Hey everyone! As has been requested a few times now, lifein19x19.com now supports HTTPS: https://lifein19x19.com.
What This Means
For the non-technically-inclined among us, this basically means that L19 is a little bit safer today than it was yesterday. HTTPS protects against a certain class of attacks that would theoretically allow a malicious network to intercept your L19 traffic (most importantly, your password). There's absolutely no reason to believe this kind of attack was ever used - it's just a best practice to avoid it.
How To use It
All you have to do to take advantage of this is to use https:// instead of http:// when you visit lifein19x19.com from now on, so please update your bookmarks
Once you do, you should see that comforting green lock: 
In order to make 100% sure that everything is working cleanly with HTTPS, I'm going to leave the site with HTTP still enabled for the next 7 days, during which time HTTPS is optional but I highly encourage everyone to try it out and test it. After the 7 days are up, assuming no unfixed issues arise, I'm going to make HTTPS the default and all the old http:// links will simply redirect to https://. This shouldn't require any change whatsoever to your browsing patterns, just carry on as you were before!
Known Issues
- During the beta, it will still be possible for someone on HTTP to upload an attachment to a post and embed it (through, say, [sgf] tags) using the http:// link they get by right-clicking on the attachment URL. If they do this, the embed will fail for HTTPS viewers, since the browser will see insecure content from the same domain as an HTTPS page, which is a no-no. Once the beta ends and everyone is on HTTPS this won't be possible anymore, but for the time being, if you're using HTTP, please make sure any embeds on the lifein19x19.com domain use HTTPS, even if you're not! (Note, this does not apply to embeds from other domains. Those will still work).
- On some pages, instead of the green lock, you may see a non-secure "information" bubble, which when clicked on shows something like this:
What this means is that someone in the thread has put in an image (using [img] tags) from another domain (not L19) with an http:// protocol. Theoretically this means that the hypothetical attacker might discover (and/or manipulate) that particular picture, but that's not a very realistic concern. All the rest of your traffic - including your passwords - are still being protected, and only the page with that image should have this issue. To mitigate this, please use https:// when linking to things outside of L19 whenever possible, unless the site you're linking to doesn't support HTTPS for some reason.
Other than that, everything should work exactly as well as it has before
In particular, I've gone over all old [sgf] embeds and ensured they are ported over to HTTPS so they should continue working. Please reply to this thread if you notice any issues!Cheers!
- The L19 Admin Team
... either way, they're fixed now! Thanks for the catches