To say that RF isn’t technologically savvy is like saying an orangutan is slightly deficient when it comes to high energy physics. They’re both well meaning and eager to learn (especially if bananas/Israeli supermodels are the reward) but sometimes you just need to take the wheel and get a project to the finish line yourself. Which explains why, almost a year after we bought the SSL certificate for The Truth About Guns, you can finally use it (https://www.thetruthaboutguns.com). A few things are a little wonky, like the font not being exactly right, but we’ll iron those out ASAP. You don’t need to use the encrypted version of the site, the regular version will work just fine, but the option is there for those who want to keep their TTAG readership and commenting secure and on the down low.
[UPDATE] We’re having some issues with HTTPS on the main site, so it’s disabled for now. But if you log into the site, all that info will be encrypted and secured before transit. We’ll work on the rest shortly.
I’m a fan.
I don’t get how that could possibly work. I mean that lock could easily slide off the tail of that “S”
This made me snort.
Being equally ignorant, please explain the significance and difference to the end user.
It’s like carrying an extra mag full of 20 rounds of 9mm instead of nothing.
Or concealed carry versus open carry.
Good question Rabbi,
The official answer is:
“Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.”
So what does that mean. The fact that I am posting here well it isn’t hard to find my on the interwebbie.
So to me not much.
For others it encrypts the communication between TTAG servers and your computer. So if someone is sitting in Starbucks sniffing the network while you are ranting with lots of {FLAME DELETED} on TTAG, they can’t see you doing it.
This may or may not be important to you, but option are a good thing. I could go a lot deeper than than but it is really the jist of it for you.
It will make the NSA read the web pages on the web site instead of trying to read them in transit.
Not a lot. The CIA/NSA will only need to click one button to track your statements to your residence. Their supercomputers don’t care about SSL – just ask Snowden.
Hell, the NSA doesn’t even know how much Snowden has. They have bigger headaches right now…
Okay – I’m worse off than fearless leader. What in the holy hell are you even talking about? No anagrams, initials, cyber-weenie code talk, please. Plain English.
It’s encryption. The same sort of encryption that a website uses to protect credit card information from being read by some one else between you and the website.
Why it’s necessary to encrypt comments that are going to be published in plain text…I don’t know.
A more secure web connection. And because – spies…
They’re stealing our megahertz!!!!!
Neat. Coupled with a remote DNS…unstoppable!!
If your tin foil hat is on that tight, I highly suggest you go download Tor right now and use it for all your ‘sensitive’ online adventures. Otherwise, the only real use for an SSL is if you are engaging in financial transactions.
Ok. I’m looking all over the webpage (and my browser, using chrome here). Where is the indication that the sight is secure?
Depends on your browser. For most modern browsers, there should be a small green icon or green text or a lock next to the URL in the address bar.
Obtain and load the HTTPS Everywhere extension, enable it, and forget all your worries.
The HTTPS Everywhere extension downloads and uses a rule list containing thousands of common sites that support HTTPS. That’s how it decides to redirect you to the secure version of a site, it doesn’t work for every site on the internet automatically.
Given that TTAG only just got this support hours ago, it’s not going to be in the ruleset yet, someone will have to add it.
You can write your own rules, which I’m trying to mess around with right now, but every time I try to go to the HTTPS page (even manually) I keep getting redirected back to the regular version of the site. Not sure why.
If I can get the rule to work I’ll submit it to them for inclusion into the universal ruleset.
Interesting, because I’m seeing the SSL indicator right now. It may sense the request for a secure handshake and respond accordingly.
I’m still not seeing it at 2230 hrs PST.
I’ve reset, rebooted…
I’ll admit, I’m stoopid when it comes to geek stuff.
(No offense intended to IT folks, they rock)
Heck, I’m still trying to figure out what tor means.
I can rebuild a Chevy 350 engine in my sleep, assemble an AR in my sleep, but computer stuff?
Crap, I can’t even figure out how to log back in to the TTAG forum.
the most annoying thing about TTAG has been that for quite some time, the mobile site when viewed on an Android device will ALWAYS try to follow a link if I hold my finger down on it to open it in a new tab, so I end up with a background tab and then the main page is also trying to load that same link.
And pop-ups for “Your device is compromised! Fix it here!” things.
nah I don’t get that, I use Firefox mobile with Adblock. but all of the browsers on android (or just Khtml) has the annoying link behavior
Wash your hands. The oil on your skin is preventing the screen from properly reading your finger.
Of course if you’re on the MAIG or MDA site, your finger may be NSFW.
I have this exact same problem, and I was blaming it on my browser. I really would like the ability to really, actually open links in a new tab.
When you long touch a link don’t lift up until you move your finger off the link.
That is unless you use an HTTPS inspector…which I do at work. đŸ™‚
It’s good to be the IT King.
And users are none the wiser.
Even with mobile or non-school owned devices, because they have to log in to gain access.
Worried OpenSSL uses NSA-tainted crypto? This BUG has got your back
http://www.theregister.co.uk/2013/12/20/openssl_crypto_bug_beneficial_sorta/
Oh good…
Does this mean more Shannon?
Always keepin’ your eye on the prize, my friend! Stay focused, out there.
Bob
The https site redirects me to the http site.
Hitting “thetruthaboutguns.com” redirects me to “www.thetruthaboutguns.com”.
I get no “s”, no padlock, and no favicon on Chrome or Firefox or IE.
Happens on both MS-Windows and Ubuntu.
This for me as well.
Does not work. Going to HTTPS simply redirects me to HTTP
I agree with a previous poster … using this security will not impact, in any way, Big Brother’s ability to see and track what you are doing. It is a nice token gesture though. Nothing against TTAG … there just isn’t any way to obscure our activity from Big Brother at this time.
There is: TOR.
US Navy (SPAWAR) developed it to anonymize communications. NSA hates the new version (again) because the elves took the backdoor out.
Noticed this in the FindLaw story about the Harvard student bomb-hoaxer:
“Bruce Schneier, a security expert, posits that the investigators simply obtained a list of people who accessed Tor via the school’s Wi-Fi, then went down the list, name-by-name.
“This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect,” Schneir wrote. “The FBI didn’t have to break Tor; they just used conventional police mechanisms to get Kim to confess.”
I realize this is a special case- but wonder if just the fact of using Tor puts you on a red-flagged list. I might like to use a VPN while browsing in Starbucks, but I’m told by a computer guy its not that serious a threat, as long as you don’t do your banking, etc- and use https.
more: http://blogs.findlaw.com/technologist/2013/09/tinkering-with-tor-anonymous-web-has-promise-perils-privacy.html
I’m really excited about SSL.
What is it again?
Ralph,
It’s a dating website for those of us in the AMAC, or AARP membership roles.
Be afraid. Be very afraid.
Just what the hell should we have to worry about anyway? Last time I checked we had a first ammendment in this country… (ducks)
Yes, everything you post here that passes moderation is available for view by anybody. That’s the whole point of a public blog. So it doesn’t matter if your comments are encrypted between your computer and the server.
But when you login, you really really want your credentials encrypted. Otherwise, anyone who’s listening to the conversation could impersonate you. They could post as you, they could edit your posts, they could delete your posts, they could change your profile so you could never regain control. And if you’re one of the 87.3% of online users (a statistic I just made up) who re-use their passwords on multiple sites, those bad actors could impersonate you elsewhere too. What’s your password on Amazon? on eBay? on your email? on your bank account?
Thank you for implementing ssl, I wish all sites would offer that option by default.
Not that it is the final solution to keeping your data safe but it is easy to implement and use. Kind of like putting on your seat belt, it won’t prevent the accident but at least it pushes the odds a little bit more in your favor.
I dislike SSL only because it allows ads to sneak through my adblocker. Since they’re encrypted in transit, the adblocker doesn’t see them and so can’t filter them. This is true for any site using SSL. I’m getting ads on YouTube as well lately. Happily, I spoke to the devs of my adblocker, and they said https filtering is coming in the next release.
Ooh. That sounds enticing. Can you send me an e-mail with the name of the software?
NoScript will block everything but html ads. be aware that it may disable some menus.
Oh, somehow your request slipped by me. The program I use is called AdMuncher, but I’ll warn you, it’s not free. I’ve been using it for well over 10 years, and back when I bought my copy it was significantly cheaper. However, it’s been rock-solid for all that time, it’s very configurable, and as indicated above, when I have an issue, help is a quick email away. When I wrote to ask about the https issue, I got an email back in a half hour, at 3 a.m. (Results may not be typical.) I highly recommend their program.
What I like about SSL is that the powers that be can’t snoop on which articles I click on. Can’t hide that I’m reading this site but they’ll be unable to build up a profile of what subjects I’m interested in.
Not paranoid, but…
Can you get same effect with NoScript, Do Not Track and Ghostery?
What powers that be? Employers? The government? You’re fooling yourself if you think a little SSL makes any real difference to either of them. They both have plenty of ways to keep track of you, should they desire.
The government. They’re not interested in me per se, but use automated tracking systems (Google have shown the way!). When they run sweeps on interests/topics and pull up profiles… I wont be there.
I like that and use SSL wherever I can.
Where do we download the certificate?
Damos préstamos personales en el ranhgo de 5.000 euros
a 100 euros.