Website encryption?
Website encryption?
I get a warning similar to this in the address bar:
Warning: this website does not support encryption for the page you are viewing.
This is on both the laptop with firefox (60.0.2, updated this month), and on the phone with whatever internet app is on it. Anyone else?
Warning: this website does not support encryption for the page you are viewing.
This is on both the laptop with firefox (60.0.2, updated this month), and on the phone with whatever internet app is on it. Anyone else?
At a guess, Firefox have started doing something similar to Chrome where a site with what it assumes is a login form (i.e. fields marked username/password or similar) is flagged as not secure if it isn't using https. Chrome isn't particularly in-your-face about it, whereas it sounds as if Mozilla are being a bit more histrionic.
There's far more chance that someone with physical access to a device you're using will retrieve the browser cookie, which is sufficient to authenticate, and most workplaces and public access points MITM tamper with https traffic so they can filter it, so whilst it's with good intentions the protection is rather circumscribed.
Certificates aren't all they're cracked up to be either;
https://arstechnica.com/information-tec ... tps-certs/
I looked at https://letsencrypt.org/ for my own site, but it's not particularly straightforward unless a host has the control panel integration (and hosts are generally resellers for paid certificate providers).
TL;DR it's probably not going to change any time soon. And I think realistically this place is on a wind down -- I'll get the forum onto a version that supports PHP7 when I can make time, but I think it's past major changes.
On a complete tangent, last I noticed Mozilla had decided they wanted to hemorrhage users by breaking extensions like DownThemAll and refusing to modify their API.
edit:
Some interesting discussion on the http/https thing --
https://tech.slashdot.org/story/18/06/3 ... -misguided
There's far more chance that someone with physical access to a device you're using will retrieve the browser cookie, which is sufficient to authenticate, and most workplaces and public access points MITM tamper with https traffic so they can filter it, so whilst it's with good intentions the protection is rather circumscribed.
Certificates aren't all they're cracked up to be either;
https://arstechnica.com/information-tec ... tps-certs/
I looked at https://letsencrypt.org/ for my own site, but it's not particularly straightforward unless a host has the control panel integration (and hosts are generally resellers for paid certificate providers).
TL;DR it's probably not going to change any time soon. And I think realistically this place is on a wind down -- I'll get the forum onto a version that supports PHP7 when I can make time, but I think it's past major changes.
On a complete tangent, last I noticed Mozilla had decided they wanted to hemorrhage users by breaking extensions like DownThemAll and refusing to modify their API.
edit:
Some interesting discussion on the http/https thing --
https://tech.slashdot.org/story/18/06/3 ... -misguided
Thanks.
Yeah, but I don't want to give up on the place. I know there're other forums/communities, but it's the people here I like.Denyer wrote:TL;DR it's probably not going to change any time soon. And I think realistically this place is on a wind down -- I'll get the forum onto a version that supports PHP7 when I can make time, but I think it's past major changes.
- TFArchive
- Posts: 358
- Joined: Sat Jan 19, 2002 12:58 am
- Custom Title: King Lurker
- Location: Ottawa, Ontario
- Contact:
Hey Guys,
I am forever grateful to you for keeping this place alive even though I've basically not had anything to do with it for 10 years now.
The site is so cheap to maintain these days that I will likely keep it online as long as possible, but I don't fault anyone for moving on after so many years.
I'm more than happy to get a cert for the site to ensure browsers don't block us in the future. I would suggest we do some upgrades before in case there are issues with certs in our ancient version of the software (OS and forum).
As you know, I'm way out of practice on updating the forum software, especially with the modifications we use but I'm more than willing to help out where possible. The site if backed up every morning at 4 AM eastern so if something breaks we can roll back to the previous day and if an mysqldump is taken we wouldn't lose any forum posts.
Thanks again.
I am forever grateful to you for keeping this place alive even though I've basically not had anything to do with it for 10 years now.
The site is so cheap to maintain these days that I will likely keep it online as long as possible, but I don't fault anyone for moving on after so many years.
I'm more than happy to get a cert for the site to ensure browsers don't block us in the future. I would suggest we do some upgrades before in case there are issues with certs in our ancient version of the software (OS and forum).
As you know, I'm way out of practice on updating the forum software, especially with the modifications we use but I'm more than willing to help out where possible. The site if backed up every morning at 4 AM eastern so if something breaks we can roll back to the previous day and if an mysqldump is taken we wouldn't lose any forum posts.
Thanks again.
- Brendocon 2.0
- Posts: 1545
- Joined: Fri Feb 28, 2014 9:06 pm
- Location: UK
- StoneCold Skywarp
- Posts: 6300
- Joined: Sat Sep 16, 2000 4:00 am
- Custom Title: Best Served Chilled
- Location: UK
As always, huge thanks to you for keeping the place a going concern for this long, it's still a very regular visit and place to keep up with people although life's caught up with most of us time-wise (mostly trying to renovate a house, personally).TFArchive wrote:Hey Guys,
I am forever grateful to you for keeping this place alive even though I've basically not had anything to do with it for 10 years now.
The site is so cheap to maintain these days that I will likely keep it online as long as possible, but I don't fault anyone for moving on after so many years.
I'm more than happy to get a cert for the site to ensure browsers don't block us in the future. I would suggest we do some upgrades before in case there are issues with certs in our ancient version of the software (OS and forum).
As you know, I'm way out of practice on updating the forum software, especially with the modifications we use but I'm more than willing to help out where possible. The site if backed up every morning at 4 AM eastern so if something breaks we can roll back to the previous day and if an mysqldump is taken we wouldn't lose any forum posts.
Thanks again.
If it's practical the free Let's Encrypt Certbot route is the way I'd go and on this kind of hosting it probably is. (Is this still a RH-type distro?)
Fingers crossed the forum on current branch shouldn't be too tricky -- the maintainers seem to have recognised that this major version is still widespread, particularly amongst what's left of the vbulletin.org modding community (there's been some kind of major parting of the ways with the owners and the people who were helming the latter though).
Will try to get it done sooner rather than later to give time to sort out OS/package upgrades.
- TFArchive
- Posts: 358
- Joined: Sat Jan 19, 2002 12:58 am
- Custom Title: King Lurker
- Location: Ottawa, Ontario
- Contact:
Re: Website encryption?
I have applied a cert and enabled https redirection. You might need to close and re-open your tab.
Please let me know if you find any issues.
Thanks
Please let me know if you find any issues.
Thanks
Re: Website encryption?
I've mentioned the certificate expiring to B, don't think I've got access at the moment to the account needed to fix it.
edit: I can turn off the auto-redirection from http to https though. Visitors using Chrome/Chromium/etc may want to hit Ctrl+Shift+R to fully refresh the page once they've made sure they're using http.
edit: I can turn off the auto-redirection from http to https though. Visitors using Chrome/Chromium/etc may want to hit Ctrl+Shift+R to fully refresh the page once they've made sure they're using http.
- TFArchive
- Posts: 358
- Joined: Sat Jan 19, 2002 12:58 am
- Custom Title: King Lurker
- Location: Ottawa, Ontario
- Contact:
Re: Website encryption?
Sorry about that, I never got an e-mail that it was expiring. It is renewed now until October.
Re: Website encryption?
Cheers. Does the automation cause issues with other things? I think the current version of certbot creates jobs unless told not to (and that's all my host does, AFAIK).
- TFArchive
- Posts: 358
- Joined: Sat Jan 19, 2002 12:58 am
- Custom Title: King Lurker
- Location: Ottawa, Ontario
- Contact:
Re: Website encryption?
I will look at enabling certbot or other automation. Thanks