If you have a link without the s, then it’ll still take you to the http version, without auto-redirecting. And any non-explicit links from there will also be to the http version. So if someone still has the non-secure URL for the boards bookmarked, they’ll get the non-secure page, and if they then navigate to some thread, that thread will be the non-secure version, and if they copy and paste the URL to that thread, it’ll still be to the non-secure version, and then if anyone else (including someone who usually uses the secure version) clicks on a link they’ve posted, they’ll be taken to the non-secure version.
I think it resulted from clicking on the Trending Threads link. The main page loaded as https, but those had no http nor https. They still don’t, but the issue appears fixed now. Thanks!
ETA: nope, those links still will show the nonsecure icon before I am logged in.
Yep, that’s broke. I’ll let our admin know.
Thanks!
Google is now saying this site is not secure.
You’re literally repeating the thread title.
But it is true. At this point in time, while I am typing, Google again sez this site is not secure. This needs to be fixed, especially for payments for membership. No one should be paying until the site is secure.
Okay, can you tell me what happened exactly?
I’m trying to trace where we may have missed where it needs to be “https” instead of http … you may have found another one for us. But I can’t see exactly where.
Jenny
your humble TubaDiva
Administrator
To TPTB: Any chance that “site not secure” stuff is not a “https-vs.-http” thing?
I’ve noticed that the recently-added large advertisements that appear above the “The Straight Dope” banner on every boards.straightdope page are extremely memory-intensive. Using up that much memory is suspicious in and of itself and could lead to this site being flagged as unsafe.
What those top-of-the-page ads do is continually chew up system resources as they load new images constantly. Using Chrome, you can watch your Refresh button at upper left as this occurs – it never settles down into an “X” for long … an ad image is always downloading.
For those on Windows machines, they can open Task Manager, look at the Processes tab, and watch their browser process (chrome.exe for me) steadily increase the amount of memory allocated. Normally, my largest chrome.exe process (there are multiple, which is normal) would be using ~120 K of memory – withe the top-of-the-page ads running, my largest process was getting up over 500 K before I killed the process.
FWIW, these issues occurred on a laptop – I don’t notice the same issue on my iPhone 6 running the Safari browser. My laptop is a Dell Latitude E6410 running a ten-year-old operating system: Windows 7 Professional, Service Pack 1. The age of the OS may or may not be an issue. My version of the Chrome browser is “Version 60.0.3112.113 (Official Build) (32-bit)”.
Yeah, it could be an ad. (Any problem could always be an ad, because different ads are served up all the time and any of them could be not as they could or should be.)
We would ask if you can identify such ads when you encounter them, that would help us troubleshoot these issues.
We are starting to get some complaints from people with older OS/what might be considered “legacy” computers … as I guess Win7 is now. 32-bit is probably having a hard go of it in these days. Had a case a few months ago when someone could not complete the registration process on their computer, not sure what it was but the system just could not handle it. They said their system was “ancient,” but didn’t specify how so. They bought a new computer and that fixed everything.
Had a couple of CAPTCHA problems reported as well, probably the same sort of thing.
Please keep those reports coming in, we want you to be secure on the site, of course.
Jenny
your humble TubaDiva
Administrator
It could be a ad, but it’s not one particular ad.
The site not being secure means that no one should pay for anything here.
The solution is simple, just let jerry or whoever is the iT person know and they can check it out. Dont you see “Not secure” also, when you use Chrome?
Dangerous Not secure or Dangerous
*We suggest you don’t enter any private or personal information on this page. If possible, don’t use the site.
Not secure: Proceed with caution. Something is severely wrong with the privacy of this site’s connection. Someone might be able to see the information you send or get through this site.
You might see a “Login not secure” or “Payment not secure” message.
…*
I talked to my expert and here is what he said “The connection isn’t secure because it’s using HTTP, not HTTPS—the S means secure (and a few other words)—and people could watch what you’re doing on it. The why is because the site’s owner hasn’t gone through the effort (it’s relatively easy, usually) to enable encryption on all of the interactions its users have with it. The bottom line is: don’t do anything on it you wouldn’t want the “bad guys” to know (e.g, give it any personal data).”
How are you accessing the SDMB? Like, you launch Chrome. Then What?
Basically – there are two web addresses that lead here. One is over a secured line, the other is over an unsecured line. A while ago the secured line didn’t work but that’s fixed now. But somehow you’re ending up at the unsecured line. Let’s figure out why.
Did your expert mention that you can add an S to the end of HTTP and access the secured site, which the admin DID go through the effort to solve?
Not much of an “expert” :smack:
What kind of server is the board running on? Can’t it be configured to rewrite any http requests to https? That would take care of any old http links.
Yes. But the default seems to be the HTTP.
And there shouldn’t be a non S way in.
There are probably old http links all over the web. This has to be fixed at the server level.
The default is https.
If you come here from an external link, we have no control over that link. If it’s an http link, then you’ll get here with http instead of https.
Any page served up from here should be https. Sometimes we miss things, though.
This is why we keep asking exactly how you got that warning, because you shouldn’t be getting it at all. It would help us greatly if you explained exactly what you are doing.
If you are using bookmarked links, you need to update your bookmarks.
You probably have the old http site bookmarked or something. Note how nobody else is experiencing this issue. That’s why I was asking how you access the site. We can help you figure out the issue on your end.
Thanks for the feedback, TubaDiva.
I can tell you that the resource/memory overuse issue (often called a “memory leak”) has been caused by every single above-the-banner ad. I believe it’s because these ads constantly load new images, kind of like an automated slide show. The bottom-of-the-page ads do not do this – they load once and that’s it.
I can take and submit screen shots of various above-the-banner ads if you like.
…
BTW, every time my machines load a boards.straightdope page, it’s under https://. The ad issue is apparently unrelated to the “https/htttp” thing. However, I thought that perhaps certain browsers or third-party security software might pick up on the ad-caused memory leak and on that basis flag the boards.straightdope site as “unsecure”.
That’s not what “unsecure” means in this context. Those ads are definitely terrible, and I still say what I have always said – if the ad provider this site uses can’t deliver consistently solid ads, the powers that be need to find a different ad provider, even if they pay a little less, because this site is (well no, SHOULD be) better than clickbait and adware.
But the secure/insecure issue has to do with exactly one thing, and that’s whether you have an S in the URL or not.