First Numbers from CloudFlare
-
@coliver Right, but Green Lock just means everything is fine with the SSL Certificate.
-
@aaronstuder said in First Numbers from CloudFlare:
@coliver Right, but Green Lock just means everything is fine with the SSL Certificate.
Yep.
-
OK never heard of the green lock before.
is forced TLS a requirement of green lock? Seems unlikely.
We don't get a green lock because of the RS CDN you found.
-
@aaronstuder said in First Numbers from CloudFlare:
@IcyApril said:
- HTTPS - By enabling HTTPS you can allow your users to access your site through HTTP/2 and SPDY, which dramatically improves page load speed. After this is enabled, you can configure HTTP/2 Server Push to get things to be even faster.
lol. How long has this been on @scottalanmiller todo list? It took us 2 years to get email, hopefully we can get this done faster?
But email was NOT on MY to do list. You never waited for me.
-
@aaronstuder said in First Numbers from CloudFlare:
@IcyApril said:
- HTTPS - By enabling HTTPS you can allow your users to access your site through HTTP/2 and SPDY, which dramatically improves page load speed. After this is enabled, you can configure HTTP/2 Server Push to get things to be even faster.
lol. How long has this been on @scottalanmiller todo list? It took us 2 years to get email, hopefully we can get this done faster?
It's never been on my to do list. But HTTPS works. Are you using it? After the first month it only ever got up to 6% usage.
-
@IcyApril said in First Numbers from CloudFlare:
@mlnews Hi; I work for CloudFlare. Just wanted to share a few tips that might be able to help your performance:
Welcome to the community!!
-
@IcyApril said in First Numbers from CloudFlare:
@mlnews Hi; I work for CloudFlare. Just wanted to share a few tips that might be able to help your performance:
- HTTPS - By enabling HTTPS you can allow your users to access your site through HTTP/2 and SPDY, which dramatically improves page load speed. After this is enabled, you can configure HTTP/2 Server Push to get things to be even faster.
HTTPS is there now. Is there something more needed?
-
@aaronstuder said in First Numbers from CloudFlare:
@Dashrender I am not happy until it is enabled by default, and I get a green lock
It's on by default if you type the right address It's only not on if you specify the wrong protocol. If you type nothing and it goes to the one you don't want, that's a wrong default in your browser, not with the site.
-
@scottalanmiller said:
But email was NOT on MY to do list. You never waited for me.
I'll read between the lines there
-
@coliver said in First Numbers from CloudFlare:
Probably because the images are hosted by imgur?
Imgur, CloudFiles and things that people link directly. Sadly there isn't an easy fix to this one. Imgur is, I think, the easiest fix. CloudFiles doesn't appear to work. We looked into it and HTTPS doesn't work. For the ad hoc links, there is no solution except to ban them and break existing links.
-
@aaronstuder said in First Numbers from CloudFlare:
@scottalanmiller said:
But email was NOT on MY to do list. You never waited for me.
I'll read between the lines there
I had it implemented and ready to go around April, 2014.
-
It would be awesome if we could get CloudFiles to work with SSL. I'll look into it again when I'm back in the States. Which is soon. I definitely want that working and if we can fix CloudSites that handles 90% of the remaining issues. The ad hocs, I think we have to live with and hopefully they come up rarely.
-
@scottalanmiller said:
It's never been on my to do list. But HTTPS works. Are you using it? After the first month it only ever got up to 6% usage.
It only gets %6 usage because it's not enabled be default.
All 10 of the top 10 websites in the US have HTTPS by default, why not here too?
Also, defines "works" - as far as I am concerned it's only working, when you don't get any errors
https://support.google.com/chrome/answer/95617?p=ui_security_indicator&rd=1
-
@aaronstuder said in First Numbers from CloudFlare:
It only gets %6 usage because it's not enabled be default.
AND that only 6% of people care. If anyone cares, they get HTTPS. All this proves is that it isn't a priority for many people.
That we could FORCE it and get 100% doesn't tell us that it is useful or that people care. Only that we can make it happen.
-
@aaronstuder said in First Numbers from CloudFlare:
All 10 of the top 10 websites in the US have HTTPS by default, why not here too?
I'm confused by the use of the term default. It's certainly as much the default here as anything else.
-
@aaronstuder said in First Numbers from CloudFlare:
Also, defines "works" - as far as I am concerned it's only working, when you don't get any errors
So here are the options: either it works as it does not, or SSL isn't an option. Unless we disable media embedding. Sucks, but thems the breaks. If you have a solution to this that keeps things working AND allows for "no errors" to satisfy you, let me know what they are. I'm not saying it's impossible, but it's not something that I know how to address.
-
@scottalanmiller said:
I'm confused by the use of the term default. It's certainly as much the default here as anything else.
a preselected option adopted by a computer program or other mechanism when no alternative is specified by the user or programmer.
-
If I could magically make every request go over HTTPS, that would be awesome. But I just don't know how to make that happen. The top ten sites, I assume, all are not communities, right? So while on one hand you can look at the world from that perspective, there also needs to be some understanding that it's a different animal as well. Google and Facebook are different in many ways than ML. Similar in some ways too. But they definitely can do things that we cannot. And vice versa.
-
@aaronstuder said in First Numbers from CloudFlare:
@scottalanmiller said:
I'm confused by the use of the term default. It's certainly as much the default here as anything else.
a preselected option adopted by a computer program or other mechanism when no alternative is specified by the user or programmer.
Sure. And we have that, don't we? Since the end user has no choice but to select one, there is no concept of default in web protocols. So default can't be used in a discussion of HTTP vs HTTPS.
-
AFAIK, there are only two ways to have a HTTP vs HTTPS work.
- Standard. Both HTTP and HTTPS are available. The user selects the one that they want (or they allow their browser to choose for them which is the same thing as the browser is the user to us) and they get what they want.
- Forced. Where the web server only provides one or the other, period, no matter what the user / or user agent requests.
Is there some additional possibility of which I am not aware?