PLEASE serve orchidboard.com via HTTPS connection
 

Attention site operator: PLEASE serve orchidboard.com via HTTPS connection.


thank you

Don't hold your breath.

Why do you want that? Purchasing a SSL certificate costs money, and considering there are no financial transactions going on here...

Let's Encrypt - Free SSL/TLS Certificates - free certificates, this is a trusted service used by millions of developers, including myself.

why would i want that??? here is one reason: Important July SSL Deadline for Chrome

The thing about SSL is that it really does protect the users of this site who may not be privy in regards to technology and online security.

Currently the site does not use https (secure http), not even for the login form. This means that your username and password are being passed over the network in a manner that is trivial for someone with malicious intent and access to the network to retrieve. Additionally, any information in your user profile (personal messages, email address, etc) is being transmitted in insecure manner as well, and therefore is subject to snooping by folks with malicious intent.

This opens up a pretty significant vector for attack. For instance, with just a modicum of effort and knowledge, any time you login to this site, it's possible for someone to see your password (because it is transmitted all the way to the server in an easily readable manner). This means anybody with access to your wifi or home network, anybody on the same public network if you're using free wifi, anybody with access to the physical lines to your ISP, various folks at your ISP, anybody that's compromised the network, etc could potentially see your password. The same goes for anything (even private info) in your user profile including your email and private messages that you view. From there, if you happen to have used the same password on another site (such as your social media account or your bank account) then it's pretty trivial for them to gain access to those systems. Or if they're fishing for information about you to use for alternate attack methods, things like knowing your email address or finding your phone number from a private message could come in handy. Https prevents those vectors of attack, even if your online security practices are lacking or if others are not following secure practices with your information.

I do understand that there are financial aspects to this decision. Even though the SSL certificates can be acquired for free, it still takes money and a bit of technical expertise to set-up. And there can often be secondary impacts and costs to switching a site over to https above and beyond just the cost of the cert.

I certainly understand the ins and outs of such security, and I wasn't aware of how Chrome will handle things going forward, but I doubt Marty will do much until he absolutely must.

Given that the owner of this site is pretty much an absentee landlord, I doubt that Google indicating this is "not a secure site" is going to have much impact.

FWIW, I just modified the URL in Chrome to include https, and it's fine.

KISS....and if it aint broke, don't fix it!

I can't even click on "like this post" and every time I move to another thread I get logged out. What gives?

Seems to be working fine for me. Have you tried a re-boot?