mersenneforum.org  

Go Back   mersenneforum.org > Other Stuff > Forum Feedback

Reply
 
Thread Tools
Old 2017-03-11, 19:20   #1
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

27·61 Posts
Lightbulb HTTPS

https://www.vbulletin.com/forum/arti...forum-to-https

The process looks easy enough to do, but our current hosting provider wants to charge us more:
Quote:
Adding SSL Service to your account will require the account be moved to a server set up to support SSL. If you press the button below to confirm this upgrade, we will contact you in the near future with full details of the pending move.

Enabling SSL Secure Server on your account type will incur additional charges: $20 set up, and $9.95 monthly.
We see three available options to pursue:
  1. Leave things the way they are.
  2. Pay the extra fee for HTTPS.
  3. Change to a different hosting provider that offers a better deal.
We are very hesitant to take option three, because everything works right now and we are concerned about breaking things in a big way.

Anyways, we are open to suggestions and comments!

Xyzzy is offline   Reply With Quote
Old 2017-03-12, 07:32   #2
ET_
Banned
 
ET_'s Avatar
 
"Luigi"
Aug 2002
Team Italia

10010101000112 Posts
Default

Quote:
Originally Posted by Xyzzy View Post
https://www.vbulletin.com/forum/arti...forum-to-https

The process looks easy enough to do, but our current hosting provider wants to charge us more:We see three available options to pursue:
  1. Leave things the way they are.
  2. Pay the extra fee for HTTPS.
  3. Change to a different hosting provider that offers a better deal.
We are very hesitant to take option three, because everything works right now and we are concerned about breaking things in a big way.

Anyways, we are open to suggestions and comments!


I'd forget option 3 as well...
I don't see any reason to pass to https, as we do not deal with sensible data (apart from the happy me and unhappy me threads), but I will do my part with no hesitation in case you should approach option 2.

Luigi
ET_ is offline   Reply With Quote
Old 2017-03-12, 08:31   #3
GP2
 
GP2's Avatar
 
Sep 2003

29×89 Posts
Default

Quote:
Originally Posted by ET_ View Post
I don't see any reason to pass to https, as we do not deal with sensible data
In French sensible means "sensitive". I'm guessing that it's the same in Italian.

In English, our data is sensible but not sensitive.

This site should probably go to HTTPS eventually simply because search engines might start penalizing sites that don't, and browsers are already starting to display "not secure" warnings. If contributions are needed, hopefully there will be some easy one-click option for that that doesn't require registering with yet another payments website.
GP2 is offline   Reply With Quote
Old 2017-03-12, 09:00   #4
ET_
Banned
 
ET_'s Avatar
 
"Luigi"
Aug 2002
Team Italia

13·367 Posts
Default

Quote:
Originally Posted by GP2 View Post
In French sensible means "sensitive". I'm guessing that it's the same in Italian.

In English, our data is sensible but not sensitive.

This site should probably go to HTTPS eventually simply because search engines might start penalizing sites that don't, and browsers are already starting to display "not secure" warnings. If contributions are needed, hopefully there will be some easy one-click option for that that doesn't require registering with yet another payments website.
Sensitive, that's it.

But sensible would have applied as well in some circumstances
Finding (Mersenne) primes IS sensible...

Last fiddled with by ET_ on 2017-03-12 at 09:01
ET_ is offline   Reply With Quote
Old 2017-03-12, 11:04   #5
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

5,879 Posts
Default

Option 3 definitely. Don't be afraid to get a better just because of F.U. & D. It'll all work out in the end.
retina is offline   Reply With Quote
Old 2017-03-12, 13:28   #6
GP2
 
GP2's Avatar
 
Sep 2003

29×89 Posts
Default

What about the forum software, by the way?

According to Wikipedia, vBulletin is currently at version 5.2.5. This board is running version 3.8.9 though. Is it still supported? Are there any unpatched security holes that could result in data loss or ransomware attacks?

Regarding the costs for SSL, maybe there could be a GoFundMe page, like we did for the KNL thing. I'm sure we could cover setup and monthlies for a year or two, and then you could consider researching a move to a different service provider at your leisure.
GP2 is offline   Reply With Quote
Old 2017-03-12, 16:14   #7
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

27·61 Posts
Default

Quote:
Originally Posted by GP2 View Post
What about the forum software, by the way?

According to Wikipedia, vBulletin is currently at version 5.2.5. This board is running version 3.8.9 though. Is it still supported? Are there any unpatched security holes that could result in data loss or ransomware attacks?
The version we use is fully patched and supported.

The newer versions are, in our opinion, too bloated and cluttered with features and social media plug-ins.

We believe the version we use is optimal for readability and simplicity.

If they stopped supporting our version, we would "upgrade" to the next branch that is supported.

Xyzzy is offline   Reply With Quote
Old 2017-03-12, 16:17   #8
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

27·61 Posts
Default

Quote:
Originally Posted by GP2 View Post
Regarding the costs for SSL, maybe there could be a GoFundMe page, like we did for the KNL thing. I'm sure we could cover setup and monthlies for a year or two, and then you could consider researching a move to a different service provider at your leisure.
The cost is not really an issue. People have been very generous with supporting the forum.

We are more concerned with not wasting money and getting a good return on the money spent.

We think we are currently operating in the $1 a day range, which is fairly reasonable. Once we pass the $1 a day mark it feels like we are not being thrifty.

Xyzzy is offline   Reply With Quote
Old 2017-03-12, 16:18   #9
ET_
Banned
 
ET_'s Avatar
 
"Luigi"
Aug 2002
Team Italia

13·367 Posts
Default

Quote:
Originally Posted by Xyzzy View Post
The version we use is fully patched and supported.

The newer versions are, in our opinion, too bloated and cluttered with features and social media plug-ins.

We believe the version we use is optimal for readability and simplicity.

If they stopped supporting our version, we would "upgrade" to the next branch that is supported.
[like]
ET_ is offline   Reply With Quote
Old 2017-03-15, 15:26   #10
Nick
 
Nick's Avatar
 
Dec 2012
The Netherlands

101110111002 Posts
Default

Has anyone done a risk assessment?
Are there threats that we are genuinely concerned about?
Nick is online now   Reply With Quote
Old 2017-03-15, 21:49   #11
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

9,323 Posts
Default

Quote:
Originally Posted by Nick View Post
Has anyone done a risk assessment?
Are there threats that we are genuinely concerned about?
This is actually relatively important. Mostly because many people reuse passwords.

This is a message I received from Google today about GPU72.com:
Quote:
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.
GPU72 has supported SSL for many years, but it doesn't _force_ people to use HTTPS.

Much like Aaron, I'm going to start doing HTTP to HTTPS redirections. Mike might want to work towards this sooner rather than latter.

Somewhat tangential, I consider Snowden to be a hero, and Assange a bit of a twat.
chalsall is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why is https://www.mersenne.org so damn buggy? jxsl13 Information & Answers 2 2017-02-22 03:06
https and www etc etc Uncwilly Forum Feedback 1 2012-03-12 20:46
https access to www.mersenne.org failed LLL PrimeNet 17 2008-12-26 20:34

All times are UTC. The time now is 22:35.

Thu Nov 26 22:35:29 UTC 2020 up 77 days, 19:46, 4 users, load averages: 1.73, 1.68, 1.65

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.