- Files: GIF, JPG, PNG, Maximum:4000 KB, Thumbnails: 600x600 pixels
- Currently 1152 unique user posts. View catalogue
[ Return ] [ Entire Thread ] [ Last 50 posts ]
Posting mode: Reply[ Reply ]
Expand all images.
|>>|| No. 14513
ladm9s I'm going to be doing a little bit of YubYub this afternoon, so if you see the odd server unavailable, 404, do not be alarmed.
|>>|| No. 14518
Either I've already forgotten the password I changed last night or it's because of your yubyubing, either way halp pls.
|>>|| No. 14520
Just standard incorrect password stuff. Managed to get it wrong enough times to lock myself out for 20 minutes. I knew this would happen, I should never have changed it from the original.
It can only be one of about 8 so I'll get it eventually?
|>>|| No. 14523
ah soz. Nah, you've forgotten it man - I'm just installing LetsEncrypt and getting https working - its almost there, but for the youtube embeds.
|>>|| No. 14528
Give me 10m and I'll ban you (hahahaha) with the password in the message.
|>>|| No. 14529
Hmm - changed it on brian's dashboard (is there another way?) maybe it just didn't take. Odd.
100% then it's just the original password I know and love. I'll try it again when I'm allowed (20 mins).
|>>|| No. 14530
It's kind of annoying that I can't reset yours without diving into the DB. Hmmm.
|>>|| No. 14531
It works now - I did change it, so brian's lying to you if he sez I didn't.
It was the one I thought it was too.
I'll slink back into the shadows in embarrassment now.
|>>|| No. 14533
you were seconds away from my hitting go on a MYSQL query I actually had to go look at the code, its been that long.
|>>|| No. 14535
Okay lets encrypt is working for some boards, just some of the background images and the youtube embeds that are broken, particular on star. They will need some minor code changes.
Maybe by tonight it will all be working, but I think it will be boring not being able to see the historical YT embeds in https mode. will be a bigger job to convert all the old ones, but I'll find a way.
Nice. Been bugging me for ages.
|>>|| No. 14536
Hah, sorry m8. I was half expecting you to do it just as I posted.
At least you (re)learned something?
|>>|| No. 14540
that way of doing the background images was one of my worst ever ideas, ever.
|>>|| No. 14543
Okay I think we're there for /*/ and /sfw/ now.
A few of the older YouTube embeds won't work on https: but I have cleaned up some of the more recent ones.
Will declare victory as soon as I have certificate rotation happening automatically.
|>>|| No. 14546
>everything looks the same too.
Always a good start. Where is the YubYub meme?
|>>|| No. 14547
If I just plug in 'britfa.gs' it still gives me the unsecured version, I am not clever enough to know if that's deliberate or not.
|>>|| No. 14549
I won't force the redirect from http to https yet - people can use it if they want.
There is bound to be something buried deep I haven't found yet.
|>>|| No. 14553
Found one weird missing image at the top of /sci/ and /beat/'s youtube embeds aren't there, but I couldn't manage to break anything else.
|>>|| No. 14556
So for people who aren't utter nerds browsing on a Linux box, what's the point of this endeavour again, apart from stopping GCHQ spying on our shitposts?
|>>|| No. 14558
Faster? Encrypting before and decrypting after transmission is really faster? How does that work?
|>>|| No. 14560
Obviously not. But when people add SSL they often upgrade from HTTP/1.1 to HTTP/2 in the process and that does carry performance boosts that can massively outweigh encryption costs. (HTTP/2 implementations don't support plaintext transport.)
|>>|| No. 14565
I'll be doing that next - lets just get this bit working first, it involves some code changes to get it all right and we need to work through all of those. Then I'll start on upgrading to latest nginx which will give us some of that.
Exactly this - now if you're using someone else wifi, say at work or in public, they now won't be able to see which exact bits of /x/ or /y/ you're fapping to. I still can though...
|>>|| No. 14566
> I still can though...
All those occasions where I've had the OP image of the natural/hairy girls thread open for a few minutes were slips of the thumb whilst I was on my phone. Honest, guv.
|>>|| No. 14568
>they now won't be able to see which exact bits of /x/ or /y/ you're fapping to
Who cares? Not having a go, I just still don't see the utility. If someone is browsing .gs at work when they aren't supposed to an encrypted connection isn't going to stop them being found out.
|>>|| No. 14569
I totally agree with that - that isn't the full reason I actually did it though.
A lot of browsers will soon start showing you security warnings and "this site is insecure" soon if we hadn't done this. Google Chrome threatened to do it from October but backed out, but ITZ COMING. It's just a good practice thing. I've been waiting for a particular bit of software to support the kind of server we have, and when I had the time to sit and make all the tiny changes it requires all over the codebase. Brian is old, as am I.
|>>|| No. 14571
It has something to do with your browsing habits being light reading for local authorities as well as law enforcement, not just abstracting your porn habits. And as purpz says, web browsers are already notifying people about unsecured connections.
You seem to making an argument against people hanging curtains, claiming it has no utility, because they don't lock their front door. "Well, why bother having curtains if someone could just walk into your house and see you naked anyway?"
The difference being, they need a reason to come in vs absent mindedly watching you scratch your balls through the living room window and you still have the option to lock your door.
|>>|| No. 14573
That's it - when you're in a hotel, for instance, you're often using a transparent proxy without realising it - what that means in English is that without HTTPS, its actually very easy for all the people in between your browser and my server to see exactly what you're looking at. They still know you're browsing this site, but there is a small degree of extra privacy there.
Don't underestimate how much they can still see though. This way, they have to directly hack your device (or mine), or do some detectable network tricks - it makes it a bit hard to just easily sit in the middle somewhere and snoop up all the traffic.
Like I said though, browsers are detecting when there is "form that contains a password field" as we have when you post, and starting to show a lot more warnings and thats only going to become more prevalent. That's the main reason.
|>>|| No. 14574
Obviously the real solution was to change the password field to a plain input.
|>>|| No. 14575
I considered that - there are probably other ways of giving you the ability to edit/delete your own posts without it or a better way of handling it, but this is quicker.
At work I have seen some mobile phone browsers still give warnings anyway if the connection is not https and I can see thats just how it will go. It's the right thing to do.
|>>|| No. 14577
>It has something to do with your browsing habits being light reading for local authorities as well as law enforcement
I really couldn't give a flying fuck if my council or the fuzz know what I read or look at on .gs. And if I was in such a position to care, if I felt that my patronage of .gs was such a threat to my livelihood, then I would take my own steps to hide my browsing.
>You seem to making an argument against people hanging curtains etc.
Er, I don't really understand your analogy. But to be clear, I'm not saying there is absolutely no point in .gs having HTTPS. I'm saying that I couldn't see the point in purps expending the effort involved in upgrading the server for little tangible benefit.
He's now explained that it's more or less to future-proof the site, and I'm on board with that.
|>>|| No. 14578
>I really couldn't give a flying fuck if my council or the fuzz know what I read or look at on .gs.
NUFFIN TO IDE NUFFIN TO FEEUR INNIT
|>>|| No. 14579
HTTPS is important for secure transactions, but it's also about strength in numbers. If every site uses HTTPS by default, it massively hampers bulk surveillance. With HTTPS enabled, all an eavesdropper can see is that you visited a website. They can't see what pages you visited, they can't see what username you logged in with, they can't see what content you posted. HTTPS is relatively straightforward to enable for most sites, but it gives users a substantial degree of privacy with no effort on their part. It also provides some degree of security by reducing the opportunity for malicious third-parties to inject their code into a website.
The major browsers are giving increasingly aggressive warnings about non-HTTPS sites to encourage web developers and admins to do the right thing. Google have said that eventually they intend to block all non-HTTPS connections by default, so it's not a matter of if sites should switch to HTTPS but when.
|>>|| No. 14580
>HTTPS is important for secure transactions, but it's also about strength in numbers. If every site uses HTTPS by default, it massively hampers bulk surveillance.
This. If you only use TLS for important stuff, then anyone intercepting your traffic (and it almost certainly is being intercepted somewhere) can tell which sites are important to you. That information is useful and valuable in and of itself. If you use TLS for unimportant stuff too, then this signal becomes useless.
|>>|| No. 14581
True, but probably 1% of the sites I'm currently browsing are not forcing an HTTPS connection by default. So that is no real reason for .gs to join if the gang is already so large. Again, it's about what is a good investment of marple's limited time.
|>>|| No. 14582
I think purps can decide for himself what is and isn't a good investment of his time, you berk.
|>>|| No. 14583
How many others are there? Off the top of my head I can only think of green and I think the Oak Furniture Land fame went to his head.
It's annoying me that this is the kind of thing I used to know but I've now forgotten, although I'm also annoyed that I'm not sure how much value I should place on being able to recall niche internet trivia.
|>>|| No. 14584
Marple is a wordfilter for Dear Leader's mod handle, which can only be invoked on the full moon.
|>>|| No. 14586
He certainly can; doesn't mean I won't fail to understand it.
But I've already said that I accepted purps' reasoning about ten posts ago so I haven't a clue why you're still going on about it.
|>>|| No. 14587
I'll be attempting some slightly more exciting things later in the week, but I wanted to get this one out of the way first.
It's a good question on why I spend any time doing things to the site; I just do it because I like it, I don't start a new job for at least another week and I learn/practise a lot of things I use at work, here - you're my secret guinea pigs.
|>>|| No. 14590
The older embeds should now work.
I'll overhaul the YouTube stuff this week so only the thumbnail is embedded until you press play. That'll mean far less wasted data and it'll workaround the swapped video race condition.
|>>|| No. 14618
You can now embed YouTube videos without tags: just paste the video URL from the address bar.
Let me know if these low-fat embeds really need to be integrated with the /o/ options or of any other problems. I'd not be surprised if some (low-res) videos don't get properly thumbnailed.
I'll leave the old tags as they were for now.
|>>|| No. 14619
If nothing happens when you click the thumbnail you'll need to hard refresh. We'll get these caching issues sorted now dev work is resuming.
|>>|| No. 14620
Looks like you have to press play twice on Android/Chrome because they've disabled autoplay. I'm sure there's a workaround.
|>>|| No. 14625
Just tried it on test and I get a big grey 'video not found' placeholder graphic. But using the tags embeds it just fine.
|>>|| No. 14636
>They can't see what pages you visited
HTTPS doesn't encrypt the URL you're viewing.
|>>|| No. 14637
Yes it does. The actual HTTP request is sent after the tunnel is established.
|>>|| No. 14643
Turns out overcoming this isn't as simple as I'd hoped. How do we feel about having to press play twice? Would it be better to follow 4chan and link to the video instead? I believe this would usually load the YouTube app.
[ Return ] [ Entire Thread ] [ Last 50 posts ]