Kevin's Watch

Avatar wrote:Yes, pretty much. The free version is a relatively new thing, paid ones are valid for a year before renewal is required, just like your domain.
--A

If you already know the price range for what would be needed for a site like ours Av., what is it?
(feel free to mention multiple packages; in case there is like a better rate if you pay for 5 years in advance.)

(Sorry I was like "HEY! Peoples! Here's something we should do something about."
...and then I didn't say anything for a bit.)

Nah, has to be done yearly, for security, y'know.

Paid ones start at about US$30 per year.

--A

Oddly, while my benevolent corporate overlords still block kevinswatch from work, for some reason it is not blocked when I am working from home and connected to work with a VPN.

So, you know .... bright spot, yada yada.

wayfriend wrote:Oddly, while my benevolent corporate overlords still block kevinswatch from work, for some reason it is not blocked when I am working from home and connected to work with a VPN.

So, you know .... bright spot, yada yada.

It's no accident that you're the largest recipient of Thanks by other Watchers, wayfriend, because you have produced a lot of terrific posts! I am sorry that it's recently become more troublesome for you to do that, but it's a bright spot if you can post more during the pandemic. (Another bright spot: Has everybody noticed that the air is getting a lot cleaner lately?)

Well, the pollution monitors certainly have. Interestingly, it's creating an increase in temperature, because it has changed our albedo.

--A

Avatar wrote:Well, the pollution monitors certainly have. Interestingly, it's creating an increase in temperature, because it has changed our albedo.

--A

You are saying it's increased the ability of the land's surface to throw heat back up at you, have I understood you right?

No, it has decreased the amount of heat we are reflecting back into space, so we're absorbing more, so temps are rising.

--A

(Don't get me wrong, I find this pandemic frustrating and unnerving. But I want to be able to see some bright side while maintaining social distance and dealing with all these restrictions.)

Haha, well, less air pollution is an upside. But maybe we weren't prepared for the practical effect thereof.

--A

Avatar wrote:Haha, well, less air pollution is an upside. But maybe we weren't prepared for the practical effect thereof.

--A

In truth, I wouldn't have been prepared for that side effect, either!

Urgh! I got guilt-tripped by Avatar into lifting my lazy butt and getting things sorted so voila....the site is now secure!

The disk space was also used up - thanks to the 3Gb error log file! So it should theoretically work better now....

Oh and Hi Guys!!

Thanks Dude. I was just thinking of how this site is pretty fuktup.
Here's hoping that crazy clock runs on time!

Hi Vain.

I see you've installed a valid certificate. But it's only valid for 3 months! Valid from 5/26/2020 to 8/25/2020.

Some pages are showing as secure, others have a warning: Attackers might be able to see the images you're looking at on this site and trick you by modifying them.

Even though you have SSL installed on for your domain, you can see this error and this simply means your website contains “http” links on its pages. You can even see this error on some pages instead of every page. It can be an image that’s linked to an external url starts with “http” instead of “https”. We don’t want “http” links in our site so to eliminate this SSL error, we need to “fix” these “http” links.

Looking at the page source, culprits include the Home button, Avatar's signature, Cord Hurn's signature, etc.

Not that I don't appreciate you working on this!

VAIN!!! It worked!!! Hallelujah!

Yeah, Let's Encrypt requires renewal every 3 months. The thing with the images is because the image paths (where they are posted etc.) are still http, which it's now trying to load into https, so you get "cross-domain" issues. (Since theoretically http and https versions are 2 different sites, one of which is insecure.)

Shouldn't be enough to do more than show a little orange icon in the address bar instead of a green one. Google (chrome) etc. will still accept the site as being https.

It just has to be renewed regularly. (Vain... )

--A

(Hmmm, photo's might be blocked as well? (Old pohoto's anyway?) Also still can't see the profiles, will chat to Vain about it.

--A

Tested...it's not the https thing for the album. New pic has https path, thumbnail still not showing.

--A

Well that was fun!

A few things:

- certificate auto renews every year so all good there
- I think I fixed all the type urls in sigs and in the menu
- the profile now works but it is a basic one. Something in the previous modded version was breaking it

I haven't modified urls in posts that have links

The album must have a glitch. The files are not saved as so something else is glitching on that front.

There are links in posts and links in signatures and (probably) links for avatars (that were not uploaded) and I don't know if one can make them all go away.

If there was an automatic way for PHPBB2 to change all http: to https:, one is left with the question, would that link still work?

There is an Apache thing called a .htaccess file which can be configured to maybe make this go away. Presuming that this website is ultimately built on Apache.

Resolving the warning by adding code to your .htaccess file
Instead of manually updating links in your code, you could add the following lines to your site's .htaccess file.

Header always set Content-Security-Policy "upgrade-insecure-requests;"

These lines force the browser to automatically update any insecure links to secure links. Once added, the warning should immediately disappear.

There may be an equivalent feature if it's not Apache.

I had a crack at making them go away - likely means a number of images etc are no longer there but at least the pages should be secure. The htaccess file is managed via the cpanel settings so that line gets rejected.

Probably as good as it's goig to get for now - there isn't a way to block images etc in the future though from being linked to

Think it might be this:

Header add Content-Security-Policy "upgrade-insecure-requests;"

Regardless though, thanks for missioning it Vain.

--A