Once upon a time I could find blog posts of people reviewing things, travel, software, equipment etc. Now I just find pages and pages of review aggregators. The advantage of finding a blog was didn't take more than a few clicks to figure out if the blogger and me shared thinking, lifestyles, financial means etc. Now all that is gone. We just have ridiculous aggregation.
The problem is exacerbated by search quality guidelines that need to be followed if you're going to rank for any competitive search term, especially when there are clear incentives for doing so - such as site speed and deploying ssl.
Coming next is the 'insecure site' warning that's likely going to cull many more hobby sites.
I can, because I just converted a site to https, which had a combination of relative and absolute href and src parameters on it in a confused manner. This was combined with html embedded in table records.
It wasn't a simple search and replace task since several admin functionalities were also included in the site.
Think about all of the sites that have relevant information that aren't selling anything that would love to get things like this fixed, but just can't throw money at the problem.
Before you say oh it shouldn't cost that much. Think about where some of these sites are hosted and for how little. Some people don't even have the means to pay for such a fix, but they have important information to share.
This probably should have been a rule applied to sites that sell things and not sites that just have information.
I am all for making money, but I also feel like doing some charity work for this problem as well. I heard the deadline is the 24th. Anyone else interested in doing this collectively for a couple sites?
> I can, because I just converted a site to https, which had a combination of relative and absolute href and src parameters on it in a confused manner. This was combined with html embedded in table records.
Just add an upgrade-insecure-requests header to your webserver config, boom. No search and replacing needed.
> Most notably, mixed content checking [MIX] has the potential to cause real headache for administrators tasked with moving substantial amounts of legacy content onto HTTPS. In particular, going through old content and rewriting resource URLs manually is a huge undertaking.
I mean, uh sure, I'll volunteer to move your sites to https, but I don't think giving a random dude on the internet root access to fix the webserver config is a good idea ;-)
This site also had mixed content due to it using a forward proxy with ARR in IIS. Since ARR doesn't forward https requests it is truly turning into a mess. There isn't an option to just move it to another webserver as that would be it's own undertaking with the dynamic part of the site being ColdFusion.
> I mean, uh sure, I'll volunteer to move your sites to https, but I don't think giving a random dude on the internet root access to fix the webserver config is a good idea ;-)
In this point yeah I agree you don't want to let just random dudes have root access to a site. On the other hand I run my own legitimate consulting business and if you think about it. Every time I am winning over a new client for all intents and purposes I am just a random dude. :)
You can always just put an nginx in front of it to terminate TLS there. Sounds like a legacy mess nobody intends to maintain anymore anyways. Or hell, cloudflare them. Kinda pointless since you won't have TLS to the backend server, but the easiest "solution". I maintain that's it's possible to inject a header and terminate TLS however messy the system is within an hour.
Problem is that there's a ton of money in the "review industry," (through referrals) it's very lucrative, so the big ones are spending a lot to rank high.
