Wildcard SSL?

[Proximity]

I can give this site a wildcard ssl if they want?

 

[Nagi]

It's not a contrasting statement. Load will increase, not significantly. Is that better for you? I swear you argue with me for the sake of it.

Are you saying that it is right detrimental to avoid adding SSL for the sake of a "small load increase"? You clearly contradicted yourself when you said that SSL will severely affect the server's performance. But only by a small amount. LOL Are you that stupid?

I only commented on it serving ads, I didn't comment on its use of SSL. I can give you an endless list of non-SSL AdSense users, and it's agreed that revenues are higher. If you stayed up to date with webmasters and forum administration, you'd know ad revenues take quite the hit. You're taking one statement, picking out a word, finding some relevance to your point and classing it as a contradicting statement, which is quite funny. I like your style of arguing, I guess?

Oh sorry. I didn't know you had expected me to be a mind reader and "know what you meant" all of a sudden. I'm sorry to disappoint you but I, sadly, do not have that ability. In accordance to my first topic, you are now telling me that it's right to avoid SSL for the sake of some small bucks? You mentioned above somewhere that you'd be willing to donate towards a site to support it's cause. Then why don't you go ahead and do that instead? Oh. It's because we all have too much pride in ourselves these days...

At least I made a good English technique. I have no comment on this as you didn't make a point other than "yeah, I was wrong" - SSL isn't easy and if you were paying attention for the last bit of time, you'd realise why. Read BeBosny's link to my post earlier on for why SSL is problematic, more-so than my example.

SSL isn't easy... do you not know what's going on? SSL can be added easily. But it's not. Why? Because tiny things need to be sacrificed along the way. If you think that adding SSL is "difficult", then you should not be talking, as clearly, you have no idea how web management works.

They'll likely contact the forum and ask about it, if they're serious about buying a membership. A FAQ also helps.

Good English. 10/10 understood this quote.

Again "yeah, I was wrong" - I advised you to use 2FA (what's wrong with 2FA, btw?) and furthermore use home connections where possible. I also said why SSL on "chat requests" isn't required. No, it doesn't, but your problem was losing your MCM account. A user cannot login without the 2FA data, therefore the account isn't compromised.

Are you illiterate? How does 2FA prevent you from getting your credentials stolen? It prevents others from logging onto your account. Do some research what it does before you try. My friend doesn't know nor give a dam about this market; he doesn't play Minecraft. He took my password, showed it to me, and that was that. What other reason could you possibly need? I don't want my password to be seen by others. I don't know how I can make that anymore clearer.

As for chat requests, you should look at how many POST and GET requests the chatbox client sends every minute. A couple weeks ago, a user's (forgot who) university blocked this site for the "chatbox". And can you guess how they caught on? By the massive amount of requests that are sent to update the box's data every second, each and every message. If the person reading the post requests had discovered an inappropriate link in plain-text, you'd likely be screwed. Now, obviously you'd have no experience with this as you're just second-class but go ahead and take a look at it, try it for yourself.

Learn to use random passwords.

Ahh. Yes. Because a random password prevents your account from being hacked. Nice 1.

"snitch" so you're an advocate of MITM attacks. Well done. You just supported the loss of credentials.

Ahh yes. Another one of your wild assumptions...! When did I say that I support MITM attacks? Just because I don't report a violation makes me a supporter? I frankly did not give a dam. He didn't do anything with the password. He just showed me that he was inside the school's network. And he was a friend. People don't report their friends. But I guess you wouldn't know 'cause you don't have any.

Anyway, I've already suggested auth.mc-market.org if really necessary for authentication requests.

I present to you the #1 XenForo forum (by posts): http://www.ign.com/boards/
SSL? no.

Let's click the magical sign in button.

https://s.ign.com/signin

HTTPS??? OMG??? MY INFO IS SECURE. I'M SO HAPPY. NOW I CAN BE HAPPY MY FRIEND WON'T STEAL MY ACCOUNT INFORMATION. THANK YOU BEBOSNY FOR THE GLOBALISED AUTHENTICATION SYSTEM!!!!

1. They have HTTPS in their sign-in page. They've realized the problem and solved it. Now why don't we?
2. HTTPS isn't required on the whole site. Why not just install it, but not force it? The users who want to use it should be able to use it discreetly.
3. They don't have a Chatbox.

Anyway, you've taken enough time to reason. I refuse to argue with you further. It's been great talking to you. Do your research and come back to me once done, give me a pros and cons list and stop being ignorant and biased.

One Word: Hypocrite

 

[tjrgg]

Problem with BS and other scripts of the same type is that every request is processed through either a cached, downloaded list (most commonly) or (much, much worse) an external API request to lookup the API to see if it fits the block descriptions.

Every request? It will definitely increase load times and it's going to be quite a load on the server to be querying an internal database for every request. To load this page I probably made around 25 requests. That adds up... a lot.

I don't think blocking VPNs and proxies are the way to go here. I've already expressed my view on preventing scams, just as my view on healthcare and education (as examples) is to privatise them as much as possible. Anyway, I'm really busy so this reply will be incomplete. Perhaps there's something constructive in this half post.[DOUBLEPOST=1464027918][/DOUBLEPOST]OK I got time now.


Yes, Google encourages SSL. No, it doesn't encourage SSL. The logic with Google is so flawed. They give a minor SEO boost in return for reduced Adsense income and they hurt your rankings too with all them damn 301 redirects. So basically, they want a "securer" web, while not offering less bullshit in the process doing so.

There's no "longer you wait" - you just don't do it. Forums don't need SSL. Maybe have an auth.mc-market.org domain that handles authentication that has SSL if you *really* want, but again, it's unnecessary. This site isn't handling credit card data or something. Until Google stops beating around the bush with it and actually offers incentives and not punishments, don't even consider doing it for an existing site.


Not exactly how it works (BeBosny can confirm my knowledge in this subject). Yes, it is 'insecure'. You forget point 1: 2FA exists. Point 2: if I was at Heathrow Airport or something and trying to spy on data and try to get some sensitive data... saving something to/from "mc-market.org" would be the last thing I'd be saving on my hard drive.


SSL always decreases performance. Yes, there are things like SPDY for SSL (oh, btw, heard of HTTP2?) but due to the data having to be sent to OpenSSL as well and the handshakes and all that crap, it will always cause higher loads and longer response times than a non-SSL site with optimal configuration also. Not like it's a noticeable difference for the end user in terms of load times, but server load is noticeably increased. It shouldn't result in upgrading your server necessarily.


That would mean a career in YouTube also sucks. A HR guy can also fire someone's ass for no reason too. There is risk everywhere. Certain areas more than others. With Adsense, you can sue Google for BS if you're big enough and obviously move platforms pretty easily. Google aren't interested in BSing people, if you make enough money they will give two shits about blocking you off. I don't know how big MCM weighs on that scale, but I doubt MCM is a problematic site.

2FA is also an inconvenience that not everyone likes to implement. I mean, sure, I've got it anywhere I can have it, but that doesn't mean I don't care to see SSL. There are others that simply won't enable 2FA because it can be a hassle for some that don't always carry their phone or whatever their deal is. 2FA may exist, but that doesn't make it the best option.

I wasn't specific enough on the AdSense thing, but I was referring to using AdSense for websites. I know of a few people that make 6 figures from AdSense on YouTube. However, they also don't rely solely on their ad revenue from YouTube videos, because again, Google can shut down your channel at any time for almost any reason. Google doesn't really care that much about their users, so they definitely wouldn't sweat it.

 

[Overlord]

You write so much bullshit that I began replying to you and realised I'm not going to, so treat yourself to my ignore list. Nice talking to you.

2FA is also an inconvenience that not everyone likes to implement. I mean, sure, I've got it anywhere I can have it, but that doesn't mean I don't care to see SSL. There are others that simply won't enable 2FA because it can be a hassle for some that don't always carry their phone or whatever their deal is. 2FA may exist, but that doesn't make it the best option.

I wasn't specific enough on the AdSense thing, but I was referring to using AdSense for websites. I know of a few people that make 6 figures from AdSense on YouTube. However, they also don't rely solely on their ad revenue from YouTube videos, because again, Google can shut down your channel at any time for almost any reason. Google doesn't really care that much about their users, so they definitely wouldn't sweat it.

2FA is an inconvenience, I'll give you that. I hate 2FA. And yeah, for sure. I think I said Google wouldn't (just to argue lol, I don't remember half the shit I type) but people understand YouTube is really unstable and resort to sponsorships etc. too.

Problem is, is it really worth sacrificing page rank, ad revenue and other sources of income for the people that use public networks +- people like Mana? I mean, if this was my site I'd happily show Mana the door, so he's out of the reasoning already. Seriously speaking, you'd rather have to recover a couple of accounts than see the problems come with *changing* to SSL.

Again, if MCM *started* on SSL the situation would be different. I don't know exactly how effective search engines are for MCM, however, so more analytics could form my opinion. I'd still say that SSL is not required here and very quickly users will want to revert. Cost for the site will increase, and I don't see people like Mana paying for additional bandwidth used. Not every site with an authentication system requires SSL, and forums are one of them. If it becomes a problem where you're wasting more time recovering accounts, or MCM competition arises offering SSL, then do what I said and have auth.mc-market.org like IGN does. But I wouldn't recommend, at all, making the entire site SSL now. For forums, you waste a ton of bandwidth and you reduce a lot of sites that can be embedded in posts. For that reason I regret using SSL on a few of my forums (not all, but a few). So many sites are still non-SSL with no support for SSL, so you're at a disadvantage here.

 

[Nagi]

You write so much bullshit that I began replying to you and realised I'm not going to, so treat yourself to my ignore list. Nice talking to you.

"I'm going to ignore him. I'm going to make sure that I ignore him in the loudest and biggest way possible."
Words of a sore loser. Typical internet fanboy these days... when you've nothing to say, just gotta ragequit.
If you can't make a convincing argument, why would you even bother?

In response to your post... once again, you say that it's right to sacrifice the minority.
Unfortunately, public internet isn't that rare as you would like it to be.
Libraries, Cafes, Schools, Phone's Hotspot, they're everywhere.
Get out of the house more often to see how vulnerable you are ^^

 

[tjrgg]

You write so much bullshit that I began replying to you and realised I'm not going to, so treat yourself to my ignore list. Nice talking to you.

2FA is an inconvenience, I'll give you that. I hate 2FA. And yeah, for sure. I think I said Google wouldn't (just to argue lol, I don't remember half the shit I type) but people understand YouTube is really unstable and resort to sponsorships etc. too.

Problem is, is it really worth sacrificing page rank, ad revenue and other sources of income for the people that use public networks +- people like Mana? I mean, if this was my site I'd happily show Mana the door, so he's out of the reasoning already. Seriously speaking, you'd rather have to recover a couple of accounts than see the problems come with *changing* to SSL.

Again, if MCM *started* on SSL the situation would be different. I don't know exactly how effective search engines are for MCM, however, so more analytics could form my opinion. I'd still say that SSL is not required here and very quickly users will want to revert. Cost for the site will increase, and I don't see people like Mana paying for additional bandwidth used. Not every site with an authentication system requires SSL, and forums are one of them. If it becomes a problem where you're wasting more time recovering accounts, or MCM competition arises offering SSL, then do what I said and have auth.mc-market.org like IGN does. But I wouldn't recommend, at all, making the entire site SSL now. For forums, you waste a ton of bandwidth and you reduce a lot of sites that can be embedded in posts. For that reason I regret using SSL on a few of my forums (not all, but a few). So many sites are still non-SSL with no support for SSL, so you're at a disadvantage here.

You're right. This site doesn't absolutely need SSL, nor is it required. I'm pretty sure I said somewhere that this site has been doing just fine without it. I guess if we had more analytics, we could probably both form a better opinion as to what effect SSL would have on the site.

Now, the idea you have with doing something auth.mc-market.org and having SSL on that, that might not be a bad idea, actually. I'm thinking of something like secure.mc-market.org and that subdomain could have SSL and simply be used for anything that would require an encrypted connection, such as logging in. Wouldn't be a bad compromise.

 

[Overlord]

Now, the idea you have with doing something auth.mc-market.org and having SSL on that, that might not be a bad idea, actually. I'm thinking of something like secure.mc-market.org and that subdomain could have SSL and simply be used for anything that would require an encrypted connection, such as logging in. Wouldn't be a bad compromise.

Exactly the same thing I suggested, except the term 'secure' would allow for other things to be hosted under it too I guess. *if* this becomes a concern, that's one thing you can do. Key word being *if*.