HTTPS

We don't have it. We should, and probably require it via redirect.

Likely this will be a few $ for a certificate from a reputable Certificate Authority. I don't remember if Let's Encrypt has finally solved their issues, but if they have, that's probably the easiest way to get one and get it set up.

Agreed.

Let's Encrypt still has issues, but the really bad ones have been fixed, so I'm going to go ahead and install it since it's free. Shouldn't be any downtime.

So I'm an idiot and managed to lock myself out of the board at my hotel and at home over VPN while trying to pull a backup. Can someone log in over SSH as root and run

Code:

iptables -f DENYIN

? Thanks.

Thanks whoever did that.

Actually there will be a bit of downtime. Let's Encrypt doesn't work with our current WHM/cPanel, but the latest WHM/cPanel requires an OS update of some magnitude which will undoubtedly require at least a few minutes of downtime, possibly, but hopefully not, longer.

So we have a 32-bit server, but can't get newer WHM/cPanel versions without a 64-bit OS. Investigating an upgrade path.

I almost hate to ask, but is anyone other than me even paying attention here? O2C is lining up some pretty major upgrades, yanno.

I don't think many folks understand what it is he's doing

I trust him, though

I get it, but don't have time to comment, ATM.

Do whatever is necessary. If you know when and how long it'll take either pin an announcement to the top of the Red Room or let us know so someone else can do it.

I have no idea how to do any of that so I took a screen shot of your ask and hit up John. He temporarily stepped back into his Tech Admin role to free you.

Have you tried reversing the polarity?

I have no idea what any of that means, but you have my support.

Okay, I'll weigh in now. First of all, let me say that I have a good (though non-technical) understanding of what O2C's talking about. For those of you wondering, essentially, it means that any time you log on to WF, your connection would be "encrypted," meaning that nobody but you, and the board's software could snoop in on your connection. The EFF, and others, have started pushing for all websites to do this in the wake of all the Snowden revelations about how much the government is spying on people. Google bumps sites that use HTTPS higher in search rankings, so WF would move up a notch or two in search results by doing this.

The problem with all of this, however, is that while it's great for somebody living in a place like Saudi Arabia (or other despotic shithole), outside of those countries, it really doesn't make much difference. (I'm sure that when O2C or John reads this, they'll have kittens, because I'm simplifying things tremendously, but, IMHO, it's close enough.) The thing that I have found, when dealing with Mom-N-Pop sites like WF (ie, those operated by non-professionals for fun, rather than profit) is that sooner, rather than later, something goes wrong with either how the site's configured, or the cert lapses, and when you try to access it, instead of getting a notice that, "Hey, the security setting's are bonkers, so don't do anything stupid like entering your credit card number," your web browser goes:

Mind you, it doesn't even have to be anything that we, or the cert issuer has does done to trigger that. It could simply be the setting of the hotel wifi that are bonkers which are causing the problem (because the clerk is too dumb to reboot the router when he's supposed to).

I appreciate those kinds of warnings and being blocked when I'm attempting to go to an "important" site (ie one where I could be expected to have put damaging information up, or credit card information), but not when I'm trying to get to a place as mundane as this one. I'm not objecting to adopting HTTPS, I'm just pointing out that there's "hazards" to using it. Eventually, every site is probably going to have to adopt it, so we might as well accept the inevitable and deal with it.

Certificate expiration is the only real concern, and it's not that big of a deal.

Tuckerfan is mostly right, although there are other benefits, like your ISP or anyone snooping on your connection can't alter the content that comes down. Plus, what with major ISPs aiming to start selling browsing data to advertisers, better that they can only tell what site you visit, rather than also what pages within that site. That one is my primary motivation here.

Re: big updates, I'm currently looking at a workaround, rather than an OS upgrade. That looks to be a rather larger project than I want to take on, including moving the board to a new VM.