Can we make https work for the new forum?

My Firefox keep nagging me that the connection is not secure. Not a big issue, just annoying. If we could get HTTPS to work, that would be great.

2 Likes

I’d kick in for the security certificate as a thank you to @hannah and @bar

2 Likes

Thanks @CSwartzell! I’ll start looking into it and see what it would take to get us https set up :smile:

1 Like

with the https anywhere project it should be possible to use a free cert
(depending on hosting)
k

1 Like

I am going to pass along the best SSL tip I ever got…

Get a free one via CloudFlare.

I have it installed on all 3 of my blogs.

It is fantastic. And free.

If you do not know how to do it, search on Fiverr.com for something like:

Cloudflare SSL

1 Like

Im a web app developer and install SSLs almost daily.
Let me know if i can help.

Why not use a LetsEncrypt SSL cert? Its free and certificate updates can be scripted with the ATOM protocol and a Cron job.

https://letsencrypt.org/

1 Like

I’ve used Lets Encrypt on GoDaddy hosting, not terribly convenient, but it works. Just have to update it every 90 days.

HTTPS on the forums would be nice, but on the Store would be better, and site wide the best.

1 Like

@jbnimble Did you run it with a cron job? I’ve had mine set like that since LE went public and havn’t had an issue. I run the job every week and if the cert is in the update window it updates if not nothing happens.

Problem I see with LE is if @bar & @hannah want to get a wild card cert, LE can’t do that.

@JDogHerman, I have not setup a server side LE install, or cron job yet. I do the manual way that validates on the server with a file to show I have access. I don’t keep that many domains, so manually adding the domains for my LE certificate has not been onerous, also refreshing the certificate manually every 90 days has not been too bad. I’ve gotten the manual process down to about 10 minutes, if I don’t screw up my instructions. I should probably automate it…

Wildcard certs are coming to LE, but still 6 months or more away.

Yes, you should really look into the automated scripts. Most of them require very little effort to install and they work perfectly.

1 Like

I highly recommend using Certbot and a cronjob. Its so nice!

2 Likes

I was just wondering about that too…

It’s the NSA is watching what I’m doing crowd that’s driving the https everywhere hysteria. Just ignore the warnings. They can read everything here anyway just like everybody else, no illegal download copyright violations here.

Personally I hope some of the spies buy a lot of Maslows and make stuff on their days off.

Please forgive me, but now i have to do some ranting.

I like the idea of having https on by default everywhere, then you never have that worrie, and when there is a site that’s broken then it’s easy to have a much clearer warning. NSA is not going away any time soon. That make all the more sense to phase out http for https. But ok, the NSA also managed to break https…
It’s hard to convince a bunch of bureaucrats that are stuck in their own illusions to stop spying on the masses. I’m not a US citisen, and the NSA has not to spy on me, not even when i’m sharing my ideas with Maslow. I really would appreciate https to be activated. Though I can imagine that the Maslow crew has other priorities.

For USA citizens the NSA is not a big issue as they ‘should not spy’ on US citizens.
For the rest of the world this means that we are ALWAYS being spied upon.

AND THAT SUCKS (dear American friends)
The American people do not spy on us, but still they allow their government to abuse the privacy of ‘the rest of the world’
AND please realise that when the NSA spies on people who communicate with Americans that this results in the NSA spying on the US citizens that are communicating with non US citizens.

So by talking to me, your privacy will also be no longer respected

That was the long answer, the short answer is:

the

All governments are doing the same sort of spying, so substatute government of
choice for USA in your rant.

My gov probably buys the data from the NSA… :slight_smile: So the NSA still does the spy work…

But yes https would at least make it harder for all the spies. All governments are crap eventhough there stil are a few good people in gov, but if they keep silent then that diminished their goodness, so in a way i hope one of those good people reads this and makes work of it for all of us.

My apologies for my ranting in this topic, I prefer to share more on topic idea’s. But if it is possible and someone has time to fix this then it really would be appreciated.

I just have a very short fuse when it comes to governmental crap.

Everything here can be read as web pages, it’s all readily available to any governmental or private entity. Encrypting traffic to and from this site changes nothing.

I’d rather the effort it would take to encrypt the traffic went into Maslow development, not encrypting publicly available posts.

The NSA (or other three letter agency) does not have the budget to store all traffic, the bandwidth to capture it, or the people (real or AI) to read and interpret it. And that’s ignoring the distributed nature of the Internet.

1 Like

Hm ok,

Though the budget they have is big enough to store everything many times over.
If Google has the budget to store pictures of ALL the roads on earth, and make that data available EVERY YEAR, and in a higher resolution. Then a 3 letter agency, with budgets many times larger then googles budget for google maps, can then store many times more data. As written words don’t take much space at all.

If our governments don’t respect our basic right for privacy then we must somehow take our privacy back.
If the dude with silly moustage would have had this kind of technology at his disposal then we now would all be wearing silly uniforms.

Pushing back is a noble thing in a world where greedy politicians are filling their pockets with ever raising tax percentages.

Yes, i have some unfinished buisiness with my gov… That’s why i’m becoming ever more of an extremist in that regard. I just try to solve it in a civilised manner by taking evey oppertunity to explain the bad behaviour of our politicians. And for some reason i have to keep doing that on every chance i get.
If more people would do this then that could eventually change their behaviour.

I’m not saying fix https right now, but it would be nice if it could be fixed. If not then thats a pitty but no man overboard. It’s not just the 3 letter agencies that are mopping up all our data, it’s also the advertising industry and many others who sell our data for pocket change without any respect for our privacy.

etc., etc. i could ramble on for days…

We are all friends here no matter where you are from and no matter your race… We are working together to make the Maslow a greater maching. Forget the Government and politics talk. Go cut something fun and share it for all of us! I now have a friend in the Kingdom of Bahrain, never thought that would happen. It’s great!

4 Likes