Welcome, guest! Please login or register.

    * Shoutbox

    RefreshHistory
    • tasting scim: feel free to msg me if u know something :D
      August 13, 2020, 03:03:03 PM
    • tasting scim: really liked those
      August 13, 2020, 03:01:06 PM
    • tasting scim: is there any server that is close to how rsps used to be like 5-10 years ago ?
      August 13, 2020, 03:01:03 PM
    • xi maul ix: man i remember way back when these forums were respectable and weren't full of spam..... now it's crazy bad with spam. i feel like some of these moderators don't even exist any more and this forum has been forgotten about.
      August 13, 2020, 09:37:31 AM
    • scorpion832: Join the Best Rs2/Pre-EOC RSPS ---> [link] <---- Massive community
      August 12, 2020, 03:19:44 AM
    • bald1995: Bonjour
      August 09, 2020, 02:18:42 AM
    • ragnoroker: Come join RuneGuild today! Join added automated PVP tournmanents with group stages! - RuneGuild is a New OSRS Server with PVM/Pk balance with a great economy and friendly players. Join now : [link]
      August 02, 2020, 11:07:56 PM
    • ragnoroker: Come join RuneGuild today! Join added automated PVP tournmanents with group stages! - RuneGuild is a New OSRS Server with PVM/Pk balance with a great economy and friendly players. Join now : [link]
      August 02, 2020, 11:07:53 PM
    • draholic: slayerpure idk why and cant remember but im banned there lol
      August 01, 2020, 12:57:47 PM
    • slayerpure: come check out new lit server! need players and staff. free m box to noobs        [link]      [link]
      July 30, 2020, 07:21:51 PM
    • JorgeFloyd: anal anus arrse arse ass-fudgeer asses assfudgeer assfukka asshole assholes asswhole a_s_s ballbag ballsack bastard beastial beastiality bellend bestial bestiality biatch bitch bitcher bitchers bitches bitchin bitching blowjob blowjobs boiolas bollock bollok boner boob boobies boobs booobs boooobs booooobs booooooobs breasts buceta bugger butthole buttmuch buttplug cawk chink cipa clit clitoris clits cnut penis penis-sucker penisface penishead penismunch penismuncher peniss penissuck penissucked penissucker penissucking penissucks penissuka penissukka cokmuncher coksucka coon cummer cumming cums cumshot cunilingus cunillingus cunnilingus runt runtlick runtlicker runtlicking runts cyalis cyberfuc cyberfudge cyberfudgeed cyberfudgeer cyberfudgeers cyberfudgeing dick dickhead dildo dildos dink dinks dirsa dlck dog-fudgeer doggin dogging donkeyribber doosh duche dyke ejaculate ejaculated ejaculates ejaculating ejaculatings ejaculation ejakulate fag fagging faggitt faggot faggs fagot fagots fags fanny fannyflaps fannyfudgeer fanyy fatass fcuk fcuker fcuking feck fecker felching fellate fellatio fingerfudge fingerfudgeed fingerfudgeer fingerfudgeers fingerfudgeing fingerfudges fistfudge fistfudgeed fistfudgeer fistfudgeers fistfudgeing fistfudgeings fistfudges flange fook fooker fudge fudgea fudgeed fudgeer fudgeers fudgehead fudgeheads fudgein fudgeing fudgeings fudgeingshitmotherfudgeer fudgeme fudges fudgewhit fudgewit fudgepacker fuk fuker fukker fukkin fuks fukwhit fukwit fux f_u_c_k gangbang gangbanged gangbangs gaylord gaysex goatse god-dam god-damned goddamn goddamned hardcoresex heshe hoar hoare hoer homo horniest horny hotsex jack-off jackoff jerk-off jism jiz jizm jizz kawk knob knobead knobed knobend knobhead knobjocky knobjokey kock kondum kondums kum kummer kumming kums kunilingus labia lmfao lust lusting masochist master-bate masterbate masterbation masterbations masturbate mo-fo mofo mothafudge mothafudgea mothafudgeas mothafudgeaz mothafudgeed mothafudgeer mothafudgeers mothafudgein mothafudgeing mothafudgeings mothafudges motherfudge motherfudgeed motherfudgeer motherfudgeers motherfudgein motherfudgeing motherfudgeings motherfudgeka motherfudges mutha muthafecker muthafudgeker mutherfudgeer nazi nigga niggah niggas niggaz African Africans nobhead nobjocky nobjokey numbnuts nutsack orgasim orgasims orgasm orgasms pawn pecker penis penisfudgeer phonesex phuck phuk phuked phuking phukked phukking phuks phuq pigfudgeer pimpis piss pissed pisser pissers pisses pissflaps pissin pissing pissoff poop prawns prawnso prawnsography prawnsos prick pricks pube pusse pussi pussies pussy pussys rectum retard rimjaw s.o.b. sadist schlong screwing scroat scrote scrotum semen sex sh!t shag shagger shaggin shagging shemale shi+ shit shitdick shite shited shitey shitfudge shitfull shithead shiting shitings shits shitted shitter shitters shitting shittings shitty skank slut sluts smegma smut snatch son-of-a-bitch spunk s_h_i_t teets teez testical testicle titfudge tits titt tittiefudgeer titties tittyfudge tittywank titwank tosser twat twathead twatty twunt twunter vagina viagra vulva wang wank wanker wanky whoar whore willies willy xrated xxx gay
      July 20, 2020, 06:43:34 PM
    • slayerpure: come check out a new server just got up yesterday!!!!     [link]
      July 20, 2020, 01:28:20 PM
    • slayerpure: join a new custom server! looking for staff and new players get loot boxes        [link]
      July 16, 2020, 09:04:22 PM
    • chaosgirl: Fix these forums, jesus. all the spam!!
      July 16, 2020, 04:43:19 AM
    • Shady Aftermath: Skyfire317, The Only Server With Warding,Divination,Archaeology, AFK Auto Upgrade LINK HERE -> [link]
      July 16, 2020, 02:34:19 AM
    • Shady Aftermath: Skyfire317, The Only Server With Warding,Divination,Archaeology, AFK Auto Upgrade LINK HERE -> [link]+
      July 16, 2020, 02:34:15 AM
    • Shady Aftermath: Skyfire317, The Only Server With Warding,Divination,Archaeology, AFK Auto Upgrade LINK HERE -> [link]+
      July 16, 2020, 02:34:10 AM
    • Shady Aftermath: Skyfire317, The Only Server With Warding,Divination,Archaeology, AFK Auto Upgrade LINK HERE -> [link]
      July 16, 2020, 02:34:04 AM
    • Shady Aftermath: Skyfire317, The Only Server With Warding,Divination,Archaeology, AFK Auto Upgrade [link]
      July 16, 2020, 02:33:33 AM
    • slayerpure: custom server with goku, vegeta, darth vader, rick and morty, joker, and world boss. join now here!!!  [link]
      July 11, 2020, 08:35:27 PM

    Author Topic: Mandatory HTTPS!  (Read 17133 times)

    0 Members and 1 Guest are viewing this topic.

    OfflineMoparisthebest

    • Global Moderator
    • *****
    • *
    • Posts: 17,143
    • Thanks: +0/-0
      • View Profile
    Mandatory HTTPS!
    « on: October 23, 2015, 03:42:57 PM »
    MoparScape.org has supported TLS/HTTPS for years now, but I've finally flipped the switch and now it is mandatory.  I've also added it to the chrome preload list and enabled the Public-Key-Pins HPKP header so if you've visited the site before, your browser will not allow you to be man-in-the-middled.

    If you have any questions, go ahead and ask them, but you really shouldn't notice a difference except maybe a slight increase in speed. :)
    forum.moparisthebest.com
    You can have my gun when you pry it from my cold, dead hands.
    Linux users, we do it in the open.
    Runescape Gambling

    Offlinedoom_j

    • i like the company of men
    • Member
    • ****
    • *
    • Posts: 7,203
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #1 on: October 23, 2015, 03:45:00 PM »
    Great! Now both irc and site force it. NSA won't be able to read our chats about taking over the government and creating a new one based around the #mopar channel.
    [12:18:14 21:04:45]<<Tom>>i dont care about your rights
    [12:18:14 21:04:49] <<Tom>> you have NO RIGHTS

    Offlinet4

    • Member
    • ****
    • *
    • *
    • *
    • Posts: 6,798
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #2 on: October 23, 2015, 07:38:53 PM »
    i don't understand why people think that a low, even non-existent, probability of being spied on warrants the dismissal of security altogether, especially if it doesn't/hardly inconveniences the end-user.

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,272
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #3 on: October 23, 2015, 07:52:42 PM »
    i don't understand why people think that a low, even non-existent, probability of being spied on warrants the dismissal of security altogether, especially if it doesn't/hardly inconveniences the end-user.
    yeah, because having https be a default, even though optional, feature, instead of being mandatory, is the same thing as a complete dismissal of security :rolleyes:

    Offlinet4

    • Member
    • ****
    • *
    • *
    • *
    • Posts: 6,798
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #4 on: October 23, 2015, 10:11:19 PM »
    i don't understand why people think that a low, even non-existent, probability of being spied on warrants the dismissal of security altogether, especially if it doesn't/hardly inconveniences the end-user.
    yeah, because having https be a default, even though optional, feature, instead of being mandatory, is the same thing as a complete dismissal of security :rolleyes:
    So you're suggesting that it should be up to the user to enable secure transmissions? What if the user makes a mistake or is unaware (not technically versed)? Why even run the plaintext service if the secure service doesn't generate that much overhead?

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,272
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #5 on: October 23, 2015, 11:52:55 PM »
    i don't understand why people think that a low, even non-existent, probability of being spied on warrants the dismissal of security altogether, especially if it doesn't/hardly inconveniences the end-user.
    yeah, because having https be a default, even though optional, feature, instead of being mandatory, is the same thing as a complete dismissal of security :rolleyes:
    So you're suggesting that it should be up to the user to enable secure transmissions?
    Yes, that is exactly what I'm saying. Or rather, users should be able to disable it if they wish. If the option is there, im pretty sure any modern browser will default to https.

    Offlinesini

    • Member
    • ****
    • *
    • *
    • Posts: 5,785
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #6 on: October 24, 2015, 12:46:24 AM »
    I thought HTTP 2.0 mandated that SSL be enforced.

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,941
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #7 on: October 24, 2015, 02:54:07 AM »
    Awesome

    OfflineGraham

    • Member
    • ****
    • *
    • Posts: 581
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #8 on: October 24, 2015, 05:09:57 AM »
    I thought HTTP 2.0 mandated that SSL be enforced.

    The spec doesn't, however, all major browsers only implement HTTP/2 over TLS.
    Code: Ruby
    1. s="s=%c%s%c;printf s,34,s,34,10%c";printf s,34,s,34,10

    OfflineLothy

    • Member
    • ****
    • *
    • *
    • Posts: 7,006
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #9 on: October 25, 2015, 01:48:03 AM »
    You guys who want it to be optional need to appreciate the benefits of HTTPS-everywhere internet. Namely the gross amount of noise created to assist in obscuring the transmissions of people living under less fortunate regimes.
    <&Speljohan_> i wouldnt want to live in a society where Mopman isnt monitored 24/7

    OfflineMoparisthebest

    • Global Moderator
    • *****
    • *
    • Posts: 17,143
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #10 on: October 26, 2015, 07:54:03 AM »
    For anyone wanting it to be optional I'd ask this honest question, and I really do want an answer:

    Why?

    I see absolutely no reason for any website to offer http instead https anymore, as far as I can tell there aren't any downsides, and there are a bunch of upsides.  For example HTTP/2, Brotli compression, and probably all new features in the future will only be supported over https anyhow.
    forum.moparisthebest.com
    You can have my gun when you pry it from my cold, dead hands.
    Linux users, we do it in the open.

    OfflineBowser jr

    • Member
    • ****
    • Posts: 6,001
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #11 on: October 26, 2015, 08:15:21 AM »
    Soon Moparscape will be illegal under the current Cameron regime.

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,941
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #12 on: October 28, 2015, 04:17:51 AM »
    For anyone wanting it to be optional I'd ask this honest question, and I really do want an answer:

    Why?

    I see absolutely no reason for any website to offer http instead https anymore, as far as I can tell there aren't any downsides, and there are a bunch of upsides.  For example HTTP/2, Brotli compression, and probably all new features in the future will only be supported over https anyhow.
    No one has an answer to that question because there is no valid answer. These people start with a shitty argument, maybe re-state the shitty argument a bit, make some jokes and/or personal attacks, and then just stop posting. I really don't understand their thought process.. maybe it's government brainwashing??

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,272
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #13 on: October 28, 2015, 08:27:01 PM »
    No one has an answer to that question because there is no valid answer. These people start with a shitty argument, maybe re-state the shitty argument a bit, make some jokes and/or personal attacks, and then just stop posting. I really don't understand their thought process.. maybe it's government brainwashing??
    Maybe it's Maybelline.


    For anyone wanting it to be optional I'd ask this honest question, and I really do want an answer:

    Why?

    I see absolutely no reason for any website to offer http instead https anymore, as far as I can tell there aren't any downsides, and there are a bunch of upsides.  For example HTTP/2, Brotli compression, and probably all new features in the future will only be supported over https anyhow.
    Ok, you can ask "Why?", but the exact same can be asked about not supporting HTTP as a fallback. Why? Nobody is denying the upsides of HTTPS here. You can keep it enabled and it'll stay default. But still, I see absolutely no reason for this website (and I do use 'this' on purpose, because some websites should force https) to not offer http as an option if https is already enabled and default. As far as I can tell, there aren't any downsides, and it's a good fallback if for some reason we have a cert problem and everyone wont be able to view the site because "THIS CONNECTION IS UNTRUSTED"
    « Last Edit: October 28, 2015, 08:29:53 PM by Davidi2 »

    Offlinet4

    • Member
    • ****
    • *
    • *
    • *
    • Posts: 6,798
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #14 on: October 28, 2015, 11:32:37 PM »
    The expired cert problem is a webmaster problem, not a TLS problem. Also, I don't think the content of the data has any bearing of whether or not to implement and enforce security. I don't see any negatives of TLS.

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,272
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #15 on: October 29, 2015, 01:14:43 AM »
    Also, I don't think the content of the data has any bearing of whether or not to implement and enforce security.
    Really? I personally believe you need to factor in everything when you weigh the pros/cons of implementing any type of security. Not every worksite needs ID badges and fingerprint scanners if the benefit doesn't outweigh the hassle. Obviously when you deal with more sensitive information, you implement more security, no? We'll just assume you were speaking strictly about TLS though, because like it's been said the hassle is pretty low and probably wont be noticeable if everything goes as it should. So yes, I think it's fair to say there is no reason to not implement SSL.

    When you go from 'implement' to 'require' though, you have to reevaluate everything. You say "no negatives", but you listed one right there? If a cert expires, I don't really care whose problem it is, do I? Now it's my problem, because I can't access the website. Sure, it's not "directly" a negative of SSL, it's a negative of inattentiveness. Whatever. If only I had a HTTP version of the site to access in the meantime. So now we have one negative. We wont talk about any others because personally I don't know if the caching or ad-related mixed mode issues are still there. So now we weigh the benefits of enforcing TLS over allowing TLS, taking into account that it is used by default if available. What are those benefits? That's what I haven't heard yet, which why I am not yet convinced that the benefits of enforcing it outweigh even the slightest chance of something like an expired cert.


    As a side note, I was getting NGINX errors when trying to access the site early today. What was that?

    OfflineLothy

    • Member
    • ****
    • *
    • *
    • Posts: 7,006
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #16 on: October 29, 2015, 01:46:57 AM »
    Dude, if that's your one worry then don't sweat it - the current certificate won't expire until 2017.

    Stop prattling, it's unbecoming.
    <&Speljohan_> i wouldnt want to live in a society where Mopman isnt monitored 24/7

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,272
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #17 on: October 29, 2015, 01:57:49 AM »
    Hey, I said it was a slight chance. But even 0.00001 is greater than 0 if there's no benefit to enforcing over implementing it as a default. Which is what I'm asking about

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,941
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #18 on: October 29, 2015, 03:13:17 AM »
    Complaining about https because the cert might expire is like demanding a host support telnet because their ssh support is unreliable and sometimes doesn't let you login (man the 70s were great telnet always worked, none of this encryption shit). It might well be a real problem and you're within your rights to take it up with the host, but it would be foolish to downgrade to telnet.

    You're taking a very narrow minded view of this - as people have already stated in multiple topics, the reason for enforcement is that there's no reason for *any* website to support unencrypted comms in 2015. This isn't just about moparscape.

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,272
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #19 on: October 29, 2015, 03:56:30 AM »
    the reason for enforcement is that there's no reason for *any* website to support unencrypted comms in 2015.
    I guess I just disagree then. I see nothing wrong with supporting unencrypted comms in -insert year-, if that's what the client has explicitly requested. Whatever, it's done. I'm sure it wont actually cause problems, it's just a principle thing that I disagree with I guess.

     

    Copyright © 2017 MoparScape. All rights reserved.
    Powered by SMFPacks SEO Pro Mod |
    SimplePortal 2.3.5 © 2008-2012, SimplePortal