Website Not Secure; Expired SSL Key or No HTTPS?

An area for discussing new ideas and additions to Oolite.

Moderators: winston, another_commander

Post Reply
CGoody564
Mostly Harmless
Mostly Harmless
Posts: 2
Joined: Sat Sep 04, 2021 6:02 pm

Website Not Secure; Expired SSL Key or No HTTPS?

Post by CGoody564 »

I wasn't sure where to post this, so I figured I'd throw it here.

It seems that the website (both the main one and this forum) either have expired SSL/TLS certificates, or the site simply doesn't use HTTPS encryption and instead opts for unencrypted HTTP; typing HTTPS in manually caused the main site to not load at all.

I'm not sure if you would be able to renew the SSL/TLS certs, or if you could switch over to using encrypted HTTPS rather than http at some point, but it would be greatly appreciated if you could do so.

I understand that it isn't really a priority and may not even be something you care to deal with at all right now, but it is generally not a great idea to sign up, sign in, or download things from websites that aren't using HTTPS encryption; I was even somewhat weary signing up for the forum because of that, and slightly hesitant to download the game itself. Call me paranoid, but there's a reason HTTPS encrypted connections have become the standard on the modern internet.

If you are unable or unwilling to do anything about it at this time I understand completely, but if you could possibly keep it in the back of your mind in case you ever have the time and means to deal with it, it would be very much appreciated (by me at the very least, I would hope others as well)

Sorry to bother you with such a boring technical issue that isn't even directly gameplay relsted, but I felt that it should be at least mentioned somewhere.

Hope all is is going well and Continues to go well for everyone. And happy Labor Day to anyone in the US
User avatar
Cody
Sharp Shooter Spam Assassin
Sharp Shooter Spam Assassin
Posts: 16081
Joined: Sat Jul 04, 2009 9:31 pm
Location: The Lizard's Claw
Contact:

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by Cody »

Hi, and welcome. It's an old problem which will probably never get fixed because reasons - see here for previous discussion.
I would advise stilts for the quagmires, and camels for the snowy hills
And any survivors, their debts I will certainly pay. There's always a way!
User avatar
Cholmondely
Archivist
Archivist
Posts: 5364
Joined: Tue Jul 07, 2020 11:00 am
Location: The Delightful Domains of His Most Britannic Majesty (industrial? agricultural? mainly anything?)
Contact:

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by Cholmondely »

Welcome to the joyous throng! Hope you are surviving the experience!

Are you at least enjoying the game?

As regards licenses, I'd presumed it was just another way that the various bosses on the internet do their utmost to extract as much money as possible from everything that is going on. In effect trying to blackmail people who are trying to do things for free into stumping up money so that they add it to their bank accounts. The licensing system certainly does not keep out the fraudsters, from what I've seen.

But I'm not a computer programmer, so I wouldn't really know.

Oh! And happy labour day!
Comments wanted:
Missing OXPs? What do you think is missing?
Lore: The economics of ship building How many built for Aronar?
Lore: The Space Traders Flight Training Manual: Cowell & MgRath Do you agree with Redspear?
CGoody564
Mostly Harmless
Mostly Harmless
Posts: 2
Joined: Sat Sep 04, 2021 6:02 pm

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by CGoody564 »

Cholmondely wrote: Sat Sep 04, 2021 8:28 pm
Welcome to the joyous throng! Hope you are surviving the experience!

Are you at least enjoying the game?

As regards licenses, I'd presumed it was just another way that the various bosses on the internet do their utmost to extract as much money as possible from everything that is going on. In effect trying to blackmail people who are trying to do things for free into stumping up money so that they add it to their bank accounts. The licensing system certainly does not keep out the fraudsters, from what I've seen.

But I'm not a computer programmer, so I wouldn't really know.

Oh! And happy labour day!
It doesn't keep out fraudsters per se, but it certainly would make Man in the Middle attacks much harder to do; encrypted HTTPS definitely isn't just the powers that be trying to take your shekels, as it is a legitimate security risk, especially on a website requiring login credentials.

Would there be any way that one could donate towards the goal of getting an up to date license? Figured it couldn't hurt to ask.

If nothing can be done so be it, but it would certainly be nice if it were to happen at some point. A single domain SSL certificate can be obtained for as little as $8 a year, and a multi-domain SSL certificate can be obtained for as little as $30 a year; there's no need to go for anything more costly.

Either way, I appreciate the responses to my concern very much. Thanks again for taking the time to read the post.
User avatar
Cholmondely
Archivist
Archivist
Posts: 5364
Joined: Tue Jul 07, 2020 11:00 am
Location: The Delightful Domains of His Most Britannic Majesty (industrial? agricultural? mainly anything?)
Contact:

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by Cholmondely »

CGoody564 wrote: Sun Sep 05, 2021 2:15 am
Thanks again for taking the time to read the post.
But are you enjoying your Oolite?

Have you started experimenting with any oxp's?

Are you interested in joining Hiran's multi-player experiments?

Is there anything you might like a little help with?
Comments wanted:
Missing OXPs? What do you think is missing?
Lore: The economics of ship building How many built for Aronar?
Lore: The Space Traders Flight Training Manual: Cowell & MgRath Do you agree with Redspear?
User avatar
Cody
Sharp Shooter Spam Assassin
Sharp Shooter Spam Assassin
Posts: 16081
Joined: Sat Jul 04, 2009 9:31 pm
Location: The Lizard's Claw
Contact:

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by Cody »

Cost is not really the problem. In a nutshell, the owners of the three Oolite sites have all moved on.
I would advise stilts for the quagmires, and camels for the snowy hills
And any survivors, their debts I will certainly pay. There's always a way!
User avatar
hiran
Theorethicist
Posts: 2403
Joined: Fri Mar 26, 2021 1:39 pm
Location: a parallel world I created for myself. Some call it a singularity...

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by hiran »

Cody wrote: Sun Sep 05, 2021 9:38 am
Cost is not really the problem. In a nutshell, the owners of the three Oolite sites have all moved on.
This per se is not the problem. Noone opted in to take over the sites.
Thus today we have noone with the power to change/maintain such basic stuff.
Sunshine - Moonlight - Good Times - Oolite
User avatar
hiran
Theorethicist
Posts: 2403
Joined: Fri Mar 26, 2021 1:39 pm
Location: a parallel world I created for myself. Some call it a singularity...

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by hiran »

Cody wrote: Sun Sep 05, 2021 9:38 am
Cost is not really the problem. In a nutshell, the owners of the three Oolite sites have all moved on.
Let's take this in a constructive direction.

If cost is not the problem, we can assume it is feasible for us to rent a webservice and install website, forum and wiki on it. We'd probably like to take as much content from the existing sites as possible but it is not a showstopper. Operating the site is much more interesting - but again if cost is not the problem we can assume this to be covered.

A showstopper would be if we had the entry point named any different than oolite.org. Or am I wrong and it could be good to leave some history behind and start off with a fresh name? In case we wanted the existing name, we need to get in touch with the person holding (and paying for) the domain and convince them for a handover.

With a whois query I found out the domain registration data - sparsely filled due to european data protection laws:
https://www.whois.com/whois/oolite.org But it matches information that I have received elsewhere, so we may have a chance to meet the registrant.

What do you guys think? Should we go for it? How do we want to get the domain, and what are we doing with it once we have it?
Sunshine - Moonlight - Good Times - Oolite
User avatar
hiran
Theorethicist
Posts: 2403
Joined: Fri Mar 26, 2021 1:39 pm
Location: a parallel world I created for myself. Some call it a singularity...

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by hiran »

hiran wrote: Sun Sep 05, 2021 7:20 pm
Cody wrote: Sun Sep 05, 2021 9:38 am
Cost is not really the problem. In a nutshell, the owners of the three Oolite sites have all moved on.
This per se is not the problem. Noone opted in to take over the sites.
Thus today we have noone with the power to change/maintain such basic stuff.
The Oolite web presence consists of
* the website
* the wiki
* the forum
* the version control system

Apart from the version control system (github) the other services were set by the founders who meanwhile have moved on and thus are unmaintained.
Website and Wiki can actually be served by a good wiki. XWiki announced free hosting for open source projects and repeated that offer in a blog entry.
And for the forum Discord actually has an option for free hosting of open source projects until they reach some size.

All we really need is an agreement with the owner of the oolite.org domain so that we can point it to the managed services mentioned above.
Sunshine - Moonlight - Good Times - Oolite
User avatar
Cholmondely
Archivist
Archivist
Posts: 5364
Joined: Tue Jul 07, 2020 11:00 am
Location: The Delightful Domains of His Most Britannic Majesty (industrial? agricultural? mainly anything?)
Contact:

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by Cholmondely »

hiran wrote: Wed Sep 15, 2021 9:42 am
hiran wrote: Sun Sep 05, 2021 7:20 pm
Cody wrote: Sun Sep 05, 2021 9:38 am
Cost is not really the problem. In a nutshell, the owners of the three Oolite sites have all moved on.
This per se is not the problem. Noone opted in to take over the sites.
Thus today we have noone with the power to change/maintain such basic stuff.
The Oolite web presence consists of
* the website
* the wiki
* the forum
* the version control system

Apart from the version control system (github) the other services were set by the founders who meanwhile have moved on and thus are unmaintained.
Website and Wiki can actually be served by a good wiki. XWiki announced free hosting for open source projects and repeated that offer in a blog entry.
And for the forum Discord actually has an option for free hosting of open source projects until they reach some size.

All we really need is an agreement with the owner of the oolite.org domain so that we can point it to the managed services mentioned above.
So how big are we?

And I suppose it makes sense to ask - I started work on the wiki back in August 2020. Thanks to Hiran & Covid, I've added more pages than almost anybody else (even if half are redirects). I presume that the growth in the wiki since then might serve as a rough guide for estimating future growth (it would include LittleBear's Atlas being added as well as Montana's ship additions, etc, etc...). How much has the wiki grown since then?
Comments wanted:
Missing OXPs? What do you think is missing?
Lore: The economics of ship building How many built for Aronar?
Lore: The Space Traders Flight Training Manual: Cowell & MgRath Do you agree with Redspear?
User avatar
phkb
Impressively Grand Sub-Admiral
Impressively Grand Sub-Admiral
Posts: 4830
Joined: Tue Jan 21, 2014 10:37 pm
Location: Writing more OXPs, because the world needs more OXPs.

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by phkb »

I don't want to put a dampener on anything, but I think licensing issues will make rehosting the wiki problematic. To quote from Jens:
JensAyton wrote: Fri Nov 06, 2009 8:23 pm
[*] If you upload your OXP to EliteWiki (not just if you have a page about it there), you agree in the process of uploading to license it under the GNU Free Documentation License version 1.2. (This is an awful license for an OXP and a pretty bad one for a wiki, but that’s the way EliteWiki is configured, and it can’t be changed without getting the permission of everyone who’s ever contributed to the wiki or rewriting the MediaWiki software.)
If I understand this correctly, we already have a problem with the licenses of 99% of the OXP's held on the wiki. I don't know what it means, and I have no idea how to fix it if it really is a problem. IANAL, as they say.

But even leaving that aside, the wiki and the website are both involved in distributing OXP's that are not licensed under any of the licenses listed here (or at least, I couldn't find any of the CC licenses listed - please correct me if I'm wrong). I don't think it precludes using XWiki, only that we wouldn't be able to get the free FOS-related plan.
User avatar
hiran
Theorethicist
Posts: 2403
Joined: Fri Mar 26, 2021 1:39 pm
Location: a parallel world I created for myself. Some call it a singularity...

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by hiran »

Cholmondely wrote: Wed Sep 15, 2021 10:25 am
hiran wrote: Wed Sep 15, 2021 9:42 am
The Oolite web presence consists of
* the website
* the wiki
* the forum
* the version control system

Apart from the version control system (github) the other services were set by the founders who meanwhile have moved on and thus are unmaintained.
Website and Wiki can actually be served by a good wiki. XWiki announced free hosting for open source projects and repeated that offer in a blog entry.
And for the forum Discord actually has an option for free hosting of open source projects until they reach some size.

All we really need is an agreement with the owner of the oolite.org domain so that we can point it to the managed services mentioned above.
So how big are we?

And I suppose it makes sense to ask - I started work on the wiki back in August 2020. Thanks to Hiran & Covid, I've added more pages than almost anybody else (even if half are redirects). I presume that the growth in the wiki since then might serve as a rough guide for estimating future growth (it would include LittleBear's Atlas being added as well as Montana's ship additions, etc, etc...). How much has the wiki grown since then?
I think size does not matter. Just now I found a hoster boasting about all free hosting: https://www.netfreehost.com/phpbb/.
As we are on phpbb anyway, there might even be a chance to migrate existing data, although I believe that would definitely require the current owner to collaborate.

But if we were to redirect users to such new wiki and forum sites, we need to place appropriate links on oolite.org. So all boils down to whether we can get hold of that domain/server/hosting contract.
Sunshine - Moonlight - Good Times - Oolite
User avatar
Cholmondely
Archivist
Archivist
Posts: 5364
Joined: Tue Jul 07, 2020 11:00 am
Location: The Delightful Domains of His Most Britannic Majesty (industrial? agricultural? mainly anything?)
Contact:

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by Cholmondely »

hiran wrote: Wed Sep 15, 2021 9:42 am
The Oolite web presence consists of
* the website
* the wiki
* the forum
* the version control system

Apart from the version control system (github) the other services were set by the founders who meanwhile have moved on and thus are unmaintained.
Website and Wiki can actually be served by a good wiki. XWiki announced free hosting for open source projects and repeated that offer in a blog entry.
And for the forum Discord actually has an option for free hosting of open source projects until they reach some size.

All we really need is an agreement with the owner of the oolite.org domain so that we can point it to the managed services mentioned above.
Just stumbled across this:
maik wrote: Mon Mar 19, 2012 2:41 pm
Apologies in advance for the long post.

I took a shot at analyzing our web presence from a maintenance/risk perspective. Please me correct if I am wrong. We have:
  • The Oolite website (http://oolite.org), owned and maintained by Ahruman. Changes need to be committed to the Oolite SVN at Berlios, from where they will be pulled by Ahruman and uploaded to the website.
    • Strengths: well-designed, files are under version control, editorial control over changes before they go live
    • Weaknesses: seldom updated, requires SVN user allowed to commit to oolite-web, process is dependent on one person (Ahruman), process is complicated in contrast to other web content management processes, no known backup server if Oolite.org becomes unavailable.
    • Opportunities: implement simpler process, allow more than one person to change Oolite.org, setup backup that can be switched to in short time.
    • Threats: When Ahruman is not available there is no way to change the Oolite.org content.
  • The Elite Wiki (http://wiki.alioth.net), owned by Winston. Server-side administration (backups, updates, extensions) can be done by Winston and me, Wiki administration (bureaucrat level) by Winston, Ahruman, and me.
    • Strengths: Main knowledge base on everything around Oolite, shared admin rights on server and wiki, nightly backups to another machine that Winston owns
    • Weaknesses: not known if backup is reachable via Internet if wiki.alioth.net goes down.
    • Opportunities: make backup server available on internet
    • Threats: none.
  • The Oolite BB (https://bb.oolite.space), owned and administered by Aegidian.
    • Strengths: Well administered and operated BB, main communications medium of the Oolite community
    • Weaknesses: dependent on one person (Aegidian), no backup site if aegidian.org becomes unavailable.
    • Opportunities: setup backup server
    • Threats: Oolite community has to use fallback mechanisms for communications: IRC and ad-hoc solutions.
So, since Winston resurfaced we could eliminate the problems around the Elite wiki. This obsoletes my Oolite wiki. In order to address the backup availability situation of the wiki I will back it up to my machine on a nightly basis. In case Winston's server goes down we can either switch or just make it available in read-only mode until Winston's server is back up, depending on the situation.

This leaves the Oolite website which cannot easily be updated, and the BB which does not have a backup. Both have only one maintainer.

To address these remaining points I propose the following:
  • We agree on a simpler way of updating Oolite.org and allow more than one person to do this. This needs Ahruman's blessing and support. Some discussion already took place without Ahruman's participation and we had two CMS based alternatives and one based on the wiki. After the BB outage yesterday I would actually prefer that we do keep separate machines to not take down both the homepage and the wiki if something goes wrong.
  • Someone hosts a backup of oolite.org and of the BB. While oolite.org remains static I can easily do the backup for it, for the BB backup aegidian needs to cooperate to provide a regular DB dump if I don't want to scrape it regularly (I don't). If this happens, I can also host a BB backup. Aegidian ideally also allows a second person access to his server.
  • In order to easily switch between main and backup, all backups should be reachable via Internet, such that a change in DNS is all that it takes. Therefore, we should have a dedicated domain for the BB and the wiki. Suggestions: oolitebb.org and oolitewiki.org respectively. Ideally, all three domains (the two new ones + oolite.org) are with the same registrar and belong one owner who only uses his account for Oolite and thus can share the DNS access with selected others. This requires a) aegidian's agreement and b) that aegidian either registers the additional domain names or transfers Oolite.org to someone else. Alternative: aegidian sets up sub-domains like bb.oolite.org and wiki.oolite.org and allows someone access to his server to redirect those if necessary. Problem: if his server goes away so do the subdomains. Other alternative: we have multiple domain name owners and they all need to make access to their DNS records available to selected others. Low-tech alternative: we publish whatever URL the backup has on whatever channel we still have, no other domain names or access to DNS records needed.
4 pages of discussion and a photograph from 2012
Comments wanted:
Missing OXPs? What do you think is missing?
Lore: The economics of ship building How many built for Aronar?
Lore: The Space Traders Flight Training Manual: Cowell & MgRath Do you agree with Redspear?
User avatar
Cody
Sharp Shooter Spam Assassin
Sharp Shooter Spam Assassin
Posts: 16081
Joined: Sat Jul 04, 2009 9:31 pm
Location: The Lizard's Claw
Contact:

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by Cody »

4 pages of discussion...
If you can call it that. Having just waded through it, I can see why I stayed out of it.
I would advise stilts for the quagmires, and camels for the snowy hills
And any survivors, their debts I will certainly pay. There's always a way!
User avatar
hiran
Theorethicist
Posts: 2403
Joined: Fri Mar 26, 2021 1:39 pm
Location: a parallel world I created for myself. Some call it a singularity...

Re: Website Not Secure; Expired SSL Key or No HTTPS?

Post by hiran »

Cody wrote: Sat Oct 02, 2021 11:39 pm
4 pages of discussion...
If you can call it that. Having just waded through it, I can see why I stayed out of it.
I believe too many stay out of it. We have these ever-blossoming topics because we (the community) do not take any decision.
And with that, I will stay out of it as well. However "it" will not only refer to this thread, this topic but Ooniverse, the website, forum and wiki.
Sunshine - Moonlight - Good Times - Oolite
Post Reply