You are not logged in.

#101 2010-07-22 17:32:32

Anikom15
Banned
From: United States
Registered: 2009-04-30
Posts: 836
Website

Re: This bbs now uses https exclusively

That doesn't help my CPUs either.


Personally, I'd rather be back in Hobbiton.

Offline

#102 2010-07-22 18:27:31

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: This bbs now uses https exclusively

True that. My average CPU usage has skyrocketed since the BBS switched to HTTPS.

The outrage!


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#103 2010-07-22 19:37:45

Anikom15
Banned
From: United States
Registered: 2009-04-30
Posts: 836
Website

Re: This bbs now uses https exclusively

Wait, does it affect the server or client? Or both? Can someone explain this in huge detail?


Personally, I'd rather be back in Hobbiton.

Offline

#104 2010-07-23 00:01:07

655321
Member
From: Costa Rica
Registered: 2009-12-08
Posts: 412
Website

Re: This bbs now uses https exclusively

I read you said that firefox comes with this CAcert by default, why then it shows the site as untrusted? using version 3.6.7 and I also check this at work where I have some XP machines.


Linux user #498977
With microsoft you get windows and gates, with linux you get the whole house!
My Blog about ArchLinux and other stuff

Offline

#105 2010-07-23 01:31:55

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: This bbs now uses https exclusively

655321 wrote:

I read you said that firefox comes with this CAcert by default, why then it shows the site as untrusted? using version 3.6.7 and I also check this at work where I have some XP machines.

http://wiki.cacert.org/InclusionStatus

Offline

#106 2010-07-23 05:29:56

655321
Member
From: Costa Rica
Registered: 2009-12-08
Posts: 412
Website

Re: This bbs now uses https exclusively

Thanks for the link. Now I got it big_smile

I also noticed there is another linux distro called ARK LINUX lol, I tought that was a typo.


Linux user #498977
With microsoft you get windows and gates, with linux you get the whole house!
My Blog about ArchLinux and other stuff

Offline

#107 2010-07-23 09:06:35

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: This bbs now uses https exclusively

yejun wrote:

All intel's new cpu of this year have hardware aes, so hardware problem should go away soon.

I though SSL was a public-key cryptosystem...

Also, the certificate isn't accepted by my n900, in case anyone is remotely interested


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#108 2010-07-23 09:21:07

ss2
Member
Registered: 2007-10-05
Posts: 83

Re: This bbs now uses https exclusively

yejun wrote:
ss2 wrote:

SSL can create a massive overhead (Traffic and melting CPUs) once many connections need to be maintained simultaneously. And this seems to be one of the reasons why SSL does not get much attention.

All intel's new cpu of this year have hardware aes, so hardware problem should go away soon.

True, I didn't think about that. But as it is still (when was it introduced?) a new feature, it will take time until most servers will adopt it..

And yes, the issues about some users posting about a higher load on your cpu: SSL was never intended to be fast, but secure. Think about that.

Offline

#109 2010-07-23 10:29:31

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: This bbs now uses https exclusively

ss2 wrote:
yejun wrote:
ss2 wrote:

SSL can create a massive overhead (Traffic and melting CPUs) once many connections need to be maintained simultaneously. And this seems to be one of the reasons why SSL does not get much attention.

All intel's new cpu of this year have hardware aes, so hardware problem should go away soon.

True, I didn't think about that. But as it is still (when was it introduced?) a new feature, it will take time until most servers will adopt it..

And yes, the issues about some users posting about a higher load on your cpu: SSL was never intended to be fast, but secure. Think about that.

No argument, but security is a balance between AAA and Usability.. No point have uber-security if the system isn't usable.

Offline

#110 2010-07-23 10:32:23

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,964
Website

Re: This bbs now uses https exclusively

I doubt that anybody will notice higher cpu load due to https usage. I didn't even notice a difference on the server. Of course ssl has more overhead in cpu load and traffic but it's fairly low. See also http://www.imperialviolet.org/2010/06/2 … g-ssl.html

Offline

#111 2010-07-23 11:12:54

gtklocker
Member
Registered: 2009-09-01
Posts: 462

Re: This bbs now uses https exclusively

I also noticed some increasing CPU usage... please go back to http!

Offline

#112 2010-07-23 12:45:52

yejun
Member
Registered: 2009-10-21
Posts: 66

Re: This bbs now uses https exclusively

PirateJonno wrote:

I though SSL was a public-key cryptosystem...

Public key is only used to establish session. Once session created that it will use symmetric cypher. The only delay is usually the beginning of session because of extra tcp packets exchanging and RSA.   
AES256 speed is at 270MB/s speed on core2 and 3.5GB/s on i5 cpu. I don't see how ssl on a normal website will cause cpu usage any higher than 1%.

Offline

#113 2010-07-23 13:18:45

mrunion
Member
From: Jonesborough, TN
Registered: 2007-01-26
Posts: 1,938
Website

Re: This bbs now uses https exclusively

<disclaimer>
This is not my forum, my server nor my decision. Feel free to stop reading at this tag if you want.
</disclaimer>

<opinion>
Using SSL for the forums -- where information is publicly available and readable -- is like delivering ketchup packets to fast food restaurants in armored cars! Once they're at the restaurant, anyone can have them by simply asking -- no ID required, no credentials, no receipts, no validation. But they're darn safe as heck during transit! (And I still don't get it. I think it's overkill. But see disclaimer above!)
</opinion>

Last edited by mrunion (2010-07-23 13:19:08)


Matt

"It is very difficult to educate the educated."

Offline

#114 2010-07-23 14:00:39

yejun
Member
Registered: 2009-10-21
Posts: 66

Re: This bbs now uses https exclusively

But your food doesn't taste any different either. So end user shouldn't care. 
Whole website ssl just ease administrative work. Otherwise developer need hand select which page need to be secure which need not to be, and decide which cookie need to have secure flag. With SSL, you can pretty much transmit all information in clear text without worrying about those details.

Offline

#115 2010-07-23 14:09:55

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,183

Re: This bbs now uses https exclusively

never mind....:

EDIT: mentioned package signing and then I read .:B:. warning about not turning this into a package signing thread wink

Last edited by Inxsible (2010-07-23 14:11:58)


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#116 2010-07-23 18:28:36

mrunion
Member
From: Jonesborough, TN
Registered: 2007-01-26
Posts: 1,938
Website

Re: This bbs now uses https exclusively

Well, yejun, I understand that point. But I still don't think SSL is needed on a forum. I'm not storing my credit card info on here or anything. If my account gets hack, I'll report it.

Again, see the disclaimer in my last post.

(And as for "easier" on the web dev, I've not noticed SSL making things "easier" for me on the web applications I have to do. We secure the appropriate parts of course. For another example of why SSL on this forum is kinda not nice, look at the exception warnings in the screenshot threads because the thumbnails aren't loaded over SSL. The browser starts warning that some items aren't encrypted, but that's never been a problem before. Now how many users will ignore it, set an exception or actually wonder if something went wrong?)

Last edited by mrunion (2010-07-23 18:30:10)


Matt

"It is very difficult to educate the educated."

Offline

#117 2010-07-24 02:34:29

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: This bbs now uses https exclusively

yejun wrote:
PirateJonno wrote:

I though SSL was a public-key cryptosystem...

Public key is only used to establish session. Once session created that it will use symmetric cypher. The only delay is usually the beginning of session because of extra tcp packets exchanging and RSA.   
AES256 speed is at 270MB/s speed on core2 and 3.5GB/s on i5 cpu. I don't see how ssl on a normal website will cause cpu usage any higher than 1%.

Thanks for the clarification smile


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#118 2010-07-28 17:22:37

anonymous_user
Member
Registered: 2009-08-28
Posts: 3,059

Re: This bbs now uses https exclusively

Pierre wrote:

So for those who use third-party systems: install the class 1 and class 3 certs from http://www.cacert.org/index.php?id=3 (e.g. just click on both in pem-format)

This should be added to the first post.

Offline

#119 2010-07-28 22:15:20

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: This bbs now uses https exclusively

mrunion wrote:

<disclaimer>
<opinion>
Using SSL for the forums -- where information is publicly available and readable -- is like delivering ketchup packets to fast food restaurants in armored cars! Once they're at the restaurant, anyone can have them by simply asking -- no ID required, no credentials, no receipts, no validation. But they're darn safe as heck during transit! (And I still don't get it. I think it's overkill. But see disclaimer above!)
</opinion>

Doesn't your food taste much better knowing that the small ketchup packets have not been swapped by a mix of laxatives and sleeping pills or some poison was added on the way from the factory to the restaurant?


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#120 2010-07-29 00:12:02

ss2
Member
Registered: 2007-10-05
Posts: 83

Re: This bbs now uses https exclusively

R00KIE wrote:
mrunion wrote:

<disclaimer>
<opinion>
Using SSL for the forums -- where information is publicly available and readable -- is like delivering ketchup packets to fast food restaurants in armored cars! Once they're at the restaurant, anyone can have them by simply asking -- no ID required, no credentials, no receipts, no validation. But they're darn safe as heck during transit! (And I still don't get it. I think it's overkill. But see disclaimer above!)
</opinion>

Doesn't your food taste much better knowing that the small ketchup packets have not been swapped by a mix of laxatives and sleeping pills or some poison was added on the way from the factory to the restaurant?

We should ask if fast food restaurants of this world want to use packet signing for ketchup. smile

Offline

#121 2010-07-29 09:46:47

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: This bbs now uses https exclusively

ss2 wrote:
R00KIE wrote:
mrunion wrote:

<disclaimer>
<opinion>
Using SSL for the forums -- where information is publicly available and readable -- is like delivering ketchup packets to fast food restaurants in armored cars! Once they're at the restaurant, anyone can have them by simply asking -- no ID required, no credentials, no receipts, no validation. But they're darn safe as heck during transit! (And I still don't get it. I think it's overkill. But see disclaimer above!)
</opinion>

Doesn't your food taste much better knowing that the small ketchup packets have not been swapped by a mix of laxatives and sleeping pills or some poison was added on the way from the factory to the restaurant?

We should ask if fast food restaurants of this world want to use packet signing for ketchup. smile

They already do actually, the process is controlled very tightly at the factory and at any sign of tampering upon delivery people get extra careful.

Have you ever heard of cases where something is suspected to have been poisoned during production or before reaching the consumer's hands? I sure have and not only it is a huge pain in the ass for everyone in the production and delivery chain to handle the massive recall, it scares every single consumer that may have bought an item from the affected lot, not to mention the bad image the producer of the product will get, even if later it is proved that it was a single consumer that tried to kill itself and the product was completely safe.

Like it was said before the trend is to have someone snoop on _everything_ you do on the internet (I believe one country even considered making it mandatory to install a program to snoop on all your online activities), specially if the "wonderful" and secret ACTA treaty gets ratified and pushed down our throats. So yes, bring on https (package signing does not belong to this discussion), my posts are worth very little but they are my posts and it is my account and if it is possible to make it more secure I don't see a reason why not.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#122 2010-08-02 18:00:59

MkFly
Member
From: Mars
Registered: 2009-12-10
Posts: 141

Re: This bbs now uses https exclusively

R00KIE wrote:

Have you ever heard of cases where something is suspected to have been poisoned during production or before reaching the consumer's hands?

Excellent example of this: the Chicago Tylenol murders.

There's a bit of drama in this thread.  I for one am quite happy about this.  For any site that I visit, if I can load it over SSL, I do.  And if it makes dcc24 feel any better, I think package signing is important as well.

yejun wrote:
ss2 wrote:

SSL can create a massive overhead (Traffic and melting CPUs) once many connections need to be maintained simultaneously. And this seems to be one of the reasons why SSL does not get much attention.

All intel's new cpu of this year have hardware aes, so hardware problem should go away soon.

The Arch servers seem to be configured to serve SSL with the Camellia cipher by default, so hardware AES isn't going to help there.  Although in Firefox, if you disable Camellia in about:config, the Arch servers will fall-back on using AES-256 next.

Last edited by MkFly (2010-08-18 20:20:27)

Offline

#123 2010-08-04 15:20:03

Kilzool
Member
From: Ireland
Registered: 2010-08-04
Posts: 232

Re: This bbs now uses https exclusively

Just use a self-signed CA on the bbs.. and let folks know that, if it is a big trouble.  Wildcard SSLs are steep in price.

<donates>

Offline

#124 2010-08-07 21:08:35

z0phi3l
Member
From: Waterbury CT
Registered: 2007-11-26
Posts: 278

Re: This bbs now uses https exclusively

PirateJonno wrote:
yejun wrote:

All intel's new cpu of this year have hardware aes, so hardware problem should go away soon.

I though SSL was a public-key cryptosystem...

Also, the certificate isn't accepted by my n900, in case anyone is remotely interested

Funny thing, it accepted in on my loaner Samsung Memoir smile

Offline

#125 2010-08-10 03:26:08

akephalos
Member
From: Romania
Registered: 2009-04-22
Posts: 114

Re: This bbs now uses https exclusively

I salute the change - in case the public opinion matters more than a thoughtful decision, view to which I don't adhere anyway.

I suppose that it would be good for people who insist to use unsecured connection to optionally be able to get over the encryption, if this is possible and not hard to implement. Still, IMO the default needs to be secured, information should not be reachable by 3rd parties without the explicit consent of the people.

Offline

Board footer

Powered by FluxBB