Author Topic: Futureproofing the Titan Network  (Read 5073 times)

TonyV

  • Titan Network Admin
  • Elite Boss
  • *****
  • Posts: 2,175
    • Paragon Wiki
Futureproofing the Titan Network
« on: May 12, 2015, 03:15:10 AM »
Hey all, Tony here...

Woot, SSL!

Over the next couple of weeks or so, we're going to be working on a little project here that is probably a bit past due, but still, that I consider a necessary part of being a responsible Internet citizen.  In a nutshell, we'll be rolling out SSL to all of our sites so that when you access any Titan Network site, your connection will be encrypted to keep curious men-in-the-middle from seeing what you're doing.

Now I know some of you might be thinking, "Really? For a gaming hobby site, you're going to be Fort Knoxing it up?" And yeah, we will. The practical situation is that although we encourage you not to use the same password here as you use for all of your live gaming accounts (and for Bank of America, Amazon, eBay, Steam, ...), we know that some of you do anyway.  And while we take pain to secure your information on the back end server, we have absolutely zero control over the routers between you and us.  Since HTTP is a clear-text protocol, anyone "sniffing the wire" can get your username and password without either of us being any the wiser.

Well, that's about to change.  With SSL, every bit of data* between you and us will be encrypted, so you can browse knowing that people other than the NSA aren't spying on you.**  You're welcome!

We're going to do this as transparently as possible to avoid any undue stress, migrating one site at a time.  The easier sites will be moved first, probably Faces, CIT, and Red Tomax's guides.  The more difficult sites will be migrated a bit later, including the Paragon Wiki and forums.  During this time, you might run across some weirdities such as broken links, images that don't load right, and so on.  If you run across any of this, you might want to jot down what you're seeing, check with this thread to see what our progress is and what we're working on at the time, and if you think there's a genuine error, drop me a PM.

I'll also mention that as we're moving stuff over, we'll be redirecting normal HTTP requests automagically to HTTPS so that even if you click on old links or use old bookmarks, you'll still get most of the benefits of the security enhancement. Although people looking at your connection will be able to see your URLs, they won't be able to see your passwords.  Obviously, once we convert sites over, we encourage you to update old links and bookmarks to point to https://siteaddress instead of http://siteaddress.

Woot, IPv6!

As a side note, on the new SSL-enabled server, we're also going to be running IPv6.  For most of you, this won't make any practical difference.  If you're in Asia, it might help, as folks over there are adopting it at a pretty fair clip due to the IP address pool quickly expiring.  In good ol' 'Murica, if you're a Comcast customer, you might actually be on IPv6 already and not know it.  If not, you might just have to enable it in your Internet router to get to it.  You can test your IPv6 connectivity here.  If you're not set up for it, don't fret, as we're not going to be turning off IPv4 anytime soon.  This is just a step to futureproof the site.

If you have any questions, feel free to ask them in the thread I create in the General Discussion forum, as I'll be locking this thread so that I can post updates.

Woot, Disclaimers!

* Stuff linked from third-party sites such as images using the [img][/img] tag may not initially be encrypted, which means you might get warning that some content on the page is unencrypted.  We're looking into options for this, including using a proxy service or locally caching images.  Still, I can't preclude the possibility that we might miss something.  If you see anything triggering browser warnings after a site is migrated, let us know. :)

** If you browse the Internet at work, there is a technology called SSL Interception by which a certificate is installed on your computer by the company designating itself as a trusted certificate authority.  Using this technology, SSL sites can be proxied by a corporate server and decrypted.  In short, if you're on a company-owned machine or a machine that you didn't set up yourself, do not treat it as a trusted device!  (Even if it is your personal computer, you might want to take precautions to make sure your OEM or retailer isn't screwing with you.)

TonyV

  • Titan Network Admin
  • Elite Boss
  • *****
  • Posts: 2,175
    • Paragon Wiki
Re: Futureproofing the Titan Network
« Reply #1 on: June 14, 2015, 05:02:24 AM »
Okay, it took a bit longer than we expected due to some necessary upgrades, but we have now migrated our first site: Faces!

All links and traffic to the old http URL should be automagically redirected to the new encrypted https URL.  In addition, if you have IPv6, you can now access the site using the next generation IP protocol.

If you have any questions or notice any weirdities, please let us know in the discussion thread about the upgrade.  Also, please note that this is just the first of all the Titan Network sites to be upgraded.  It's turned out to be a bit harder than we thought because we're installing on the latest and greatest version of the OS and freshest software, so we had to make some code changes as well to account for that.

Anyway, thanks for your patience, and enjoy!

TonyV

  • Titan Network Admin
  • Elite Boss
  • *****
  • Posts: 2,175
    • Paragon Wiki
Re: Futureproofing the Titan Network
« Reply #2 on: November 05, 2015, 03:36:49 AM »
So... still taking longer that I had anticipated (obviously), mostly due to me having a lot of irons in the fire.  At any rate, since my last post, I've migrated over Tomax (including CoD) and avatars, which is mostly used for CIT, which is next on my hit list.  After that, I'll move over three or four small miscellaneous sites.  The biggies, Paragon Wiki and the home page (including the forums) will be last due to some technical issues around the need to proxy images.  Still, we're getting there.  :)