Time to redirect to https by default?

classic Classic list List threaded Threaded
44 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Ryan Lane-2
TL;DR: we have no plans for anonymous HTTPS by default, but will
eventually default to HTTPS for logged-in users.

1. It would require an ssl terminator on every frontend cache. The ssl
terminators eat memory, which is also what the frontend caches do.
2. HTTPS dramatically increases latency, which would be kind of
painful for mobile.
3. Some countries may completely block HTTPS, but allow HTTP to our
sites so that they can track users. Is it better for us to provide
them content, or protect their privacy?
4. It's still possible for governments to see that people are going to
wikimedia sites when using HTTPS, so it's still possible to oppress
people for trying to visit sites that are disallowed.

On Sun, Apr 1, 2012 at 7:06 PM, David Gerard <[hidden email]> wrote:

> Lots of monitoring going into place:
>
> https://en.wikipedia.org/wiki/Wikipedia:List_of_articles_censored_in_Saudi_Arabia
> http://www.bbc.co.uk/news/uk-politics-17576745
>
> What are the current technical barriers to redirection to https by default?
>
>
> - d.
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Leslie Carr
On Sun, Apr 1, 2012 at 1:14 PM, Ryan Lane <[hidden email]> wrote:
> TL;DR: we have no plans for anonymous HTTPS by default, but will
> eventually default to HTTPS for logged-in users.
>
> 1. It would require an ssl terminator on every frontend cache. The ssl
> terminators eat memory, which is also what the frontend caches do.
> 2. HTTPS dramatically increases latency, which would be kind of
> painful for mobile.

Without getting into how other countries censor data (boo!) I agree
with the first two points.  SSL terminators are much more memory and
cpu intensive which would require many more machines.  Also there are
more RTT's required for https/ssl and our ping latency is not very
good since we do not have a very geographically diverse
infrastructure.

The two solutions for this are #1 more and beefier machines and #2
caching centers in various locations physically closer to users (which
also requires a lot of #1).  Sadly the biggest drawback of these two
points is that they both cost a lot of money and that would mean a lot
more pop up banners of Jimmy asking for cash :(

Leslie

P.S. I peronally like the idea of a cookie that you can check box at
the top of the page (one time showing only perhaps?) that would
default send users to https upon request.  However I don't think we
can do this with our current infrastructure due to the above issues.


> 3. Some countries may completely block HTTPS, but allow HTTP to our
> sites so that they can track users. Is it better for us to provide
> them content, or protect their privacy?
> 4. It's still possible for governments to see that people are going to
> wikimedia sites when using HTTPS, so it's still possible to oppress
> people for trying to visit sites that are disallowed.
>
> On Sun, Apr 1, 2012 at 7:06 PM, David Gerard <[hidden email]> wrote:
>> Lots of monitoring going into place:
>>
>> https://en.wikipedia.org/wiki/Wikipedia:List_of_articles_censored_in_Saudi_Arabia
>> http://www.bbc.co.uk/news/uk-politics-17576745
>>
>> What are the current technical barriers to redirection to https by default?
>>
>>
>> - d.
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> [hidden email]
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l



--
Leslie Carr
Wikimedia Foundation
AS 14907, 43821

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: correct way to import SQL dumps into MySQL database in terms of character encoding

Platonides
In reply to this post by Piotr Jagielski
On 01/04/12 17:37, Piotr Jagielski wrote:
> I don't have MediaWiki installed. I'm just trying to import the dump
> into a standalone database so I can do some batch processing on the data.
>
> Regards,
> Piotr

It inserts the data fine for me. I suspect your java code is failing to
appropiately read them. Try reading the table with a different tool,
such as phpMyAdmin.

> mysql> select * from categorylinks limit 20;
> +---------+---------------------------------------+-------------------------------------+---------------------+-------------------+--------------+---------+
> | cl_from | cl_to                                 | cl_sortkey                          | cl_timestamp        | cl_sortkey_prefix | cl_collation | cl_type |
> +---------+---------------------------------------+-------------------------------------+---------------------+-------------------+--------------+---------+
> |       0 | Ekspresowe_kasowanko                  | Golembiovski Andzey                 | 2009-07-09 21:01:30 |                   |              | page    |
> |       2 | Języki_skryptowe                      | AWK
> AWK                             | 2011-01-18 01:11:23 | Awk               | uppercase    | page    |
> |       4 | Specjalności_lekarskie                | ALERGOLOGIA                         | 2008-04-25 10:31:22 |                   | uppercase    | page    |
> |       6 | Formaty_plików_komputerowych          | ASCII                               | 2011-09-23 11:01:05 |                   | uppercase    | page    |
> |       6 | Kodowania_znaków                      | ASCII                               | 2011-09-23 11:01:05 |                   | uppercase    | page    |
> |       7 | Artykuły_na_medal                     | ATOM                                | 2010-12-01 16:40:37 |                   | uppercase    | page    |
> |       7 | Artykuły_wymagające_dopracowania      | ATOM                                | 2011-08-16 15:53:43 |                   | uppercase    | page    |
> |       7 | Atomy                                 |  
> ATOM                              | 2011-08-09 00:56:39 |                   | uppercase    | page    |
> |       8 | Logika_matematyczna                   | AKSJOMAT                            | 2007-11-10 08:18:06 |                   | uppercase    | page    |
> |      10 | Arytmetyka                            |  
> ARYTMETYKA                        | 2011-10-17 02:36:39 |                   | uppercase    | page    |
> |      11 | Artykuły_pod_opieką_Projektu_Chemia   | AMINOKWASY                          | 2011-08-19 02:48:21 |                   | uppercase    | page    |
> |      12 | Alkeny                                | *
> ALKENY                            | 2006-08-07 17:23:22 | *                 | uppercase    | page    |
> |      13 | Multimedia                            | ACTIVEX                             | 2007-05-24 20:20:15 |                   | uppercase    | page    |
> |      13 | Windows                               | ACTIVEX                             | 2007-05-24 20:20:15 |                   | uppercase    | page    |
> |      14 | Interfejsy_programistyczne            | !
> APPLICATION PROGRAMMING INTERFACE | 2011-04-27 11:33:17 | !                 | uppercase    | page    |
> |      15 | Amiga                                 | AMIGAOS                             | 2007-09-09 17:19:11 |                   | uppercase    | page    |
> |      15 | Systemy_operacyjne                    | AMIGAOS                             | 2007-09-09 17:19:11 |                   | uppercase    | page    |
> |      16 | Organizacje_międzynarodowe            | ASSOCIATION FOR COMPUTING MACHINERY | 2011-10-19 15:52:28 |                   | uppercase    | page    |
> |      18 | Funkcje_boolowskie                    | ALTERNATYWA                         | 2007-03-23 17:43:05 |                   | uppercase    | page    |
> |      19 | Logika_matematyczna                   | AKSJOMAT INDUKCJI                   | 2007-08-31 22:54:55 |                   | uppercase    | page    |
> +---------+---------------------------------------+-------------------------------------+---------------------+-------------------+--------------+---------+
> 20 rows in set (0.00 sec)


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Tim Starling-2
In reply to this post by Ryan Lane-2
On 02/04/12 06:14, Ryan Lane wrote:
> TL;DR: we have no plans for anonymous HTTPS by default, but will
> eventually default to HTTPS for logged-in users.
>
> 1. It would require an ssl terminator on every frontend cache. The ssl
> terminators eat memory, which is also what the frontend caches do.

Once we enable it by default for logged-in users, we will care a lot
more if someone tries to take it down with a DoS attack. Unless the
redirection can be disabled without actually logging in, a DoS attack
on the HTTPS frontend would prevent any authenticated activity.

It suggests a need for a robust, overprovisioned service, with tools
and procedures in place for identifying and blocking or throttling
malicious traffic.

[...]
> 3. Some countries may completely block HTTPS, but allow HTTP to our
> sites so that they can track users. Is it better for us to provide
> them content, or protect their privacy?
> 4. It's still possible for governments to see that people are going to
> wikimedia sites when using HTTPS, so it's still possible to oppress
> people for trying to visit sites that are disallowed.

It's also possible for governments to snoop on HTTPS communications,
by using a private key from a trusted CA to perform a
man-in-the-middle attack. Apparently the government of Iran has done this.

If we really want to protect the privacy of our users then we should
shut down the regular website and serve our content only via a Tor
hidden service ;)

-- Tim Starling


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Petr Bena
In reply to this post by Antoine Musso-3
That's not what I wanted to say, I wanted to say "https may cause
troubles with caching", In fact some caching servers have problems
with https since the header is encrypted as well, so they usually just
forward the encrypted traffic to server. I don't say it's impossible
to cache this, but it's very complicated

On Sun, Apr 1, 2012 at 6:43 PM, Antoine Musso <[hidden email]> wrote:

> Le 01/04/12 12:55, Petr Bena wrote:
>> I see no point in doing that. Https doesn't support caching well and
>> is generally slower. There is no use for readers for that.
>
> HTTPS has nothing to do with caching, it just transports informations
> between the client and the server so they can actually handle caching.
>
> HTTPS supports caching as well as HTTP since they are exactly the same
> protocol, the first just being encrypted.
>

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Antoine Musso-3
On 2012-04-02 09:20, Petr Bena wrote:
> That's not what I wanted to say, I wanted to say "https may cause
> troubles with caching", In fact some caching servers have problems
> with https since the header is encrypted as well, so they usually just
> forward the encrypted traffic to server. I don't say it's impossible
> to cache this, but it's very complicated

That might indeed by an issue.

That is why you want to use HTTPS off loader at the edge of your
cluster, they will handle unencryption and then server that as
unencrypted traffic again :-]

I believe that is what the WMF is doing by using nginx as an HTTPS
proxy. Someone with better knowledge will confirm.


--
Antoine "hashar" Musso




_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Tei-2
Perhaps have a black list of countries that are know to break the
privacy of communications, then make https default for logued users in
these countries.

This may help because:

 - It only affect a subgroup of users (the ones from these countries)
 - It only affect a subgroup of that subgroup,  the logued users (not all)
 - It create a blacklist of "bad countries" where citizens are under
surveillance by the governement

This perhaps is not feasible, if theres not easy way to detect the
country based on the ip.

--
--
ℱin del ℳensaje.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Petr Bena
I believe it would be best if login form was served using http with
check box "Disable ssl" which would be not checked as default. The
target page of form would be ssl page in case users wouldn't check it.
So that in countries where ssl is problem they could just check it and
proceed using unencrypted connection.

On Mon, Apr 2, 2012 at 11:34 AM, Tei <[hidden email]> wrote:

> Perhaps have a black list of countries that are know to break the
> privacy of communications, then make https default for logued users in
> these countries.
>
> This may help because:
>
>  - It only affect a subgroup of users (the ones from these countries)
>  - It only affect a subgroup of that subgroup,  the logued users (not all)
>  - It create a blacklist of "bad countries" where citizens are under
> surveillance by the governement
>
> This perhaps is not feasible, if theres not easy way to detect the
> country based on the ip.
>
> --
> --
> ℱin del ℳensaje.
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Daniel Friesen-4
Serving the login page over http opens login up to MITM attacks by  
injecting scripts to swipe passwords or modifying the form to only use  
http. So you've already eliminated half the reason we introduced https.
Additionally you cannot control the action="" using a checkbox unless you  
use JS to do it (and we strive to make sure our login form works for those  
without JS). So in order to make a disable SSL checkbox work you have to  
make the action="" a http page that does redirection.
However doing that means that now the password is posted over HTTP and a  
MITM middle can now snoop passwords. Worse this eliminates most of the  
rest of the advantage of https because now MITM also means we're all the  
way back to making it possible to snoop user passwords in open Wi-Fi.

On Mon, 02 Apr 2012 08:31:32 -0700, Petr Bena <[hidden email]> wrote:

> I believe it would be best if login form was served using http with
> check box "Disable ssl" which would be not checked as default. The
> target page of form would be ssl page in case users wouldn't check it.
> So that in countries where ssl is problem they could just check it and
> proceed using unencrypted connection.
>
> On Mon, Apr 2, 2012 at 11:34 AM, Tei <[hidden email]> wrote:
>> Perhaps have a black list of countries that are know to break the
>> privacy of communications, then make https default for logued users in
>> these countries.
>>
>> This may help because:
>>
>>  - It only affect a subgroup of users (the ones from these countries)
>>  - It only affect a subgroup of that subgroup,  the logued users (not  
>> all)
>>  - It create a blacklist of "bad countries" where citizens are under
>> surveillance by the governement
>>
>> This perhaps is not feasible, if theres not easy way to detect the
>> country based on the ip.
>>
>> --
>> --
>> ℱin del ℳensaje.

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Ryan Lane-2
In reply to this post by Tim Starling-2
On Mon, Apr 2, 2012 at 12:33 PM, Tim Starling <[hidden email]> wrote:

> On 02/04/12 06:14, Ryan Lane wrote:
>> TL;DR: we have no plans for anonymous HTTPS by default, but will
>> eventually default to HTTPS for logged-in users.
>>
>> 1. It would require an ssl terminator on every frontend cache. The ssl
>> terminators eat memory, which is also what the frontend caches do.
>
> Once we enable it by default for logged-in users, we will care a lot
> more if someone tries to take it down with a DoS attack. Unless the
> redirection can be disabled without actually logging in, a DoS attack
> on the HTTPS frontend would prevent any authenticated activity.
>
> It suggests a need for a robust, overprovisioned service, with tools
> and procedures in place for identifying and blocking or throttling
> malicious traffic.
>

Indeed. We're already pretty over provisioned. We have 4 servers per
datacenter, each of which is very bored. All they are doing is acting
as a transparent proxy, after ssl termination. We're using RC4 by
default (due to BEAST), and AES is also available (the processors we
are using have AES support).

Ideally we'll be using STS for logged in users. This will mean it's
impossible to turn off the redirection for users that have already
logged in for whatever period of time we have STS headers set. We need
to consider blocking a DoS from the SSL proxies, the LVS servers, or
the routers.

>> 3. Some countries may completely block HTTPS, but allow HTTP to our
>> sites so that they can track users. Is it better for us to provide
>> them content, or protect their privacy?
>> 4. It's still possible for governments to see that people are going to
>> wikimedia sites when using HTTPS, so it's still possible to oppress
>> people for trying to visit sites that are disallowed.
>
> It's also possible for governments to snoop on HTTPS communications,
> by using a private key from a trusted CA to perform a
> man-in-the-middle attack. Apparently the government of Iran has done this.
>

We really should publish our certificate fingerprints. An attack like
this can be detected. An end-user being attacked can see if the
certificate they are being handed is different from the one we
advertise. We could also provide a convergence notary service (or one
of the other things like convergence).

> If we really want to protect the privacy of our users then we should
> shut down the regular website and serve our content only via a Tor
> hidden service ;)
>

I agree that it's impossible to provide total protection of a user's
privacy. We could provide a number of services that would help users,
though. That said, I don't feel this should be on the top of our
priority list.

- Ryan

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Ryan Lane-2
In reply to this post by Petr Bena
On Mon, Apr 2, 2012 at 4:20 PM, Petr Bena <[hidden email]> wrote:
> That's not what I wanted to say, I wanted to say "https may cause
> troubles with caching", In fact some caching servers have problems
> with https since the header is encrypted as well, so they usually just
> forward the encrypted traffic to server. I don't say it's impossible
> to cache this, but it's very complicated
>

Using SSL by default means all transparent proxies inbetween aren't
hit at all, since they'd be a MITM. I don't necessarily see this as a
bad thing, as transparent proxies often break things.

Browsers cache things differently from HTTPS sites, but otherwise
everything should work as normal. The SSL termination proxies
transparently proxy to our frontend caches after termination. Links
are sent as protocol-relative so that we don't split our cache, as
well.

- Ryan

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Ryan Lane-2
In reply to this post by Tei-2
On Mon, Apr 2, 2012 at 6:34 PM, Tei <[hidden email]> wrote:

> Perhaps have a black list of countries that are know to break the
> privacy of communications, then make https default for logued users in
> these countries.
>
> This may help because:
>
>  - It only affect a subgroup of users (the ones from these countries)
>  - It only affect a subgroup of that subgroup,  the logued users (not all)
>  - It create a blacklist of "bad countries" where citizens are under
> surveillance by the governement
>
> This perhaps is not feasible, if theres not easy way to detect the
> country based on the ip.
>

I'd definitely not support doing something like this. This would
incredibly complicate things.

- Ryan

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

MZMcBride-2
Ryan Lane wrote:

> On Mon, Apr 2, 2012 at 6:34 PM, Tei <[hidden email]> wrote:
>> Perhaps have a black list of countries that are know to break the
>> privacy of communications, then make https default for logued users in
>> these countries.
>>
>> This may help because:
>>
>>  - It only affect a subgroup of users (the ones from these countries)
>>  - It only affect a subgroup of that subgroup,  the logued users (not all)
>>  - It create a blacklist of "bad countries" where citizens are under
>> surveillance by the governement
>>
>> This perhaps is not feasible, if theres not easy way to detect the
>> country based on the ip.
>
> I'd definitely not support doing something like this. This would
> incredibly complicate things.

Someone came into #wikimedia-tech a few days ago and asked about something
similar to this. The idea was to use site-wide JavaScript to auto-redirect
users to https on one of the Chinese Wikipedias. I believe this was in
combination with geolocation functionality, but I'm not sure.

Do you have any thoughts on individual wikis doing this, assuming there's
local community consensus?

MZMcBride



_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Platonides
In reply to this post by Ryan Lane-2
On 02/04/12 20:34, Ryan Lane wrote:

>> It's also possible for governments to snoop on HTTPS communications,
>> by using a private key from a trusted CA to perform a
>> man-in-the-middle attack. Apparently the government of Iran has done this.
>>
>
> We really should publish our certificate fingerprints. An attack like
> this can be detected. An end-user being attacked can see if the
> certificate they are being handed is different from the one we
> advertise. We could also provide a convergence notary service (or one
> of the other things like convergence).

Indeed. Detecting a potential MITM is useless if you can't determine if
it's real or not. For instance the switch from RapidSSL to DigiCert
certificate was quite suspicious.

I don't know how to best publicise it, though. I suppose we would list
them somewhere like https://secure.wikimedia.org/servers.html but if
nobody knows it's there...



_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Ryan Lane-2
> Indeed. Detecting a potential MITM is useless if you can't determine if
> it's real or not. For instance the switch from RapidSSL to DigiCert
> certificate was quite suspicious.
>
> I don't know how to best publicise it, though. I suppose we would list
> them somewhere like https://secure.wikimedia.org/servers.html but if
> nobody knows it's there...
>

What's https://secure.wikimedia.org?

- Ryan

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Antoine Musso-3
On April 2nd, 2012 at 23:35, Ryan Lane wrote:
> What's https://secure.wikimedia.org?

Some old experiment. Nothing to see here :-)

--
Antoine "hashar" Musso


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Platonides
In reply to this post by Ryan Lane-2
Ryan Lane wrote:
> What's https://secure.wikimedia.org?
>
> - Ryan

The server which contains
 https://secure.wikimedia.org/keys.html


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Helder .
On Tue, Apr 3, 2012 at 12:26, Platonides <[hidden email]> wrote:
> Ryan Lane wrote:
>> What's https://secure.wikimedia.org?
>>
>> - Ryan
>
> The server which contains
>  https://secure.wikimedia.org/keys.html
When I access that page, Google Chrome gives this error message:
Failed to load resource: the server responded with a status of 404 (Not Found)
GET http://en.wikipedia.org/skins-1.5/monobook/headbg.jpg 404 (Not Found)

Best regards,
Helder

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

Petr Bena
Can we move to the initial discussion regarding http redirect to https
please :-) That page doesn't contain anything interesting anyway...
(Now after saying this I guess that it's gonna have way more visitors
than ever, hehe)

On Tue, Apr 3, 2012 at 5:34 PM, Helder <[hidden email]> wrote:

> On Tue, Apr 3, 2012 at 12:26, Platonides <[hidden email]> wrote:
>> Ryan Lane wrote:
>>> What's https://secure.wikimedia.org?
>>>
>>> - Ryan
>>
>> The server which contains
>>  https://secure.wikimedia.org/keys.html
> When I access that page, Google Chrome gives this error message:
> Failed to load resource: the server responded with a status of 404 (Not Found)
> GET http://en.wikipedia.org/skins-1.5/monobook/headbg.jpg 404 (Not Found)
>
> Best regards,
> Helder
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Time to redirect to https by default?

liangent
On Tue, Apr 3, 2012 at 11:43 PM, Petr Bena <[hidden email]> wrote:

> Can we move to the initial discussion regarding http redirect to https
> please :-) That page doesn't contain anything interesting anyway...
> (Now after saying this I guess that it's gonna have way more visitors
> than ever, hehe)
>
> On Tue, Apr 3, 2012 at 5:34 PM, Helder <[hidden email]> wrote:
>> On Tue, Apr 3, 2012 at 12:26, Platonides <[hidden email]> wrote:
>>> Ryan Lane wrote:
>>>> What's https://secure.wikimedia.org?
>>>>
>>>> - Ryan
>>>
>>> The server which contains
>>>  https://secure.wikimedia.org/keys.html
>> When I access that page, Google Chrome gives this error message:
>> Failed to load resource: the server responded with a status of 404 (Not Found)
>> GET http://en.wikipedia.org/skins-1.5/monobook/headbg.jpg 404 (Not Found)
>>
>> Best regards,
>> Helder
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> [hidden email]
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Now there're users reporting in village pump that
http://bits.wikimedia.org/ is blocked in China Mainland. Users
visiting http://zh.wikipedia.org/ see unstyled pages without scripts
while https://zh.wikipedia.org/ works fine.

-Liangent

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
123