DieAnderen's blog

By DieAnderen, history, 5 years ago, In English,

Any reason why codeforces isn't using a secured http connection??

 
 
 
 
  • Vote: I like it
  • +33
  • Vote: I do not like it

»
5 years ago, # |
Rev. 3   Vote: I like it +17 Vote: I do not like it

The insufficient amount of paranoia among users and admins probably.

I also anticipate two minor troubles:

  1. Serving via HTTPS requires additional processing time on both server and client (and also makes certain types of caching unusable). When the server is not experiencing peak load this would be hardly noticed. However during contest the amount of requests is very large and I suspect at least the delays will become quite sensible.

  2. If policies of some countries require limited access to certain pages of the site (e.g. due to posting doubtful content by users) — then switching to HTTPS will force internet providers in such countries to limit access to the whole site as the per-page approach could not be used.

Now why we may want to use HTTPS? Do you suspect Snowden is stealing your solutions?

P.S. I myself do not mind HTTPS as long as it is optional, not obligatory.

UPD the main good point I learned from comments below is about preventing TCP sniffing in college LANs. Though I never heard this is a widespread problem right now :)

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +27 Vote: I do not like it

    I don't want my ISP or free Wi-Fi provider inserting advertisement.

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it 0 Vote: I do not like it

      use adblock

      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it +1 Vote: I do not like it

        It's not solution, only workaround

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it 0 Vote: I do not like it

      Just switch to more decent provider. There is no sane reason to mess with providers who do not respect its users.

      If you can't trust provider enough, I doubt you can rely even on https over him as there could be foul play with certificates.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +20 Vote: I do not like it

    Not snowden, but if you are using college lan, than someone can sniff the packet and get the solution, during the live contest.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it -8 Vote: I do not like it

    Now why we may want to use HTTPS?

    The correct question is: why wouldn't we want to use HTTPS? Privacy is a fundamental human right. You need to present very good reasons to deprive people of this right, not the other way around.

    • »
      »
      »
      5 years ago, # ^ |
      Rev. 2   Vote: I like it 0 Vote: I do not like it

      CodeForces provides free services. You are using these services voluntarily so it is not correct to complain you are deprived of privacy by evil CodeForces admins. And why do you need to post very private and personal info here?

      And HTTPS do not automatically mean privacy.

      • »
        »
        »
        »
        5 years ago, # ^ |
        Rev. 2   Vote: I like it +5 Vote: I do not like it

        I'm not complaining at all, I'm pointing out a flaw in your logic.

        And why do you need to post very private and personal info here?

        And you're making the same mistake again. I don't have to justify to you that I need privacy, you have to justify to me that there is a benefit in not having it. I have blinds on the window in my living room even though I don't do anything "private and personal" there.

        HTTPS is a necessary but not sufficient condition for security and privacy.

        • »
          »
          »
          »
          »
          5 years ago, # ^ |
            Vote: I like it +4 Vote: I do not like it

          you have to justify to me that there is a benefit in not having it

          I started with pointing out two.

    • »
      »
      »
      4 weeks ago, # ^ |
        Vote: I like it +4 Vote: I do not like it

      Not in china

      • »
        »
        »
        »
        4 weeks ago, # ^ |
          Vote: I like it +30 Vote: I do not like it

        You just necroposted a 5 year old blog to say this

        • »
          »
          »
          »
          »
          4 weeks ago, # ^ |
            Vote: I like it 0 Vote: I do not like it

          Given the times we are living in, I wrote the same (as the blog)question on Google and ended up writing the comment. Also if I were to write the same comment in any recent contest , you know what would have happened.

          • »
            »
            »
            »
            »
            »
            4 weeks ago, # ^ |
              Vote: I like it 0 Vote: I do not like it

            Also if I were to write the same comment in any recent contest , you know what would have happened.

            Yes, that is supposed to be a message that you should not do that (under a recent contest or otherwise).

  • »
    »
    5 years ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    If you're on an open wifi connection I'm pretty sure people can steal your CF username/password because CF isn't using HTTPS even in their login page.

»
5 years ago, # |
  Vote: I like it +50 Vote: I do not like it

https = http + slow