webdiplomacy.net

flash2015 wrote: ↑

Mon Mar 25, 2019 10:40 pm

Restitution wrote: ↑

Mon Mar 25, 2019 9:31 pm

Squigs44 wrote: ↑

Mon Mar 25, 2019 9:07 pm

Maybe don't mention the fact that you reuse your password on multiple sites on a public forum if you are so concerned about security.

But yes, let's encrypt our passwords.

Who on Earth doesn't do that?

Have you not heard of a password manager? If you are in the Apple ecosystem you get one built in (i.e. your Keychain). For other OS's there are many options but KeePass is what I use. And for goodness sake, make sure you have 2FA at least on your "core" email account (i.e. where any password resets are sent).

Password managers are a total pain in the butt.

And yeah obvi I have 2fa on everything I can.

Saying publicly that you use the same password on multiple services doesn't make you less secure in any measurable way, it just puts you in the same bucket as 95% of other people.

Restitution wrote: ↑

Mon Mar 25, 2019 8:36 pm

Who on Earth in 2019 can't spare cycles and bandwidth for https? WebDip isn't exactly a high-performance microservice.

I would much rather a guarantee that the password I use for a bunch of sites isn't being sent in plaintext.

Fine, so use https if you care. There's no need to force others to use it just because you want to. All I said was that making it automatically redirect should be the lowest possible priority. (Preferably never.)

It's not just CPU. I've always run a local proxy. Using http means all the static data is available on my local network, which is a huge speed increase. (I could make it a MITM proxy to make https able to be proxied too, but haven't bothered.)

If one of the ISPs between me and this site is snooping on my data, I have way more to worry about than them capturing my diplomacy maps.

Kremmen wrote: ↑

Tue Mar 26, 2019 4:35 am

Restitution wrote: ↑

Mon Mar 25, 2019 8:36 pm

Who on Earth in 2019 can't spare cycles and bandwidth for https? WebDip isn't exactly a high-performance microservice.

I would much rather a guarantee that the password I use for a bunch of sites isn't being sent in plaintext.

Fine, so use https if you care. There's no need to force others to use it just because you want to. All I said was that making it automatically redirect should be the lowest possible priority. (Preferably never.)

It's not just CPU. I've always run a local proxy. Using http means all the static data is available on my local network, which is a huge speed increase. (I could make it a MITM proxy to make https able to be proxied too, but haven't bothered.)

If one of the ISPs between me and this site is snooping on my data, I have way more to worry about than them capturing my diplomacy maps.

What static data are you talking about? Wouldn't your browser cache accomplish the exact same thing? Or have you disabled browser caching to "save CPU cycles" too?

Rather than catering the entire website to your personal attitudes about speed (?) and security, it seems much more reasonable to adopt secure defaults that benefit all users (including those uninformed about information security), and not just the single user that knowingly decides to forego conventional security practices in favor of the toy local proxy that he's too lazy to upgrade or properly maintain.

boater66 wrote: ↑

Tue Mar 26, 2019 6:54 am

What static data are you talking about? Wouldn't your browser cache accomplish the exact same thing? Or have you disabled browser caching to "save CPU cycles" too?

Rather than catering the entire website to your personal attitudes about speed (?) and security, it seems much more reasonable to adopt secure defaults that benefit all users (including those uninformed about information security), and not just the single user that knowingly decides to forego conventional security practices in favor of the toy local proxy that he's too lazy to upgrade or properly maintain.

Absolutely savage, I love it.

Really hope this guy isn't a web developer.

I'm at an old comrades retirement house in one of those fenced & gated mini suburbs & when Diplomacy got mentioned he 'fessed up to playing online .. in a game playing Germany & doing well, so I made him show it to me on his desktop PC/screen. The site (he thinks ..the blighter is deflecting.. ) is playdiplomacy.com & my opinion is that the colours were dull & difficult for me to "get a handle on" as regards differences between the nations & difficulty recognising turkish army Constantinople / thought it was a fleet as an example .. much inferior to what we have imho I'd better go

boater66 wrote: ↑

Tue Mar 26, 2019 6:54 am

Wouldn't your browser cache accomplish the exact same thing?

No, not really. Browsers tend to re-fetch files unnecessarily a great deal of the time. (esp. images, javascript, css) A proxy can be set to just serve those files to the client regardless of the expiry times set by the client or the particular web site.

Rather than catering the entire website to your personal attitudes about speed (?) and security, it seems much more reasonable to adopt secure defaults that benefit all users (including those uninformed about information security), and not just the single user that knowingly decides to forego conventional security practices in favor of the toy local proxy that he's too lazy to upgrade or properly maintain.

Wow. For someone who, from the previous paragraph, seems to have little knowledge of the subject, you certainly have strong opinions about it. (Trump supporter, eh?) Since when does speed not benefit all users? It's nice when users who understand what they are doing freedom of choice.

No idea why you're getting so cranky, nor why you are blathering on about my not upgrading or maintaining my software. No upgrades would make any difference to the issue. (Using a MITM proxy, in case it confused you, is not an upgrade. It's a way to totally circumvent all https security.)

Hi,

One more, simple, suggestion.

On the upcoming live games tab, the info about the map/rules is missing. You have to open the game to check about that. It would be a nice small improvement to have that info available on main page.

Kremmen wrote: ↑

Sat Mar 30, 2019 11:18 am

boater66 wrote: ↑

Tue Mar 26, 2019 6:54 am

Wouldn't your browser cache accomplish the exact same thing?

No, not really. Browsers tend to re-fetch files unnecessarily a great deal of the time. (esp. images, javascript, css) A proxy can be set to just serve those files to the client regardless of the expiry times set by the client or the particular web site.

Even if a browser does unnecessarily sent a request again, the browser will include the e-tag which will cause the server to respond with "304 Not Modified" without sending the file again.

Rather than catering the entire website to your personal attitudes about speed (?) and security, it seems much more reasonable to adopt secure defaults that benefit all users (including those uninformed about information security), and not just the single user that knowingly decides to forego conventional security practices in favor of the toy local proxy that he's too lazy to upgrade or properly maintain.

Wow. For someone who, from the previous paragraph, seems to have little knowledge of the subject, you certainly have strong opinions about it. (Trump supporter, eh?) Since when does speed not benefit all users? It's nice when users who understand what they are doing freedom of choice.

No idea why you're getting so cranky, nor why you are blathering on about my not upgrading or maintaining my software. No upgrades would make any difference to the issue. (Using a MITM proxy, in case it confused you, is not an upgrade. It's a way to totally circumvent all https security.)

You are worried about speed...of webdip? Seriously? Is your internet connection a 300 baud modem over a satellite link and your main computer the first Rasberry Pi??? You know that loading the webdip main page the first time is < 1MB even when loading fresh? This instantaneously loads for pretty much everyone.

It is utter insanity to use speed as an excuse for such an insecure setup. There are multiple reasons to use SSL apart from just snooping. As long as your computer is not compromised, SSL guarantees that you are actually talking to the site which you requested. SSL also protects you against a MITM changing the content on the fly, whether to inject extra cookies (e.g. Verizon), ads or malware. Encrypting everything also provides additional protection against your truly important stuff by hiding that in a sea of encrypted content.

Even a MITM proxy is not a reason NOT to use SSL. Create a server certificate for the MITM proxy and install it on all computers that will use the proxy. When each computer tries to communicate with any secure site it will use the MITM cert to connect to the proxy then the proxy will establish an SSL connection to the real site using the real server cert. This is what many companies do to monitor employee data usage (and why you should avoid using your Windows work computer for personal stuff even if you see that SSL is being used).

And finally you are fighting a losing battle against encrypting the web. More and more websites are https only. Even for hobbyist websites https is becoming trivial with free "Let's Encrypt" certs and a cron job to renew the cert. Also to use the more efficient HTTP 2 (based on Google SPDY) it is effectively mandatory to use SSL as no major browser supports HTTP 2 without SSL. HTTP 3 (based on Google QUIK) is specifically designed for SSL only (it combines the SSL setup with connection establishment and switches to UDP).

Anyway, the issue of automatic redirect has been open for a long time. Since I don't know when it will be fixed, I have added an issue for EFF's HTTPS everywhere plugin for webdiplomacy.net so that soon those that care about security can be automatically redirected to the secure connection.

Any easy way to do a search on what games two players have in common... and the outcome of those games... would be very valuable.

A way to write group messages to more than one ally at a time is an essential need.

eric.grinnell wrote: ↑

Sun Mar 31, 2019 9:39 pm

Any easy way to do a search on what games two players have in common... and the outcome of those games... would be very valuable.

We have that function now. Press "search" and use it:-)

I posted about this issue in feedback/bug reports, but maybe it belongs here.

The way the support move dropdown populates now it pulls from every possible convoy on the board. (When supporting a move into a coastal zone.) In the later game in the large variants, like World, this leads to a super-long list of possibilities. I don't know the best solution, but some way to narrow the list would be good.

The new colourful notification messages look horrible. Please change them back to normal.

Hello.
I'm not necessarily against colour-coding the notification messages but, could you please make them more discreet
Maybe it's because I haven't studied them enough (they hurt my eyes ) but, I don't understand their meaning.

My first dream feature would be a dedicated glossary page, complete with plain English definitions, especially for acronyms. Old timers on the site know the meanings but newbies and even folks who have been playing a while or two can get lost in the jargon.

Also, something has to be done about folks who join games and then the moment things go South stop turning in their moves. It dragggggs out games. Reliability ratings aren't enough. I would like some restrictions placed on folks whose reliability ratings dip below, say 60%. Public notification, italics, something to let us know that these guys are gonna take off.

The Central Scrutinizer wrote: ↑

Mon Apr 01, 2019 1:19 pm

My first dream feature would be a dedicated glossary page, complete with plain English definitions, especially for acronyms. Old timers on the site know the meanings but newbies and even folks who have been playing a while or two can get lost in the jargon.

Also, something has to be done about folks who join games and then the moment things go South stop turning in their moves. It dragggggs out games. Reliability ratings aren't enough. I would like some restrictions placed on folks whose reliability ratings dip below, say 60%. Public notification, italics, something to let us know that these guys are gonna take off.

Reliability Ratings should be enough if you create/join games with RR restrictions. That's what it's for.

The Central Scrutinizer wrote: ↑

Mon Apr 01, 2019 1:19 pm

My first dream feature would be a dedicated glossary page, complete with plain English definitions, especially for acronyms. Old timers on the site know the meanings but newbies and even folks who have been playing a while or two can get lost in the jargon.

That's a good idea. It's one I thought about pursuing ages ago, but never spent the time to actually do it. Time for that to change, I guess. Check out this thread

I would like to propose to change the color of Germany. I never really realized it, until I showed the game to my German friends and they all screamed: "What ?! you cannot seriously give that nazi brown to Germany, that so politically incorrect"
So for the one who like me until recently didn't know, this brown on the map was the nazi's color, starting with the brown shirts.
If Austria would be slightly more red, we could have an orange Germany we are in the 21st century, this connotation could be left behind.

0k0k0 wrote: ↑

Mon Apr 01, 2019 8:12 pm

I would like to propose to change the color of Germany. I never really realized it, until I showed the game to my German friends and they all screamed: "What ?! you cannot seriously give that nazi brown to Germany, that so politically incorrect"
So for the one who like me until recently didn't know, this brown on the map was the nazi's color, starting with the brown shirts.
If Austria would be slightly more red, we could have an orange Germany we are in the 21st century, this connotation could be left behind.

The game, however, is not set in the 21st century.

This really doesn't fit the look of the site.