[X] My Assistant

A new set of HTTPS-capable image servers is now live for ordinary (browsing) image requests. Along with the new version of H@H, this means all browsing images should now be HTTPS-only. Some other things like full image downloads still use the old servers, but will switch to the new ones soonish.

There was also a change to the setting to disable H@H for image requests; an option to use only clients running on the default HTTPS port (443) was added. This setting should be sufficient to prevent issues with restrictive firewalls and proxies. The option to disable it entirely is now donator-only due to the significant additional load it adds on the image servers. Note that if you previously had it set to disable H@H, it is now set to default-port only.

As a random additional change, the required disk space per static range for H@H clients was increased to 200 MB per range. This is not retroactive, and will not reduce the number of already assigned ranges if it would be limited with the new requirement.

Edit: Original image downloads has been switched over.

First!!1!

Good to see that, browser will finally stop crying about "muuh security issue".

We all (most of us?) do value the work you place in keeping EH afloat Tenb.

The latest browser security through handing control to who can pay more bullshit is taking its toll - but please don't get discouraged. It is all some really good stuff that EH has become, thanks for that.

We all (most of us?) do value the work you place in keeping EH afloat Tenb.

I concur. Thanks Tenboro!

The latest browser security through handing control to who can pay more bullshit is taking its toll

Did I miss something on the news? What does this mean for tech laymen?

This post has been edited by Vexxille: Mar 1 2020, 18:06

E-HENTAI.ORG FOREVER


thankyou Tenboro <3


every day is a good day with e-hentai

This post has been edited by darkknightx2: Mar 1 2020, 18:47

Did I miss something on the news? What does this mean for tech laymen?

Google is forcing everything to HTTPS very soon via Chrome.

To be precise Chrome has been autoupgrading mixed content lately. It means that media (video, audio, picture) will try be loaded in https. If it fails it'll goes to http. Video & Audio are dropped out already, if it can't load in https it'll be blocked. In April picture will receive the same fate.

You can of course still ask it to load it in option, but it's not something everyone will do or know.

Firefox hasn't planned that (and probably won't unless it's a standard of the web), so you can always use Firefox. You should not use Chrome in the first place anyway.

To be precise Chrome has been autoupgrading mixed content lately. It means that media (video, audio, picture) will try be loaded in https. If it fails it'll goes to http. Video & Audio are dropped out already, if it can't load in https it'll be blocked. In April picture will receive the same fate.

You can of course still ask it to load it in option, but it's not something everyone will do or know.

Firefox hasn't planned that (and probably won't unless it's a standard of the web), so you can always use Firefox. You should not use Chrome in the first place anyway.

Mixed content will be blocked and it require user toggle a setting to enable it in the future version of Chrome. The normal user may have security concern on toggling these setting.

I think most of the user is using Chrome as their main browser and increasing security is not a bad thing. I can't see the reason why I should not use Chrome in the first place.

I can't see the reason why I should not use Chrome in the first place.

google.

google.

Maybe I will use Chromium if I want to get rid of google service.

the google service isn't really much of a big problem tbh, problem with people becoming so dependent on chrome is that any changes google made with its browser are gonna impact the web without any opposition whatsoever.

if one day google decided that comic sans is a crime against humanity and should be banned from chrome, major websites are gonna be forced into not using the font, since using it is gonna break the website for most of the ordinary users out there (i know this is a rather ridiculous example, but think you can get my point here).

the monopoly power is the main issue here, and the so-called "security improvement" is somewhat arguable as well.

200 MB per range?.. oh god

Google is forcing everything to HTTPS very soon via Chrome.

How does that have anything to do with what bluepenguin said? Does introduction of forced HTTPS create new complicated rules?
Also does it relate somehow with monopoly like what PrincessKaguya said?

This post has been edited by Vexxille: Mar 2 2020, 19:08

How does that have anything to do with what bluepenguin said? Does introduction of forced HTTPS create new complicated rules?

Because webmasters now have to buy (potentially a ton of) SSL certifcates to use HTTPS or indirectly pay for them? It is also more compute-intensive due to the encryption. Users do not always need their data transfers to be protected, and yet every webmaster must pay for HTTPS even if it is not needed. The move towards total for-profit HTTPS seems rather unnecessary, and there may have been some lobbying behind the scenes.

I am just guessing.

Yeah it's basically that, even though we have Let's Encrypt which is free, it does make you work harder on that.
Mind you, having HTTPS is very important but as 10b said in another news there are legitimate use of mixed content. This will only add complexity and overhead. I'm far from being an expert maybe someone could add to that, or even 10b if he has time and want to.

About Google. You should avoid them if you care about your Privacy. I won't, in this topic, try to convince you, this reason alone should suffice. If not then nothing I'd say will make you change your mind.
Others have explained already and in a better way that I would never dream of achieving. It's up to you to search and see the problem with Google, you're a free man

Typically in this case Google push his own vision, Mozilla isn't doing that because this isn't a standard. They always follow the standard, and try to push new stuff but will enforce only if it became a standard. Google doesn't care, they want the web shaped their way to have a better handle of the situation and earn more money.

This post has been edited by ero-onizuka: Mar 2 2020, 22:27

I looked at the settings and didn't change anything and now I'm getting a white page on the main page except for the forum.

When setting the Image Load Setting to "No", which loads them directly from the image servers, pictures wider than the browser window don't seem to scale with the browser width properly. Setting it back to either of the settings using H@H fixes the problem and pictures scale as usual. Tried it with couple browsers with the same end result.

When setting the Image Load Setting to "No", which loads them directly from the image servers, pictures wider than the browser window don't seem to scale with the browser width properly. Setting it back to either of the settings using H@H fixes the problem and pictures scale as usual. Tried it with couple browsers with the same end result.

Hmm yeah, I see your problem. Should be fixed now, let me know otherwise.

Should I use port 443?

Should I use port 443?

You mean when browsing, or for your own H@H client?

If the former, only if you're behind a proxy or firewall that breaks HTTPS connections to non-standard ports.

If the latter, the short answer is that running H@H on port 443 is recommended if possible, but comes with some complications on some systems.

There's some information about it in this thread, but in short, port 443 clients will get more traffic. This is both because they have a statistically significant higher average quality (currently 8159 compared to 7757), likely caused by people behind such proxies/firewalls that haven't set the toggle, but also because people who have set the toggle will only use those clients.

It's hard to estimate exactly how it would affect the traffic on a particular client, but right now, only ~16% of clients run on port 443, and those clients get ~30% of the traffic.