Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Quasar

Encryption for the wiki

Recommended Posts

What does that do for the wiki, improve security? I'm curious what bad things it prevents, or what good things it adds.

Share this post


Link to post
kb1 said:

What does that do for the wiki, improve security? I'm curious what bad things it prevents, or what good things it adds.

It ensures that when you connect to DoomWiki.org, your web browser can confirm you are actually connected to DoomWiki.org, and that any information you pass to it (like passwords) is securely protected (excluding any hijacks of the SSL service itself).

Share this post


Link to post
Edward850 said:

It ensures that when you connect to DoomWiki.org, your web browser can confirm you are actually connected to DoomWiki.org, and that any information you pass to it (like passwords) is securely protected (excluding any hijacks of the SSL service itself).

This much I know. Do we expect someone to make a mock DoomWiki? Really, I'm just wondering what prompted the change, other than the fact that it's just generally a good thing to do. Did we have some recent problems that a move to SSL would defend against?

Anyway, it's good news, and good luck!

Share this post


Link to post

One request: it sounds like this is a work-in-progress, and it looks like https: is currently optional, but it would be great if once you have some confidence in it you could switch it to be mandatory.

Share this post


Link to post
kb1 said:

This much I know. Do we expect someone to make a mock DoomWiki?

It's better to assume that someone could try and prevent it from happening in the first place, then it is to wait until it does happen to prevent it. It also makes it more obvious if a public network is trying to snoop your connection as well, such as something masquerading as mcdonalds wifi (i.e it's not just about Doomwiki, but making sure where you're typing a password in is actually safe).

Share this post


Link to post
kb1 said:

This much I know. Do we expect someone to make a mock DoomWiki? Really, I'm just wondering what prompted the change, other than the fact that it's just generally a good thing to do. Did we have some recent problems that a move to SSL would defend against?

Mainly, it should be because you can log in to the wiki, so if you're sending a password, it better be encrypted in a standard way!

Srsly, many http:// sites (including Doomworld before it became HTTPS) where you log in with name and password just send your password in clear text!

Share this post


Link to post
kb1 said:

This much I know. Do we expect someone to make a mock DoomWiki? Really, I'm just wondering what prompted the change, other than the fact that it's just generally a good thing to do.

IMO in recent years the burden has shifted and the question that should be asked nowadays is "why not https?". There's little CPU overhead and there are free CAs now like Let's Encrypt so there are very few reasons not to be using https. You'll notice that even Doomworld has made the switch.

Quasar hasn't stated this as a reason but there's also a Google rankings boost for encrypted sites now.

Share this post


Link to post
Ribbiks said:

this was the first thing that came to mind, and it's a good enough reason in itself

It factored into the decision ;)

Share this post


Link to post
printz said:

So they're despicable to the last bit.

For one thing changing to https would interrupt their ad delivery strategy, which relies on thousands of servers, most of which are NOT https.

You've seen my dump of what happens if you visit one page and scroll to the bottom without any Adblock right? (Which BTW their terms of use claim registered users aren't allowed to use).

For those that haven't:
http://eternity.mancubus.net/text/wikia_onepage_accesses.txt

Share this post


Link to post

the bloat on wikia without an adblocker is so high that I legitimately could not browse any wikia sites on mobile without them crawling to a crawl worse than I have seen on any other highly bloated website in my life. I eventually had to install an adblocker on my device to tame it, because I have had it crash chrome on multiple occasions otherwise.

The adblocker didn't make the situation perfect, but it at least made things nicer. I don't have much use for the doomwiki.org on mobile, but I'm still fairly impressed by how nice and responsive it is, compared to that other nightmare.

Share this post


Link to post
Quasar said:

You've seen my dump of what happens if you visit one page and scroll to the bottom without any Adblock right? (Which BTW their terms of use claim registered users aren't allowed to use).

So registering actually makes your experience worse?

Share this post


Link to post
Da Werecat said:

So registering actually makes your experience worse?

I doubt it changes it at all, and they're pretty deluded if they think that term is followed by anybody or is at all enforceable. Back in the day you'd see fewer ads as a registered user but I think those days are long gone. The Oasis redesign, which prompted us to move the Doom Wiki in the first place, was mainly geared toward optimizing the wiki skin for ad delivery and for pushing promoted content as they've now done with wikia featured videos and now wikia fandom, not to mention the footer bar which occasionally flashes promotional messages and popup speech balloon notifications.

One time I visited the former Doom Wiki and the entire background of the page was replaced with an ad for an unrelated AAA game, and clicking anywhere outside of the wiki articles would reload the current page (not a new window or tab) with a fullscreen ad for said game. And this was *with* Adblock turned on.

Share this post


Link to post
Quasar said:

For one thing changing to https would interrupt their ad delivery strategy, which relies on thousands of servers, most of which are NOT https.

You've seen my dump of what happens if you visit one page and scroll to the bottom without any Adblock right? (Which BTW their terms of use claim registered users aren't allowed to use).

For those that haven't:
http://eternity.mancubus.net/text/wikia_onepage_accesses.txt

Oh my God, is that from just one page access, or is this a log? Either way, that is ridiculous. But your wiki doesn't show ads, right? (I haven't seen them, anyway). Do you plan on having to add ads, and going https will prevent the nasty ones from getting through? Would a donation stop the need for ads?

Was the file you mentioned (wikia_onepage_accesses.txt) after visiting the old wiki, or from visiting your wiki? (sorry, I'm a bit clueless - I've only done quick research on either site, so far. I'll get into it more later).

Share this post


Link to post
kb1 said:

Oh my God, is that from just one page access, or is this a log? Either way, that is ridiculous. But your wiki doesn't show ads, right? (I haven't seen them, anyway). Do you plan on having to add ads, and going https will prevent the nasty ones from getting through? Would a donation stop the need for ads?

Was the file you mentioned (wikia_onepage_accesses.txt) after visiting the old wiki, or from visiting your wiki? (sorry, I'm a bit clueless - I've only done quick research on either site, so far. I'll get into it more later).


The One True DoomWiki has no ads and I cannot forsee it ever needing them (certainly the main cost, hosting, could be covered by any number of people should Manc ever stop, myself included). The file is from visiting the old wikia (the clue is in the filename)

Share this post


Link to post
Jon said:

The One True DoomWiki has no ads and I cannot forsee it ever needing them (certainly the main cost, hosting, could be covered by any number of people should Manc ever stop, myself included). The file is from visiting the old wikia (the clue is in the filename)

Just wanted to make sure. That's hideous, but not unique to wikias - the web is littered with that crap.

I gotta say: Great job with the wiki! All the good stuff, and none of the crap!

Share this post


Link to post

Just to provide an update, we've been 301 redirecting http to https for about a week now without any issues. Google has caught on and is starting to reindex the links under https protocol. I have not seen this actually cause a net increase in average rank yet though.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×