Donations

rnolan · January 23, 2017, 02:58:41 AM

Well going HTTPS has some up sides, eg when you put in your password it wont be in clear text over the evilnet, but that's about it from our perspective, and I spose no other (nefarious) site can pretend to be us just by spoofing our site. @Dante, if we have to pay for it (and seems that's the direction), can you see/check if the hosting ISP can do Transport Layer Security (TLS) 1.2 or later. Secure Socket Layer (SSL) 3.0 or earlier is now totally insecure (but still better than nothing IMO), and TLS 1.0 & 1.1 are fast going the same way. It's actually becoming common for HTTPS sites (and various browsers) to only support/accept TLS 1.2 for HTTPS connections.

Dante · January 23, 2017, 03:43:10 PM

If I understand the email correctly, it only applies when someone searches for ADA Depot via Google. If they know the url, we should be fine. :dunno:

rnolan · January 24, 2017, 03:39:44 AM

It will also affect searches that turn up depot posts (where a post relates to what they were searching for), they'll probably either mark it as an unsafe site or not list it :dunno: . Some browsers (and some settings in browsers) will stop it working, and we can expect more of this over time.

Iperfungus · January 24, 2017, 04:53:29 AM

How much money is required and how much is missing yet?

Dante · January 24, 2017, 08:28:50 AM

Quote from: Iperfungus on January 24, 2017, 04:53:29 AM
How much money is required and how much is missing yet?

Our hosting bill is usually $107 per year, just paid it recently. The SSL certificates are $60-$80, depending on the hosting company. It's not a requirement yet, don't worry. As long as donations trickle in sporadically, we'll get there in time. Not a rush

Iperfungus · January 24, 2017, 08:56:47 AM

Quote from: Dante on January 24, 2017, 08:28:50 AM
Quote from: Iperfungus on January 24, 2017, 04:53:29 AM
How much money is required and how much is missing yet?

Our hosting bill is usually $107 per year, just paid it recently. The SSL certificates are $60-$80, depending on the hosting company. It's not a requirement yet, don't worry. As long as donations trickle in sporadically, we'll get there in time. Not a rush

Ok, but let us know! :thumb-up:
The Depot MUST LIVE ON! :headbanger: :headbanger: :headbanger:

Dante · November 26, 2019, 08:09:35 AM

Hi Y'all :waving-banana-smiley-emoticon

This topic of getting an SSL certificate for the site has come up again (to make the little lock icon appear in the browser address bar, showing that we have a secure site). I have no idea what it's gonna cost, but I'm going to look into it. I just paid the annual hosting bill ($107 = ~$9/mo., paid annually).

Donations are welcome and (always) appreciated.

Rock on :banana-rock:

MarshallJMP · November 26, 2019, 09:26:36 AM

Done !

Rusty · November 26, 2019, 09:43:54 AM

Pay day for me next week, consider it already in the post OK Dante. :thumb-up:

SENT today

Peter H. Boer · November 26, 2019, 11:02:40 PM

Pay day somewhere this week.
I'll do yearly donation this weekend. :headbanger:

rnolan · November 27, 2019, 12:32:40 AM

The main thing that TLS (similar to SSL) will provide is to protect log on details. We'll need a certificate and probably some minor changes in the appache web server. It needs to be at a minimum TLS v1.2 and better is TLS v1.3. The last version of SSL (v3.0) is now very insecure and shouldn't be used. Our server probably uses OpenSSL which is open source code for Linux (Unix) servers. The latest version(s) of OpenSSL (IIRC 1.1.0) supports TLS v1.3. This would also be a good time to rebuild the site and hopefully fix some of the bugs.

vansinn · November 27, 2019, 03:25:26 AM

Yeah, I wrote about the cert things to Dante yesterday; didn't feel like doing it in here..
As I wrote, we don't really need to pay for an approved cert, but could use a self-signed cert; I've made loads of those for private connections to mail- and web servers.
The negative with those is that users will get a warning about the certificate potentially being not trustworthy, which may not be good for us.
If we buy a cert, several places offers them cheaper than, say, Verisign.
The changes to the Apache server is mostly uncommenting the line about HTTPS, and adding a line about the cert.
Implementing this isn't related to rebuilding the site, but can be done with no other hassle.
(not that it may not be a good idea giving the site a preen'n'prune)

rnolan · November 28, 2019, 01:06:48 AM

Quote from: van Sinn on November 27, 2019, 03:25:26 AM
Implementing this isn't related to rebuilding the site, but can be done with no other hassle.
(not that it may not be a good idea giving the site a preen'n'prune)

As I said it would be a good (opportune) time to rebuild the site, I know we (Dante and his/our ISP) can just implement HTTPS without a rebuild. Moreover, I was agitating to go HTTPS a couple years ago :facepalm: . IIRC Dante said it would cost about $25 back then :dunno: Mostly I want to get rid of the deprecated function error:8192: Function create_function() is deprecated
We get a couple of million of these errors in the logs per week...
But there are other issues (e.g. time format, intermittent email (for some of us), attachment size limit problem etc), hence time for a rebuild.
A self signed cert will cause issues with some browsers (e.g. chrome). A cheaper one than verisign is fine as long as it's not from one of the dodgy cert offerings which prop up the hackers/miscreants etc. Also need to configure apache to not down grade the connection to less than TLS 1.2

vansinn · November 29, 2019, 01:13:04 AM

^ agreed - some things I didn't think of (still feels weird not being admin anymore..)

ADA Depot - A Forum To Support Users of ADA Amplification Gear

News:

Donations

rnolan

Dante

rnolan

Iperfungus

Dante

Iperfungus

Dante

MarshallJMP

Rusty

Peter H. Boer

rnolan

vansinn

rnolan

vansinn