Rules/FAQ | Memberlist | Calendar | Stats | Online users | Last posts | Search
|
| ||
| Views: 18,252,960 |
Home
| Forums
| Uploader
| Wiki
| Object databases
| IRC
Rules/FAQ | Memberlist | Calendar | Stats | Online users | Last posts | Search |
03-25-23 02:21 AM |
| Guest: | ||
| 0 users reading HTTP deprecation. it's becoming a thing. | 1 bot |
| Main - General Chat - HTTP deprecation. it's becoming a thing. | Hide post layouts | New reply |
| Arisotura |
| ||
 Star Mario in this room you have a pile of apple pies Level: 161 
Posts: 7231/9007 EXP: 53499828 Next: 613289 Since: 07-03-12 From: in a box 
Last post: 2 hours ago Last view: 2 hours ago |
so Firefox is already at it.
right now, it seems to only show up if the page contains a password field, but... it does show that "omg HTTP is unsecure" icon. I'm not opposed to more security if we have a proper, mature infrastructure to support it. Right now, getting a HTTPS certificate is either "pay lots of money and maybe get good service" or "cheap/free but service is crap and we don't give a shit". In the current state of things, deprecating HTTP looks pretty much like an attempt at restricting the web to the rich. Just like the web browser market is an oligopoly that may eventually become a Webkit monopoly. Ideally, HTTPS certificates should be provided along with domains when you register those. ____________________ NSMBHD - Kafuka - Jul melonDS the most fruity DS emulator there is zafkflzdasd |
| Yami |
| ||
|
(ーωー。) Level: 59 
Posts: 793/959 EXP: 1634636 Next: 38492 Since: 12-07-14 From: Japan Last post: 2083 days ago Last view: 2081 days ago |
Well, I paid like 12 US Dollars for a certificate for DSHack.org myself, and it's considered good enough.
As a bonus, the more certificates I buy for more domains, the higher the discount I get on them. |
| Arisotura |
| ||
|
Star Mario in this room you have a pile of apple pies Level: 161
Posts: 7233/9007 EXP: 53499828 Next: 613289 Since: 07-03-12 From: in a box
Last post: 2 hours ago Last view: 2 hours ago |
| Anthe |
| ||
|
Member I have found a basket to put in my SD card reader so I never lose it Level: 65 
Posts: 1022/1099 EXP: 2266846 Next: 68782 Since: 08-17-12 From: Belgium Last post: 370 days ago Last view: 24 days ago |
What's wrong with Let's Encrypt? I've used it for more than a year now and had zero issues. ____________________ ![[image]](http://backloggery.com/anthe/sig.gif) |
| Yami |
| ||
|
(ーωー。) Level: 59
Posts: 794/959 EXP: 1634636 Next: 38492 Since: 12-07-14 From: Japan Last post: 2083 days ago Last view: 2081 days ago |
Posted by StapleButter I think you're confusing it with DigiNotar. |
| Baby Luigi |
| ||
|
Baby Luigi Level: 52 
Posts: 446/749 EXP: 1038625 Next: 45215 Since: 03-13-16 From: Lost in Time Last post: 1329 days ago Last view: 1323 days ago |
Wondering, but is there any significant advantage HTTP has over HTTPS? I mean, Marioboards has recently converted to HTTPS and people were happy about being more secure. Is price the only thing? Sorry, I'm a doofus when it comes to this stuff, so please enlighten me.
|
| Arisotura |
| ||
|
Star Mario in this room you have a pile of apple pies Level: 161
Posts: 7235/9007 EXP: 53499828 Next: 613289 Since: 07-03-12 From: in a box
Last post: 2 hours ago Last view: 2 hours ago |
HTTP over HTTPS, pros and cons:
pros: * doesn't require dealing with CAs * is set up easily * works always * is easily implemented in amateur projects * oh and doesn't complain if images or other meaningless assets happen to be loaded over an unsecure connection cons: * not suitable when sensitive data are being transferred. * in the event someone wants your Kuribo64 password and happens to be on your network, they can sniff it. chance of this happening is generally low. * similarly, they could sniff posts being posted in the staff forums. not like we're using said forums to exchange nuclear codes. * is eventually going to be deprecated because the CA lobby is pushing HTTPS to I would add that HTTP is also vulnerable to shit like reckless ISPs tampering with webpages, but it's been shown that similar attacks are also possible over HTTPS. ____________________ NSMBHD - Kafuka - Jul melonDS the most fruity DS emulator there is zafkflzdasd |
| LeftyGreenMario |
| ||
![[image]](http://www.mariowiki.com/images/a/af/Mario_Mugshot_%2798.gif) Don't like politics? Too bad, it's-a Mario time. Level: 80 
Posts: 916/2062 EXP: 4743416 Next: 39553 Since: 03-14-16 From: Stabbing Wario Last post: 20 days ago Last view: 19 days ago |
Would HTTPS be suitable if you're going online in public wifi hotspot, or is it just paranoia? Because someone told me that if you're using HTTP in a public area, the person who owns the hotspot can take your password. I believe that's the "sniffing" thing, is it? Why are the odds of that happening very low?
|
| Spacey |
| ||
 Ninji Normal user Level: 33 Posts: 218/244 EXP: 217792 Next: 11387 Since: 04-15-14 Last post: 1728 days ago Last view: 902 days ago |
It is better to use HTTPS in public places, you dont even need to own the hotspot to steal logins and info with those, just a copy of wireshark or even a custom built packet sniffer/network monitoring tool if they dont want to use one of the thousands that exist. They can still get your traffic with https afaik but its encrypted so its sorta pointless. ____________________ Hacking LM and trying to not suck. Weeeeeeee. |
| Kak |
| |||||||||
|
Member heh Level: 14 
Posts: 25/36 EXP: 10492 Next: 2579 Since: 10-07-16 From: Somewhere Last post: 1698 days ago Last view: 1210 days ago |
|
| Arisotura |
| ||
|
Star Mario in this room you have a pile of apple pies Level: 161
Posts: 7243/9007 EXP: 53499828 Next: 613289 Since: 07-03-12 From: in a box
Last post: 2 hours ago Last view: 2 hours ago |
Posted by LeftyGreenMario maybe because noone cares about your Kuribo64 credentials? 
there's always the chance that you have some nolife/troll sniffing passwords for the sake of it, but generally those people can be found sitting between piles of soda cans in their mom's basement, not so much in public places. ____________________ NSMBHD - Kafuka - Jul melonDS the most fruity DS emulator there is zafkflzdasd |
| Arisotura |
| ||
|
Star Mario in this room you have a pile of apple pies Level: 161
Posts: 7305/9007 EXP: 53499828 Next: 613289 Since: 07-03-12 From: in a box
Last post: 2 hours ago Last view: 2 hours ago |
new Firefox feature: if you activate a username or password field on a HTTP page, it sticks a big paranoid warning under it whining about how the evil h4xx0rs are going to steal your credentials
the CA lobby is pushing, and I refuse to give in ____________________ NSMBHD - Kafuka - Jul melonDS the most fruity DS emulator there is zafkflzdasd |
| Dilene |
| ||
|
Member I could keep going all day, but it's 2:00 and I have to sleep. Level: 15 
Posts: 2/44 EXP: 13673 Next: 2711 Since: 03-21-17 Last post: 1557 days ago Last view: 1519 days ago |
Posted by StapleButter Just wait until they plaster the "This page is insecure because of reasons no one but the geeks will read about" page on every http site before you even enter it. ____________________ ≤!-- Am I doing this right? --≥ |
| Arisotura |
| ||
|
Star Mario in this room you have a pile of apple pies Level: 161
Posts: 7306/9007 EXP: 53499828 Next: 613289 Since: 07-03-12 From: in a box
Last post: 2 hours ago Last view: 2 hours ago |
phishing with HTTPS
does HTTPS make you safe against phishing? nope. especially not as everyone and their mom can get a 'good' certificate now. HTTPS isn't a magical security thing. nothing is. security is 50% ensuring infrastructure quality, 50% educating the users. just like having the world's safest password storage is pointless if your password is 'qwerty'. as I have already said, the HTTPS trend only aims at selling more certificates and raising the web entry barrier. it's not like there aren't ways to make things more secure if they're genuinely concerned about it. like, providing certificates along with domain names when you register those -- no hassle, no bad certificates, etc. or SSH-style login on the web. ____________________ NSMBHD - Kafuka - Jul melonDS the most fruity DS emulator there is zafkflzdasd |
| LeftyGreenMario |
| ||
|
Don't like politics? Too bad, it's-a Mario time. Level: 80 
Posts: 984/2062 EXP: 4743416 Next: 39553 Since: 03-14-16 From: Stabbing Wario Last post: 20 days ago Last view: 19 days ago |
the extra s is nice, though
|
| Arisotura |
| ||
|
Star Mario in this room you have a pile of apple pies Level: 161
Posts: 7309/9007 EXP: 53499828 Next: 613289 Since: 07-03-12 From: in a box
Last post: 2 hours ago Last view: 2 hours ago |
oh also, I log in to that (HTTP) board, and don't have my password saved (I tend to not save passwords on my laptop)
before: focus the username field, Firefox lists potential entries, among which is my username for that board, which is handy after: focus the username field, OMG THIS SITE IS INSECURE EVIL HAXXORS WILL STEAL YOUR PASSWORD!!!!!!!1111 but the nice handy username list is GONE congratulations, Mozilla you have removed a useful feature to replace it with fearmongering in favor of the CA lobby at this rate you might as well drop HTTP support already ____________________ NSMBHD - Kafuka - Jul melonDS the most fruity DS emulator there is zafkflzdasd |
| Dilene |
| ||
|
Member I could keep going all day, but it's 2:00 and I have to sleep. Level: 15
Posts: 3/44 EXP: 13673 Next: 2711 Since: 03-21-17 Last post: 1557 days ago Last view: 1519 days ago |
Posted by StapleButter Really? I use Developer Edition and I still get the listing on http pages. Then again that's stuff that you can change with about:config (security.insecure_field_warning.contextual.enabled and signon.autofillForms.http to allow autofill again) but that is still shitty to do. ____________________ ≤!-- Am I doing this right? --≥ |
| LeftyGreenMario |
| ||
|
Don't like politics? Too bad, it's-a Mario time. Level: 80 
Posts: 990/2062 EXP: 4743416 Next: 39553 Since: 03-14-16 From: Stabbing Wario Last post: 20 days ago Last view: 19 days ago |
It's annoying that in the version of FireFox I use, they nag about how the connection isn't secure when I want to log in. Though it's a FireFox problem, not a HTTP vs HTTPS thing. Right?
|
| poudink |
| ||
 Bob-Omb [sic] Level: 48 
Posts: 220/616 EXP: 776449 Next: 47094 Since: 03-01-16 From: Québec (Canada) Last post: 500 days ago Last view: 434 days ago |
Opera began doing it too:
![[image]](https://i.imgur.com/NMexbre.png) ____________________ Nothing to say, so jadnjkfmnjamnfjkldnajfnjkanfjdksan jsdnvj m. |
| Arisotura |
| ||
|
Star Mario in this room you have a pile of apple pies Level: 161
Posts: 7401/9007 EXP: 53499828 Next: 613289 Since: 07-03-12 From: in a box
Last post: 2 hours ago Last view: 2 hours ago |
I guess Chrome is doing it, and since Opera uses Webkit too...
anyway I did as suggested by Dilene, and nice, it works. but we can predict that the feature will eventually get 'accidentally' broken, then removed. ____________________ NSMBHD - Kafuka - Jul melonDS the most fruity DS emulator there is zafkflzdasd |
| Main - General Chat - HTTP deprecation. it's becoming a thing. | Hide post layouts | New reply |
|
Page rendered in 0.070 seconds. (2048KB of memory used) MySQL - queries: 29, rows: 236/236, time: 0.011 seconds. ![[powered by Acmlm]](img/poweredbyacmlm.png "powering nostalgia")
Acmlmboard 2.064 (2018-07-20)© 2005-2008 Acmlm, Xkeeper, blackhole89 et al. |