CloudFlare enables Websockets for all accounts
- 
 Why don't we redirect HTTP to HTTPs? 
- 
 @Jason said in CloudFlare enables Websockets for all accounts: Why don't we redirect HTTP to HTTPs? Because excuses. 
- 
 @JaredBusch said in CloudFlare enables Websockets for all accounts: @Jason said in CloudFlare enables Websockets for all accounts: Why don't we redirect HTTP to HTTPs? Because excuses. Hardly. Because we don't want people getting hit with the performance penalty who don't want it. There is no reason to redirect it. Everyone can choose what they want. 
- 
 @scottalanmiller said in CloudFlare enables Websockets for all accounts: @JaredBusch said in CloudFlare enables Websockets for all accounts: @Jason said in CloudFlare enables Websockets for all accounts: Why don't we redirect HTTP to HTTPs? Because excuses. Hardly. Because we don't want people getting hit with the performance penalty who don't want it. There is no reason to redirect it. Everyone can choose what they want. As I stated, excuses. You ALWAYS claim this. There is no performance hit that users should ever notice. You simply need to possibly allocate more CPU. It is you choosing to not do it. 
- 
 Don't mind me... 
  
- 
 @scottalanmiller said in CloudFlare enables Websockets for all accounts: That's a lot more complex as the images can be from anywhere. Any across the board change would break some of them. But you could at least fix all of your stuff to be SSL and at least the landing page will show green, unlike now. There is no content here that is out of your control. 
  
- 
 @JaredBusch said in CloudFlare enables Websockets for all accounts: @scottalanmiller said in CloudFlare enables Websockets for all accounts: @JaredBusch said in CloudFlare enables Websockets for all accounts: @Jason said in CloudFlare enables Websockets for all accounts: Why don't we redirect HTTP to HTTPs? Because excuses. Hardly. Because we don't want people getting hit with the performance penalty who don't want it. There is no reason to redirect it. Everyone can choose what they want. As I stated, excuses. You ALWAYS claim this. There is no performance hit that users should ever notice. You simply need to possibly allocate more CPU. It is you choosing to not do it. It's the reason. Call it an excuse all you want. You have the feature that you wanted, what's the excuse for requesting redirection other than to complain? You are complaining that we give people choices? Why? 
- 
 @scottalanmiller said in CloudFlare enables Websockets for all accounts: @JaredBusch said in CloudFlare enables Websockets for all accounts: @scottalanmiller said in CloudFlare enables Websockets for all accounts: @JaredBusch said in CloudFlare enables Websockets for all accounts: @Jason said in CloudFlare enables Websockets for all accounts: Why don't we redirect HTTP to HTTPs? Because excuses. Hardly. Because we don't want people getting hit with the performance penalty who don't want it. There is no reason to redirect it. Everyone can choose what they want. As I stated, excuses. You ALWAYS claim this. There is no performance hit that users should ever notice. You simply need to possibly allocate more CPU. It is you choosing to not do it. It's the reason. Call it an excuse all you want. You have the feature that you wanted, what's the excuse for requesting redirection other than to complain? You are complaining that we give people choices? Why? Excuses. I have read on this subject ever since you first started using the excuse, because I have never heard anyone prove it to actually be impactful today. https://www.maxcdn.com/blog/ssl-performance-myth/ 
 http://scn.sap.com/community/netweaver/blog/2013/06/23/whos-afraid-of-ssl
- 
 We know that SSL does in fact add latency to connections. From that article 
 "What began as an optional account setting two years earlier became the default for all of Facebook’s 1 billion plus users. Facebook recognized that SSL’s extra round trips could cause delays for some users, but two techniques helped them minimize and – in many cases – eliminate the extra latency."So currently, for HTTPs on Mango it's optional because they don't want to slow down users by milliseconds. That's their choice, The same way as it's Unitrends choice not to SSL their contact forms. So many big companies are still not using HTTPs on their sites. http://www.unitrends.com/company/contact The demand for HTTPs clearly is not there from IT pros because the vendors of the software they sell to us are not interested in deploying HTTPs. This is an enjoyable read about SSL and it's not coming from a marketing CDN provider who is telling you to use their product to make HTTPs work. 
- 
 @Breffni-Potter said in CloudFlare enables Websockets for all accounts: We know that SSL does in fact add latency to connections. From that article 
 "What began as an optional account setting two years earlier became the default for all of Facebook’s 1 billion plus users. Facebook recognized that SSL’s extra round trips could cause delays for some users, but two techniques helped them minimize and – in many cases – eliminate the extra latency."So currently, for HTTPs on Mango it's optional because they don't want to slow down users by milliseconds. That's their choice, The same way as it's Unitrends choice not to SSL their contact forms. So many big companies are still not using HTTPs on their sites. http://www.unitrends.com/company/contact The demand for HTTPs clearly is not there from IT pros because the vendors of the software they sell to us are not interested in deploying HTTPs. This is an enjoyable read about SSL and it's not coming from a marketing CDN provider who is telling you to use their product to make HTTPs work. Yes, milliseconds. For an online community forum. This is not a Wall Street trading firm. 
- 
 @JaredBusch: Every decision we make here increases costs and also increases issues that we could have. Please remember that we are still very new and trying to bring in as much traffic from Google as possible to grow the community. Which will then interest more vendors which will allow us to spend more on infrastructure and so on. To be clear not afraid of SSL if there is need. However we also have to remember that it must be used in a way that if fully bennifical for the community as a whole and yes that includes the Google giant and other marketing avenues. In order for this community to continue to grow we need new users and visitors. If we secure everything too much then well........ we wont get that. 
- 
 @Minion-Queen said in CloudFlare enables Websockets for all accounts: @JaredBusch: Every decision we make here increases costs and also increases issues that we could have. Please remember that we are still very new and trying to bring in as much traffic from Google as possible to grow the community. Which will then interest more vendors which will allow us to spend more on infrastructure and so on. Then as @scottalanmiller keeps preaching, if you are new, then you should be doing everything with modern tools and mentality. For anything web based, that means it should be SSL. Stop investing in technical debt. To be clear not afraid of SSL if there is need. However we also have to remember that it must be used in a way that if fully bennifical for the community as a whole and yes that includes the Google giant and other marketing avenues. In order for this community to continue to grow we need new users and visitors. If we secure everything too much then well........ we wont get that. From about 2 years ago, Google gives a higher rank to SSL pages. 
- 
 @JaredBusch said in CloudFlare enables Websockets for all accounts: @Minion-Queen said in CloudFlare enables Websockets for all accounts: @JaredBusch: Every decision we make here increases costs and also increases issues that we could have. Please remember that we are still very new and trying to bring in as much traffic from Google as possible to grow the community. Which will then interest more vendors which will allow us to spend more on infrastructure and so on. Then as @scottalanmiller keeps preaching, if you are new, then you should be doing everything with modern tools and mentality. For anything web based, that means it should be SSL. Stop investing in technical debt. To be clear not afraid of SSL if there is need. However we also have to remember that it must be used in a way that if fully bennifical for the community as a whole and yes that includes the Google giant and other marketing avenues. In order for this community to continue to grow we need new users and visitors. If we secure everything too much then well........ we wont get that. From about 2 years ago, Google gives a higher rank to SSL pages. Supposedly they are going to be adding the red x if you don't have HTTPS also. 
- 
 One other thing @Minion-Queen, I push this so hard because @scottalanmiller continually is making all of these excuses about performance or platform, or whatever. Yet even the NodeBB developers themselves run everything with SSL, and have for quite some time. - Your users ask for it.
- The developers of the NodeBB run SSL for the main community.
- Clouflare supports websockets via SSL.
- Prior to CoudFlare supporting websockets, there was the choice to use a subdomain on its own SSL for websockets while the rest of the site was behind CloudFlare
- Start SSL is free and has been even when this community was started.
- Let's Encrypt now exists and is also free.
- Google has given search boost to SSL sites for 2 years
- Claims of performance issues are not substantiated to more than milliseconds based on research.
- Your users ask for it.
 You know the one thing I have never actually seen posted even one time? A user specifically asking that SSL be not enabled. Sure many people have posted that they do not care. Or that they do not see the point in SSL on a public forum. But none of that is objection. 





