• Welcome to Stitcher's Guild Reloaded. Please login or sign up.
September 17, 2019, 09:00:05 pm

News:

Remember:  Finalizing a subscription is a manual process, so be patient; your account will be updated ASAP.


not secure problems

Started by marciae, November 15, 2018, 10:53:34 am

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

marciae

I posted today and a bit red sign came up - Not secure.  I've not had or seen this before??

Turquoise

Yes, I get this when I sign on from my desktop.

DragonLady

That's correct; SG doesn't use Secure Socket Layers, so it is unsecured for the purposes of posting any personal information here.  You should never post your phone number, credit card or banking information or any other sensitive information here.
The road to our success is always under construction.
If you should have any trouble with any aspect of the forums, just email me: dl@artisanssquare.com

Buy a Subscription Now to participate in all of our great discussions! Less than .75¢ per week for all-you-can-eat access. :)  Gift Subscriptions are available, too; just message me for assistance anytime.

Visit my Etsy shop for gorgeous buttons, craft, & sewing supplies:<br />https://www.etsy.com/shop/RoadsideAttractions

marciae

Thanks - I don't post anything personal - don't post much at all in fact.  I'd just never noticed before??  Not time for eye check up yet, but maybe need to call anyway! ::)

DragonLady

If your device has recently been updated, your security settings may have been changed to warn you if a site is insecure.

As posts here are public, there's no reason for them to be secured, and the subscription payments go through PayPal so it uses their security.
The road to our success is always under construction.
If you should have any trouble with any aspect of the forums, just email me: dl@artisanssquare.com

Buy a Subscription Now to participate in all of our great discussions! Less than .75¢ per week for all-you-can-eat access. :)  Gift Subscriptions are available, too; just message me for assistance anytime.

Visit my Etsy shop for gorgeous buttons, craft, & sewing supplies:<br />https://www.etsy.com/shop/RoadsideAttractions

marciae

My computer was just cleaned and updated.  Thanks

sdBev

Well that's what did it, marciae.  When they 'clean' a computer, among other things they do is delete all the all the cookies and often reset some of your preferences.  Entirely possible they made your security setting higher which I found could keep me from accessing sites I visit alll the time.

Doesnt matter if you have a pc box on a desk or a cute tablet, computers are unending fun (not).
No more CHEMO! Working on recovering from the cancer, chemo and long period of restricted activity with unrestricted eating. Periodic updates with more detail will be on my site.  Www.sdbev.wordpress.com

DragonLady

Quote from: sdBev on November 16, 2018, 12:16:06 pm
Well that's what did it, marciae.  When they 'clean' a computer, among other things they do is delete all the all the cookies and often reset some of your preferences.  Entirely possible they made your security setting higher which I found could keep me from accessing sites I visit alll the time.

Doesnt matter if you have a pc box on a desk or a cute tablet, computers are unending fun (not).


Yes; this.  Computer servicing companies of all kinds, antivirus and firewall protection programs, "disk cleaning" services, registry cleanups and other maintenance program all change your security settings to the very highest protection protocols available which are usually only used for online shopping at sites that store your banking or credit card information.

Most sites -like SG- never use any of those kinds of secure measures because they also make many of the features we use -like public posts or user-to-user messaging impossible. 
The road to our success is always under construction.
If you should have any trouble with any aspect of the forums, just email me: dl@artisanssquare.com

Buy a Subscription Now to participate in all of our great discussions! Less than .75¢ per week for all-you-can-eat access. :)  Gift Subscriptions are available, too; just message me for assistance anytime.

Visit my Etsy shop for gorgeous buttons, craft, & sewing supplies:<br />https://www.etsy.com/shop/RoadsideAttractions

LyndaC

But it seems I can no longer post anywhere on this site except here.  Please, administrators, help me get back in!  I have paid the fee.  Help?

Joyce P

Well.... I just saw a posting from LyndaC over in the holiday wishes topic, so that's clearly not true.

LyndaC, your complaint looks increasingly like spam ;-(

Melinda_B

Not having the https also affects your ranking in search engines, predominantly google.  From 1 Jan they are placing higher priority on sites that have the https and downgrading sites without it.
Melinda

Perth, Australia
Personal Blog - https://melbrennan.com/

LyndaC

Whatever was keeping me from posting was - thankfully -temporary.
Thank you, administrators!

DragonLady

Quote from: Melinda_B on December 26, 2018, 05:54:14 pm
Not having the https also affects your ranking in search engines, predominantly google.  From 1 Jan they are placing higher priority on sites that have the https and downgrading sites without it.


Yes; I know they're doing that.  But there's no way I trust our current hosts to migrate us to a secured server, so to me it's just another line item in the "reasons to move to new hosting" column.


The road to our success is always under construction.
If you should have any trouble with any aspect of the forums, just email me: dl@artisanssquare.com

Buy a Subscription Now to participate in all of our great discussions! Less than .75¢ per week for all-you-can-eat access. :)  Gift Subscriptions are available, too; just message me for assistance anytime.

Visit my Etsy shop for gorgeous buttons, craft, & sewing supplies:<br />https://www.etsy.com/shop/RoadsideAttractions

Saashka

Quote from: DragonLady on December 27, 2018, 11:15:47 am
But there's no way I trust our current hosts to migrate us to a secured server, so to me it's just another line item in the "reasons to move to new hosting" column.


So, this moving to a new host was the plan this time a year ago but hasn't happened. What is the plan for moving forward and what does the timeline look like? I'm asking because it's time to decide whether to resubscribe.

DragonLady

Quote from: Saashka on December 27, 2018, 06:02:30 pm
Quote from: DragonLady on December 27, 2018, 11:15:47 am
But there's no way I trust our current hosts to migrate us to a secured server, so to me it's just another line item in the "reasons to move to new hosting" column.


So, this moving to a new host was the plan this time a year ago but hasn't happened. What is the plan for moving forward and what does the timeline look like? I'm asking because it's time to decide whether to resubscribe.


Right now, today, I'm still waiting for the SMF team to release their upgrade.  Once that is available, I'll install it, and we'll see how that goes.  I don't have any concrete plans at this time to try changing hosting -partly because of the very bad experience I had last time. 

Once the board is updated, we'll see how it runs.  Being secured -using secure socket layers- really isn't a priority for me, as we don't have any information here to secure.  But if the new incarnation of the board is having problems, then I'll revisit the issue.

The road to our success is always under construction.
If you should have any trouble with any aspect of the forums, just email me: dl@artisanssquare.com

Buy a Subscription Now to participate in all of our great discussions! Less than .75¢ per week for all-you-can-eat access. :)  Gift Subscriptions are available, too; just message me for assistance anytime.

Visit my Etsy shop for gorgeous buttons, craft, & sewing supplies:<br />https://www.etsy.com/shop/RoadsideAttractions

DragonLady

I want to make a few comments on this topic, mostly because it relates to a larger issue I'm seeing in a lot of places -and in different ways- all over the internet.

As many of you may recall, when I first announced we would switch to a subscription model, I said I would change web hosts, because so many parts of SG wasn't working correctly after the migration. Our attachments directory was broken, and our hosts didn't seem to be able to fix it.  The whole site was timing out repeatedly for no apparent reason, our web space was absolutely cluttered with debris the migration team left behind, and I felt like I was talking to a wall when I tried to communicate with them.  The real problem was the lack of understanding the problem.

I did, indeed, buy another hosting account with a company that seemed promising.  The rep I spoke to seemed to understand our needs, talked a bit about what might be causing our issues, made me an attractive offer, and I signed up -and paid for it*.  However, the whole thing fell through because once they gave me access, the entire admin section was giving me alerts it was insecure (bad) and the company advised I should fix it by uninstalling my Windows firewall!  In other words: ignore the smoke...just turn off the smoke detector and go about your day.

And here I should say: the problem really wasn't the lack of security.  The problem was the lack of understanding the problem.

Here's a humorous example of this some of you may have heard or seen before:

QuoteOnce upon a time, a mother was teaching her daughter the family recipe for making a whole baked ham. It was the very best ham anybody had ever had so they always followed that recipe carefully.

They prepared the marinade, scored the skin, put in the cloves, and then came a step the daughter didn't understand.

"Why do we cut off the ends of the ham?" she said. "Doesn't that make it dry out?"

"You know, I don't know," said the mother. "That's just the way grandma taught me. We should call grandma and ask."

So they called grandma and asked, "why do we cut off the ends of the ham? Is it to let the marinade in, or what?"

"No," said Grandma. "To be honest, I cut the ends off because that's how my mother taught me. I added the marinade step later, because I was worried about the ham drying out. Let's call great grandma and ask her."

So they called the assisted living facility where great grandma was living, and the old woman listened to their questions, and then said.

"Oh, for land sakes! I cut off the ends because I didn't have a pan big enough for a whole ham!"


(I copied this one from http://daringnovelist.blogspot.com/2011/07/baked-ham-joke-and-problem-with-legacy.html but you can find variations all over the 'net)

The problem is legacy, or cultural training.  When one person teaches another -usually through on-the-job training, without passing on all the reasons why something is done the way it is. It works fine, until a problem arises, and then no one knows how to fix it.

Right now, there's a push by Google (the search engine company) to penalize web sites that are not using secure socket layers to secure their pages.  I think this is a case of a legacy issue: not understanding the reason SSL has always been used by companies to secure sensitive data such as credit card use, and not recognizing those cases when it's not needed.  I suppose there's also an element of security theatre** involved: somehow, seeing the little padlock in the corner makes someone feel marginally safer, even when there was never any threat. 

SG doesn't need SSL because we're not keeping the kinds of sensitive data that makes us vulnerable.  An armed guard on an empty building is a waste of time and money, and doesn't offer any real security.

It is, of course, very important that anyone collecting sensitive data should use a secured site (although it's equally important it's installed correctly, and that every step of the chain is secured, but that's another post for another time), but SG really isn't at risk.

I haven't changed hosts.  I haven't changed for several reasons, but any -or all- of them may change in time, and if they do I am ready to bundle us up and move us if needed.  As it was, the process of readying us to move uncovered some of the issues so things started working as intended again, and our attachments directory was finally restored, allowing us to post images and pretty much return to normal service.

I understand we have a distance to go.  Today, as I write this, the board is suffering compatibility issues with the current verson of php (the language the board uses), but that will be true no matter where we move to right now, as every host is using the same version.  The board developers are in the process of updating everything, but as always it takes time.  They are, as I understand it right now, working on bug fixes and striving to put out another excellent product***.  When it's available, I'll update us, and then we'll see what still needs to be done to take us to the next steps of our journey.

What I can say, for sure, is the new incarnation has a lot of great features we don't currently have, and will be more compatible with the current hosting configuration.  I really think everyone is going to love it when they see it, and that it is worth waiting for it to be ready.

* Nope.  Never received the promised "full refund" either.

** Security theater is the practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to achieve it.

** We're waiting for the first release candidate, which is believed to be stable and bug free.  But once it's out in the wild, running on a thousand different platforms, new bugs will appear.  It's just part of the process.




The road to our success is always under construction.
If you should have any trouble with any aspect of the forums, just email me: dl@artisanssquare.com

Buy a Subscription Now to participate in all of our great discussions! Less than .75¢ per week for all-you-can-eat access. :)  Gift Subscriptions are available, too; just message me for assistance anytime.

Visit my Etsy shop for gorgeous buttons, craft, & sewing supplies:<br />https://www.etsy.com/shop/RoadsideAttractions

angelsweb

Dragon Lady, thanks for this explanation. While I don't understand the intricacies of the computer end of things, your post has made some of the issues much clearer for me.

Thanks for all you do to keep us up and operating!

Angelia

DragonLady

Quote from: angelsweb on January 01, 2019, 01:00:20 pm
Dragon Lady, thanks for this explanation. While I don't understand the intricacies of the computer end of things, your post has made some of the issues much clearer for me.

Thanks for all you do to keep us up and operating!

Angelia


I'm glad to hear that, Angelia.  I often have difficulty explaining the issues in words. 
The road to our success is always under construction.
If you should have any trouble with any aspect of the forums, just email me: dl@artisanssquare.com

Buy a Subscription Now to participate in all of our great discussions! Less than .75¢ per week for all-you-can-eat access. :)  Gift Subscriptions are available, too; just message me for assistance anytime.

Visit my Etsy shop for gorgeous buttons, craft, & sewing supplies:<br />https://www.etsy.com/shop/RoadsideAttractions

DragonLady

Quote from: KamWady on August 11, 2019, 04:22:14 pmHi Dave

When is the search going to be fixed? I keep clicking on Active Topics only to be told its not working. Active topics is the only way I read the forum, cant be bothered to go to each section.

Next time it happens, please email me a screenshot.  dl@artisanssquare.com

The road to our success is always under construction.
If you should have any trouble with any aspect of the forums, just email me: dl@artisanssquare.com

Buy a Subscription Now to participate in all of our great discussions! Less than .75¢ per week for all-you-can-eat access. :)  Gift Subscriptions are available, too; just message me for assistance anytime.

Visit my Etsy shop for gorgeous buttons, craft, & sewing supplies:<br />https://www.etsy.com/shop/RoadsideAttractions