Site Security http:

Message boards : Number crunching : Site Security http:

Author	Message
Bill F Send message Joined: 5 Jul 18 Posts: 19 Credit: 41,924,622 RAC: 75,282	Message 6620 - Posted: 13 Jul 2020, 15:44:30 UTC
	Both of my browsers are showing the http: site as not secure and it does not appear that the Project has https: enabled. It this something that can be looked at and fixed or developed ? Thanks Bill F ____________ In October 1969 I took an oath to support and defend the Constitution of the United States against all enemies, foreign and domestic; There was no expiration date.
	ID: 6620 · Rating: 0 · rate: / Reply Quote

rebirther Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 2 Jan 13 Posts: 7479 Credit: 43,686,081 RAC: 42,669	Message 6621 - Posted: 13 Jul 2020, 17:43:51 UTC - in response to Message 6620.
	Both of my browsers are showing the http: site as not secure and it does not appear that the Project has https: enabled. It this something that can be looked at and fixed or developed ? Thanks Bill F was not planned and making more issues
	ID: 6621 · Rating: 0 · rate: / Reply Quote

Bill F Send message Joined: 5 Jul 18 Posts: 19 Credit: 41,924,622 RAC: 75,282	Message 6923 - Posted: 9 Nov 2020, 19:40:28 UTC - in response to Message 6621.
	Understood that it might create an issue, but it would improve security for both the Project and the Volunteers. It is also the direction that many of the active Projects are now going. Please consider. Thank You Bill F
	ID: 6923 · Rating: 0 · rate: / Reply Quote

rebirther Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 2 Jan 13 Posts: 7479 Credit: 43,686,081 RAC: 42,669	Message 6924 - Posted: 9 Nov 2020, 20:39:09 UTC - in response to Message 6923.
	Understood that it might create an issue, but it would improve security for both the Project and the Volunteers. It is also the direction that many of the active Projects are now going. Please consider. Thank You Bill F The OS is rather old and some things are broken. I also cannot compile something on this system, sorry for this. The rest is still running and that counts.
	ID: 6924 · Rating: 0 · rate: / Reply Quote

Bill F Send message Joined: 5 Jul 18 Posts: 19 Credit: 41,924,622 RAC: 75,282	Message 6925 - Posted: 9 Nov 2020, 21:59:48 UTC - in response to Message 6924.
	Ok I understand now... your priority's are correct science first. Maybe someday with a new system or a new OS load from donations perhaps it will be possible. Thank you again. Bill F Dallas TX
	ID: 6925 · Rating: 0 · rate: / Reply Quote

Sagittarius Lupus Send message Joined: 4 Apr 17 Posts: 2 Credit: 429,432,922 RAC: 14,299	Message 7294 - Posted: 3 Feb 2021, 17:42:23 UTC - in response to Message 6924.
	It is, however, 2021 and TLS is not optional these days. It is imperative that we are not sending our account passwords to you in the clear -- especially those of us who are using BOINC account managers and are required to use the same password on all of our BOINC accounts. You have 557 users with recent credit. You have exposed the passwords of 557 users, recently, over the wire. You don't need much to install certbot from Let's Encrypt; certainly no more than you need to run a Web server. If you want help, I'll do it for you; it's five minutes of work. Otherwise, I won't be able to contribute to this project anymore.
	ID: 7294 · Rating: 0 · rate: / Reply Quote

rebirther Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 2 Jan 13 Posts: 7479 Credit: 43,686,081 RAC: 42,669	Message 7295 - Posted: 3 Feb 2021, 17:57:37 UTC - in response to Message 7294.
	It is, however, 2021 and TLS is not optional these days. It is imperative that we are not sending our account passwords to you in the clear -- especially those of us who are using BOINC account managers and are required to use the same password on all of our BOINC accounts. You have 557 users with recent credit. You have exposed the passwords of 557 users, recently, over the wire. You don't need much to install certbot from Let's Encrypt; certainly no more than you need to run a Web server. If you want help, I'll do it for you; it's five minutes of work. Otherwise, I won't be able to contribute to this project anymore. I have tried it in the past and failed, its a very old Ubuntu 12.04 OS. You can send me a guide how to install by PM but some things are broken in the OS. I have read that this version of OS is no longer supported.
	ID: 7295 · Rating: 0 · rate: / Reply Quote

Sagittarius Lupus Send message Joined: 4 Apr 17 Posts: 2 Credit: 429,432,922 RAC: 14,299	Message 7296 - Posted: 3 Feb 2021, 18:36:06 UTC - in response to Message 7295.
	I have tried it in the past and failed, its a very old Ubuntu 12.04 OS. You can send me a guide how to install by PM but some things are broken in the OS. I have read that this version of OS is no longer supported. I will do that. You have more options than you may realize.
	ID: 7296 · Rating: 0 · rate: / Reply Quote

rebirther Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 2 Jan 13 Posts: 7479 Credit: 43,686,081 RAC: 42,669	Message 7297 - Posted: 3 Feb 2021, 18:38:00 UTC - in response to Message 7296. Last modified: 3 Feb 2021, 18:38:50 UTC
	I have tried it in the past and failed, its a very old Ubuntu 12.04 OS. You can send me a guide how to install by PM but some things are broken in the OS. I have read that this version of OS is no longer supported. I will do that. You have more options than you may realize. I have tried some options some minutes ago but there are no packages available. If there are some possiblities then they are welcome.
	ID: 7297 · Rating: 0 · rate: / Reply Quote

rebirther Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 2 Jan 13 Posts: 7479 Credit: 43,686,081 RAC: 42,669	Message 7298 - Posted: 4 Feb 2021, 18:14:05 UTC
	Sorry for the short timeout. Trying to setup https, got all things installed but the config is still messy.
	ID: 7298 · Rating: 0 · rate: / Reply Quote

Bill F Send message Joined: 5 Jul 18 Posts: 19 Credit: 41,924,622 RAC: 75,282	Message 7302 - Posted: 4 Feb 2021, 20:15:39 UTC - in response to Message 7298.
	Thank you for working on this. The added security is needed in today's world. ____________ In October 1969 I took an oath to support and defend the Constitution of the United States against all enemies, foreign and domestic; There was no expiration date.
	ID: 7302 · Rating: 0 · rate: / Reply Quote

marmot Send message Joined: 17 Nov 16 Posts: 97 Credit: 149,089,734 RAC: 589,026	Message 7304 - Posted: 5 Feb 2021, 1:22:36 UTC - in response to Message 7295.
	its a very old Ubuntu 12.04 OS. I'm assuming there is a upgrade deadend in the path towards Ubuntu 20.x which requires a fresh install. I'm not a Linux expert, but still am trying to build a BOINC VM for general use on Windows hosts and also ran into a Debian deadend from 9 to 10. Planning to install all the BOINC client, CVMS, Singularity(LHC@Home requirements) and utility software into the /opt path in order to future proof all further upgrades/fresh installs. I do not know what pitfalls this will leave for me to trip into over the next years but it was a suggested strategy in an article. Already looking at a complete rebuild moving on from antiX 17.2. You realistically looking at 80+ hours of labor to move to Ubuntu 19 or 20?
	ID: 7304 · Rating: 0 · rate: / Reply Quote

rebirther Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 2 Jan 13 Posts: 7479 Credit: 43,686,081 RAC: 42,669	Message 7322 - Posted: 12 Feb 2021, 16:17:40 UTC Last modified: 12 Feb 2021, 16:18:07 UTC
	https is working now, I cant do something with the pics warnings. The only open thing is the auto-renew of the certificate. I will test this later.
	ID: 7322 · Rating: 0 · rate: / Reply Quote

Bill F Send message Joined: 5 Jul 18 Posts: 19 Credit: 41,924,622 RAC: 75,282	Message 7323 - Posted: 13 Feb 2021, 2:13:50 UTC - in response to Message 7322.
	https is working now, I cant do something with the pics warnings. The only open thing is the auto-renew of the certificate. I will test this later. Thank you for your efforts in doing this upgrade. While I wish that we did not need it... in today's world we do need it. Bill F Dallas TX ____________ In October 1969 I took an oath to support and defend the Constitution of the United States against all enemies, foreign and domestic; There was no expiration date.
	ID: 7323 · Rating: 0 · rate: / Reply Quote

marmot Send message Joined: 17 Nov 16 Posts: 97 Credit: 149,089,734 RAC: 589,026	Message 7334 - Posted: 15 Feb 2021, 1:57:28 UTC - in response to Message 7322.
	I cant do something with the pics warnings Chromium is complaining about "attackers might be able to see the images you're looking..." Is that about the gravatar avatars, badge signatures or something else? I am seeing https: working and a valid cert. Thankyou.
	ID: 7334 · Rating: 0 · rate: / Reply Quote

rebirther Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 2 Jan 13 Posts: 7479 Credit: 43,686,081 RAC: 42,669	Message 7335 - Posted: 15 Feb 2021, 6:09:27 UTC - in response to Message 7334.
	I cant do something with the pics warnings Chromium is complaining about "attackers might be able to see the images you're looking..." Is that about the gravatar avatars, badge signatures or something else? I am seeing https: working and a valid cert. Thankyou. yes
	ID: 7335 · Rating: 0 · rate: / Reply Quote

Post to thread

Message boards : Number crunching : Site Security http: