BotB Now Has HTTPS
BotB Academy Bulletins
 
 
101052
Level 27 Hostist
Not everything has switched over completely, but we're at least at 95% done getting all site URLs updated. The original http should still be working for people who don't want https for whatever reason. Please post any breakage you find here and I'll get it fixed.
 
 
101055
Level 26 Renderist
post #101055 :: 2018.06.21 12:45pm :: edit 2018.06.21 12:46pm
  
  sleeparrow liēkd this
thank you. is this adding toward cost?
 
 
101056
Level 27 Hostist
post #101056 :: 2018.06.21 12:53pm :: edit 2018.06.21 1:45pm
  
  petet, Savestate and kleeder liēkd this
Nope. I was digging through dreamhost's control panel trying to find info about the lag we've been experiencing and saw `https` as an option. There was a payable version and two free versions. I'm in a holding pattern at work so I thought I'd give it a go!
 
 
101059
Level 22 Mixist
post #101059 :: 2018.06.21 2:12pm
wow, the site is noticeably faster now! is this why?
 
 
101063
Level 27 Hostist
post #101063 :: 2018.06.21 3:02pm
i honestly have no idea :shrug:
 
 
101087
Level 26 Renderist
post #101087 :: 2018.06.22 6:27am :: edit 2018.06.22 6:51am
  
  anewuser liēkd this
gotta find a way to add https to links. when you travel around the site, it defaults to http links from https. kthx.

funny thing is that i'm even using HTTPS Everywhere

edit: really strange. seems like some sections of botb will give http links and some will give https; and it doesn't really make a pattern as to which.

sometimes when you visit an https link the images won't be linked with https.
 
 
101094
Level 27 Hostist
post #101094 :: 2018.06.22 11:13am
  
  anewuser liēkd this
Can you give me specific examples?

The only http inside https for images I know of right now are the sprite characters that count ohb trophies on profile pages.
 
 
101095
Level 25 Chipist
post #101095 :: 2018.06.22 11:22am
don't know how sites like google, yahoo, youtube and bing are handling https, but they are still able to load on older browsers.
 
 
101096
Level 23 Mixist
post #101096 :: 2018.06.22 12:25pm :: edit 2018.06.22 12:45pm
is there a way to use a CA that browsers trust?

even if you get https to work correctly everywhere, i'd assume people would think the self signed "unsafe" certificate would give off the impression that it still doesn't work.

but i guess letsencrypt (or the likes) hasn't been chosen for a good reason. so maybe nvm this.

edit: maybe this was due to my own cache. or me being on crack or w/e. suddenly seems to be no issues anymore (and the cert is trusted)
 
 
101097
Level 26 Renderist
post #101097 :: 2018.06.22 12:30pm :: edit 2018.06.22 9:31pm
Things seem to change time to time. Assume that I'm always using HTTPS.

examples(?):

- "Recent Activity..." links from homepage
- "Bulletins, News, and Development..." from the homepage.
- User surveillance links from Admin page.
- "Help" link at bottom of page.
- Certain BotB links in the Lyceum, "Glossary"

That's a start for now.
 
 
101103
Level 27 Hostist
post #101103 :: 2018.06.22 2:02pm
Thanks. I'll try to knock those out today.
 
 
101105
Level 17 Chipist
post #101105 :: 2018.06.22 3:22pm
HTTPS :ZUNgasm: :ZUN_nut:
 
 
101121
Level 27 Hostist
post #101121 :: 2018.06.23 12:22am :: edit 2018.06.23 3:41pm
  
  Savestate, anewuser, b00daw and zygrunt liēkd this
These things fixed --

thread links on homebunk
creative commons links/images
`help` link in footer
lyceum glossary article links
botbr profile trophy case links
sprite text counters for ohb tropiez
user surveillance links from Admin page

Pretty sure the above cover all cached templates. The goal is to make sure links don't accidentally flipflop botbrs between unsecure and secure browsing. Possible to force a redirect from http to https in the future.
 
 
102261
Level 26 Renderist
post #102261 :: 2018.07.21 2:51am :: edit 2018.07.21 2:51am
  
  petet, anewuser, MiDoRi and Savestate liēkd this
using google search within BotB results in non-HTTPS results within Google.
 
 
102352
Level 13 Mixist
post #102352 :: 2018.07.23 1:49pm
  
  Producer-san, Savestate, kleeder, MiDoRi and Slimeball liēkd this
was waiting for the day public toilets would be safe
 
 
102370
Level 27 Hostist
post #102370 :: 2018.07.24 7:36am
So I added `https` to the search query if you're on https, but seems like google don't give a shit.

...yet?
 
 
102373
Level 26 Renderist
post #102373 :: 2018.07.24 9:42am
  
  djmaximum hæitd this
  
  Savestate liēkd this
right, i think google hasn't propagated any search resluts from battleofthebits.org using HTTPS. that seems the case.

does this help?

https://wiki.apache.org/httpd/RewriteHTTPToHTTPS

could you force the server to redirect to HTTPS? that way the bots scrape HTTPS
 
 
102374
Level 27 Hostist
post #102374 :: 2018.07.24 9:46am
  
  Savestate liēkd this
yeah -- that would be the final step

just curious if for any reason there are people who can't use https
 
 
102376
Level 25 Chipist
post #102376 :: 2018.07.24 11:18am :: edit 2018.07.24 11:29am
  
  Slimeball liēkd this
Safari 5 will not let me use the https version of the site, so I'll still use the http version.
 
 
102429
Level 26 Renderist
post #102429 :: 2018.07.26 4:31pm :: edit 2018.07.26 4:54pm
  
  djmaximum and Slimeball hæitd this
  
  kleeder liēkd this
pukey pukes: move forward with HTTPS. people (and djmax) will need to adapt.

most of us are able to connect using HTTPS. there are ways around things. HTTPS benefits everyone. it's more secure and keeps nefarious shit mostly away for you client-side on your activities. instead of you complaining about why something good (objectively) is being implemented and why your current format does not support it, this is a calling to you to assure it's supported for you and your platform. there should be many ways for it to be available for you.

this isn't some corporate rhetoric where a for-profit company is telling you to accept something for their will of gain. honestly, i think puke just decided to accept something because he thinks it would help against bots and shit. (don't think we really know if it will or not. however, the potential is there against mitm attacks.)

i know you're borderline half-troll and pure-autist. and i don't blame you for it. keep growing. and again... keep growing (djmax.)

addendum:

we need to do this for a while so that google propagates HTTPS search results. otherwise it maintains HTTP only. or someone can help puke program a non-Googlespiderbot search system... however that also kills our resources... So no... HTTPS is the best way.
 
 
102438
Level 25 Chipist
post #102438 :: 2018.07.26 5:14pm
  
  RazerBlue6 and kleeder hæitd this
No pleas don't I'm not ready for it yet
 
 
102439
Level 26 Renderist
post #102439 :: 2018.07.26 5:19pm
  
  anewuser liēkd this
the sooner we migrate the quicker you'll find ways of it being available to you. you already found your issue of being able to join IRC solved.
 
 
102440
Level 23 Taggist
post #102440 :: 2018.07.26 5:34pm
could someone host a https? does sanyone has the badge already? :(
 
 
102442
Level 25 Chipist
post #102442 :: 2018.07.26 5:37pm :: edit 2018.07.26 5:39pm
  
  RazerBlue6 hæitd this
I'm not ready to use Mozilla FireFox yet. I'm too scared to host an ohb with that browser because it will crash if I try to host one with FireFox 48.0.2 instead of Safari 5.1.10, and that is the reason why I refuse to switch over to https.
 
 
102564
Level 23 Taggist
post #102564 :: 2018.08.02 3:16am
i'm using https but some of my alerts are still linking to non-https
 
 
102575
Level 27 Hostist
post #102575 :: 2018.08.02 2:02pm
  
  kleeder liēkd this
hmmm... alerts and the links in tweets could be changed to https only... but uh.... maybe?
 
 

LOGIN or REGISTER to add your own comments!