Just a heads up about a couple little bumps in the last day: we had a small misconfiguration with MetaFilter's SSL certificate configuration that might have lead to browser warnings in some situations (but no actual danger), and the site's RSS feeds were stalled out for a bit as of yesterday. Both are mostly resolved now, some details inside! [more inside]
A week from now, we'll be updating MetaFilter to always serve https pages instead of http! You most likely don't need to care at all that this is happening, but I'll explain what it means below. Come on in! [more inside]
Can metafilter force https? It looks like this as discussed a few times, the last being was just over a year ago. A couple specific things I find troubling:
- When I navigate to https://ask.metafilter.com, or any other metafilter site, it removes the https and takes me back to http
- Forms (except for login) seem to be submitted via http POST (even anonymous asks)
Just a heads up, you may see an "SSL certificate has expired" warning. We're aware of it and working to fix it. Sorry about the hassle.
It's opt-in for members, but why not use it by default for everyone?
The EFF offers HTTPS Anywhere, but it's not available for all browser, and fails on some script calls. As a feature this would be amazing. Thank you!
I've got the Chrome addon for the Heartbleed server test site and it's just given me a message saying that metafilter.com is vulnerable to the Heartbleed SSL bug. More information about the bug.
I have "use secure browsing" enabled (I can see the checkmark), but metafilter is not using SSL on all of my computers. For example, it's enabled on my iPhone but not on Safari. However, the checkmark is there in both places. [more inside]
We're working on making browsing all sites via SSL available to members. We need some help spotting bugs. [more inside]
Feature request: enable https for everything on mefi, including posting.
I've been spending lots of time on wireless networks lately, so I finally up and got an SSL certificate for MetaFilter. Enjoy. Eventually I'll try to get all the user/pass pages going through https:// to make the site more secure.