What is wrong with xda-developers.com?
It taskes like more than 15 seconds to load pages.
The delay occured when xda switched to https (At least for me)
Try changing your theme or browser, see if that makes a difference
kuromusha38 said:
What is wrong with xda-developers.com? It taskes like more than 15 seconds to load pages.
Click to expand...
Click to collapse
DSA said:
The delay occured when xda switched to https (At least for me). Try changing your theme or browser, see if that makes a difference
Click to expand...
Click to collapse
I can't state for sure but, in addition to what @DSA had stated...
I think that it does stem from the XDA Server switching to Https but, the advertising as well as other items that the web page loads may be via Http.
If so, then this is what's called "Mixed Content/Mixed Domains" whereas the website loads content not only from the XDA Server but, content from other, outside the XDA Server, URL's using both the Https, Http, and possibly others.
Maybe @bitpushr, @Wood Man or @MikeChannon (or another Admin) can confirm, deny or just state that I've won the "XDA Official Nut Case Award"... LMAO!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Ibuprophen said:
I can't state for sure but, in addition to what @DSA had stated...
I think that it does stem from the XDA Server switching to Https but, the advertising as well as other items that the web page loads may be via Http.
If so, then this is what's called "Mixed Content/Mixed Domains" whereas the website loads content not only from the XDA Server but, content from other, outside the XDA Server, URL's using both the Https, Http, and possibly others.
Maybe @bitpushr, @Wood Man or @MikeChannon (or another Admin) can confirm, deny or just state that I've won the "XDA Official Nut Case Award"... LMAO!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Click to expand...
Click to collapse
Yup, there are multiple reasons including the ones you mention, but add to that the high volume of Users we have and the ever increasing size of our databases and a highly customized version of vBulletin. We have been aware of load times and it is always a focus for the Server Admins. The site has evolved and been added to with many non standard additions and we're at the limits of vBulletin, but like I say we do always have plans and have done things over time to improve things.
Mike
We monitor load times constantly, usually based on our metrics pages should be loading within 1 or 2 seconds - with the ads there is sometimes a delay of up to 15s for a 'full' page load. Those external assets are mainly out of our control and can be removed by purchasing XDA ad free.
Regarding https - we made this switch over a year ago - there is no noticeable difference in load time based on switching to https. Actually, right after the move to https we were able to upgrade to http2 which allows the browser to load multiple assets in parallel faster and should actually have sped up the site for most people.
As @MikeChannon stated XDA is based on older forum software. At our size it slows down noticably, and in particular if you have a lot of threads/posts, subscriptions and that sort of thing. For logged out users we already cache a ton of things, making the site very fast. We are in the process of rewriting the backend to make this faster for everyone. At present, the first time you load the page after a while we need to cache some user-specific items and this can delay page loading a few seconds.
@bitpushr & @MikeChannon, how does the the loading of XDA via the PC/Android Browser affected when the XDA server is accessed by way of other methods like the Tapatalk website as well as the various Apps too?
I mean the load on the Server Accessing the XDA Server using other methods besides using the traditional xda-developers URL from a browser.
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Ibuprophen said:
@bitpushr & @MikeChannon, how does the the loading of XDA via the PC/Android Browser affected when the XDA server is accessed by way of other methods like the Tapatalk website as well as the various Apps too?
I mean the load on the Server Accessing the XDA Server using other methods besides using the traditional xda-developers URL from a browser.
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Click to expand...
Click to collapse
Overall there is no impact, but each method has its own benefits/drawbacks. For example, I know when Tapatalk is first loaded - it loads all forums and is very slow to load.
bitpushr said:
Overall there is no impact, but each method has its own benefits/drawbacks. For example, I know when Tapatalk is first loaded - it loads all forums and is very slow to load.
Click to expand...
Click to collapse
I see...
I wasn't sure of the impact on the server between the Apps and other sources and the typical browser access.
I've got a feeling that a percentage of members/guests accessing the forum via the browser is getting smaller and smaller as more and more members/guests are using Apps and other sources like the Tapatalk website.
Or is this percentage not something that has been looked at much?
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
bitpushr said:
- with the ads there is sometimes a delay of up to 15s for a 'full' page load. Those external assets are mainly out of our control and can be removed by purchasing XDA ad free.
Click to expand...
Click to collapse
So unless we buy ad free, long load times are a thing..
Yeah but I have Ublock installed, so ad shouldn't be an issue then. Still slow
Related
Hi!
I'm no developer, but wanna help all the good folks here at the forums. So I decided to set up a torrent tracker for all of you. Most developers are sharing their files via cyberlockers (like MediaFire, etc...) which is not really an option for some people. I thought a torrent tracker would be much easier and more efficient way for distributing the files (like ROMs, Themes).
Here is the link for the tracker: http://619media.hu/xdadev/
If you want to upload a file PM me for username and password.
Announce URL if you create a torrent file: http://619media.hu/xdadev/announce.php
I've uploaded zdzihu's xRecovery for the X10 as a test. If there are any problems, you can't download, etc. please PM me. I know, there will be some problems at the beginning, but I hope we can make it work.
Cheers,
DRuNKeN MaSTeR
@MODs: if this is not the appropriate forum for this thread please feel free to move it. Also, if the tracker conflicts with your rules, contact me.
That is a GREAT idea, does it happen to support HTTP seeding also? Because in addition to this it would also be awesome to have a kinda standard drop box that isnt like the other file dumpsters.
Hi!
Yup, supports HTTP seeding Currently only 5 simultaneous uploads with 100KB/s each, but I can take it higher if this catches on.
EDIT: RT supports 2 types of HTTP seeding:
- "Use BitTornado HTTP seeding specification: Relative location of file or directory, e.g. ../../files/file.zip" -> I can give limited space on my server for this type (about 30-40GB).
- "Use GetRight HTTP seeding specification: FTP/HTTP URL of file or directory, e.g. http://yourwebsite.com/file.zip" -> this everybody can use.
Bump! Nobody interested?
This is a GREAT idea!
You should discreetly pm some developers, as they probably haven't seen the thread
I'm with this. Just hang in there till word gets around about it. You've built it, now they will come
Of 'course people are interested. YOU DA MAN!
No Sieriously - Thanks so much.
thumbs up
Great idea
any torrent i create i just copy and paste a list of about 30 known working trackers into the settings of create torrent, works like a charm, no password bull, create & start seeding, put the .torrent up on forum or PM out... dont know why this would be needed....
http://inferno.demonoid.com:3416/announce
http://tracker2.istole.it:6969/announce
http://www.h33t.com:3310/announce
http://tracker.istole.it:80/announce
http://exodus.1337x.org/announce
http://nemesis.1337x.org/announce
http://genesis.1337x.org:1337/announce
http://tracker.publicbt.com/announce
http://tracker.openbittorrent.com/announce
http://tracker.torrentbay.to:6969/announce
http://cpleft.com:2710/announce
http://h33t.com:3310/announce
http://papaja.v2v.cc:6970/announce
http://tracker.desi6.com:7979/3paz2gybgymgo6aub7e9d3u15784ubfx/announce
http://tracker.packy.se:2710/announce
http://dttracker.debian.net:6969/announce
http://tracker.torrent.to:2710/announce
http://tracker.bitreactor.to:2710/announce
http://tracker.ccc.de/announce
http://umunu.com:1984/announce
http://opentracker.umunu.com:80/announce
http://p2p.lineage2.com.cn:6969/announce
http://PhoenixRG.no-ip.org:2710/announce
http://gdbt.3322.org:6969/announce
http://star-tw.no-ip.org/announce.php
http://exodus.desync.com:6969/announce
http://222.171.190.184:7000/announce
http://scene-project.com/announce.php
Click to expand...
Click to collapse
Really cool idea. Will use it for my firmwares.
This is a great idea
This is a bloody good idea! I wish more of the ROM dev's would use it.
Eh not being a negative nancy but I thought mods already decided against using torrents for roms there's a thread in the about xda section for it
Sent from my SCH-I400 using XDA App
Bierce22 said:
Eh not being a negative nancy but I thought mods already decided against using torrents for roms there's a thread in the about xda section for it
Click to expand...
Click to collapse
Torrents have a bad rap because of their association with...unsavory material, but the torrent protocol itself is actually a very efficient way of distributing large files to large numbers of people. Just look at big linux distro releases, ubuntu especially. It is simply a data transmission technology just like email, FTP, or HTTP in that they can be used to transfer files.
I for one would love to donate some of my bandwidth and seed things for XDA, at the very least everything I download and use if not setting up a seedbox.
Hopefully XDA seriously considers embracing torrents and encourages devs to upload to and users to seed on the official tracker in addition to the current methods (for n00bs or those who don't want to set up a torrent client). I'm sure everyone would appreciate not having to negotiate the megaupload-style sites with ads (and what about their uploaded content licensing?) only to get throttled bandwidth.
Sorry to say but the link to dl the app/prog is broken? Cheers
THis thread is 3 years old. XDA has it's own use of torrents through the DevDB projects.
ad4.netshelter.net
Takes forever to load, and no XDA content loads while waiting.
This is poor web design.
Please revise XDA so that site content loads BEFORE advertiser content.
MintJulep said:
ad4.netshelter.net
Takes forever to load, and no XDA content loads while waiting.
This is poor web design.
Please revise XDA so that site content loads BEFORE advertiser content.
Click to expand...
Click to collapse
Are there any ads in particular that are taking a particularly long time to load? Please provide a screenshot if so. We hate ads that slow down the site too!
Theres a lot more flash that usual. Small price to pay, I figure. Im not exactly on the top donations list. Quality versus quantity is the point, I think.
No specific ads
The XDA page header loads.
Then beige nothingness for about 30 seconds or so while "connecting to ad4.netshelter.net".
I assume something eventually times out, and the rest of the page loads.
MintJulep said:
The XDA page header loads.
Then beige nothingness for about 30 seconds or so while "connecting to ad4.netshelter.net".
I assume something eventually times out, and the rest of the page loads.
Click to expand...
Click to collapse
Thirty seconds is very long! Where are you located? Also, please benchmark your bandwidth at speedtest.net and paste the graphic result here.
I'm also experiencing this! I'm located in the Netherlands with Ziggo as provider. Sometimes about 30 seconds is correct. I'm also getting this a lot with media.xda-developers.com and pubads.g.doubleclick.net.
This is not always the case btw. Also it's not my internet connection because every other site loads just fine. Also the connection is 120/10 Mbit.
I'm using an Android tablet to access the forums and the Best Buy adds are making the site extremely annoying to use. I have to click on the add since I don't have flash automatically loading them, then I have to click on the "x" to close the add. It didn't use to be this bad but now it is happening on almost every page.
Yeah, Im getting tired of the ads all over the site. I am REEEEEAAALLLYY tired of the ones that are popping up from the bottom and block the forum until I click on the X to close. Now some dont even have that close option.
Right now its that stupid best buy buy back program ad.
As a donator I think they really need to go XDA.
You can disable the shockwave flash object in your internet settings, but then you still have this stupid box with a red X that floats around the middle of the page because it cant load.
If the mods need it, here is the (shortened) link for that ad....http://dcom.me/cD9wm
We hear you guys and are working on getting the annoying Best Buy ads disabled. It's a constant battle between paying the bills and not annoying users. We do our best to err on the side of not annoying the users, but sometimes we make mistakes. Thanks for understanding.
I don't mind ads, but the best buy ad at the bottom of the page is horrible. It actually keeps the area at the bottom of the screen from being "clickable", even when you close the ad.
skullvet said:
I don't mind ads, but the best buy ad at the bottom of the page is horrible. It actually keeps the area at the bottom of the screen from being "clickable", even when you close the ad.
Click to expand...
Click to collapse
+1
I understand the ads, and I'll click on them every once and awhile to help out, but that best buy one is very aggravating.
i agree with this! i feel as if we could make the ads on this site load alot more conveniently.
I notice that the Best Buy ad at the bottom is gone, thank you!
I don't mind the ads but that Best Buy ad was seriously driving me insane! lol Thank you!
Best Buy ad should be officially removed. Let me know if it anyone sees it.
Thx!
svetius said:
Best Buy ad should be officially removed. Let me know if it anyone sees it.
Thx!
Click to expand...
Click to collapse
Thank you very much. I understand the adds, you have to make money. That add at the bottom made it to hard to use the site, and i actually installed an adblocker just for it today. Now i have disabled it.
svetius said:
Best Buy ad should be officially removed. Let me know if it anyone sees it.
Thx!
Click to expand...
Click to collapse
Thank you very much! All is well again.
A prime example of the damage that one bad ad and/or one slow ad delivery server can cause. I wonder how many people downloaded AdFree or AdBlock Plus or added a line into their hosts file tonight all because of a lousy Best Buy ad and a slow server halting progress on the page.
Is there any procedure in place for vetting new ads before they are served to this site? I get that the idea of an ad server is to exist in the background so that publishers can focus on the content, but is there any way to specify formats, types, and other parameters of the ads served here? If NetShelter was serving that Best Buy ad to all its tech publishers, there were probably a lot of pissed off users tonight across the network.
ZachPA said:
A prime example of the damage that one bad ad and/or one slow ad delivery server can cause. I wonder how many people downloaded AdFree or AdBlock Plus or added a line into their hosts file tonight all because of a lousy Best Buy ad and a slow server halting progress on the page.
Is there any procedure in place for vetting new ads before they are served to this site? I get that the idea of an ad server is to exist in the background so that publishers can focus on the content, but is there any way to specify formats, types, and other parameters of the ads served here? If NetShelter was serving that Best Buy ad to all its tech publishers, there were probably a lot of pissed off users tonight across the network.
Click to expand...
Click to collapse
Often it's hard to control the adverts you see on a site.
I use ad blockers on a number of sites, but more for giving me a "stripped down" experience on slow loading sites...
There is usually little control over what adverts you show, since it is the ad agency that does the placement of the adverts, and you use code that "includes" whatever advert they choose.
When it comes down to it, if needed, the code can simply be removed, which is what I believe was done in this case.
I have only worked with ad solutions that give me fixed control over the parameters and appearance of the adverts, so I don't know how this one worked.
I use AdBlock Plus and ad blocker add on for Firefox. They work great and block 99% of pop ups.
I tried to go into xda from a PC bookmark, and it redirects to a phishing page... I'm using a bookmark. Made by me at the real site.
I think its an error as it does not allow me to go through by any means.like going to xda and then click on forum...
Now I'm in tapatalk...
Sent from my XT862 using Tapatalk
Me too, no matter where I try to navigate I also get the phishing warning. Was able to get into this because I had this tab open.
gierso said:
I tried to go into xda from a PC bookmark, and it redirects to a phishing page... I'm using a bookmark. Made by me at the real site.
I think its an error as it does not allow me to go through by any means.like going to xda and then click on forum...
Now I'm in tapatalk...
Sent from my XT862 using Tapatalk
Click to expand...
Click to collapse
Thanks for your report, I´ll flag an Admin.
Same here - if I access the forum directly from certain machines (which are going through a proxy, if that helps):
http://forum.xda-developers.com/
by bookmark or typing it in, I get the phishing warning. If I click on the "real" forum link - I get the phishing warning again.
I was able to access this link directly via Google.
On Friday, I also got it if I tried to post - so hopefully this post actually gets posted. (Edit: At least posting is working from this machine again...)
It's working fine for me on OSX and Linux. Haven't had any issues.
More detail:
From Firefox on a Windows 7 machine with an undetermined proxy, I get the phishing warning when I attempt to access:
http://forum.xda-developers.com/
If I instead use:
http://forum.xda-developers.com/index.php
It works fine
Works fine in all situations when I'm at home
Entropy512 said:
More detail:
From Firefox on a Windows 7 machine with an undetermined proxy, I get the phishing warning when I attempt to access:
http://forum.xda-developers.com/
If I instead use:
http://forum.xda-developers.com/index.php
It works fine
Works fine in all situations when I'm at home
Click to expand...
Click to collapse
On the PC that gets the phishing warning, does it only do it on Firefox, or is it all browsers?
This is from our sysadmin:
For those of you who got the phishing page on Friday (27th), it was a configuration error. We apologize and it was corrected within a few hours of us finding out. One of our Senior Mods was also affected, due to being behind a corporate firewall.
@Entropy512, unfortunately we have had phishing attacks against our members from a domain similar to ours and they are using various proxies to proxy our site and evade our detection/blocks. I highly recommend you don't use a proxy when viewing XDA for the safety of your account.
For everyone else, please be aware that you are on *.xda-developers.com, not a domain similar to it. This is the only domain that the official XDA site is served from. There have been phishing attacks against us and our members and we're doing everything we can to mitigate this.
Hi - My internet browser is Firefox, and I have been using NoScript for years.
There is only one website that causes me constant problems when browsing: XDA Developers.
I use NoScript constantly with a lot of stuff disabled by default: Everything Facebook is always disabled, along with doubleclick and a bunch of other tracking websites.
With NoScript on, the XDA screen is constantly jumping around, with various websites constantly trying to refresh about twice a second. It is so jumpy with embedded websites continuously refreshing, that I can't even control NoScript well enough to enable whatever disabled website(s) are causing the problem.
I wouldn't be frustrated if this happened to me all the time, but XDA is the only website I see this problem on. I would expect a high-tech developer website like XDA to have less problems instead of more problems.
Sigh. I wish somebody at XDA could fix this.
¿GJ?
NoScript has a whitelist feature. If you don't want to use it, you can't expect it to be "fixed" (actually, modified to fit your needs would be a better choice of words) anytime soon, as the forums (and many other forums, in general) rely rather heavily on scripts.
I personally have XDA added to my whitelist.
As for the refreshes, did you make sure it's not another add-on that's conflicting? Start FF in safe mode and check if the issue persists.
Don't know if this helps, but I just tested XDA with NoScript without any issues.
That being said, a lot of features rely on JavaScript, so no guarantee what would happen if you only turned on some of them.
Huh.. I use NS on FF, and have seen no issues. To be sure it is NS, have you told it to temporarily allow all, and see if that fixes it? It could certainly be another issue..
What he could be speaking of is the portal constant refreshing (not on the forum), which also occurs on my differents computers with NS (with xda on whitelist).
For me, everytime I scroll on the portal main page, it refresh itself.
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
bitpushr said:
Don't know if this helps, but I just tested XDA with NoScript without any issues.
That being said, a lot of features rely on JavaScript, so no guarantee what would happen if you only turned on some of them.
Click to expand...
Click to collapse
Divine_Madcat said:
Huh.. I use NS on FF, and have seen no issues. To be sure it is NS, have you told it to temporarily allow all, and see if that fixes it? It could certainly be another issue..
Click to expand...
Click to collapse
Some forum features won't work: dropdown menus (e.g. "Go to Page" next to the page numbers, "Quick Links", "Rate thread") search boxes not being cleared automatically when you click them, username/device completion in search boxes or using the new mention feature, share buttons (they won't show how many times X got shared), etc. The WIYIWYG editor obviously doesn't work as well.
The portal's layout is a bit messed up, too.
It's all fixed by adding xda-developers.com to the whitelist. I think you both already have it added (I removed it for testing), which is what you're supposed to do for websites you trust anyway.
---------- Post added at 12:01 PM ---------- Previous post was at 11:53 AM ----------
¿GotJazz? said:
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
Click to expand...
Click to collapse
I would suggest using something that will block them on all websites, then. You can probably do it using NoScript's advanced filtering options, but I personally already use AdBlock Plus, and there's a neat list you can subscribe to that will block all those buttons. Get the "Annoyance Block List" from here.
¿GotJazz? said:
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
Click to expand...
Click to collapse
I have the opposite problem it seems, in that if I white-list the site then quite often one of the scripts goes haywire
and refreshes the page repeatedly for several refreshes or until the server complains with an error message about being overloaded.
It has been suggested to me that this may be a 2013 theme problem, so I'm trying the 2010 one for a few days to see if that fixes it.
Nameless One said:
I have the opposite problem it seems, in that if I white-list the site then quite often one of the scripts goes haywire
and refreshes the page repeatedly for several refreshes or until the server complains with an error message about being overloaded.
It has been suggested to me that this may be a 2013 theme problem, so I'm trying the 2010 one for a few days to see if that fixes it.
Click to expand...
Click to collapse
@Nameless One: Yes, I've been seeing the "Server Overloaded" error message as well. I wasn't sure if it was NoScript related, though I was beginning to suspect it. I would open the same XDA pages in IE or Chrome without any problem, but see the "Overloaded" error only with Firefox. Usually (but, not always), temporarily enabling all sites fixed that problem for me.
¿GJ?
I have the same constant refresh problem.
The site only works if I set noscript to allow everything globally or if I use IE (ouch).
It feels to me this site is overburdened with ad/tracking scripts and blocking them forces the site to break (admins anti block?).
I will try the 2010 theme idea and report back, also I do have the main domain whitelisted.
--edit--
2010 theme fixes it, so I guess a 2013 theme issue.
Yep - Dumped the 2013 Theme and went back to 2010 Theme.
Everything's groovy now.
¿GJ?
¿GotJazz? said:
Yep - Dumped the 2013 Theme and went back to 2010 Theme.
Everything's groovy now.
¿GJ?
Click to expand...
Click to collapse
2013 relies heavily on javascript so I imagine that is why you are having some issues. 2010 uses it much less but you may still see some issues relating to Javascript being blocked, such as menus not working and that sort of thing.
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
dstarfire said:
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
Click to expand...
Click to collapse
I'm curious what site it was listed on?
Just for anyone who is interested...
As soon as the severity of the flaw was clear, we began updating our machines. Some services use pre-built packages and others use custom-compiled software (using the flawed openssl version). We updated all of our services within 30 minutes or so.
The forum.xda-developers.com hostname uses a 3rd party service who was still vulnerable to heartbeat after we patched our internal services. We opened a ticket with them - I'm sure by that point they were aware of the issue and a fix was already in the works. About an hour after that they had patched their services.
This is definitely one of the worst security flaws in the history of the internet - you pretty much have to assume that any communications thought protected by https have been compromised unless there were other protections in addition to SSL.
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Isriam said:
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Click to expand...
Click to collapse
That list is old... see my statement above.
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Isriam said:
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Click to expand...
Click to collapse
Sure, but not too much I can do about old information.
The link loriam posted is the one I found xda mentioned on. However, before I posted, I also checked a live testing website that showed xda as safe.
If anybody is interested, the url for that site is filippo.io/Heartbleed/
Unless there is updated information that I was unable to see, your SSL certificate is showing as being from 7 months ago. Shouldn't it be updated since that was part of the information that was vulnerable to Heartbleed?
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
wto605 said:
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
Click to expand...
Click to collapse
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
bitpushr said:
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
Click to expand...
Click to collapse
I totally agree (and believe me I'm hating this crap as much as I'm sure you guys are)... I just wanted to make sure it was in progress as I'm waiting to change my password until then.
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Some progress in updating androids vulnerable openssl 1.0.1e ? Heartbleed is disabled (for me) but somehow i imagine unwanted changes like from apps etc
Sent from my GT-I9505 using xda app-developers app
GrammarNazi said:
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Click to expand...
Click to collapse
We would blow up all mobiles they own. Mwahahahah!
Sent from my HTC Explorer A310e using XDA Premium 4 mobile app
Our new SSL certificates are in place.
Glad to hear were safe. Maybe XDA should force all users to change their passwords?? In the security world it's just better off and safer to assume everything was compromised.
Sent from my Galaxy S4 using Tapatalk
bitpushr said:
Our new SSL certificates are in place.
Click to expand...
Click to collapse
Hi bitpushr,
How to use the secured connection when logging in and/or changing password in this forum? I haven't noticed any ssl connection when logging in and/or changing password from the control panel.
Online test for Heartbleed
There are sites that will test for it.