SUGGESTION BOX (for Admin action)

How to register at Cluesforum / General administrative topics / and things that every member must read

Re: THE "CHATBOX"

Postby SacredCowSlayer on Sat Oct 06, 2018 1:31 pm

patrix » October 6th, 2018, 1:03 am wrote:
SacredCowSlayer » October 6th, 2018, 1:56 am wrote:
anonjedi2 » October 5th, 2018, 7:40 pm wrote:I received this warning from Google for the first time ever, visiting CluesForum today. <_<

Image


Yes, there was a technical issue that arose briefly this afternoon.

The site is secure. I had to “tell” my computer to “allow” access here after it got resolved.

It’s all good.

Thanks,

SCS

This is a big problem affecting all users. Google has now made SSL certificate mandatory for all sites and Cluesforum does not have one or it isn't valid?

Every time I load a page from Cluesforum on my Android tablet, I get the nag screen above and are not able to switch it off permanently.

You should be able to get an SSL certificate for free at https://letsencrypt.org or renew the one you have.

To me this is obviously a way to implement internet censorship. Have all sites implement this technology and have all webbrowsers make it mandatory for "security reasons".

Then when it's established it's time for the bait and switch. Revoke certificates for sites that do not support "human values" and it will be very hard for people to access them because they will see the message above, and in the future sites without a certificate will probably not be accessible at all.

Edit: I get the same thing on my phone, so it's definitely an issue with Cluesforums SSL certificate.


I failed to speak with precision in my post above. That is my bad. Cluesforum is safe, and SSL secure, but still a hassle for our members and readers at the moment. And that is a problem. I certainly did not mean to minimize the significance of this type of issue in the grander scheme of things.

I was actually in the middle of a conversation with Simon when the site for CF and The TYCHOS went down. Prompt action was taken to get them back to where they could even be accessed, let alone safely.

If you kind members could verify that you are able to see tychos.info, and let us know in this thread, it would be appreciated.

Thank you all for bearing with us here while this is being worked out. Please note this isn’t the first time for this odious message (regarding the site being unsafe) to appear.

SCS
SacredCowSlayer
Administrator
 
Posts: 314
Joined: Sat Sep 05, 2015 9:44 pm

Re: THE "CHATBOX"

Postby patrix on Sat Oct 06, 2018 3:56 pm

Tychos.info and SeptemberClues.info work fine for me.

But Cluesforum.info has an expired Ssl certificate says Chrome
patrix
Member
 
Posts: 311
Joined: Wed Dec 14, 2016 10:24 am

Re: THE "CHATBOX"

Postby SacredCowSlayer on Sat Oct 06, 2018 6:53 pm

patrix » October 6th, 2018, 10:56 am wrote:Tychos.info and SeptemberClues.info work fine for me.

But Cluesforum.info has an expired Ssl certificate says Chrome


Dear Patrix, I sent you a PM. Thank you for your feedback.

SCS :)
SacredCowSlayer
Administrator
 
Posts: 314
Joined: Sat Sep 05, 2015 9:44 pm

Re: THE "CHATBOX"

Postby hoi.polloi on Sat Oct 06, 2018 9:56 pm

Just wanted to chime in with an apology for not managing the back end of CluesForum. Please do not be alarmed. It is just that our free SSL expired (in the middle of a hectic week for me) and according to our host NFS only the owner can manage it. Since my time is not open to CluesForum management at this junction we managed to request transfer of ownership of the account to Simon's membership at NFS. Makes sense right?

So, shong-story-lort, Simon should be able to get an SSL installed soon. He may need help. He may have already gotten it taken care of. But if anyone would like to donate a little time to setting it up, or heck — a free home server — to Simon, or other technical support, I would encourage you to contact him. I am sure the membership would appreciate the perpetuity of the site.

To ease your mind about the warning messages: NFS is a very safe host. Your computer is not in danger. Our site contains no dangerous elements. Setting up the SSL was done to get better rankings in Google, because Google will (in the near future, we are assured) begin downgrading sites that are not secure socket certified. When it's not set up right (e.g.; it's looking for SSL but no valid certificate is found) it can make your browser panic a little but it's totally fine and safe. Until the SSL is back, if and when it disappears, please remain at ease. Admins/moderators I am sure will let you know if there is ever a true problem.
hoi.polloi
Administrator
 
Posts: 5053
Joined: Sun Nov 14, 2010 7:24 pm

Re: THE "CHATBOX"

Postby fbenario on Sat Oct 06, 2018 11:27 pm

Still getting the CluesForum warning from Google at 7:15 PM EST Friday on both desktop Chrome browser and Android phone. Will the certificate likely be updated in the next 24 hours so we get no more warnings?
fbenario
Member
 
Posts: 2205
Joined: Fri Oct 23, 2009 1:49 am
Location: Atlanta, GA

Re: THE "CHATBOX"

Postby PianoRacer on Sun Oct 07, 2018 12:30 am

As an information security professional, I am happy to help Simon obtain and install a new SSL certificate. It shouldn't be that difficult. Please feel free to contact me via PM or at pianoracer AT gmail DOT com.

Ideally we'd want to set it up so that the certificates are automatically renewed when they are set to expire.

I also want to confirm and reiterate what Hoi said - this is just an expired certificate, nothing to be alarmed about, despite the notifications that most browsers will give you.
PianoRacer
Administrator
 
Posts: 57
Joined: Thu Nov 10, 2016 1:13 am

Re: THE "CHATBOX"

Postby PianoRacer on Sun Oct 07, 2018 1:41 am

If you want to give it a go yourself, these are the instructions I would follow:

https://www.onepagezen.com/letsencrypt- ... ot-apache/
PianoRacer
Administrator
 
Posts: 57
Joined: Thu Nov 10, 2016 1:13 am

Re: THE "CHATBOX"

Postby simonshack on Sun Oct 07, 2018 9:34 am

PianoRacer » October 7th, 2018, 12:30 am wrote:As an information security professional, I am happy to help Simon obtain and install a new SSL certificate. It shouldn't be that difficult. Please feel free to contact me via PM or at pianoracer AT gmail DOT com.

Thanks a lot for your offer of help, dear Pianoracer - I've just sent you a private e-mail to your gmail account. :)

[Note by SCS: Simon, due to the relatively large number of posts concerning this recent technical issue, I found it ideal to clean the “Chatbox” up, and move said posts to this more specifically appropriate thread. :) ]
simonshack
Administrator
 
Posts: 6575
Joined: Sun Oct 18, 2009 8:09 pm
Location: italy

Re: SUGGESTION BOX (for Admin action)

Postby patrix on Sun Oct 07, 2018 2:13 pm

SSL and Lets Encrypt - a Trojan horse for internet censorship?

Since this is on the wall right now (good call to clean up the chatbox) I just want to voice my concerns regarding SSL (Secure Sockets Layers) technology and its implications.

First of all, SSL is a great thing. What it does is to encrypt a connection between two parties and ensure the identity of these by the use of asymmetric encryption and a certificate chain. This is very useful when we do bank transactions or purchase things on the internet since it's harder for an internet eavesdropper to get hold of for example card information. SSL has been in use for many years by banks and e-commerce.

However what's happened the last years is that the idea has taken foothold that a website is somehow inherently insecure if it does not implement SSL. And to help every website implement SSL, a free certification entity - Lets Encrypt has emerged and Google has started punishing websites that do not use SSL, regardless if they have any functions that actually justify the technology. Why would for example a web forum be safer because of SSL? It makes no sense.

What does makes sense however is the usual problem, reaction, solution dialectic. Despite Google, YouTube, Facebook, Twitter and an enormous disinformation machinery, the free web is still causing problems and needs to be controlled. And with a certificate chain in the hands of the Nutwork and web clients that does not accept communication from servers outside this chain, there is a swift way to shut down unwanted sites. I think this is the actual reason for all the care and effort being spent right now on having SSL universally implemented. Its a Trojan horse for internet censorship. In the future we might read in New York Times about how Russian cyber criminals have staged attacks from certain websites but that our valiant protective agencies have eliminated the threat by revoking their SSL certificates...
patrix
Member
 
Posts: 311
Joined: Wed Dec 14, 2016 10:24 am

Re: SUGGESTION BOX (for Admin action)

Postby hoi.polloi on Sun Oct 07, 2018 4:05 pm

I think this is the actual reason for all the care and effort being spent right now on having SSL universally implemented.


Well our care and effort is to just prevent being shut out, and to take care of this site. But yes, I agree the new supposed "need" imposed on Internet culture is somewhat suspicious. The ultimate goal of "higher ups" may be to eliminate anonymity and free speech.
hoi.polloi
Administrator
 
Posts: 5053
Joined: Sun Nov 14, 2010 7:24 pm

Re: SUGGESTION BOX (for Admin action)

Postby anonjedi2 on Sun Oct 07, 2018 5:19 pm

Thank you all for the update and for everything you do to keep this information intact and available.
anonjedi2
Member
 
Posts: 722
Joined: Mon Dec 31, 2012 5:50 am

Re: SUGGESTION BOX (for Admin action)

Postby patrix on Sun Oct 07, 2018 5:30 pm

hoi.polloi » October 7th, 2018, 5:05 pm wrote:
I think this is the actual reason for all the care and effort being spent right now on having SSL universally implemented.


Well our care and effort is to just prevent being shut out, and to take care of this site. But yes, I agree the new supposed "need" imposed on Internet culture is somewhat suspicious. The ultimate goal of "higher ups" may be to eliminate anonymity and free speech.


Yes of course Hoi. Cluesforum should play along and you all do an excellent job maintaining the site. I just see this scenario further down the road and it bothers me.
patrix
Member
 
Posts: 311
Joined: Wed Dec 14, 2016 10:24 am

Re: SUGGESTION BOX (for Admin action)

Postby hoi.polloi on Mon Oct 08, 2018 12:58 pm

Okay, this is actually kind of funny. NearlyFreeSpeech for some reason did not allow the transfer of account ownership to take place. So apparently I am "stuck" with maintaining CluesForum until an admin does all of the following:

1. download the latest full database
2. find new server space and install phpBB (Based on this article, DreamHost or OrangeWebsite maybe?)
3. upload the database to the new location, thereby "cloning" CluesForum
4. install a free SSL (if the host doesn't provide it automatically anyway)

In the mean time, I am just going to deactivate SSL to make things easier for me to maintain (i.e.; not maintain). If people really feel they miss secure socket stuff, these would be simple steps for folx to do. If disabling SSL doesn't remove the https conflict from the URL for now or occasionally causes a "bad request" error, nevermind, it will all hopefully be sorted out soon enough.
hoi.polloi
Administrator
 
Posts: 5053
Joined: Sun Nov 14, 2010 7:24 pm

Re: SUGGESTION BOX (for Admin action)

Postby SacredCowSlayer on Mon Oct 08, 2018 2:24 pm

Thank you to our Members and readers for your patience as we carefully get this issue resolved. The process is “in the works,” so to speak.

SCS :)
SacredCowSlayer
Administrator
 
Posts: 314
Joined: Sat Sep 05, 2015 9:44 pm

Re: SUGGESTION BOX (for Admin action)

Postby PianoRacer on Mon Oct 08, 2018 2:30 pm

I find the resistance to SSL encryption interesting and not without merit. That being said, there's no reason why the site couldn't provide both options simultaneously:

The downside to unencrypted access is that things like logins and passwords would be transmitted in clear text over the internet, increasing the chance of being compromised by, for example, "man-in-the-middle" attacks. Imagine a scenario where the forum administrator credentials were compromised and all of the forum content permanently erased. I know there are back-up torrents and whatnot, but this would still be a devastating turn of events.

The downside to encrypted access is, as previously mentioned, that it puts more power in the hands of "Alphabet, inc." and their ilk as well as the certificate issuers (Lets Encrypt, VeriSign, etc.) If this were ever to become an issue, self-signed certificates could be implemented, browser and "Alphabet" protests be damned. The power to remove or self-generate encryption is not something that they can take away from us (yet).

Encryption certainly has its merits - it's the fact that we are forced to rely on the "certificate authorities", and that self-signed certificates are deemed inherently insecure, that poses the issue.
PianoRacer
Administrator
 
Posts: 57
Joined: Thu Nov 10, 2016 1:13 am

PreviousNext

Return to HOW TO REGISTER at CLUESFORUM - and other tips

Who is online

Users browsing this forum: No registered users and 1 guest