The jQuery reference is now secured with HTTPS. The browser loads that javascript file along with about two dozen other scripts as it builds the page. That's how it works with every browser. You can disable javascript in your browser, but it will severely limit interaction with the site. The hyperlinks that you pointed out earlier do nothing as the page loads. They are inert until you click on one of them. I think you will find that they lead to secured versions of each of the web sites referenced.
To wrap other details, the good folks that build these web browsers are solely responsible for their user interfaces. If the mixed content indicator is too small, let them know about it. Even better, provide a suggestion or solution.
We also completed another update to the servers within the past hour that should correct the disappearing site syndrome.
Yes, that is how browsers work. Traditionally they will fetch anything from anywhere. Security and privacy was not a design goal of the WWW. As I found out working on a web store in 1999 or so.
But only if you, as the webmaster of the site, do that.
Call me old fashioned but when I visit a site like Parallax.com I expect that I am entering into a communication with you (Parallax). Somebody I know a bit, can trust a bit and so on. And nobody else.
What I don't expect is that my communication with you also results in communications with a dozen other people that I did not ask for and don't know about. Facebook, Gravatar, Google, etc.
Especially not over an insecure channel that can be exploited by whoever.
That is the "betrayal of trust" thing I mentioned above. It's like making a phone call to your friend, but you don't know that your friend is relaying the conversation to all and sundry.
I would like to see that everything a web page needs comes from the origin I am connecting to. That they, at the origin, have responsibility for it.
I know, I'm dreaming. It has taken two decades to get what little security we have into the browser.
The delays seem to be getting worse. Here are the results from a traceroute I did:
phil@backup:~$ traceroute forums.parallax.com
traceroute: Warning: forums.parallax.com has multiple addresses; using 18.221.170.89
traceroute to forums.parallax.com (18.221.170.89), 30 hops max, 40 byte packets
1 192.168.1.1 (192.168.1.1) 0.603 ms 0.508 ms 0.484 ms
2 10.65.4.1 (10.65.4.1) 12.249 ms 11.287 ms 14.599 ms
3 174.127.182.72 (174.127.182.72) 18.930 ms 21.351 ms 20.201 ms
4 br1-ptw-a-ae-1-0.bb.spectrumnet.us (174.127.141.130) 12.208 ms 20.192 ms 9.699 ms
5 cr1-pohe-a-be-10.bb.as11404.net (174.127.148.103) 18.704 ms 12.486 ms 12.080 ms
6 cr2-tuk2-hu-0-7-0-0.bb.as11404.net (174.127.148.246) 15.070 ms 16.320 ms 17.447 ms
7 cr1-pdx-a-be5.bb.as11404.net (174.127.149.25) 21.555 ms 20.492 ms 20.531 ms
8 cr1-9greatoaks-hu-0-3-0-7.bb.as11404.net (192.175.28.238) 40.799 ms 38.213 ms 37.811 ms
9 cr2-11greatoaks-te-0-0-0-4.bb.as11404.net (208.76.184.1) 39.267 ms 38.212 ms 38.499 ms
10 72.21.221.200 (72.21.221.200) 39.017 ms 37.588 ms 38.774 ms
11 54.240.242.8 (54.240.242.8) 80.945 ms 54.240.242.148 (54.240.242.148) 76.561 ms 54.240.242.68 (54.240.242.68) 76.216 ms
12 54.240.242.61 (54.240.242.61) 76.241 ms 54.240.242.99 (54.240.242.99) 77.970 ms 54.240.242.159 (54.240.242.159) 75.864 ms
13 * * *
14 54.239.43.105 (54.239.43.105) 83.919 ms 86.976 ms 54.239.43.109 (54.239.43.109) 92.817 ms
15 * * *
16 * * *
17 * * *
18 52.95.2.32 (52.95.2.32) 84.025 ms 52.95.2.6 (52.95.2.6) 85.060 ms 52.95.2.30 (52.95.2.30) 81.921 ms
19 52.95.1.137 (52.95.1.137) 80.267 ms 52.95.1.163 (52.95.1.163) 77.696 ms 52.95.1.189 (52.95.1.189) 75.831 ms
20 52.95.1.214 (52.95.1.214) 76.688 ms 52.95.1.104 (52.95.1.104) 80.616 ms 52.95.1.132 (52.95.1.132) 87.905 ms
21 52.95.2.25 (52.95.2.25) 75.929 ms 52.95.1.169 (52.95.1.169) 75.835 ms 52.95.1.113 (52.95.1.113) 87.948 ms
22 52.95.1.18 (52.95.1.18) 75.679 ms 52.95.3.138 (52.95.3.138) 77.027 ms 78.555 ms
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
The IP addresses beginning with 52.95.1 are Amazon AWS. It seems to get stuck in a labyrinth before finally giving up.
This morning, once I had made a connection to the forum, I did a search to find a thread that I had started. 'Entered the search terms and was taken to Google. 'Found the thread and clicked on the Google link. That required a different connection, I guess, since the forum took about a minute to respond. After scanning the link and copying the address, I went back in my browser history to where I was before the search. Oddly, that required yet another connection, which also took about a minute.
One of the hard rules in AWS is that we can't use any kind of network sniffer tools within the environment. Tracing from the outside is, as you point out, an exercise in futility. We really do have to rely on them to do the Right Thing with their network and manage the portion of the net we can see from our tools.
Your tagline about perfection got me thinking about how we configured the forums server for HTTPS. I removed a layer in the Apache configuration that appears to be redundant within the new network environment. Our testing on the new configuration looks promising.
Just took more than a minute to establish a connection. Any progress on fixing this?
-Phil
Definitely something odd going on. I check the forum and my email when I go for my morning coffee break, and if I connect using the https link it waits a long time for a connection (if it connects at all - I'm not that patient). OTOH if I connect using the http link I get connected to https in under a second.
I will be closing this thread, as it is important for our IT to work on solving the issues we're experiencing rather than answering questions or comments. If there is something critical you see and need to report, please email webmaster@parallax.com.
We will post an update in a new thread when the issue is fully resolved.
Comments
To wrap other details, the good folks that build these web browsers are solely responsible for their user interfaces. If the mixed content indicator is too small, let them know about it. Even better, provide a suggestion or solution.
We also completed another update to the servers within the past hour that should correct the disappearing site syndrome.
But only if you, as the webmaster of the site, do that.
Call me old fashioned but when I visit a site like Parallax.com I expect that I am entering into a communication with you (Parallax). Somebody I know a bit, can trust a bit and so on. And nobody else.
What I don't expect is that my communication with you also results in communications with a dozen other people that I did not ask for and don't know about. Facebook, Gravatar, Google, etc.
Especially not over an insecure channel that can be exploited by whoever.
That is the "betrayal of trust" thing I mentioned above. It's like making a phone call to your friend, but you don't know that your friend is relaying the conversation to all and sundry.
I would like to see that everything a web page needs comes from the origin I am connecting to. That they, at the origin, have responsibility for it.
I know, I'm dreaming. It has taken two decades to get what little security we have into the browser.
The IP addresses beginning with 52.95.1 are Amazon AWS. It seems to get stuck in a labyrinth before finally giving up.
-Phil
-Phil
One of the hard rules in AWS is that we can't use any kind of network sniffer tools within the environment. Tracing from the outside is, as you point out, an exercise in futility. We really do have to rely on them to do the Right Thing with their network and manage the portion of the net we can see from our tools.
Your tagline about perfection got me thinking about how we configured the forums server for HTTPS. I removed a layer in the Apache configuration that appears to be redundant within the new network environment. Our testing on the new configuration looks promising.
I am getting either a timeout or just sits there downloading the page. Multiple retries before I might get thru, or I leave it for later.
-Phil
Definitely something odd going on. I check the forum and my email when I go for my morning coffee break, and if I connect using the https link it waits a long time for a connection (if it connects at all - I'm not that patient). OTOH if I connect using the http link I get connected to https in under a second.
I will be closing this thread, as it is important for our IT to work on solving the issues we're experiencing rather than answering questions or comments. If there is something critical you see and need to report, please email webmaster@parallax.com.
We will post an update in a new thread when the issue is fully resolved.