Hello Islanders! We need to talk about changes I want to make to this forum and how they may impact you.
In the very near future, I want to turn on SSL encryption exclusively for the entire site. Many sites have done this.. and normally it happens without most users even noticing a difference. However I have a couple of concerns, as I tried this briefly one day many months ago and I had to turn it off due to all the negative user feedback.
First of all? "Dude, what is SSL?" Is the simplest of terms, it's a secure encrypted connect between you and a server. SSL is used on HTTP (web), e-mail, and many other services all the time. In fact, if you're not using SSL when transmitting a password or otherwise sensitive communication, you might want to ask yourself why -- and how you can change that. :)
For those of you who are running an updated version of Firefox or Chrome, I could turn on SSL today and likely you wouldn't noticed any difference. For those of you running Internet Explorer and possibly other browsers, you might get an a scary ugly error message saying something to the effect of 'Not all content on this page is encrypted, be afraid, be very afraid.' For those of you running generally older browsers, you might get an even scarier error message saying this website's certificate isn't verifiable and you should run far far away...
Now we can correct these errors by doing one of two things -- telling you to suck it up and deal with the errors and/or telling you get a modern browser that understands mixed content and/or we can disallow all external linking of content. E.g. no more direct URL image linking or non-SSL YouTube videos, or the like. Personally, I think the latter sucks. I like being able to take an image from arbitrary websites and using the [ img ] tag. So as a community, we have to decide what is more important.
"Why is this important, aren't things working just fine as they are?" Well.. yes and no. Essentially if you're using an improperly secured wifi connection or cannot explicitly trust all the routers and gateways you run your connection through, it's possible for your password, content, and integrity to be hijacked. We recently had a brief scare with our administrative passwords -- and it was as a direct result of not using SSL. If we had already been using SSL, I would be able to cut back on my intake of Tums and Pepto by 10%. ;)
At this moment, this is merely a request for comments, suggestions, and even a proper 'fsck you'. My post is a little rambling, so I'm hoping some of the other IT/security minded people on this forum will jump in and help me clarify my position.
Thanks for your attention to this matter.