DRUMMERWORLD OFFICIAL DISCUSSION FORUM

DRUMMERWORLD OFFICIAL DISCUSSION FORUM (http://www.drummerworld.com/forums/index.php)
-   DrummerWorld Site News (http://www.drummerworld.com/forums/forumdisplay.php?f=26)
-   -   Drummerworld and SSL -- It's time (http://www.drummerworld.com/forums/showthread.php?t=139510)

KamaK 11-21-2017 08:06 AM

Drummerworld and SSL -- It's time
 
Bernhard,

I'd gladly chip in the $7.50 for the first year and 30 mins to show you how to set up SSL/HTTPS. I feel like a chump every time I type something here (including my password) because anyone with wire access can see it. Heck, I'd chip in $20 for a 3-year cert.

I get that there are drawbacks (the yearly expense, performance overhead, requirement of technical expertise to add a rewrite rule so old links work, periodic renewals, registration). But a number of us check in from hotel wifi, bar wifi, and other public places and would greatly appreciate the increase in privacy.

Note: Looks like COMODO resellers are ~9/yr these days.

Dr_Watso 11-21-2017 07:43 PM

Re: Drummerworld and SSL -- It's time
 
The port is open on the firewall, but the default apache page with self-signed is what you get.

Since I don't use this password anywhere else I'm not that worried about it and other than passwords, I think someone snooping this data stream would be pretty disappointed. If you're going to do it, make sure to re-direct http to https or it's pretty useless for anyone but you, I and other folks with IT sec on their minds.

KamaK 11-21-2017 08:01 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by Dr_Watso (Post 1533958)
If you're going to do it, make sure to re-direct http to https or it's pretty useless for anyone but you, I and other folks with IT sec on their minds.

Indeed, though it's generally best to use a rule instead of a redir, so that the string beyond the domain name is preserved, and all of the links on the board continue working.

Something simple like:


Code:

    RewriteEngine on
    RewriteCond  %{SERVER_PORT}  !^443$
    RewriteRule ^/(.*)$ https://www.drummerworld.com/$1 [L,R]


KamaK 02-09-2018 09:01 PM

Re: Drummerworld and SSL -- It's time
 
Bernhard,

You going to be ready for July?

https://arstechnica.com/gadgets/2018...as-not-secure/

Ping me if you need a hand.

Dr_Watso 02-09-2018 10:07 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by KamaK (Post 1546007)
Bernhard,

You going to be ready for July?

https://arstechnica.com/gadgets/2018...as-not-secure/

Ping me if you need a hand.

The cynic in me thinks that immediately following this update, google with start selling SSL certs.

KamaK 02-10-2018 02:45 AM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by Dr_Watso (Post 1546034)
The cynic in me thinks that immediately following this update, google with start selling SSL certs.

Indeed.

Luckily, enough cynics felt this way a few years back and created their own CA.

http://www.cacert.org/

Pocket-full-of-gold 02-10-2018 02:55 AM

Re: Drummerworld and SSL -- It's time
 
There are times when I'm privy to a discussion and feel nothing but an utter friggen' moron.

This is one of those times.

Dr_Watso 02-10-2018 03:23 AM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by Pocket-full-of-gold (Post 1546113)
There are times when I'm privy to a discussion and feel nothing but an utter friggen' moron.

This is one of those times.

As simplified as I can, since it's an important topic, and maybe you'll find it interesting. It's certainly more complicated than I'll make it out to be, and please feel free to ask questions if you like.

Websites that begin with "https://www.example.com" rather than the regular http are "secured" by utilizing a tech called SSL which is what Kamak is talking about for DW.

Think of SSL kind of like "pig latin". Two people can communicate without using real english, but still understand each other on the basis that they both realize you just re-arrange the letters to each word in a set way. If an outsider who doesn't have the "code" tries to listen in, say a small child who hasn't figured it out yet, they'll be confused.

That's a long way of saying it's a literal cipher key. Just like radio cipher or my previous example of the "pig latin" code, using SSL/HTTPS can help prevent a nefarious fellow who's trying to listen into the data exchange and get passwords, or what have you.

Since we don't exchange credit card numbers or do business on this site, it's not that big of a deal, but using it is certainly best practice and helps with security.

Dr_Watso 02-10-2018 03:29 AM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by KamaK (Post 1546112)
Indeed.

Luckily, enough cynics felt this way a few years back and created their own CA.

http://www.cacert.org/

Hey, that's cool! Thanks!

I don't think I would trust it as much for something critical, but for general use like this that's neat!

KamaK 02-10-2018 07:48 AM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by Dr_Watso (Post 1546118)
I don't think I would trust it as much for something critical, but for general use like this that's neat!

On the flip side, we can trust that Verisign/Symantec/Thawte/Entrust trusts their customers just enough to be willing to take their money. Sigh, the uncanny intermingling of capitalism and privacy... I guess it's hard to complain with my mouth full.

Jeremy Bender 02-12-2018 05:23 PM

Re: Drummerworld and SSL -- It's time
 
I don't understand what any of this means. Is the future use of this forum in danger of a security breach to our own computers? Will we start having to pay to be members?
Thanks. I know very little about these things.

KamaK 02-12-2018 07:37 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by Jeremy Bender (Post 1546566)
I don't understand what any of this means. Is the future use of this forum in danger of a security breach to our own computers? Will we start having to pay to be members?
Thanks. I know very little about these things.

Ultimately, it means that anyone on your local network or anyone on DWorlds network can see anything you submit to the site, and know what you've been looking at. It also means that any DW data passing through your ISP is automatically being routed through a mystery closet and analyzed by the NSA.

(no, really, not being paranoid or making this up, there really is a government closet at your ISP analyzing absolutely everything you see and post).

Not an issue for 95% of the content here, but this includes your user/password and PM's.

Dr_Watso 02-12-2018 08:03 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by KamaK (Post 1546600)
Not an issue for 95% of the content here, but this includes your user/password and PM's.

Yep, this is really the only "worry". People often use similar username and password combos on multiple sites, so the fact that someone can snoop our passwords on this site as we use them could be an issue for some.

For the time being, everyone reading this should make sure the password they use here is not the same as one for something critical or financial.

Dr_Watso 02-12-2018 08:05 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by KamaK (Post 1546149)
On the flip side, we can trust that Verisign/Symantec/Thawte/Entrust trusts their customers just enough to be willing to take their money. Sigh, the uncanny intermingling of capitalism and privacy... I guess it's hard to complain with my mouth full.

I almost stated such in my response, but meh.

I think I only feel "safer" because we're paying for it with the big providers. Makes me feel like they will have better, more secure and more redundant/consistent service. If that's true or not is hard to say in the grand scheme, but at least I can sue!

DrumEatDrum 02-13-2018 07:05 AM

Re: Drummerworld and SSL -- It's time
 
I'd settle for not using the same 10 year old version of V-bulletin and adding some modern features around here.

I love this forum, but it's stuck in internet past.

Jeremy Bender 02-13-2018 07:59 PM

Re: Drummerworld and SSL -- It's time
 
What if you use "incognito" mode on Chrome?

Dr_Watso 02-13-2018 08:03 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by Jeremy Bender (Post 1546804)
What if you use "incognito" mode on Chrome?

All that does is prevent your computer from storing info locally on the hard drive about visited sites and all that jazz.

It does not change the fact that passwords here are sent to the server un-encrypted and "snoopable". Please don't use common passwords here and change any passwords that you share with this site and others.

T.Underhill 02-13-2018 09:54 PM

Re: Drummerworld and SSL -- It's time
 
1 Attachment(s)
This is what your Internet traffic would look like when you login to the site via http not https. The username and password is shown in "clear text" meaning readable to whoever is capturing your traffic. I know this has been stated, but the visual is interesting. This traffic is likely to only be compromised if you're on a public network like an open WiFi connection.

BradGunnerSGT 07-05-2018 10:51 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by KamaK (Post 1546112)
Indeed.

Luckily, enough cynics felt this way a few years back and created their own CA.

http://www.cacert.org/

Even better: https://letsencrypt.org

Totally free and the certificate auto renews every 30 days. The project is funded by the Linux Foundation.

KamaK 07-06-2018 05:20 PM

Re: Drummerworld and SSL -- It's time
 
Bernhard,

Websense is now blocking your site from a number of organizations, including my work.

Dr_Watso 07-06-2018 06:55 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by KamaK (Post 1569421)
Bernhard,

Websense is now blocking your site from a number of organizations, including my work.

Good thing you're a l33t haxor and nothing so mundane would ever challenge your skillz.

Bernhard 07-07-2018 11:33 AM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by KamaK (Post 1569421)
Bernhard,

Websense is now blocking your site from a number of organizations, including my work.

So you're not working in a DRUM Organization???

eric_B 07-07-2018 04:57 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by KamaK (Post 1569421)
Bernhard,

Websense is now blocking your site from a number of organizations, including my work.

You're browsing (drum) forums while working?
I would not like people working for me doing that...

More on topic: I do think SSL/HTTPS will be safer.
Then again, anyone using the same password should really start using a password manager.
And don't post anything on public forums, Facebook, Twitter, etc you do not want to be confronted with ever again.

Dr_Watso 07-09-2018 05:20 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by eric_B (Post 1569554)
You're browsing (drum) forums while working?
I would not like people working for me doing that...

More on topic: I do think SSL/HTTPS will be safer.
Then again, anyone using the same password should really start using a password manager.
And don't post anything on public forums, Facebook, Twitter, etc you do not want to be confronted with ever again.

You might not like it, but it's happening. Try to focus more on the person's productivity than what they do from moment to moment and you'll have happier employees and less stress from trying to manage workflow. If they're productive or make you money, it doesn't matter what else they do so long as it isn't putting them or you at risk, like browsing porn or something.

Kamak's point is that it's being blocked because it's rated as insecure and unsafe, not because it's a drum website. If his employer wanted to use websense to block drum/music sites, they could, but obviously don't.

Trust me, as someone who looks at corporate internet logging a lot, browsing is just something people do these days. Recent generations grew up with shorter attention spans and more aptitude for multi-tasking in several different ways. I myself am usually on here all day, but only from time to time in between tasks or as I wait for something to finish processing.

KamaK 07-15-2018 07:13 PM

Re: Drummerworld and SSL -- It's time
 
Quote:

Originally Posted by Dr_Watso (Post 1569803)
Trust me, as someone who looks at corporate internet logging a lot, browsing is just something people do these days. Recent generations grew up with shorter attention spans and more aptitude for multi-tasking in several different ways. I myself am usually on here all day, but only from time to time in between tasks or as I wait for something to finish processing.

Indeed. My work day looks like...

Work for 30 mins. Make breakfast for fam. Work for one hour. Play drums for 20 mins. Work for 30 mins. Tend to the kids for 20 mins. Work for 1h. Make lunch. Work for an hour. Dishes and dish washer for 30 mins. work for an hour. Throw meat in oven and play with kids. Work for an hour. Play drums for 20 mins. Work for an hour. Prep dinner fir 20 mins. Work for 20 mins. Set table.... At 5:30, the wife gets home from work, kids are sorted, dinner's hot on the table. Then I work from 10-midnight as EU/DVCI TZ's come online.

It's a good gig cause I'm home all the time. It's a bad gig because I'm at work all the time.

pgm554 07-15-2018 09:59 PM

Re: Drummerworld and SSL -- It's time
 
SSL is the way the net is going.

Google will start to display site is not trusted in their Chrome browser.

So at about 60% of the market ,it could make folks think twice about visiting the site.

There are a number of free trusted certs you can get,so cost really isn't much of a barrier.

TheElectricCompany 07-17-2018 11:29 PM

Re: Drummerworld and SSL -- It's time
 
Thanks for the heads up, guys. I'm checking my frequently used sites for the secure notification and updating my passwords.

KamaK 07-24-2018 09:38 PM

Re: Drummerworld and SSL -- It's time
 
Today is the day. It's been nice.


All times are GMT +2. The time now is 04:30 PM.

Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Bernhard Castiglioni's DRUMMERWORLD.com