Template talk:Dead link

Hi, I'm working on a script for (semi)automatic detection of dead links: [1].

There are still many issues to be solved, but it is already pretty confident at detecting 4xx errors which are being flagged with Template:Dead link. Other cases will definitely need human intervention, because the classification is not unambiguous (see [2]), so I'm wondering if we should create a new template or add an optional "status" parameter to Template:Dead link to indicate cases like SSL certificate verification error, connection refused, connection timeout, or the 5xx errors in general. I'm still figuring out how and when these should be marked, so any opinion would be appreciated.

-- Lahwaacz (talk) 16:27, 25 February 2020 (UTC)Reply[reply]

Awesome! Maybe we can add an "info" symbol like ⓘ (ⓘ) or ℹ️ (ℹ) to Template:Dead link's superscript, and report the error description in its 'title' attribute ("tooltip"). It's not mouseless-friendly though of course. -- Kynikos (talk) 15:41, 16 March 2020 (UTC)Reply[reply]

Would it be too weird if the "title" attribute is added directly to the <sup> tag? It is much easier to hover than a single character. See Template:Sandbox for example. -- Lahwaacz (talk) 10:27, 21 March 2020 (UTC)Reply[reply]

What about both adding "title" to the whole sup tag, but also put the info character in the text: my reasoning was that we should give some sort of a hint that there is some relevant "hidden" information in the template. -- Kynikos (talk) 11:34, 21 March 2020 (UTC)Reply[reply]

OK, like this? [3] -- Lahwaacz (talk) 12:38, 21 March 2020 (UTC)Reply[reply]

Yeah, it looks all right to me, an alternative could be to always show the status text, maybe like this^{dead link 2011-09-04
example error} but of course that increases the whole line height to further detriment of the reading experience. -- Kynikos (talk) 03:34, 22 March 2020 (UTC)Reply[reply]

I don't like the increased line height, but we can still change the display when there are actually some links showing the status. -- Lahwaacz (talk) 11:59, 23 March 2020 (UTC)Reply[reply]

My understanding is Template:Dead link does not attempt to define a dead link. It refers to Template:Dead link#See also -> W:link rot. Does an out of date SSL certificate, for example, fulfills W:link rot criteria? A Template:dead link can make readers completely avoid reading a site. I don't know if this is justified for an out of date SSL certificate. In addition, does

too excessive? Regid (talk) 13:09, 26 November 2023 (UTC)Reply[reply]

Many browsers won't let you open a page with an outdated SSL certificate. For the end user, this is almost the same result as the 404 error. — Lahwaacz (talk) 13:22, 26 November 2023 (UTC)Reply[reply]

For me, both firefox and chrome (actually, a chrome replacement but I doubt chrome behaves differently), displays a warning page. And let the user step back, or continue to eventually be able to open the page. That is a heavy share of the browsers out there, doesn't it? Regid (talk) 13:29, 26 November 2023 (UTC)Reply[reply]

HSTS prohibits the user from opening the page. openauthentication.org does not have HSTS, but many other websites do. Also, as it turns out, an expired certificate may indicate a mitm attack, so I think websites with expired certificates should be considered dead. -- andreymal (talk) 13:53, 26 November 2023 (UTC)Reply[reply]

The way I understand W:HSTS, it is initiated by the server. I don't know how many sites use it. The last sentence in the opening paragraph of W:HSTS mentions it as a track protocol, which does not sound nice to me. Though it could be I am thinking of the word track in a different meaning. I am also not sure I fully understand what does

The protection only applies after a user has visited the site at least once

means.

An expired certificate can imply a mitm attack. But it can also be due to lack of resources. One can wonder why standard specifications does not keep their certificate up to date. But one can also wonder if that makes their site contents not worth the reader time. It could be hacking standard specifications does not worth an attacker time. How many people would bother to grab a 1 cent coin when they see it on the sidewalk? How many people would notice that coin in the 1st place? There might be a matter of diversity. The mere fact of having many protocols in the wild protects us, in spite of https is an extension of http. I am not sure how many sites got hacked even though they were certified, and use SSL. In fact, there was even at least one certificate authority that got hacked. Regid (talk) 14:45, 26 November 2023 (UTC)Reply[reply]

If a site admin forgets to renew their SSL certificate, it is not a reason for exclusion. If they don't want their users to verify the SSL certificate, they should not serve the site via HTTPS at all. Otherwise, it is a security risk that is treated by everyone the same.

So what is it you want to happen for Template:Dead link?

— Lahwaacz (talk) 15:06, 26 November 2023 (UTC)Reply[reply]

Maybe a happy middle ground would be to alter the template to fully show the error inline, instead of a simple ⓘ that is easy to miss?

-- Erus Iluvatar (talk) 15:18, 26 November 2023 (UTC)Reply[reply]