Register - Login
Views: 99328831
 Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies 		04-21-22 10:07:36 AM
Jul - General Chat - small update New poll - New thread - New reply
Next newer thread | Next older thread
Xkeeper

Level: 263


Posts: 21712/25343
EXP: 296639712
For next: 2320741

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 6 days
Last activity: 7 hours
Posted on 04-21-16 04:22:39 AM Link | Quote
https

nothing else uses it, and it may break a lot of things b/c of other stuff not using https. but there it is.

____________________
(Testing: 21712 posts, level 228, 181397449 EXP)
Dprotp
GIRL'S GOT A PENITENTIARY BODY
Level: 107


Posts: 2832/3147
EXP: 12979235
For next: 112076

Since: 07-04-07

Pronouns: he/him
From: FIRE STATE

Since last post: 1.5 years
Last activity: 93 days
Posted on 04-21-16 04:29:45 AM Link | Quote
take that, FBI

____________________
Xenesis

Roy Koopa
Actually a Doctor
Level: 101


Posts: 2340/2731
EXP: 10469363
For next: 248312

Since: 07-28-07

Pronouns: She/Her
From: Orange Star's Retirement Villa

Since last post: 36 days
Last activity: 2 hours
Posted on 04-21-16 07:48:07 AM Link | Quote
Neat!
RanAS
Member
Level: 55


Posts: 149/842
EXP: 1281200
For next: 32989

Since: 10-10-14

From: São Paulo, Brazil

Since last post: 21 days
Last activity: 14 hours
Posted on 04-21-16 12:59:54 PM (last edited by RanAS at 04-22-16 09:31:55 AM) Link | Quote
Very neat indeed! It actually is working way better than I thought it would. So far the only thing my browser is blocking is this random stylesheet in the site header, which I'm sure isn't even used at this point: 
<link rel="stylesheet" href="http://xkeeper.net/img/layouts/fonts/stylesheet.css" type="text/css">

Anything else works fine. It's complaining about the images being loaded too but those are minor warnings (and completely inevitable because there's no way to encode every single image in here under HTTPS, just no).

If you want to test the HTTPS padlock thingy: https://jul.rustedlogic.net/hex.php?scheme=21

EDIT: Doesn't work with the default theme but it works if you have Pinstripe Blue, so I added it to the URL.

____________________
"If you're still young, still young, still young
Tomorrow you'll be old, you'll be old, you'll be old!
Unless your heart, your heart resists
Youth is something that never dies!"
Thanks to Rambly, who coded my previous layout.
Xkeeper

Level: 263


Posts: 21713/25343
EXP: 296639712
For next: 2320741

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 6 days
Last activity: 7 hours
Posted on 04-21-16 05:46:02 PM Link | Quote
That's right, that stylesheet is quite old/not used any more. Probably should be removed...

The other problem is that a lot of user-stylesheets will break, but not sure how to fix that one easily without a lot of work. Hmhm...

____________________
(Testing: 21713 posts, level 228, 181425721 EXP)
Arisotura
Member
Level: 49


Posts: 194/614
EXP: 879615
For next: 4268

Since: 02-24-13

From: your dreams

Since last post: 90 days
Last activity: 48 days
Posted on 04-21-16 06:01:59 PM Link | Quote
that's why Acmlmboard and HTTPS don't go well together


a partial solution would be providing an uploader for stylesheets and such, wouldn't prevent people from embedding external contents like images though

____________________
Kuribo64 -- NSMB2 hacking and other crap
Joe
Common spammer
🍬
Level: 111


Posts: 3250/3392
EXP: 14485176
For next: 383184

Since: 08-02-07

From: Pororoca

Since last post: 12 hours
Last activity: 10 hours
Posted on 04-21-16 06:03:46 PM Link | Quote
My layout and profile should be all HTTPS now.

Now I'm just waiting for that crusty old stylesheet to be removed so I can see the padlock when I click my name.

____________________
ふにゃあ。
Xkeeper

Level: 263


Posts: 21714/25343
EXP: 296639712
For next: 2320741

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 6 days
Last activity: 7 hours
Posted on 04-21-16 06:05:53 PM Link | Quote
Originally posted by StapleButter
that's why Acmlmboard and HTTPS don't go well together


a partial solution would be providing an uploader for stylesheets and such, wouldn't prevent people from embedding external contents like images though

This is true, but I would like to imagine that in a possible future we will have HTTPS everywhere.

____________________
(Testing: 21714 posts, level 228, 181438644 EXP)
dotUser
From the Grave
Level: 91


Posts: 2151/2357
EXP: 7417138
For next: 51774

Since: 10-20-10

Pronouns: she/her
From: a particularly peculiar tiny store's back shelf

Since last post: 22 days
Last activity: 6 days
Posted on 04-21-16 11:32:25 PM Link | Quote
If I had any clue how that works, I'd just set my subdomain here to use it, too. But I don't, and wont even pretend I do. www

____________________
Web | Twitter | Tumblr
Arisotura
Member
Level: 49


Posts: 195/614
EXP: 879615
For next: 4268

Since: 02-24-13

From: your dreams

Since last post: 90 days
Last activity: 48 days
Posted on 04-21-16 11:34:49 PM Link | Quote
not so sure HTTPS will be really 'everywhere' -- it doesn't really make sense for things like static webpages


(oh right, static webpages aren't cool anymore)

____________________
Kuribo64 -- NSMB2 hacking and other crap
Xkeeper

Level: 263


Posts: 21716/25343
EXP: 296639712
For next: 2320741

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 6 days
Last activity: 7 hours
Posted on 04-22-16 03:27:57 AM Link | Quote
It makes perfect sense for everything. No SSL means there's no promise that what you're seeing is what you're supposed to. Without SSL, your static webpage could actually be serving up malicious data, or the wrong data entirely. (What are you going to do if you're serving "static" JS over HTTP? Oops.)

HTTPS is like immunizations in that even if the actual chances of something bad happening are slim, the benefits to those who are at risk are very much worth it.

____________________
(Testing: 21716 posts, level 228, 181474725 EXP)
RanAS
Member
Level: 55


Posts: 150/842
EXP: 1281200
For next: 32989

Since: 10-10-14

From: São Paulo, Brazil

Since last post: 21 days
Last activity: 14 hours
Posted on 04-22-16 10:05:48 AM Link | Quote
OK, one more little problem. The default theme's background goes to http://xkeeper.net/img/starsbg.png, which isn't HTTPS. Since it's only an image, the browser doesn't complain about it, but it's enough to cause the green padlock thingy to go away. If there's ever a need for that to be displayed, then all of the images must also be provided over HTTPS.

Night: https://jul.rustedlogic.net/hex.php?scheme=0
Pinstripe Blue: https://jul.rustedlogic.net/hex.php?scheme=21

Night is the only theme that does that. I tested it. I even found the seizure theme on the way there.

____________________
"If you're still young, still young, still young
Tomorrow you'll be old, you'll be old, you'll be old!
Unless your heart, your heart resists
Youth is something that never dies!"
Thanks to Rambly, who coded my previous layout.
Arisotura
Member
Level: 49


Posts: 197/614
EXP: 879615
For next: 4268

Since: 02-24-13

From: your dreams

Since last post: 90 days
Last activity: 48 days
Posted on 04-22-16 10:22:47 AM Link | Quote
oh right, I forgot about the authentication part


part of me thinks this should be extended to more than webpages though, like, by integrating encryption/auth to lower-level protocols like TCP

____________________
Kuribo64 -- NSMB2 hacking and other crap
Sanqui
2060
💛🤍💜🖤🦉
Level: 87


Posts: 1413/2066
EXP: 6302962
For next: 89812

Since: 12-20-09

Pronouns: any ✨
From: Czechia | Estonia

Since last post: 3 days
Last activity: 1 hour
Posted on 04-22-16 10:41:29 AM Link | Quote


*Sanky flops.

level 67

exp 2555610

exppct 71.6%

numposts 1413

 
Originally posted by StapleButter
oh right, I forgot about the authentication part


part of me thinks this should be extended to more than webpages though, like, by integrating encryption/auth to lower-level protocols like TCP

It's too late for that with existing infrastructure, but take a look at Cjdns and Hyperboria.

____________________
In our brief lives,  •  we've managed to meet.  •  Treasure this gift,  •  this precious time that we have.        
Xkeeper

Level: 263


Posts: 21718/25343
EXP: 296639712
For next: 2320741

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 6 days
Last activity: 7 hours
Posted on 04-22-16 05:42:34 PM Link | Quote
Probably simple enough to fix (if I cared) since xkeeper.net should also support HTTPS now as well (welp)

Speaking of, anyone with a domain hosted under me just needs to tell me and I can push the button to get a let's encrypt cert

____________________
(Testing: 21718 posts, level 228, 181516543 EXP)
Xkeeper

Level: 263


Posts: 21719/25343
EXP: 296639712
For next: 2320741

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 6 days
Last activity: 7 hours
Posted on 04-22-16 06:05:25 PM Link | Quote
Fixed that and the other thing (with the leftover stylesheet). IRC post links also now default to https.



____________________
(Testing: 21719 posts, level 228, 181529528 EXP)
Joe
Common spammer
🍬
Level: 111


Posts: 3251/3392
EXP: 14485176
For next: 383184

Since: 08-02-07

From: Pororoca

Since last post: 12 hours
Last activity: 10 hours
Posted on 04-22-16 06:28:32 PM Link | Quote
Looks like a couple of banner images are HTTP links for some reason.

no padlock here

no padlock here either

____________________
ふにゃあ。
Xkeeper

Level: 263


Posts: 21720/25343
EXP: 296639712
For next: 2320741

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 6 days
Last activity: 7 hours
Posted on 04-22-16 06:43:07 PM Link | Quote
Those should also work now

____________________
(Testing: 21720 posts, level 228, 181542804 EXP)
Arisotura
Member
Level: 49


Posts: 200/614
EXP: 879615
For next: 4268

Since: 02-24-13

From: your dreams

Since last post: 90 days
Last activity: 48 days
Posted on 04-23-16 05:02:01 PM Link | Quote
something that would be interesting would be recognizing certain URLs (for example, imgur) and removing whatever prefix they have, ie. http://i.imgur.com/umOuhkm.jpg -> //i.imgur.com/umOuhkm.jpg

(or forcibly add a https prefix?)


although this requires getting a list of which common websites support HTTPS

____________________
Kuribo64 -- NSMB2 hacking and other crap
Xkeeper

Level: 263


Posts: 21724/25343
EXP: 296639712
For next: 2320741

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 6 days
Last activity: 7 hours
Posted on 04-23-16 10:54:19 PM Link | Quote
Not too difficult, just time consuming and probably not worth the effort. There are already a few filters for this sort of thing, but mostly directed at particular people who had remarkably annoying hosting that caused problems (see: imageshack, some idiot using FTP(!!!), god knows what else)

____________________
(Testing: 21724 posts, level 228, 181626107 EXP)
Next newer thread | Next older thread
Jul - General Chat - small update New poll - New thread - New reply


Rusted Logic

Acmlmboard - commit 47be4dc [2021-08-23]
©2000-2022 Acmlm, Xkeeper, Kaito Sinclaire, et al.

32 database queries, 5 query cache hits.
Query execution time: 0.087016 seconds
Script execution time: 0.039284 seconds
Total render time: 0.126300 seconds