New Members
  • Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About cheapsmart

Profile Information

  • Location
  1. Darren, there is a certificate - it works... OK. It's just not the default. A lot of the javascript doesn't load though. It's all coded to use the insecure connection and Chrome/Firefox (correctly) block it from loading before HTTPSEverywhere can rewrite it. It is a server/load balancer fix. Willys, chrome is a great browser.
  2. +1 to LooseLugNuts. Dyed fuel is *very* dyed. Old fuel can grow bacteria; I don't know what color that is.
  3. The site does not by default encrypt communications between your computer and itself. This is observed by noting that the URL starts with "http://" not "https://". This means that if I'm sitting next to you in a coffeeshop I can use an easily-available, totally legal program to see your password as it flies by over the wifi. Anyone who runs the equipment between you and the site can do the same. It's a basic privacy thing as well. The site *does* support TLS (secure) connections, but it's not on by default, and some parts of the page break (specifically, the private messaging from what I've seen). I use a plugin called HTTPS Everywhere to encourage my web browser to use TLS to connect to websites, and I made a rule for ClubSmartCar. However, there's a few bugs to be worked out. TLS used to (and for many sites still does) cost more than not enabling encryption. It has a *very small* increase in the load on the server, but unless you're running massive scale Internet infrastructure you won't notice - and the people who do need to provide secure services so they just accept the cost. However, there's a number of ways to work around not having TLS enabled on your website, and there's been a movement lately to Encrypt the Web which has made more organizations provide secure connections. As part of this, a couple years ago the major browsers (Chrome, Firefox, etc) decided that they'd stick the warning label on websites that are either not TLS-secured or ask for a password without TLS - I think Chrome gets shouty about anything that's *not* TLS secured and Firefox only gets shouty about asking for passwords without secure connection (which is fair because it's a big no-no). So the short answer is that when the site was created, using secure connections was not really too common, but now it's far more common. And the website mostly works with a secure connection, but not always. More information: