Page 1 of 1

some regional lists still use http when https is available

Posted: Fri Jun 17, 2011 1:01 pm
by nitrox
In the known Adblock plus subscriptions page i noticed many regional lists use googlecode to host their subscriptions. Most of them still point to http version when googlecode supports https.
List of subscriptions
ABPinddo
ChinaList
Corset privacy
Corset
Iceland
Liste DZ
TamilFriends

Below is a patch to make the changes i told you

Code: Select all

diff -r 49a1d444cf72 -r 997911827137 ABPindo.subscription
--- a/ABPindo.subscription	Wed Jun 08 11:59:02 2011 +0000
+++ b/ABPindo.subscription	Fri Jun 17 11:46:13 2011 +0100
@@ -1,6 +1,6 @@
 type=ads
 languages=id
-list=http://indonesianadblockrules.googlecode.com/hg/subscriptions/abpindo.txt
+list=https://indonesianadblockrules.googlecode.com/hg/subscriptions/abpindo.txt
 
 supplements=EasyList
 variant=ABPindo+EasyList https://easylist-downloads.adblockplus.org/abpindo+easylist.txt [recommendation,complete]
diff -r 49a1d444cf72 -r 997911827137 ChinaList.subscription
--- a/ChinaList.subscription	Wed Jun 08 11:59:02 2011 +0000
+++ b/ChinaList.subscription	Fri Jun 17 11:46:13 2011 +0100
@@ -1,6 +1,6 @@
 type=ads
 languages=zh
-list=http://adblock-chinalist.googlecode.com/svn/trunk/adblock.txt
+list=https://adblock-chinalist.googlecode.com/svn/trunk/adblock.txt
 
 supplements=EasyList
 variant=ChinaList+EasyList https://easylist-downloads.adblockplus.org/chinalist+easylist.txt [recommendation,complete]
diff -r 49a1d444cf72 -r 997911827137 Corset Privacy.subscription
--- a/Corset Privacy.subscription	Wed Jun 08 11:59:02 2011 +0000
+++ b/Corset Privacy.subscription	Fri Jun 17 11:46:13 2011 +0100
@@ -1,6 +1,6 @@
 type=ads
 languages=ko
-list=http://abp-corset.googlecode.com/hg/corsetprivacy.txt
+list=https://abp-corset.googlecode.com/hg/corsetprivacy.txt
 
 supplements=Corset
 
diff -r 49a1d444cf72 -r 997911827137 Corset.subscription
--- a/Corset.subscription	Wed Jun 08 11:59:02 2011 +0000
+++ b/Corset.subscription	Fri Jun 17 11:46:13 2011 +0100
@@ -1,6 +1,6 @@
 type=ads
 languages=ko
-list=http://abp-corset.googlecode.com/hg/corset.txt
+list=https://abp-corset.googlecode.com/hg/corset.txt
 
 maintainer=Maybee
 email=Maybee <maybeecom@naver.com>
diff -r 49a1d444cf72 -r 997911827137 Iceland List.subscription
--- a/Iceland List.subscription	Wed Jun 08 11:59:02 2011 +0000
+++ b/Iceland List.subscription	Fri Jun 17 11:46:13 2011 +0100
@@ -1,6 +1,6 @@
 type=ads
 languages=is
-list=http://adblock-iceland.googlecode.com/files/icelandic%20filter.txt
+list=https://adblock-iceland.googlecode.com/files/icelandic%20filter.txt
 
 maintainer=snaevar87
 email=Hilmir Snævar Jóhannesson <snaevar87@gmail.com>
diff -r 49a1d444cf72 -r 997911827137 Liste DZ.subscription
--- a/Liste DZ.subscription	Wed Jun 08 11:59:02 2011 +0000
+++ b/Liste DZ.subscription	Fri Jun 17 11:46:13 2011 +0100
@@ -1,6 +1,6 @@
 type=ads
 languages=ar,fr
-list=http://adblock-plus-algerian-filter.googlecode.com/files/liste_dz.txt
+list=https://adblock-plus-algerian-filter.googlecode.com/files/liste_dz.txt
 
 supplements=EasyList
 
diff -r 49a1d444cf72 -r 997911827137 TamilFriends List.subscription
--- a/TamilFriends List.subscription	Wed Jun 08 11:59:02 2011 +0000
+++ b/TamilFriends List.subscription	Fri Jun 17 11:46:13 2011 +0100
@@ -1,6 +1,6 @@
 type=ads
 languages=ta
-list=http://tamilfriends-list.googlecode.com/svn/adblock.txt
+list=https://tamilfriends-list.googlecode.com/svn/adblock.txt
 
 supplements=EasyList
The 64th line in redirect file (the one in subscriptionslist repository)

Code: Select all

http://\\denis-ovs.narod.ru/adblock.txt
the \\ after http:// doesn't sound right to me.

Re: some regional lists still use http when https is available

Posted: Fri Jun 17, 2011 5:05 pm
by Michael
We are planning to sort out the list of subscriptions shortly by writing and enforcing some basic standards that authors must abide by - there are many more issues with some filter lists than their lack of secure connections. In the meantime, I would prefer not to update information subscriptions without the consent of their authors. If we were to encourage the use of https wherever available we should also recommend that subscription authors redirect users to secure versions of the lists.

The list of redirects refers to incorrect addresses that people have attempted to access to view a particular subscription. I can only assume that http://\\denis-ovs.narod.ru/adblock.txt once the product of a common error when typing the address of RU AdList. The only addresses that must be valid are those in square brackets - these are the ones to which users are redirected.

Re: some regional lists still use http when https is available

Posted: Sat Jun 18, 2011 12:34 pm
by fanboy
Enforcing SSL? Some authors haven't got decent hosting. Whats the issue with non-ssl? apart from small amount of people with firewall issues when updating the list?

What other basic standards are being talked about? And shouldn't this be something we all talk about/agree with?

Re: some regional lists still use http when https is available

Posted: Sat Jun 18, 2011 1:55 pm
by anonymous74100
fanboy wrote:small amount of people with firewall issues
What exactly are those firewall issues :?:
Have those issues actually been proven or is it just a myth :?:

Re: some regional lists still use http when https is available

Posted: Sat Jun 18, 2011 2:19 pm
by fanboy
I haven't seen any issues with http personally.. https/ssl saps cpu, so unless you get a dedicated host who doesn't mind you whoring there cpu cycles..,and completely trusting https from googlecode/bitbucket/gitorious isn't the best approach either.

I was warned by Wladamir a few years ago that some dodgy firewalls (software I'm guessing) filter http but not https, but haven't seen this issue in action.. really should be less and less of an issue as firewall software improves over time.

Re: some regional lists still use http when https is available

Posted: Sat Jun 18, 2011 2:20 pm
by Michael
fanboy wrote:Enforcing SSL?
I was only proposing that this might be a guideline where the option is available, such as from Google Code.
fanboy wrote:What other basic standards are being talked about?
There haven't been any discussions specifically about subscription standards yet, although Ares2 has private messaged me the dates that filter lists were last updated, which is rather revealing. Wladimir intends to open a topic about subscription standards in the near future.

Re: some regional lists still use http when https is available

Posted: Sat Jun 18, 2011 2:25 pm
by Hubird
fanboy wrote:Enforcing SSL? Some authors haven't got decent hosting. Whats the issue with non-ssl? apart from small amount of people with firewall issues when updating the list?

What other basic standards are being talked about? And shouldn't this be something we all talk about/agree with?
I find myself wondering the same things as fanboy.

If too many arbitrary rules are created you risk pushing contributors away.

Re: some regional lists still use http when https is available

Posted: Sat Jun 18, 2011 2:27 pm
by anonymous74100
Michael wrote:the dates that filter lists were last updated
Are you talking about removing subscriptions that haven't been updated in a long time or standardizing the date format used in subscriptions.

Re: some regional lists still use http when https is available

Posted: Sat Jun 18, 2011 6:08 pm
by Michael
Hubird wrote:If too many arbitrary rules are created you risk pushing contributors away.
Equally, if no rules are enforced we would suggest substandard subscriptions. Besides, the rules are hardly going to be arbitrary; rather, it is intended that they should express basic commitments, such as updating the filter lists regularly and using reasonably efficient rules. I do not propose mandating that all subscriptions must serve their files over a secure connection.
anonymous74100 wrote:Are you talking about removing subscriptions that haven't been updated in a long time or standardizing the date format used in subscriptions.
I was talking about removing subscriptions that haven't been updated in a long time. Current policy is to remove filter lists that have not been updated for months if no response is received from the project after an e-mail, although we would prefer to formally inform authors of this process.