Mailinglist Archive: opensuse-web (64 mails)

< Previous Next >
Re: [opensuse-web] Please update wiki staging server
Christian Boltz <opensuse@xxxxxxxxx> 8/21/2012 5:36 PM >>>
Hello,

I just now pulled the changes from there. I get a
database error... was there some SQL that needed to be run with
that?

Did you run maintenance/update.php ?

Yes, that was done on the original upgrade to 1.19. I ran it again for good
measure, on both the core installation and for SMW. No luck :-(

Besides that, the test account opensuse_stage:opensuse_stage (created
by Thomas) doesn't seem to work -

It seems to work fine on the openSUSE staging blogs and on staging
Novell.

Indeed - I can login on https://loginstage.provo.novell.com/ with this
account.

Because of the broken database query, I can't try it out on
the wikis at the moment. I'll make sure to check as soon as it's
fixed. My guess right now would be that the login extension is
broken with the new version.

I'm not even sure if logging in on enstage worked with the old
version...

It did. I always make sure the login extension works before putting it in
prod, so it definitely worked with 1.17. I also tested it more recently when
making some Access Manager updates.

IIRC most of the wiki runs over http, not https - therefore I doubt
SSL negotiation speed is a real problem ;-)

It's about half and half right now. For whatever reason, most of the
static content is hardcoded to be pulled from a secure connection.

Maybe the author of the Bento theme wasn't aware of protocol-relative
URLs? Changing "https://static.opensuse.org/..."; to
"//static/opensuse.org/..." shouldn't cause any problems.

Interesting that you bring that up. The www pages were the same way. In fact,
I just changed all those references to be protocol relative a few days ago.
That's why you see my name all over the landing page repository in Github. I
had to touch a lot of files :-)

In fact, I would propose that we go ahead and turn of SSL for the
rest of the wiki. As it stands, people logged into the forums,
wikis, and blogs are vulnerable to session hijacking, which is only
really fixable by encrypting the entire session. SSL is much less of
a performance problem than it used to be, and using things like SPDY
and false start make it completely negligible.

There's nothing wrong with SSL for logged in users, OTOH it's
superfluous for other visitors.

I was reading some interesting insights from Google engineers the other week.
It's their vision that someday, every site will be served over SSL/TLS, and
HTTP will be then what RSH is today. They certainly have done a lot to make
this more of a possibility (OpenSSL patches, TLS false start, and SPDY to name
a few). In fact, you may notice that now Firefox defaults to using HTTPS for
Google searches, even if you are not authenticated. Pretty interesting I think.
< Previous Next >
Follow Ups