Moodle community sites

 
 
Picture of Visvanath Ratnaweera
Tracker shifted to https orphaning http links?
Group Particularly helpful Moodlers
I started getting tons of "service unavailble" in the tracker. Could that be caused
by a shift to https without chaning the old links to https? Example https://tracker.moodle.org/browse/MDL-34252.

 
Average of ratings:Useful (1)
Mary Cooch
Re: Tracker shifted to https orphaning http links?
Group Documentation writersGroup Moodle Course Creator Certificate holdersGroup Moodle HQGroup Particularly helpful MoodlersGroup TestersGroup Translators

Visvanathsmile I think you might be onto something there!

 
Average of ratings: -
Picture of Robert Brenstein
Re: Tracker shifted to https orphaning http links?
Group Particularly helpful Moodlers
I would venture that it might be easier to set up a redirection for http calls.
 
Average of ratings: -
Picture of Helen Foster
Re: Tracker shifted to https orphaning http links?
Group DevelopersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Testers

Thanks Visvanath, I have created an issue for it: MDLSITE-2066.

 
Average of ratings: -
Picture of Visvanath Ratnaweera
Re: Tracker shifted to https orphaning http links?
Group Particularly helpful Moodlers
I was mislead first by the full error messages "The site is either down or undergoing maintenance" (from memory) which reminded me of the "wrong internet". In fact, I wondered into the wrong internet and saw (heard?) "tweets" like those in the attachment. (Sorry for the tiny pic, the 50 kB limit forced me to scale the pic a couple of times. The third message says, "Oh no, tracker.moodle.org is down".)
;-(

Once I got "JIRA startup failed" and intermittently some tracker items appeared I looked carefully.

Before talking of solutions my dumb question is, what is the purpose of "secure" connections to a public site? OK, credentials of the developers should not be compromised, but then you can have HTTPS for logins. There is no chance of sabotaging the code because it is in git.moodle.org. Even without that thanks to the distributed model there is no central code base to attack! (Remember the lessen learned in kernel.org?)

I had the same thought when moodle.org went HTTPS. I don't want to ignite a big security discussion. None of my business anyway, but (for me) there is alway something to learn.

 
Average of ratings: -
Walking on the snow towards Lago Nero...
Re: Tracker shifted to https orphaning http links?
Group DevelopersGroup Particularly helpful Moodlers

Hi All,
AFAIK Tracker has been update to the major version, 4 > 5: quick evidence from the (new) layout and from the footer (v5.2.2).

Probably a required (and planned) step in the HQ Tools roadmap, even for https://tracker.moodle.org/browse/MDLSITE-1201?focusedCommentId=186358&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-186358.

Matteo

 
Average of ratings: -
Picture of Matthew Spurrier
Re: Tracker shifted to https orphaning http links?
Group Moodle HQGroup Particularly helpful Moodlers

As per my comment on the tracker ticket, I have now setup http to https rewrites. Tracker was upgraded recently, and had a couple of config issues which should now hopefully be resolved.

- Matt

 
Average of ratings:Useful (1)
Mary Cooch
Re: Tracker shifted to https orphaning http links?
Group Documentation writersGroup Moodle Course Creator Certificate holdersGroup Moodle HQGroup Particularly helpful MoodlersGroup TestersGroup Translators

Thanks very much for this - will this also fix this error message I am seeing with the activity stream?

 
Average of ratings: -
Dan at desk in Moodle HQ, Perth
Re: Tracker shifted to https orphaning http links?
Group DevelopersGroup Moodle Course Creator Certificate holdersGroup Moodle HQGroup Particularly helpful MoodlersGroup Testers

(Don't want to drift off topic, but..)

Before talking of solutions my dumb question is, what is the purpose of "secure" connections to a public site? OK, credentials of the developers should not be compromised, but then you can have HTTPS for logins

That doesn't prevent session hijacking. Not to say that this is keeping me awake a night, but if you are going to do SSL then you may as well do it properly.

There are some aspects of the tracker which are not public. e.g discussing Moodle security issues before they are fixed. So I wouldn't necessarily agree with your summation of it being a public site.

And, why not? HTTPS does prevent intermediate proxies from caching resources and people like to talk about the CPU overhead of decrypting communications, but in todays world I do not think these are top of performance problems. Which is why Google, Facebook, GMail etc now use SSL by default.

 
Average of ratings:Useful (1)
Picture of Visvanath Ratnaweera
Re: Tracker shifted to https orphaning http links?
Group Particularly helpful Moodlers
[sarcasm on]
High security
That is one great thing about security. You can't enter your own house, but you are grateful that your secrets are safe too. https://tracker.moodle.org/browse/MDLSITE-1812.
[sarcasm off]
 
Average of ratings: -