on RC (not a big deal)
People could know that I visit the SPORT CLIMBING section? HOW IS THIS NOT A BIG DEAL?


Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.


marc801


Dec 4, 2013, 9:28 AM
Post #6 of 13 (3054 views)
Shortcut

Registered: Aug 1, 2005
Posts: 2762

Re: [sungam] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

sungam wrote:
Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.
+1
And the spam posts have all but disappeared. Keeping my fingers crossed.


jt512


Dec 4, 2013, 10:52 AM
Post #7 of 13 (3028 views)
Shortcut

Registered: Apr 11, 2001
Posts: 21892

Re: [sungam] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

Never mind. I was wrong.


(This post was edited by jt512 on Dec 4, 2013, 11:12 AM)


Partner macherry


Dec 4, 2013, 11:03 AM
Post #8 of 13 (3020 views)
Shortcut

Registered: Sep 10, 2003
Posts: 15808

Re: [jt512] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.

that does not bode well. i know in jeff's introductory thread posts were removed.


rocknice2


Dec 4, 2013, 11:08 AM
Post #9 of 13 (3019 views)
Shortcut

Registered: Jul 13, 2006
Posts: 1208

Re: [jt512] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.
Do you mean this post
What Not to Say

Jeff wrote:
moose_droppings wrote:
I one starred you as a welcome to the boards good will gesture, seemed like the appropriate thing to do.

Love you too moose_droppings. Although I am curious where in South Dakota you climb... I spent 6 summers in North Dakota, and the ranch where I worked had the highest hill for miles and miles around, which was nothing more than a 200 foot tall pile of dirt. You could onsight it in 2 mins if you hustled.


jt512


Dec 4, 2013, 11:13 AM
Post #10 of 13 (3010 views)
Shortcut

Registered: Apr 11, 2001
Posts: 21892

Re: [rocknice2] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

rocknice2 wrote:
jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.
Do you mean this post
What Not to Say

Jeff wrote:
moose_droppings wrote:
I one starred you as a welcome to the boards good will gesture, seemed like the appropriate thing to do.

Love you too moose_droppings. Although I am curious where in South Dakota you climb... I spent 6 summers in North Dakota, and the ranch where I worked had the highest hill for miles and miles around, which was nothing more than a 200 foot tall pile of dirt. You could onsight it in 2 mins if you hustled.

That is what I was thinking of. My mistake. Sorry, Jeff.


jt512


Dec 4, 2013, 11:13 AM
Post #11 of 13 (3007 views)
Shortcut

Registered: Apr 11, 2001
Posts: 21892

Re: [macherry] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (1 rating)  
Can't Post

macherry wrote:
jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.

that does not bode well. i know in jeff's introductory thread posts were removed.

See above. I was mistaken.


Partner macherry


Dec 4, 2013, 12:21 PM
Post #12 of 13 (2981 views)
Shortcut

Registered: Sep 10, 2003
Posts: 15808

Re: [jt512] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

jt512 wrote:
macherry wrote:
jt512 wrote:
sungam wrote:

Seriously, though - tangible evidence that the new owner is putting some effort into the site is pretty cool.

Unfortunately, the tangible evidence appears to include deletion of posts and post ratings the new owner doesn't like.

Somebody (notapplicable?) jokingly 1-starred Jeff's first post in this thread, and posted a humorous comment about it. That post and Jeff's rejoinder are gone, and the average rating on Jeff's post has been recalculated.

that does not bode well. i know in jeff's introductory thread posts were removed.

See above. I was mistaken.


oops, he still removed posts from his introductory thread


Partner Jeff
Owner

Dec 13, 2013, 12:38 AM
Post #13 of 13 (2842 views)
Shortcut

 
Re: [macherry] Https now supported, I suggest using when you log into RC from public wifi [In reply to]
Report this Post
Average: avg_1 avg_2 avg_3 avg_4 avg_5 (0 ratings)  
Can't Post

Just to be clear, the posts that were hidden in the my "I'm the new owner thread" were hidden because they derailed the conversation. I had specifically asked that posts in that thread stay on-topic so I had zero compunctions about hiding posts that were either off-topic or a bit snarky--that just wasn't the appropriate thread. Otherwise, I haven't hidden any posts.

Doesn't mean that I won't, of course, but in general I'll lean toward a lighter moderation tone until I've had a chance to chat with folks and set out some better guidelines so that everyone's on the same page about what is and isn't acceptable.

I'm averaging about 8-12 hours a week working on site-related stuff, and majority of that bandwidth right now is going toward tech stuff, as there's a number of basic foundational things that need to get shored up... for example, automated off-site backups.


Forums : Rockclimbing.com : Security & Scams

 


Search for (options)

Log In:

Username:
Password: Remember me:

Go Register
Go Lost Password?



Follow us on Twiter Become a Fan on Facebook