• Welcome to ADA Depot - A Forum To Support Users of ADA Amplification Gear.
 

News:

Lets get Technical > All Things Tube All about preamp and power amp Tubes.

Main Menu

Donations

Started by Dante, October 31, 2016, 01:05:41 PM

Previous topic - Next topic

rnolan

Well going HTTPS has some up sides, eg when you put in your password it wont be in clear text over the evilnet, but that's about it from our perspective, and I spose no other (nefarious) site can pretend to be us just by spoofing our site. @Dante, if we have to pay for it (and seems that's the direction), can you see/check if the hosting ISP can do Transport Layer Security (TLS) 1.2 or later.  Secure Socket Layer (SSL) 3.0 or earlier is now totally insecure (but still better than nothing IMO), and TLS 1.0 & 1.1 are fast going the same way.  It's actually becoming common for HTTPS sites (and various browsers) to only support/accept TLS 1.2 for HTTPS connections.
Studio Rig: Stuff; Live Rig: More Stuff; Guitars: A few

Dante

If I understand the email correctly, it only applies when someone searches for ADA Depot via Google. If they know the url, we should be fine.  :dunno:

rnolan

It will also affect searches that turn up depot posts (where a post relates to what they were searching for), they'll probably either mark it as an unsafe site or not list it  :dunno: .  Some browsers (and some settings in browsers) will stop it working, and we can expect more of this over time.
Studio Rig: Stuff; Live Rig: More Stuff; Guitars: A few

Iperfungus

How much money is required and how much is missing yet?
On the run again!

Dante

Quote from: Iperfungus on January 24, 2017, 04:53:29 AM
How much money is required and how much is missing yet?

Our hosting bill is usually $107 per year, just paid it recently. The SSL certificates are $60-$80, depending on the hosting company. It's not a requirement yet, don't worry. As long as donations trickle in sporadically, we'll get there in time. Not a rush

Iperfungus

Quote from: Dante on January 24, 2017, 08:28:50 AM
Quote from: Iperfungus on January 24, 2017, 04:53:29 AM
How much money is required and how much is missing yet?

Our hosting bill is usually $107 per year, just paid it recently. The SSL certificates are $60-$80, depending on the hosting company. It's not a requirement yet, don't worry. As long as donations trickle in sporadically, we'll get there in time. Not a rush

Ok, but let us know!  :thumb-up:
The Depot MUST LIVE ON!  :headbanger: :headbanger: :headbanger:
On the run again!

Dante

Hi Y'all  :waving-banana-smiley-emoticon

This topic of getting an SSL certificate for the site has come up again (to make the little lock icon appear in the browser address bar, showing that we have a secure site). I have no idea what it's gonna cost, but I'm going to look into it. I just paid the annual hosting bill ($107 = ~$9/mo., paid annually).

Donations are welcome and (always) appreciated.

Rock on  :banana-rock:

MarshallJMP


Rusty

#23
Pay day for me next week,  consider it already in the post OK Dante.   :thumb-up:


SENT today

Peter H. Boer

Pay day somewhere this week.
I'll do yearly donation this weekend.  :headbanger:
Nothing beats MB-1s and MP-1s with MDRTs

http://www.thegrannyattic.com
http://www.Illumion.net
http://www.sote.nl

rnolan

The main thing that TLS (similar to SSL) will provide is to protect log on details.  We'll need a certificate and probably some minor changes in the appache web server.  It needs to be at a minimum TLS v1.2 and better is TLS v1.3.  The last version of SSL (v3.0) is now very insecure and shouldn't be used.  Our server probably uses OpenSSL which is open source code for Linux (Unix) servers.  The latest version(s) of OpenSSL (IIRC 1.1.0) supports TLS v1.3.  This would also be a good time to rebuild the site and hopefully fix some of the bugs.
Studio Rig: Stuff; Live Rig: More Stuff; Guitars: A few

vansinn

Yeah, I wrote about the cert things to Dante yesterday; didn't feel like doing it in here..
As I wrote, we don't really need to pay for an approved cert, but could use a self-signed cert; I've made loads of those for private connections to mail- and web servers.
The negative with those is that users will get a warning about the certificate potentially being not trustworthy, which may not be good for us.
If we buy a cert, several places offers them cheaper than, say, Verisign.
The changes to the Apache server is mostly uncommenting the line about HTTPS, and adding a line about the cert.
Implementing this isn't related to rebuilding the site, but can be done with no other hassle.
(not that it may not be a good idea giving the site a preen'n'prune)

rnolan

Quote from: van Sinn on November 27, 2019, 03:25:26 AM
Implementing this isn't related to rebuilding the site, but can be done with no other hassle.
(not that it may not be a good idea giving the site a preen'n'prune)
As I said it would be a good (opportune) time to rebuild the site, I know we (Dante and his/our ISP) can just implement HTTPS without a rebuild.  Moreover, I was agitating to go HTTPS a couple years ago  :facepalm: .  IIRC Dante said it would cost about $25 back then  :dunno: Mostly I want to get rid of the deprecated function error:8192: Function create_function() is deprecated
We get a couple of million of these errors in the logs per week...
But there are other issues (e.g. time format, intermittent email (for some of us), attachment size limit problem etc), hence time for a rebuild.
A self signed cert will cause issues with some browsers (e.g. chrome).  A cheaper one than verisign is fine as long as it's not from one of the dodgy cert offerings which prop up the hackers/miscreants etc.  Also need to configure apache to not down grade the connection to less than TLS 1.2
Studio Rig: Stuff; Live Rig: More Stuff; Guitars: A few

vansinn

^ agreed - some things I didn't think of (still feels weird not being admin anymore..)