DaemonForums  

Go Back   DaemonForums > Miscellaneous > Off-Topic

Off-Topic Everything else.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th July 2017
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
Package Pilot
 
Join Date: Sep 2008
Location: B.C., Canada
Posts: 188
Default DaemonForums and https?

I would like to start this post out by stating that I am a long time, happy member of DaemonForums. This website has helped me many times with valuable information and very knowledgeable members. This website is my go to place if I am stuck with a BSD issue.
I have a question. When I log-in here I get warnings about insecure log-ins. Is there a possibility of our forum moving to https? If not, is this a costly move?
Thanks for any and all replies.
__________________
hitest
Reply With Quote
  #2   (View Single Post)  
Old 29th July 2017
GarryR's Avatar
GarryR GarryR is offline
Real Name: Garry Ricketson
Package Pilot
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 190
Default

Actually, the certificates to make it "https" are available for free, no cost.
However I have mixed feelings, about "https", and just because it
say"https", and has the little green thing saying it is secure does not mean
it really is secure at all, so in my opinion it is pointless.
https://perezbox.com/2015/07/https-d...-your-website/
Another:
https://www.sott.net/article/275524-...e-as-you-think
and
https://www.wordfence.com/blog/2017/...code-phishing/

All though the certificates can be gotten for free, actually installing them and
getting the site to work after words is not so easy or simple, at least to me.
I don't know how the admins of this site feel about it, or what reasons they
have for not using it. I don't mind, in fact I prefer just http, for this type of site.
I have seen this topic / discussion pop up on some other forums
that don't use https, ....
__________________
My best friends are parrots

Last edited by GarryR; 29th July 2017 at 09:35 PM. Reason: extra comment
Reply With Quote
  #3   (View Single Post)  
Old 30th July 2017
ibara's Avatar
ibara ibara is online now
WR Slowest SNOBOL4 laptop
 
Join Date: Jan 2014
Posts: 514
Default

I think it's a good idea to move to https.
Less about the password thing (tbh, I'd be much more worried about security flaws in vBulletin being exploited), and more about the fact that Google's algorithm is going to (if it hasn't already) punish non-https sites by demoting them in the rankings. I'd prefer this site not get punished.
Reply With Quote
  #4   (View Single Post)  
Old 30th July 2017
GarryR's Avatar
GarryR GarryR is offline
Real Name: Garry Ricketson
Package Pilot
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 190
Default

Quote:
Google's algorithm is going to (if it hasn't already) punish non-https sites by demoting them in the rankings. I'd prefer this site not get punished.
That by it's self is a good reason to use https, and it does appear the "algorithm" has started/is doing that.
I have noticed a change, when I search, (usually I use "startpage"), any way when I
search, IE: How to do " this or that " on OpenBsd (or other OS) " The results used to
point to either this forum, for OpenBsd, or the same , a forum for the "OtherOS',...
Lately most of the results, if not all point toward other sites, all of which are "https".
and the "http" sites do not show, or are at the bottom,..
The only time the http sites show is when there is nothing on "other https" sites.
A little over a year ago, this was not the case.
So any way, I do think it would be a good thing for this site to use https, and it would be a help to any one just starting to use a BSD. That is to say , when I first started with Open Bsd, and also was looking at the others,NetBsd,FreeBsd, etc,...this site was right there at the top of the results, so it was easy for me to find. Now that I know about it, no big deal, but some one "new" recent, will not see this site when the do a search, ...
__________________
My best friends are parrots
Reply With Quote
  #5   (View Single Post)  
Old 4th August 2017
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
Package Pilot
 
Join Date: Sep 2008
Location: B.C., Canada
Posts: 188
Default

Quote:
Originally Posted by ibara View Post
I think it's a good idea to move to https.
Less about the password thing (tbh, I'd be much more worried about security flaws in vBulletin being exploited), and more about the fact that Google's algorithm is going to (if it hasn't already) punish non-https sites by demoting them in the rankings. I'd prefer this site not get punished.
Thanks for the heads-up about Google punishing non-https sites like ours. Is there a possibility that we will be moving to https?
__________________
hitest
Reply With Quote
  #6   (View Single Post)  
Old 5th August 2017
ibara's Avatar
ibara ibara is online now
WR Slowest SNOBOL4 laptop
 
Join Date: Jan 2014
Posts: 514
Default

The only ones who can decide that is the moderating team. And I respect their time and efforts to not pester them. If and when they want to do it, they'll do it.
Reply With Quote
  #7   (View Single Post)  
Old 5th August 2017
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
Package Pilot
 
Join Date: Sep 2008
Location: B.C., Canada
Posts: 188
Default

Quote:
Originally Posted by ibara View Post
The only ones who can decide that is the moderating team. And I respect their time and efforts to not pester them. If and when they want to do it, they'll do it.
Agreed. That is why I phrased my initial post in a respectful manner. I also respect their time and efforts. My intention was not to pester or annoy them. This site is my primary BSD resource.
I'll leave this alone now. I'm very happy to be a member here.
__________________
hitest

Last edited by hitest; 11th August 2017 at 01:05 AM. Reason: typographical error
Reply With Quote
  #8   (View Single Post)  
Old 6th August 2017
Beastie Beastie is offline
Daemonology student
 
Join Date: Jan 2009
Location: /dev/earth0
Posts: 292
Default

Well, the very first result I get when searching for "openbsd forums" is "http://daemonforums.org/".

"netbsd forums"? I get "https://www.netbsd.org/community/" as a first result, with its description below including "... Daemon Forums". The second result is "http://daemonforums.org/forumdisplay.php?f=16" and the third is "http://daemonforums.org/".

I think we'll be alright.
__________________
May the source be with you!
Reply With Quote
  #9   (View Single Post)  
Old 16th August 2017
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 376
Default

Quote:
Originally Posted by ibara View Post
I think it's a good idea to move to https.
Less about the password thing (tbh, I'd be much more worried about security flaws in vBulletin being exploited), and more about the fact that Google's algorithm is going to (if it hasn't already) punish non-https sites by demoting them in the rankings. I'd prefer this site not get punished.
Not quite correct. Google will demote a site that handles passwords, credit cards and other security related items that do not use encryption. Sites that do not need such things are not demoted.

Getting TLS up and running on a FreeBSD site running nginx is a piece of cake with the basic settings and using security/certbot and only takes a minute.
Reply With Quote
Old 16th August 2017
ibara's Avatar
ibara ibara is online now
WR Slowest SNOBOL4 laptop
 
Join Date: Jan 2014
Posts: 514
Default

Quote:
Originally Posted by drhowarddrfine View Post
Google will demote a site that handles passwords
.
Reply With Quote
Old 16th August 2017
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 376
Default

@ibara Yes, that's correct, but he implied any site of any type will be demoted.
Reply With Quote
Old 24th August 2017
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Dutchman living in the UK
Posts: 2,196
Default

Quote:
Originally Posted by drhowarddrfine View Post
Not quite correct. Google will demote a site that handles passwords, credit cards and other security related items that do not use encryption. Sites that do not need such things are not demoted.

Getting TLS up and running on a FreeBSD site running nginx is a piece of cake with the basic settings and using security/certbot and only takes a minute.
Setting the correct date is even easier, and that hasn't been done yet either ;-)

I'm not 100% sure who is responsible for the technical maintenance of the forums these days. I transferred stuff over to j65nko in 2014, but I vaguely remember hearing that ocicat is also involved in the management.

If you have some spare time, then maybe you can try sending a PM to both to offer your services?
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Elinks vs Daemonforums Beastie Feedback and Suggestions 3 23rd January 2011 05:51 AM
daemonforums in Midori Mr-Biscuit Off-Topic 3 8th January 2011 10:35 PM
DaemonForums on BSDTalk ai-danno Feedback and Suggestions 12 28th July 2008 07:16 AM


All times are GMT. The time now is 03:55 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick