OK! HTTPS is active on the Krystal Archive and all child sites. That only took all day! There were a ton of features and changes added. If all went well, you should not notice that much has even changed aside from the green lock in the address bar of your browser. Below, I go into the details. If something happens to go wrong with the Krystal Archive, and you can't seem to access it anymore, please visit the official Twitter or Gab.ai accounts for more information.
I mean... ok? Why should I care about this? What am I getting out of this? Excellent questions, let's talk about features...
- Identity - You can be certain that you are talking to the actual Krystal Archive, not some middleman or other nefarious entity. Since you guys have no accounts here (mostly), this is not a big deal usually. However, you can be sure you're sending your comments to the real Krystal Archive, and when you visit the site, you know you're visiting THE Krystal Archive.
- Security - Since you're communicating with the legit site, you can be pretty confident that some nefarious script isn't running on this page.
- Privacy - Someone watching the network may be able to see that you visited the Krystal Archive, but that's it. They can't see what pages on the site you visited or what you commented (directly anyway), even on the dreaded public wifi.
- Future Features - Browsers are getting serious about security. As a result, several features are now limited only to those websites that use HTTPS. Now that the site has HTTPS, the Krystal Archive can begin to take advantage of HTTP/2 (lower transfer sizes, faster page loads), Brotli compression (more performant compressor for quicker transfers) and Service Worker (make the site work offline, massive speed improvements).
- Small Improvements Everywhere - There are too many to get into here, but I added a ton of little changes here and there that will improve the security of the site in lots of ways. This should reduce the chance that the site can get hacked.
- Improved Search Rankings - Because HTTPS is important to the web, search engines like Google have begun giving preferential treatment to secure webpages.
That sounds great! But just how secure are we talking about here? I'm glad you asked...
- 'A+' Ranking at SSL Labs - SSL Labs tests both basic and complex security settings of the HTTPS connection. It even simulates several different kinds of attacks that attempt to steal data from the server. We got an A+. About as good as you can get.
- 'A' Ranking at SecurityHeaders.io - SecurityHeaders.io checks the response for secondary security problems related to how browsers might leak data unintentionally. We got an A, only missing one feature. This is a great score.
- '92/100' Ranking at HTTP Security Report - HTTP Security Report looks at some of the same things as above, plus some ways in which the content of the page itself can compromise security. We got a 92/100. This is a near perfect score.
Wait. Why didn't you get perfect scores on everything? Well, that's a bit technical...
- Using Public-Key-Pins requires I have a system in place so that the generated headers know which specific certificates are in use. Since Let's Encrypt certificates only last about 3 months, I'd have to hook up a complex system to automate the process of updating them. Plus, if I do it wrong, I can effectively prevent anyone from being able to access the Krystal Archive until they clear their browser cache (aka, apparent site death).
- HSTS Preload is a feature that tells the browser vendor that my site will always be HTTPS before you even attempt to go to the site. Again, if I do this wrong, it could break the site for a long time.
Cool! Did anything else change? Why yes...
- Reoptimized Content Loading - Due to some changes to the server a while back, the Krystal Archive was getting served with no compression OR caching (ouch!). This means that the page took longer to load and used more bandwidth than necessary, even if you had been to the page before. This has been fixed! On a standard Cable connection, a given page on the Krystal Archive will render in one second or less, except for external resources like YouTube videos.
- Windows XP Support Dropped - Because of the specific type of HTTPS certificates I'm using, Internet Explorer on Windows XP is no longer supported. That's ANY version of IE on XP. Not sure about the other browsers, though. This is not a big deal, since few people are still using that, but I thought I'd mention it.
- HTTPS Only - The Krystal Archive will now ONLY work over HTTPS. Go ahead, try and visit http://krystalarchive.com. It'll just bring you back to the secure version. Even your browser now knows this. Now that you've been here once, your browser will assume that it can only access the HTTPS version of this site (another small tweak).
- Some Content Changed - Because I have to add specific exceptions for things like Flash embeds, I actually removed some embeds from the site. There is still one left while I decide how I want to deal with it, but for now, you might notice that there is no longer a Flickr gallery embed a few posts down.
Wait, you said "child sites?" Yep! I added the security features to these too...
- Bit Fox Adventures: The Star Fox Microalbum
- Saurian Translator
- Is Krystal In Smash Yet?
- Star Fox Command: All the Words
- Yet Unnamed Star Fox Subdomain - Where I host some general Star Fox things.
That's great! What can I expect in the future? Come on! I'm tired! But ok, here's what is on the horizon...
- Once this HTTPS thing has had a chance to work for a while, I might add it to the HSTS Preload list. Just need to make sure the kinks are worked out first.
- HTTP/2 support will be added as soon as it becomes available to me as an option.
- The site needs a redesign. Part of that redesign will take advantage of these newer features, like the better compression and possibly even Service Worker for offline support.
One last thing. Is there anything I can do to help?
Sure! I'm on the lookout for any bugs or missing content. You can help by going through as many posts and pages of the site as you can, looking for things that seem to be broken or missing. If you are feeling adventurous, you can even open the inspector in your browser, and let me know about any unusual errors or warnings in the console as you visit different pages. Keep in mind that sometimes your browser extensions (like ad blockers) can generate errors that have nothing to do with my pages. Anyway, if you find anything, be sure to email me about it. I already found this problem page and am working on a solution, so don't tell me about this one. Other than that, go nuts!