[liberationtech] HTTPS links on wordpress blog post have S removed automatically, odd

Yosem Companys companys at stanford.edu
Thu May 5 17:37:19 PDT 2011 

Diaspora is still going strong, but it's not an effective blogging platform
(yet).  If anyone is interested in invites, let me know.

Yosem

On Thu, May 5, 2011 at 4:18 PM, Frank Corrigan <email at franciscorrigan.com>wrote:

> Thanks, I am only using it in very limited situations and not for
> anything sensitive, but I will look at other options, I just don't want
> the burden of hosting something myself. I may add details of a gpg
> public key. I have tried to make an informed trade off decision between
> security V convenience.
>
> I was looking into Diaspora <https://joindiaspora.com/> but that project
> seems to have gone quiet.
>
> Frank
>
>
> ----- Original message -----
> From: "Erik Sundelof" <erik at sundelof.com>
> To: "Frank Corrigan" <email at franciscorrigan.com>
> Cc: "SiNA" <sina at anarchy.cx>, schoen at eff.org, brianc at smallworldnews.tv,
> "Liberation Technologies" <liberationtech at lists.stanford.edu>
> Date: Thu, 05 May 2011 13:44:47 -0700
> Subject: Re: [liberationtech] HTTPS links on wordpress blog post have S
> removed automatically, odd
>
> All,
>
> In general Wordpress is not very secure platform and is natively very
> vulnerable for attacks. Wordpress.com is ok but is very often blocked. I
> would strongly suggest against using Wordpress for anything you need a
> lot of security.
>
> Best,
>
> Erik
>
> > ------------------------------------------------------------------------
> >
> >       Frank Corrigan <mailto:email at franciscorrigan.com>
> > May 5, 2011 12:58 PM
> >
> >
> > Thanks for the feedback. I am not using a selfhosted WP blog and might
> > not have explained myself well enough, for a better explanation with
> > images anyone can download more info via:
> >
> https://franciscorrigan.files.wordpress.com/2011/05/https-removal-of-s-by-wordpress.pdf
> >
> > I will be contacting wordpress direct, not happy with any blog system
> > than changes a url I add to a post from a HTTPS url to a plain HTTP one,
> > this is not about redirecting, this is about changing a link I add to a
> > post. I think this has broad implication users of blogs, as they like me
> > could be adding many urls with HTTPS links, only to discover the S is
> > removed from the blog post BEFORE it is clicked on...
> >
> > Frank
> >
> >
> > ----- Original message -----
> > From: "SiNA" <sina at anarchy.cx>
> > To: "Frank Corrigan" <email at franciscorrigan.com>
> > Cc: "Liberation Technologies" <liberationtech at lists.stanford.edu>
> > Date: Thu, 05 May 2011 11:44:50 -0700
> > Subject: Re: [liberationtech] HTTPS links on wordpress blog post have S
> > removed automatically, odd
> >
> > Try adding this to wp-config.php, it should make all the core parts of
> > wordpress, use https for urls that are loading from an HTTPS site:
> >
> > if(strlen(strstr( $_SERVER['SERVER_PROTOCOL'],"HTTPS"))>0) {
> > define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST'] . '');
> > define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST'] . '');
> > }
> > else {
> > define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '');
> > define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '');
> > }
> >
> >
> > Hope it helps!
> >
> > --
> > SiNA
> > pgp 0x0B47D56D
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > liberationtech mailing list
> > liberationtech at lists.stanford.edu
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you
> > click above) next to "would you like to receive list mail batched in a
> > daily digest?"
> >
> > You will need the user name and password you receive from the list
> > moderator in monthly reminders.
> >
> > Should you need immediate assistance, please contact the list moderator.
> >
> > Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> > ------------------------------------------------------------------------
> >
> >       Frank Corrigan <mailto:email at franciscorrigan.com>
> > May 5, 2011 5:25 AM
> >
> >
> > PS:
> >
> > Below is the html code snippet for the page, (from within the
> > worpress.com Dashboard) that confirms HTTPS is rewritten to HTTP
> >
> > <strong>Note:</strong> When visiting <a
> > href="http://www.franciscorrigan.com">www.franciscorrigan.com</a> it
> > automatically redirects to this page<a
> > href="https://franciscorrigan.files.wordpress.com/2000/01/contact.pdf"
> > target="_blank">: </a><a title="Secure contact form over https
> > encryption"
> > href="https://franciscorrigan.wordpress.com/2000/01/01/contactme/"
> > target="_blank">
> https://franciscorrigan.wordpress.com/2000/01/01/contactme/</a>
> > ? (libtech note..)
> >
> > Thanks
> > Frank
> >
> > ----- Original message -----
> > From: "Frank Corrigan" <email at franciscorrigan.com>
> > To: "Liberation Technologies" <liberationtech at lists.stanford.edu>
> > Date: Thu, 05 May 2011 13:11:23 +0100
> > Subject: HTTPS links on wordpress blog post have S removed
> > automatically, odd
> >
> > I was setting up a 'secure' https contact page at:
> > https://franciscorrigan.wordpress.com/2000/01/01/contactme/
> >
> > But when I post a link on the above blog page, it is overwritten by
> > wordpress.com to remove the S in HTTPS, this is odd.
> >
> > In summary when I add this link to the blog:
> >
> > httpS://franciscorrigan.wordpress.com/2000/01/01/contactme/
> >
> > it becomes:
> >
> > http://franciscorrigan.wordpress.com/2000/01/01/contactme/
> >
> > Clearly this action seems to be hard coded into wordpress.com - I have
> > replicated this problem a nuber of times, ensured I do not have a chache
> > of the old page and added a ? after the link to ensure it is the latest
> > version of the blog post.
> >
> > I cannot expect visitors to this page to have the HTTPS Everywhere
> > add-on enabled, at least when I auto redirect to this page from
> > http://www.franciscorrigan.com it does at least stay on the HTTPS
> > version.
> >
> > Thanks
> > Frank
> >
> > _______________________________________________
> > liberationtech mailing list
> > liberationtech at lists.stanford.edu
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you
> > click above) next to "would you like to receive list mail batched in a
> > daily digest?"
> >
> > You will need the user name and password you receive from the list
> > moderator in monthly reminders.
> >
> > Should you need immediate assistance, please contact the list moderator.
> >
> > Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> > ------------------------------------------------------------------------
> >
> >       Frank Corrigan <mailto:email at franciscorrigan.com>
> > May 5, 2011 5:11 AM
> >
> >
> > I was setting up a 'secure' https contact page at:
> > https://franciscorrigan.wordpress.com/2000/01/01/contactme/
> >
> > But when I post a link on the above blog page, it is overwritten by
> > wordpress.com to remove the S in HTTPS, this is odd.
> >
> > In summary when I add this link to the blog:
> >
> > httpS://franciscorrigan.wordpress.com/2000/01/01/contactme/
> >
> > it becomes:
> >
> > http://franciscorrigan.wordpress.com/2000/01/01/contactme/
> >
> > Clearly this action seems to be hard coded into wordpress.com - I have
> > replicated this problem a nuber of times, ensured I do not have a chache
> > of the old page and added a ? after the link to ensure it is the latest
> > version of the blog post.
> >
> > I cannot expect visitors to this page to have the HTTPS Everywhere
> > add-on enabled, at least when I auto redirect to this page from
> > http://www.franciscorrigan.com it does at least stay on the HTTPS
> > version.
> >
> > Thanks
> > Frank
> > _______________________________________________
> > liberationtech mailing list
> > liberationtech at lists.stanford.edu
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you
> > click above) next to "would you like to receive list mail batched in a
> > daily digest?"
> >
> > You will need the user name and password you receive from the list
> > moderator in monthly reminders.
> >
> > Should you need immediate assistance, please contact the list moderator.
> >
> > Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
> Email had 1 attachment:
> + compose-unknown-contact.jpg
>  2k (image/jpeg)
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110505/bd7cbd43/attachment.html>

More information about the liberationtech mailing list