(RESOLVED) Will it ever be implemented? HTTPS
Discussion
Condi said:
Would Laura/Haymarket please tell us why this is taking so long to sort?
Because Tarquin in marketing has much more important things for them to doIt really is a fantastic case study in "managing" a user community, lack of prioritisation, lack of professionalism on any level
The funny (not) thing is they just don't/won't/can't see it
Makes a marvelous case study
PW said:
I think "Jack Mansfield" is just a bot someone has written to post a couple of vague, generic statements in a handful of threads in Website Feedback every week to give the impression that someone somewhere cares/is doing something about the problems.
"I'll get the ad team to look at it"
"The dev team are looking into it but I can't tell when it will be fixed unfortunately"
"We can't replicate the problem so there's nothing we can do"
Hello! Bot over here! "I'll get the ad team to look at it"
"The dev team are looking into it but I can't tell when it will be fixed unfortunately"
"We can't replicate the problem so there's nothing we can do"
But no, seriously, no bot here... I'd love to go into huge detail about some of the problems we encounter, but unfortunately I am not part of the development team and would be extremely wrong if I tried to do so! Hence the "I'll get the ad/tech team to look at it" responses, as that is exactly what I'm doing. I'm not quite sure what else you would expect from me, as I'm pretty much a middle man in this area.
The tech team do post in WF as well, so hopefully there won't be as many "bot" posts in future...
CoolHands said:
I know everyone's enjoying having a pop at haymarket over this, but is there (yet) a legal obligation for them to make it secure? I presume there isn't.
https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_StandardNo idea what the payment system is like for classifieds, it may well be 3rd party so secure and compliant, but only merchants taking more than 20k card payments annually are required to self-assess and have quarterly scans.
CoolHands said:
I know everyone's enjoying having a pop at haymarket over this, but is there (yet) a legal obligation for them to make it secure? I presume there isn't.
Not at all, but that doesn't stop the self-righteous nerds hopping up and down, tripping over themselves to prove how much they know about websites, hosting, SSL and so on, while knowing nothing at all about Haymarket's resources, business plans and priorities.PistonHeads has never used SSL. Yes, it's not ideal but nothing has actually changed to make this thread become so desperately important to people. This thread could have been started years ago (and probably was, but without the tiresome nastiness this thread contains). Why are the nerds complaining en masse suddenly? Because everybody loves a good kicking and the poor people tasked with liaising with this forum's users are an easy target.
(Yeah, I know, 2/10; not enough swearing. Sorry.)
threadlock said:
CoolHands said:
I know everyone's enjoying having a pop at haymarket over this, but is there (yet) a legal obligation for them to make it secure? I presume there isn't.
Not at all, but that doesn't stop the self-righteous nerds hopping up and down, tripping over themselves to prove how much they know about websites, hosting, SSL and so on, while knowing nothing at all about Haymarket's resources, business plans and priorities.PistonHeads has never used SSL. Yes, it's not ideal but nothing has actually changed to make this thread become so desperately important to people. This thread could have been started years ago (and probably was, but without the tiresome nastiness this thread contains). Why are the nerds complaining en masse suddenly? Because everybody loves a good kicking and the poor people tasked with liaising with this forum's users are an easy target.
(Yeah, I know, 2/10; not enough swearing. Sorry.)
Most of the "self-righteous nerds" do this stuff for a living. Its not shouting for shouting's sake, it because pain has been caused in a professional capacity from either an actual breach involving their own personal data, or pain has been caused to that person in the job role, when their systems have been breached.
And while Ted didn't design SSL into PH as it used to be, that was because it wasn't a thing then. It is now, and funnily enough, his current projects do.
As for "easy targets", erm, yes, that's their job. They can make it easy or difficult, its down to being a communicator, not a technical architect.
threadlock said:
Not at all, but that doesn't stop the self-righteous nerds hopping up and down, tripping over themselves to prove how much they know about websites, hosting, SSL and so on, while knowing nothing at all about Haymarket's resources, business plans and priorities.
PistonHeads has never used SSL. Yes, it's not ideal but nothing has actually changed to make this thread become so desperately important to people. This thread could have been started years ago (and probably was, but without the tiresome nastiness this thread contains). Why are the nerds complaining en masse suddenly? Because everybody loves a good kicking and the poor people tasked with liaising with this forum's users are an easy target.
(Yeah, I know, 2/10; not enough swearing. Sorry.)
Self-righteous nerds? Aren't you a PHP dev?PistonHeads has never used SSL. Yes, it's not ideal but nothing has actually changed to make this thread become so desperately important to people. This thread could have been started years ago (and probably was, but without the tiresome nastiness this thread contains). Why are the nerds complaining en masse suddenly? Because everybody loves a good kicking and the poor people tasked with liaising with this forum's users are an easy target.
(Yeah, I know, 2/10; not enough swearing. Sorry.)
There's nothing self-righteous about wanting a site you use regularly to adopt secure standards.
With SSL certificates being cheap there is absolutely no excuse nowadays for any personal information not to be behind HTTPS.
A lot of websites now run exclusively in HTTPS (with HTTP/2.0 there is a significant performance benefit).
Chrome has started to warn users about entering passwords, etc on unsecured pages, it's better for SEO. It's a win for everyone.
edit: Why in God's name is the forum auto-linking HTTPS etc to non-existant pages?)
A lot of websites now run exclusively in HTTPS (with HTTP/2.0 there is a significant performance benefit).
Chrome has started to warn users about entering passwords, etc on unsecured pages, it's better for SEO. It's a win for everyone.
edit: Why in God's name is the forum auto-linking HTTPS etc to non-existant pages?)
Tankrizzo said:
Self-righteous nerds? Aren't you a PHP dev?
Yes, and all the sites we build are built for SSL by default. I understand. But I'm also realistic about the minimal amount of personal information PistonHeads holds about me and the trivial risk its exposure would bring.I don't see the need for the mob-mentality bullying in this thread. It's inappropriate and unnecessary, and especially so when it comes from supposedly smart, educated people.
PW said:
I did reply to this, after logging in again, with a fairly reasonable/constructive comment about the kind of posts that are made about technical issues by PH staff and how they can be interpreted by users, that could lead to the idea expressed above.
Then I hit submit and got told that the forum was down for maintenance. It seemed an unfortunately appropriate illustration of what a shambles this site is, and what a waste of time it is trying to post.
To be fair it was down for a very short period. You just got unlucky. It's uptime is pretty good?Then I hit submit and got told that the forum was down for maintenance. It seemed an unfortunately appropriate illustration of what a shambles this site is, and what a waste of time it is trying to post.
SystemParanoia said:
That is hilarious! Much amusement to be had if you turn on the subtitles too.DON'T REBOOT IT, JUST PATCH!
SystemParanoia said:
True. They're excellent and I use them for several dev sites. I wouldn't use a LetsEncrypt certificate for a public facing commercial entity though, simply because the cost of a "proper" certificate is nominal. I mostly buy EV certs nowadays anyway for that green bar goodness. Old Tyke said:
SystemParanoia said:
That is hilarious! Much amusement to be had if you turn on the subtitles too.DON'T REBOOT IT, JUST PATCH!
Were they wearing Fedoras? I must go back and see if any of them was wearing a Red Hat.
Edited by ClockworkCupcake on Saturday 4th March 12:06
threadlock said:
Not at all, but that doesn't stop the self-righteous nerds hopping up and down, tripping over themselves to prove how much they know about websites, hosting, SSL and so on, while knowing nothing at all about Haymarket's resources, business plans and priorities.
PistonHeads has never used SSL. Yes, it's not ideal but nothing has actually changed to make this thread become so desperately important to people. This thread could have been started years ago (and probably was, but without the tiresome nastiness this thread contains). Why are the nerds complaining en masse suddenly? Because everybody loves a good kicking and the poor people tasked with liaising with this forum's users are an easy target.
(Yeah, I know, 2/10; not enough swearing. Sorry.)
Your kidding right?PistonHeads has never used SSL. Yes, it's not ideal but nothing has actually changed to make this thread become so desperately important to people. This thread could have been started years ago (and probably was, but without the tiresome nastiness this thread contains). Why are the nerds complaining en masse suddenly? Because everybody loves a good kicking and the poor people tasked with liaising with this forum's users are an easy target.
(Yeah, I know, 2/10; not enough swearing. Sorry.)
SSL has been around for a very long time. Its simple and easy to implement. Its such a basic security requirement that most browsers are alerting there users when websites are not using SSL. Because only cowboy websites dont use it.
It has been such a fundamental security requirement in even the most basic of websites that it makes both pistonheads and your reply to this situation absolutely inexcusable!
It has been a problem for years, and you have had years to respond to this.
Give your non technical users the courtesy of having a bloody secure login page, if not the whole site.
Give your technical users the decency of a straight answer. Stop bulls
tting! Either your not capable of implementing ssl or you cant be bothered too.Gassing Station | Website Feedback | Top of Page | What's New | My Stuff