Overclock.net › Forums › Overclock.net Forum › Forum Platform Help and Discussion  › Why does OCN not have an SSL certificate?
New Posts  All Forums:Forum Nav:

Why does OCN not have an SSL certificate?

post #1 of 10
Thread Starter 
Aside from the cost factor, is there any compelling reason it does not offer an HTTPS connection? Nearly every other forum I use has SSL encryption except this site. Wouldn't HTTPS be important when sending users private messages?
post #2 of 10
Quote:
Originally Posted by aweir View Post

Aside from the cost factor, is there any compelling reason it does not offer an HTTPS connection? Nearly every other forum I use has SSL encryption except this site. Wouldn't HTTPS be important when sending users private messages?

The Login is HTTPS.

Not sure why the rest of the site isn't.
The RED Beast
(19 items)
 
HTPC
(20 items)
 
HomeServer
(13 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 2600K @4.8ghz Asrock p67 Extreme4 R9 290 with EK 290x Block. CrossFire 1100/1400 G.SKILL Ripjaws X Series 16GB 9-11-11-31 2133MHz 
Hard DriveHard DriveHard DriveHard Drive
3x 640 WD blacks Raid 0 Mushkin Enhanced Reactor 512GB SSD Sandisk 1TB SSD Samsung 470 Series 128GB SSD 
CoolingOSMonitorKeyboard
XSPC Raystorm Windows 10 64bit Microboard m340clz 100hz 3440x1440 Corsair K70 
PowerCaseMouseAudio
TX850 HAF922 Logitech G502 Creative Sound Blaster Z  
AudioAudioAudio
Elac B6 & Dayton Audio SUB-800 Yamaha HTR-5790 Audio Technica ATH-A700 headphones 
CPUMotherboardGraphicsRAM
Q9550 @ 4GHZ Gigabyte EP45 UD3P GTX470 4GB OCZ Reaper 1150mhz 
Hard DriveHard DriveOptical DriveCooling
Western Digital Blue 500gb OCZ Vertex 2 60GB LG Bluray Corsair H50 
OSKeyboardPowerCase
Windows 7 Home Premium  Logitech K400 Corsair CX500 nMEDIAPC 6000B 
AudioOtherOtherOther
Yamaha HTR-5063 PS3 80GB BC PS3 with 250GB hard drive. Polk Audio Monitor 60s Bi-AMP Front Polk Audio Monitor 30s Rear 
OtherOther
Polk Audio CS1 Center Polk Audio PSW10 
CPUMotherboardGraphicsRAM
Xeon Harpertown 3.6ghz Asus P5Q SE/R HD7770 4GB DDR2 800mhz Corsair 
Hard DriveHard DriveHard DriveHard Drive
5TB Toshiba 5TB Toshiba 5TB Toshiba 2TB Hitachi 
Hard DriveHard DriveHard DriveOS
2TB Seagate 2TB Western Digital 1TB Hitachi Windows Home Server 2011 
Power
Corsair CX500 
  hide details  
Reply
The RED Beast
(19 items)
 
HTPC
(20 items)
 
HomeServer
(13 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 2600K @4.8ghz Asrock p67 Extreme4 R9 290 with EK 290x Block. CrossFire 1100/1400 G.SKILL Ripjaws X Series 16GB 9-11-11-31 2133MHz 
Hard DriveHard DriveHard DriveHard Drive
3x 640 WD blacks Raid 0 Mushkin Enhanced Reactor 512GB SSD Sandisk 1TB SSD Samsung 470 Series 128GB SSD 
CoolingOSMonitorKeyboard
XSPC Raystorm Windows 10 64bit Microboard m340clz 100hz 3440x1440 Corsair K70 
PowerCaseMouseAudio
TX850 HAF922 Logitech G502 Creative Sound Blaster Z  
AudioAudioAudio
Elac B6 & Dayton Audio SUB-800 Yamaha HTR-5790 Audio Technica ATH-A700 headphones 
CPUMotherboardGraphicsRAM
Q9550 @ 4GHZ Gigabyte EP45 UD3P GTX470 4GB OCZ Reaper 1150mhz 
Hard DriveHard DriveOptical DriveCooling
Western Digital Blue 500gb OCZ Vertex 2 60GB LG Bluray Corsair H50 
OSKeyboardPowerCase
Windows 7 Home Premium  Logitech K400 Corsair CX500 nMEDIAPC 6000B 
AudioOtherOtherOther
Yamaha HTR-5063 PS3 80GB BC PS3 with 250GB hard drive. Polk Audio Monitor 60s Bi-AMP Front Polk Audio Monitor 30s Rear 
OtherOther
Polk Audio CS1 Center Polk Audio PSW10 
CPUMotherboardGraphicsRAM
Xeon Harpertown 3.6ghz Asus P5Q SE/R HD7770 4GB DDR2 800mhz Corsair 
Hard DriveHard DriveHard DriveHard Drive
5TB Toshiba 5TB Toshiba 5TB Toshiba 2TB Hitachi 
Hard DriveHard DriveHard DriveOS
2TB Seagate 2TB Western Digital 1TB Hitachi Windows Home Server 2011 
Power
Corsair CX500 
  hide details  
Reply
post #3 of 10
Here's a little Enterprise posted about it:

http://www.overclock.net/t/1622148/unable-to-login-automatically-like-i-used-to/30#post_25834752
Quote:
... In order to keep the pop up login box we would inherently have to enable HTTPS site wide which is not a great idea for three reasons.

1. HTTPS increases overall server load and would make pages even heavier
2. Very costly. HTTPS's is actually a leased/rented type of service and you have to pay a fee PER PAGE for HTTPS. We have a fair few pages.
3. There is little point having HTTPS site wide as sensitive information is not passed on over regular pages, only the login page.

I believe there might be problems with the ad providers supporting HTTPS pages as well.
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 4670K Asus z87-Pro MSI GTX 1080 Aero 32GB DDR3 Gskill Ripjaws 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Yulong D100 DAC with Denon D7000 headphones 
  hide details  
Reply
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 4670K Asus z87-Pro MSI GTX 1080 Aero 32GB DDR3 Gskill Ripjaws 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Yulong D100 DAC with Denon D7000 headphones 
  hide details  
Reply
post #4 of 10
Thread Starter 
Quote:
There is little point having HTTPS site wide as sensitive information is not passed on over regular pages, only the login page.

I don't see any evidence of that when I logged out and logged back in, the login page reports the connection is not secure, and HTTPS does not appear in the address bar.

Edit: oh I misread your post, I thought you meant HTTPS is ONLY available at the login page.
Quote:
the biggest obstacle to sitewide HTTPS is the substantial dropoff in advertising fill rates for sites accessed via HTTPS
So apparently it's all about the money.

Edit: Some weird stuff was going on. When I logged out and then attempted to log on by typing https in the address bar, it would not seem to initate the HTTPS connection. But after logging out and selecting "block all encrypted requests" in the HTTPS Everywhere Firefox browser plugin settings, then the HTTPS appeared at log in but won't actually allow you log in unless you disable "block all encrypted requests".
Edited by aweir - 3/16/17 at 4:40pm
post #5 of 10
Quote:
Originally Posted by aweir View Post

I don't see any evidence of that when I logged out and logged back in, the login page reports the connection is not secure, and HTTPS does not appear in the address bar.

Edit: oh I misread your post, I thought you meant HTTPS is ONLY available at the login page.
So apparently it's all about the money.

OCN has always been about just the money lol.
Hobbes
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel I7 4790K GA-Z97X-SOC Sapphire 290x Tri-x OC Samsung MV-3V4G3D/US 16GB 
Hard DriveCoolingOSKeyboard
Samsung 850 EVO 250GB EK Predator 240mm Windows 7 x64 Coolermaster Rapid Fire Cherry MX Brown 
PowerCaseMouseAudio
Seasonic X750 Gold Corsair Carbide Air 540 Logitech G700s Schiit Bifrost Uber W/ USB Gen 2 DAC 
AudioAudioAudioAudio
Schiit Asgard 2 Headphone Amp Audioengine N22 Speaker Amp Sennheiser HD 598 Audioengine P4 Monitors. 
  hide details  
Reply
Hobbes
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel I7 4790K GA-Z97X-SOC Sapphire 290x Tri-x OC Samsung MV-3V4G3D/US 16GB 
Hard DriveCoolingOSKeyboard
Samsung 850 EVO 250GB EK Predator 240mm Windows 7 x64 Coolermaster Rapid Fire Cherry MX Brown 
PowerCaseMouseAudio
Seasonic X750 Gold Corsair Carbide Air 540 Logitech G700s Schiit Bifrost Uber W/ USB Gen 2 DAC 
AudioAudioAudioAudio
Schiit Asgard 2 Headphone Amp Audioengine N22 Speaker Amp Sennheiser HD 598 Audioengine P4 Monitors. 
  hide details  
Reply
post #6 of 10
Quote:
Originally Posted by SpykeZ View Post
 
Quote:
Originally Posted by aweir View Post

I don't see any evidence of that when I logged out and logged back in, the login page reports the connection is not secure, and HTTPS does not appear in the address bar.

Edit: oh I misread your post, I thought you meant HTTPS is ONLY available at the login page.
So apparently it's all about the money.

OCN has always been about just the money lol.

 

Says the member who gets a free experience.

 

Please remember guys that running a site is costly and considering that the site is 100% FREE (Up to users should they wish to pay for an Overclocked account). We depend upon advertising to pay for the running of the site as well as paying for the competitions we host on OCN whereby we give out cash prizes to members. So we have to have a delicate balance between expenditure on infrastructure vs user experience and as ads help us, HTTPS sitewide would not be feasible nor really required.

 

I am sure we could have all sorts of things here on OCN including HTTPS sitewide, but then we would likely have to start limiting user experience or even charge for accounts which is completely out of the question in our eyes.

 

We have to see the bigger picture, its not just ''about the money''.

post #7 of 10
A wildcard cert from comodo costs $100 / year. A single domain (www.) costs $10 / yr.

As for performance, were talking about less than 1% additional CPU load and less than 2% to the network. It is unlikely that any users would notice and the benefits far outweigh an additional 1/3 of a second (if that) for a site to load.

(I misread the info regarding the login/registration page). HTTPS in 2017 is absolutely required and anything less is negligence.

I would be happy to donate $10 towards a cert as I've easily received that much value from this site as a lurker. Please reconsider the stance that SSL is a luxury and instead see it as a critical facet of serving a website to users.

Thanks
Edited by TheWarden - 3/19/17 at 11:15am
post #8 of 10
Quote:
Originally Posted by TheWarden View Post

A wildcard cert from comodo costs $100 / year. A single domain (www.) costs $10 / yr.

As for performance, were talking about less than 1% additional CPU load and less than 2% to the network. It is unlikely that any users would notice and the benefits far outweigh an additional 1/3 of a second (if that) for a site to load.

(I misread the info regarding the login/registration page). HTTPS in 2017 is absolutely required and anything less is negligence.

I would be happy to donate $10 towards a cert as I've easily received that much value from this site as a lurker. Please reconsider the stance that SSL is a luxury and instead see it as a critical facet of serving a website to users.

Thanks
So much this... Let's Encrypt! is free, by the way (didn't Wikia buy this site recently?).

Also worth noting - certificates are installed per domain, not per page... Why do Admins on a huge computer forum not know how to install a SSL certificate?

In addition, most CDNs provide a certificate and those "CPU resources" OCN is worried about for free. Not end-to-end, but better than nothing.

With all respect, this and all of the threads about how slow this site is (which you guys keep insisting is not a problem) lead me to believe you guys need some fresh blood on staff.
Edited by claes - 3/19/17 at 11:29am
finally quiet
(20 items)
 
Peggy
(11 items)
 
Betty - WIP
(17 items)
 
CPUMotherboardGraphicsRAM
i5-760 3.8 + turbo MSI P55-GD80 MSI GTX 970 Golden Edition 16GB Tactical LP 1600 c8 
Hard DriveHard DriveHard DriveCooling
Samsung 840 Pro 128GB OCZ Agility 60GB Spinpoint F3 1TB Noctua NH-U12P SE2 
CoolingOSMonitorMonitor
2x NF-P12, CPU OS X 10.10, 8.1 Ultimate Asus VW246H Ergotron Neo-Flex 
KeyboardPowerCaseMouse
CM Quick Fire Rapid EVGA Supernova G2 850W Silverstone FT-02W CM Spawn 
AudioAudioAudio
Sony TA-AX380 Sennheiser HD 280 KLH 911B 
CPUMotherboardGraphicsRAM
i3-2125 GA-H61N USB3 HD3000 8GB Samsung Miracle RAM 
Hard DriveHard DriveHard DriveCooling
Kingston 60GB 3ware/LSI 9750-4i Hitachi 5k3000 2TB x4 RAID 5 Intel for now 
OSPowerCase
OS X 10.8.2 Corsiar CX430M Fractal Design Node 304 
CPUMotherboardGraphicsRAM
i3-2100 ASUS P8H67-M PRO/CSM ASUS Passive GT 440 4GB Dominator 1600 c8 
Hard DriveOptical DriveCoolingCooling
Hitachi 120GB 2.5" LG BR-RW CM GeminII S + NF-P12 2x NF-R8 - Intake 
CoolingOSMonitorKeyboard
NF-B9 Windows 7 Sony KDL-46NX700 MK700 
PowerCaseMouseAudio
Antec EA-650 Zalman HD160XT, Modded MK700 Yamaha RX-V373 
  hide details  
Reply
finally quiet
(20 items)
 
Peggy
(11 items)
 
Betty - WIP
(17 items)
 
CPUMotherboardGraphicsRAM
i5-760 3.8 + turbo MSI P55-GD80 MSI GTX 970 Golden Edition 16GB Tactical LP 1600 c8 
Hard DriveHard DriveHard DriveCooling
Samsung 840 Pro 128GB OCZ Agility 60GB Spinpoint F3 1TB Noctua NH-U12P SE2 
CoolingOSMonitorMonitor
2x NF-P12, CPU OS X 10.10, 8.1 Ultimate Asus VW246H Ergotron Neo-Flex 
KeyboardPowerCaseMouse
CM Quick Fire Rapid EVGA Supernova G2 850W Silverstone FT-02W CM Spawn 
AudioAudioAudio
Sony TA-AX380 Sennheiser HD 280 KLH 911B 
CPUMotherboardGraphicsRAM
i3-2125 GA-H61N USB3 HD3000 8GB Samsung Miracle RAM 
Hard DriveHard DriveHard DriveCooling
Kingston 60GB 3ware/LSI 9750-4i Hitachi 5k3000 2TB x4 RAID 5 Intel for now 
OSPowerCase
OS X 10.8.2 Corsiar CX430M Fractal Design Node 304 
CPUMotherboardGraphicsRAM
i3-2100 ASUS P8H67-M PRO/CSM ASUS Passive GT 440 4GB Dominator 1600 c8 
Hard DriveOptical DriveCoolingCooling
Hitachi 120GB 2.5" LG BR-RW CM GeminII S + NF-P12 2x NF-R8 - Intake 
CoolingOSMonitorKeyboard
NF-B9 Windows 7 Sony KDL-46NX700 MK700 
PowerCaseMouseAudio
Antec EA-650 Zalman HD160XT, Modded MK700 Yamaha RX-V373 
  hide details  
Reply
post #9 of 10
Thread Starter 
They already said something to the effect that it would disrupt their advertising income somehow. But i have to agree with those before me. HTTPS is the norm these days, not the exception.

Let's say you have a weak wifi password and the criminal guy down the street has managed to crack your WPA key and is now sniffing your traffic and sees you have a $1,500 gaming computer. He'll know everything you have. At least with HTTPS, it'll all be encrypted. This might not be likely, but it's a real word scenario. As of right now, only a good VPN service will keep you safe.
Edited by aweir - 3/19/17 at 5:43pm
post #10 of 10
Server admin here. HTTPS is not really a big deal to implement. Both in cost and time if done right. Sould cost no more then 200$ a year per cert. Paying for https per page is completely backwards. You only need two, maybe 3 keys at best. One for the login page one for anything with regards to a money transaction and one for everything else. Having ssl serts for etch page on a site like this is useless. But then again having https on a Internet forum (login page aside) is not a big deal. HTTPS will only protect you from packet sinpping and there are plenty of ways around https.

Edit: a vpn will not magically keep you safe ether.
New Posts  All Forums:Forum Nav:
  Return Home
Overclock.net › Forums › Overclock.net Forum › Forum Platform Help and Discussion  › Why does OCN not have an SSL certificate?