DRUMMERWORLD OFFICIAL DISCUSSION FORUM   

Go Back   DRUMMERWORLD OFFICIAL DISCUSSION FORUM > DrummerWorld Site News

DrummerWorld Site News What's New at DrummerWorld

Reply
 
Thread Tools
  #1  
Old 11-21-2017, 08:06 AM
KamaK KamaK is online now
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,680
Default Drummerworld and SSL -- It's time

Bernhard,

I'd gladly chip in the $7.50 for the first year and 30 mins to show you how to set up SSL/HTTPS. I feel like a chump every time I type something here (including my password) because anyone with wire access can see it. Heck, I'd chip in $20 for a 3-year cert.

I get that there are drawbacks (the yearly expense, performance overhead, requirement of technical expertise to add a rewrite rule so old links work, periodic renewals, registration). But a number of us check in from hotel wifi, bar wifi, and other public places and would greatly appreciate the increase in privacy.

Note: Looks like COMODO resellers are ~9/yr these days.
Reply With Quote
  #2  
Old 11-21-2017, 07:43 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

The port is open on the firewall, but the default apache page with self-signed is what you get.

Since I don't use this password anywhere else I'm not that worried about it and other than passwords, I think someone snooping this data stream would be pretty disappointed. If you're going to do it, make sure to re-direct http to https or it's pretty useless for anyone but you, I and other folks with IT sec on their minds.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #3  
Old 11-21-2017, 08:01 PM
KamaK KamaK is online now
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,680
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Dr_Watso View Post
If you're going to do it, make sure to re-direct http to https or it's pretty useless for anyone but you, I and other folks with IT sec on their minds.
Indeed, though it's generally best to use a rule instead of a redir, so that the string beyond the domain name is preserved, and all of the links on the board continue working.

Something simple like:


Code:
    RewriteEngine on
    RewriteCond   %{SERVER_PORT}  !^443$
    RewriteRule ^/(.*)$ https://www.drummerworld.com/$1 [L,R]
Reply With Quote
  #4  
Old 02-09-2018, 09:01 PM
KamaK KamaK is online now
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,680
Default Re: Drummerworld and SSL -- It's time

Bernhard,

You going to be ready for July?

https://arstechnica.com/gadgets/2018...as-not-secure/

Ping me if you need a hand.
Reply With Quote
  #5  
Old 02-09-2018, 10:07 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Bernhard,

You going to be ready for July?

https://arstechnica.com/gadgets/2018...as-not-secure/

Ping me if you need a hand.
The cynic in me thinks that immediately following this update, google with start selling SSL certs.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #6  
Old 02-10-2018, 02:45 AM
KamaK KamaK is online now
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,680
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Dr_Watso View Post
The cynic in me thinks that immediately following this update, google with start selling SSL certs.
Indeed.

Luckily, enough cynics felt this way a few years back and created their own CA.

http://www.cacert.org/
Reply With Quote
  #7  
Old 02-10-2018, 02:55 AM
Pocket-full-of-gold's Avatar
Pocket-full-of-gold Pocket-full-of-gold is offline
Platinum Member
 
Join Date: Sep 2009
Location: Melbourne, Australia.
Posts: 11,208
Default Re: Drummerworld and SSL -- It's time

There are times when I'm privy to a discussion and feel nothing but an utter friggen' moron.

This is one of those times.
Reply With Quote
  #8  
Old 02-10-2018, 03:23 AM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Pocket-full-of-gold View Post
There are times when I'm privy to a discussion and feel nothing but an utter friggen' moron.

This is one of those times.
As simplified as I can, since it's an important topic, and maybe you'll find it interesting. It's certainly more complicated than I'll make it out to be, and please feel free to ask questions if you like.

Websites that begin with "https://www.example.com" rather than the regular http are "secured" by utilizing a tech called SSL which is what Kamak is talking about for DW.

Think of SSL kind of like "pig latin". Two people can communicate without using real english, but still understand each other on the basis that they both realize you just re-arrange the letters to each word in a set way. If an outsider who doesn't have the "code" tries to listen in, say a small child who hasn't figured it out yet, they'll be confused.

That's a long way of saying it's a literal cipher key. Just like radio cipher or my previous example of the "pig latin" code, using SSL/HTTPS can help prevent a nefarious fellow who's trying to listen into the data exchange and get passwords, or what have you.

Since we don't exchange credit card numbers or do business on this site, it's not that big of a deal, but using it is certainly best practice and helps with security.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #9  
Old 02-10-2018, 03:29 AM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Indeed.

Luckily, enough cynics felt this way a few years back and created their own CA.

http://www.cacert.org/
Hey, that's cool! Thanks!

I don't think I would trust it as much for something critical, but for general use like this that's neat!
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #10  
Old 02-10-2018, 07:48 AM
KamaK KamaK is online now
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,680
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Dr_Watso View Post
I don't think I would trust it as much for something critical, but for general use like this that's neat!
On the flip side, we can trust that Verisign/Symantec/Thawte/Entrust trusts their customers just enough to be willing to take their money. Sigh, the uncanny intermingling of capitalism and privacy... I guess it's hard to complain with my mouth full.
Reply With Quote
  #11  
Old 02-12-2018, 05:23 PM
Jeremy Bender's Avatar
Jeremy Bender Jeremy Bender is offline
Platinum Member
 
Join Date: Jul 2007
Location: Gulf Coast USA
Posts: 3,152
Default Re: Drummerworld and SSL -- It's time

I don't understand what any of this means. Is the future use of this forum in danger of a security breach to our own computers? Will we start having to pay to be members?
Thanks. I know very little about these things.
Reply With Quote
  #12  
Old 02-12-2018, 07:37 PM
KamaK KamaK is online now
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,680
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Jeremy Bender View Post
I don't understand what any of this means. Is the future use of this forum in danger of a security breach to our own computers? Will we start having to pay to be members?
Thanks. I know very little about these things.
Ultimately, it means that anyone on your local network or anyone on DWorlds network can see anything you submit to the site, and know what you've been looking at. It also means that any DW data passing through your ISP is automatically being routed through a mystery closet and analyzed by the NSA.

(no, really, not being paranoid or making this up, there really is a government closet at your ISP analyzing absolutely everything you see and post).

Not an issue for 95% of the content here, but this includes your user/password and PM's.
Reply With Quote
  #13  
Old 02-12-2018, 08:03 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Not an issue for 95% of the content here, but this includes your user/password and PM's.
Yep, this is really the only "worry". People often use similar username and password combos on multiple sites, so the fact that someone can snoop our passwords on this site as we use them could be an issue for some.

For the time being, everyone reading this should make sure the password they use here is not the same as one for something critical or financial.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #14  
Old 02-12-2018, 08:05 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
On the flip side, we can trust that Verisign/Symantec/Thawte/Entrust trusts their customers just enough to be willing to take their money. Sigh, the uncanny intermingling of capitalism and privacy... I guess it's hard to complain with my mouth full.
I almost stated such in my response, but meh.

I think I only feel "safer" because we're paying for it with the big providers. Makes me feel like they will have better, more secure and more redundant/consistent service. If that's true or not is hard to say in the grand scheme, but at least I can sue!
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #15  
Old 02-13-2018, 07:05 AM
DrumEatDrum's Avatar
DrumEatDrum DrumEatDrum is offline
Platinum Member
 
Join Date: Jan 2009
Location: Los Angeles, CA
Posts: 9,243
Default Re: Drummerworld and SSL -- It's time

I'd settle for not using the same 10 year old version of V-bulletin and adding some modern features around here.

I love this forum, but it's stuck in internet past.
Reply With Quote
  #16  
Old 02-13-2018, 07:59 PM
Jeremy Bender's Avatar
Jeremy Bender Jeremy Bender is offline
Platinum Member
 
Join Date: Jul 2007
Location: Gulf Coast USA
Posts: 3,152
Default Re: Drummerworld and SSL -- It's time

What if you use "incognito" mode on Chrome?
Reply With Quote
  #17  
Old 02-13-2018, 08:03 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Jeremy Bender View Post
What if you use "incognito" mode on Chrome?
All that does is prevent your computer from storing info locally on the hard drive about visited sites and all that jazz.

It does not change the fact that passwords here are sent to the server un-encrypted and "snoopable". Please don't use common passwords here and change any passwords that you share with this site and others.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #18  
Old 02-13-2018, 09:54 PM
T.Underhill's Avatar
T.Underhill T.Underhill is offline
Pioneer Member
 
Join Date: Oct 2005
Location: MD
Posts: 1,877
Default Re: Drummerworld and SSL -- It's time

This is what your Internet traffic would look like when you login to the site via http not https. The username and password is shown in "clear text" meaning readable to whoever is capturing your traffic. I know this has been stated, but the visual is interesting. This traffic is likely to only be compromised if you're on a public network like an open WiFi connection.
Attached Images
 
Reply With Quote
  #19  
Old 07-05-2018, 10:51 PM
BradGunnerSGT's Avatar
BradGunnerSGT BradGunnerSGT is offline
Silver Member
 
Join Date: Mar 2010
Location: Central Texas
Posts: 680
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Indeed.

Luckily, enough cynics felt this way a few years back and created their own CA.

http://www.cacert.org/
Even better: https://letsencrypt.org

Totally free and the certificate auto renews every 30 days. The project is funded by the Linux Foundation.
Reply With Quote
  #20  
Old 07-06-2018, 05:20 PM
KamaK KamaK is online now
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,680
Default Re: Drummerworld and SSL -- It's time

Bernhard,

Websense is now blocking your site from a number of organizations, including my work.
Reply With Quote
  #21  
Old 07-06-2018, 06:55 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Bernhard,

Websense is now blocking your site from a number of organizations, including my work.
Good thing you're a l33t haxor and nothing so mundane would ever challenge your skillz.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #22  
Old 07-07-2018, 11:33 AM
Bernhard's Avatar
Bernhard Bernhard is offline
Founder Drummerworld
 
Join Date: Jun 2005
Location: Riehen - Basel - Switzerland
Posts: 2,221
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Bernhard,

Websense is now blocking your site from a number of organizations, including my work.
So you're not working in a DRUM Organization???
Reply With Quote
  #23  
Old 07-07-2018, 04:57 PM
eric_B's Avatar
eric_B eric_B is offline
Senior Member
 
Join Date: Apr 2011
Location: The Netherlands
Posts: 441
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Bernhard,

Websense is now blocking your site from a number of organizations, including my work.
You're browsing (drum) forums while working?
I would not like people working for me doing that...

More on topic: I do think SSL/HTTPS will be safer.
Then again, anyone using the same password should really start using a password manager.
And don't post anything on public forums, Facebook, Twitter, etc you do not want to be confronted with ever again.
__________________
A kit: Gretsch Renown
E kit: TD-9KX
Masterwork cymbals...Guru snares
Reply With Quote
  #24  
Old 07-09-2018, 05:20 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 6,063
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by eric_B View Post
You're browsing (drum) forums while working?
I would not like people working for me doing that...

More on topic: I do think SSL/HTTPS will be safer.
Then again, anyone using the same password should really start using a password manager.
And don't post anything on public forums, Facebook, Twitter, etc you do not want to be confronted with ever again.
You might not like it, but it's happening. Try to focus more on the person's productivity than what they do from moment to moment and you'll have happier employees and less stress from trying to manage workflow. If they're productive or make you money, it doesn't matter what else they do so long as it isn't putting them or you at risk, like browsing porn or something.

Kamak's point is that it's being blocked because it's rated as insecure and unsafe, not because it's a drum website. If his employer wanted to use websense to block drum/music sites, they could, but obviously don't.

Trust me, as someone who looks at corporate internet logging a lot, browsing is just something people do these days. Recent generations grew up with shorter attention spans and more aptitude for multi-tasking in several different ways. I myself am usually on here all day, but only from time to time in between tasks or as I wait for something to finish processing.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #25  
Old 07-15-2018, 07:13 PM
KamaK KamaK is online now
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,680
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Dr_Watso View Post
Trust me, as someone who looks at corporate internet logging a lot, browsing is just something people do these days. Recent generations grew up with shorter attention spans and more aptitude for multi-tasking in several different ways. I myself am usually on here all day, but only from time to time in between tasks or as I wait for something to finish processing.
Indeed. My work day looks like...

Work for 30 mins. Make breakfast for fam. Work for one hour. Play drums for 20 mins. Work for 30 mins. Tend to the kids for 20 mins. Work for 1h. Make lunch. Work for an hour. Dishes and dish washer for 30 mins. work for an hour. Throw meat in oven and play with kids. Work for an hour. Play drums for 20 mins. Work for an hour. Prep dinner fir 20 mins. Work for 20 mins. Set table.... At 5:30, the wife gets home from work, kids are sorted, dinner's hot on the table. Then I work from 10-midnight as EU/DVCI TZ's come online.

It's a good gig cause I'm home all the time. It's a bad gig because I'm at work all the time.

Last edited by KamaK; 07-15-2018 at 09:26 PM.
Reply With Quote
  #26  
Old 07-15-2018, 09:59 PM
pgm554's Avatar
pgm554 pgm554 is offline
Gold Member
 
Join Date: Oct 2013
Location: San Francisco Bay Area
Posts: 1,388
Default Re: Drummerworld and SSL -- It's time

SSL is the way the net is going.

Google will start to display site is not trusted in their Chrome browser.

So at about 60% of the market ,it could make folks think twice about visiting the site.

There are a number of free trusted certs you can get,so cost really isn't much of a barrier.
__________________
Pearl MCX Gretsch Renown and many many Fibes snares.
Reply With Quote
  #27  
Old 07-17-2018, 11:29 PM
TheElectricCompany's Avatar
TheElectricCompany TheElectricCompany is offline
Senior Member
 
Join Date: May 2016
Location: Houston, TX
Posts: 362
Default Re: Drummerworld and SSL -- It's time

Thanks for the heads up, guys. I'm checking my frequently used sites for the secure notification and updating my passwords.
__________________
Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off




All times are GMT +2. The time now is 05:45 AM.


Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Bernhard Castiglioni's DRUMMERWORLD.com