https not active. Is this intentional?

Status
Not open for further replies.
heavymod

heavymod

Member
Hey - I notice that https is not working on the audiokarma site. FWIW this is easy and cheap to implement, and aids in google page ranking.

Is this intentional, or an oversight? I'm assuming you don't need help with this issue, but if so, please let me know.
 
heavymod said:
Hey - I notice that https is not working on the audiokarma site. FWIW this is easy and cheap to implement, and aids in google page ranking.

Is this intentional, or an oversight? I'm assuming you don't need help with this issue, but if so, please let me know.
Click to expand...
Some browsers seem hell bent to get all sites to go HTTPS, but - if you are not doing sales, its not so important,
and there are sites that are https that have malware payloads, so being https is no guarantee of safe passage..

Its been discussed AD NASEUM with various newbies in the past ...
Some one brings it up about once a week or so ...
 
olson_jr said:
How about if I supplied you a 60 foot pole, tipped with my special sauce, made from the eye of newt and toe of frog, wool of bat and tongue of dog?
Click to expand...
Oh an alchemist!!!

Or is that something else

Frannie
 
The AK website and servers are more complex than an Umberto Eco novel mixed with Gravity's Rainbow. If you began now and worked until only the cockroaches and Keith Richards were still alive, you'd never be able to get AK on the https bus.

Nice website. Be a shame if sumfin' happened to it.

iu
 
hjames said:
Some browsers seem hell bent to get all sites to go HTTPS, but - if you are not doing sales, its not so important,
and there are sites that are https that have malware payloads, so being https is no guarantee of safe passage..
Click to expand...
Sorry, and respectfully, that is not the case. I have pointed this out before--it is just as important for server security as it is for end user security. It is essential. This isn't 1995. This is a bold assumption to make, to say it is "not so important." It is more important today than it was even a year or two ago. SSL is so blindingly simple and fast to deploy now, with no cost whatsoever, that there is no excuse not to. I literally issue new certificates to domains in under a minute. One minute! And that includes an automated process that updates the server configurations for me. I can configure XenForo to use SSL in about two minutes, including mitigating the old non-SSL links within the sites. (It's not an act of congress like some have implied the last time this came up.) That's three painless minutes out of my day to remove one more attack vector from my servers and sites while also protecting my end users, and it doesn't cost me a penny. Three minutes!

Why is it free? The Let's Encrypt organization, in concert with the Electronic Frontier Foundation and its dozens of major corporate donors, realized that having the entire Web operate under SSL will reduce operating costs for everyone. Fewer server hacks, fewer account breaches, less expense by I.T. departments having to deal with attacks on "open" sites, and a few others reasons I don't have time to get into.

But I'm tired of beating a dead horse. I do this for a living. I've dealt with security breaches and site defacement. I know the attack vectors these hackers take. Been there, done that, spent the 36 hours without sleep restoring the damage done by a hacker and didn't even get a goddarned t-shirt out of it. I'm not pulling stuff out of thin air. If I don't reduce exposure to my server or my end users by even a small percentage for something so blindingly simple, then I am not doing my job and don't deserve to get paid for it.

Just know that it's not just about us, the end users--it is also about the server and the site that it hosts. :)

I am not following replies to this thread.
 
Wildcat said:
Sorry, and respectfully, that is not the case. I have pointed this out before--it is just as important for server security as it is for end user security. It is essential. This isn't 1995. This is a bold assumption to make, to say it is "not so important." It is more important today than it was even a year or two ago. SSL is so blindingly simple and fast to deploy now, with no cost whatsoever, that there is no excuse not to. I literally issue new certificates to domains in under a minute. One minute! And that includes an automated process that updates the server configurations for me. I can configure XenForo to use SSL in about two minutes, including mitigating the old non-SSL links within the sites. (It's not an act of congress like some have implied the last time this came up.) That's three painless minutes out of my day to remove one more attack vector from my servers and sites while also protecting my end users, and it doesn't cost me a penny. Three minutes!
Click to expand...

Your points are totally valid. But I draw the line at being critical of the site admins myself.

And yes I seem to have people who think I am clueless as a result. I would rather be considered a fool and loyal/supportive than an expert who has all the answers.

Again your points are 100% valid. But they do skirt that line of biting the hand that feeds you. That being a supportive member here.

Frannie
 
Again, as has been stated before,
this is a discussion for the site OWNER, not for us end users ...

THEY determine what investment they put into Server admin tools and admin staff -
its really not up to us!

What seems quick and easy to someone who manages a large number of XenFro sites can be a much different task for someone with a single standalone instance of it.

Again, its not up to me - my main focus is stopping user fights and deleting spammers!
 
Last edited:
buglegirl said:
Your points are totally valid. But I draw the line at being critical of the site admins myself.

And yes I seem to have people who think I am clueless as a result. I would rather be considered a fool and loyal/supportive than an expert who has all the answers.

Again your points are 100% valid. But they do skirt that line of biting the hand that feeds you. That being a supportive member here.

Frannie
Click to expand...

SSL would only lower the risk of an exploit in the server's socket layer, and for the most part that horse has been beaten to death. So, not that important unless you're getting a kickbacks from the certificate vendors. SSL does encrypt the traffic going to this site, but what the hell, if the Fed's are interested in what you write, they can go to audiokarma.org and read everything as guest anyway:), or become a member to access the full site. For all the people that are worried about security, find a reputable VPN service and spend about $100/yr. Note that this is my opinion and I have no desire to start a flame war/discussion on this topic, but also consider this, I have a lot of job experience on my resume, and a lot of it was in IT.
 
hjames said:
What seems quick and easy to someone who manages a large number of XenFro sites can be a much different task for someone with a single standalone instance of it.
Click to expand...
I've offered. And I'm standing by. Standalone or not, one site or thousands, it's three minutes for anyone and doesn't cost a penny--nothing special here.

Maybe I'm clueless enough in this that I should just leave the forum. Seems to be the general concensus, I'm thinking. The powers that be know where to reach me if they want assistance--I always gladly help out others, with no chip on my shoulder or anything to prove.
 
Just make a Sticky Post at the top of this forum with AK's view and reassurance on the forum safety.

Then redirect folks to the sticky.
 
Wildcat said:
I've offered. And I'm standing by. Standalone or not, one site or thousands, it's three minutes for anyone and doesn't cost a penny--nothing special here.

Maybe I'm clueless enough in this that I should just leave the forum. Seems to be the general concensus, I'm thinking. The powers that be know where to reach me if they want assistance--I always gladly help out others, with no chip on my shoulder or anything to prove.
Click to expand...
Don't fall on the same sword I am falling on. There is no right or wrong and nothing absolute here.

You make great points. But you don't run the server and you don't admin it.

Its easy from an armchair.

And yes I personally am aware at how easy Letsencrypt is to implement.

But I also support a wide range of Legacy servers where its not so easy.

Try implementing it on a Centos 4.X server with a custom LAMP stack.

I think this server is newer than that though. But its not Cpanel/Plesk easy I am pretty sure given what I know about it when I helped with the outage a few years back.

Frannie
 
Status
Not open for further replies.

Similar threads

runnin'
Having a Weird Issue With this Site
Replies
4
Views
186
PPstereo
PPstereo
tcdriver
Firefox and Audiokarma ... So what's up with this?
Replies
13
Views
421
woodj
woodj
xero-D-hero
Been having issues with AK,,,anyone else have this happen???
4 5 6
Replies
110
Views
6K
PooreBoy
PooreBoy
djwhy60
Not sure if this is OK...but...
Replies
2
Views
254
djwhy60
djwhy60
MarkBX
Dual Doctor and Fix My Dual
2 3
Replies
43
Views
11K
beatcomber
beatcomber
Back
Top Bottom