https for atari-forum.com

News, updates, like or dislike

Moderators: Mug UK, Silver Surfer, Moderator Team

vido
Atari Super Hero
Atari Super Hero
Posts: 719
Joined: Mon Jan 31, 2011 7:39 pm

Re: https for atari-forum.com

Post by vido »

mikro wrote:This is similar to the native vs. cross compiler development debate. Sure, some like the spirit of working on the actual machine but some prefer the speed and modern tools. It would be wrong if people from the first group would be forcing everyone to use PureC and Devpac just because they enjoy the feeling and let others suffer from much more inefficient tools, in the end leading to halt of their development/atari efforts because they couldn't bare using such ancient and obsolete tools/libraries/debugging abilities.
I disagree here Mikro. Nobody of the first group is forcing anyone not to use https. It is just oposite. The second group would like to force Atari users to use their Ataris less = make them less usable ;)

jury
Captain Atari
Captain Atari
Posts: 376
Joined: Tue Sep 21, 2004 11:11 am
Location: Poland

Re: https for atari-forum.com

Post by jury »

Yes, exactly! ( and I'm saying it as the one who do not use native browsers and uses cross tools )

User avatar
1st1
Atari Super Hero
Atari Super Hero
Posts: 877
Joined: Mon May 07, 2012 11:48 am

Re: https for atari-forum.com

Post by 1st1 »

Hello, it's about security. It's about privacy. It's about the password you use, maybe multiple times on other sites as well. It's about forum beeing hacked by grabbing clear text passwords from moderators and administrators via phishing or man-in-the-middle-attack.
Power without the Price. It's not a bug. It's a feature. _/|\_ATARI

1040STFM in PC-Tower (PAK68/2, OvrScn, 4 MB, 1GB SCSI, CD-ROM...) * 3x Falcon 030 * 3x TT030 * many 260 /520/1040ST(F)(M)(+) * 520/1040STE * many Mega ST * 2x Mega STE * Stacy * STBook * 2x SLM605 * 3x SLM804 * SMM804 * SH 204/205 * Megafile 30/44/60 * SF314 * SF354 * 5x Pofo * PC3 * ...

arf
Captain Atari
Captain Atari
Posts: 206
Joined: Thu May 17, 2012 9:56 pm
Location: Germany

Re: https for atari-forum.com

Post by arf »

I don’t get why this discussion is often about having HTTP _or_ HTTPS. Actually, you can have both. There’s no technical requirement to forward HTTP requests to HTTPs. A site can offer both protocols, and the user can decide which to use. It’s only that many sites do the redirect, to protect the user’s data.

But the site owner decides what’s implemented.

vido
Atari Super Hero
Atari Super Hero
Posts: 719
Joined: Mon Jan 31, 2011 7:39 pm

Re: https for atari-forum.com

Post by vido »

arf wrote:I don’t get why this discussion is often about having HTTP _or_ HTTPS. Actually, you can have both. There’s no technical requirement to forward HTTP requests to HTTPs. A site can offer both protocols, and the user can decide which to use. It’s only that many sites do the redirect, to protect the user’s data.

But the site owner decides what’s implemented.
Then it is easy to have all happy. Just to implement https and keep http. :)

User avatar
dma
Atari God
Atari God
Posts: 1051
Joined: Wed Nov 20, 2002 11:22 pm
Location: France
Contact:

Re: https for atari-forum.com

Post by dma »

And then maybe HTTP to HTTPS redirection could be activated by a profile setting ? (off by default, to satisfy non compatible HTTP browser users)

SteveBagley
Captain Atari
Captain Atari
Posts: 184
Joined: Mon Jan 21, 2013 9:31 am

Re: https for atari-forum.com

Post by SteveBagley »

dma wrote:And then maybe HTTP to HTTPS redirection could be activated by a profile setting ? (off by default, to satisfy non compatible HTTP browser users)
The HTTP User agent might be a better option to use -- by default redirect to https:// unless the User Agent matches a set of whitelisted Atari browsers?

Steve

User avatar
dma
Atari God
Atari God
Posts: 1051
Joined: Wed Nov 20, 2002 11:22 pm
Location: France
Contact:

Re: https for atari-forum.com

Post by dma »

SteveBagley wrote:The HTTP User agent might be a better option to use -- by default redirect to https:// unless the User Agent matches a set of whitelisted Atari browsers?
Ah yes indeed, also considering the same user could use both kind of browsers.
but then let's hope that Atari browsers doesn't mask themselves behind common user-agent strings to access certain websites blocking unknown clients.

User avatar
christos
Fuji Shaped Bastard
Fuji Shaped Bastard
Posts: 2469
Joined: Tue Apr 13, 2004 8:24 pm
Location: Greece

Re: https for atari-forum.com

Post by christos »

At first I thought well, I want to be able to access the forum when I am on the atari, trying to code something and I need a quick reference. But, indeed it's better to have ssl.
(How hard would adding ssl to highwire be?)

User avatar
EmpireAndrew
Captain Atari
Captain Atari
Posts: 444
Joined: Fri Jul 15, 2016 5:46 pm
Location: Texas, USA

Re: https for atari-forum.com

Post by EmpireAndrew »

Given the site uses an off the shelf forum package that uses css, javascript and cookies I can't imagine there are many ppl using this on their Atari? I certainly wish we could but I doubt it's practical for the work that would be involved...

If we switch to https now we should be using at least TLS 1.3 (no lower, and certainly not SSL) which means only browsers from the last few years will work at all (this is a trend on the net).

I do like the idea of leaving http available for someone to choose to use if they have an older machine instead of redirecting, but of course they could fall for a man in the middle attack and lose their password and if they've used it on other sites that could be a problem. But... if people do things like choose to use http when https is available, and use the same passwords on other sites I have little sympathy...
1977 VCS Heavy Sixxer (Boxed)
1990 Atari 1040STE, 4MB, UltraSatan, TOS 2.06, TT Touch -> Atari SC1435 Colour CRT Monitor
1991 Atari TT030, 2/64MB, Int 8GB Gigafile SCSI2CF, TOS 3.06, CaTTamaran Accelerator -> Atari TTM195 19" Mono CRT Monitor
1993 Atari Falcon030, 14MB, Int 8GB HDD, TOS 4.04 -> Atari PTC1426 Color CRT Monitor
Amiga, Mac, DOS, SGI, Sun, NeXTStation, PDA's and more!

joska
Hardware Guru
Hardware Guru
Posts: 4624
Joined: Tue Oct 30, 2007 2:55 pm
Location: Florø, Norway
Contact:

Re: https for atari-forum.com

Post by joska »

Something like a QWK/SOUP gateway for phpBB would be great... Then we could use this forum with native applications on our Ataris.
Jo Even

VanillaMiNT - Firebee - Falcon060 - Milan060 - Falcon040 - MIST - Mega ST - STM - STE - Amiga 600 - Sharp MZ700 - MSX - Amstrad CPC - C64

User avatar
wongck
Ultimate Atarian
Ultimate Atarian
Posts: 12886
Joined: Sat May 03, 2008 2:09 pm
Location: Far East
Contact:

Re: https for atari-forum.com

Post by wongck »

ah.... back to the good old BBS days...
My Stuff: FB/Falcon CT63 CTPCI ATI RTL8139 USB 512MB 30GB HDD CF HxC_SD/ TT030 68882 4+32MB 520MB Nova/ 520STFM 4MB Tos206 SCSI
Shared SCSI Bus:ScsiLink ethernet, 9GB HDD,SD-reader @ http://phsw.atari.org
My Atari stuff for sale - click here for list

Rustynutt
Atari Super Hero
Atari Super Hero
Posts: 767
Joined: Wed Mar 21, 2012 7:38 am
Location: Oregon

Re: https for atari-forum.com

Post by Rustynutt »

Transparent Gif's :)
That was so cool using CAB the first time.

Sorta topic. Been some years ago recall using "website translators". Forget the proper term, think they got you around the security stuff.

I'm feeling the need to cleanse myself, is there a good purpose public site designed to handle plain browser compatibly?

User avatar
leech
Atari God
Atari God
Posts: 1288
Joined: Tue Dec 01, 2015 3:26 pm

Re: https for atari-forum.com

Post by leech »

I have been thinking for a while that I need to come up with a Squid config do people can buils their own SSL gateway for 16/32bit machines.
The reason for this? Even on the shiny new version of IBrowse for the Amiga, SSL enabled sites take an extra 5 minutes to work, and that is on an 060@50. So if I could get the SSL decrypting portion set up on a Raspberry Pi or my Linux server, it'd be a lot more trustworthy than using some proxy out there that rips other things out.
Atari 8Bits: 800xl, 600xl, XEGS, 800, 130xe, 130xe (VBXE, U1MB, Stereo POKEY)
Atari STs: 1040STf (broken shifter), 1040STe, Mega STe, TT030, Falcon (CT60e, SuperVidel)

Gunstick
Captain Atari
Captain Atari
Posts: 294
Joined: Thu Jun 20, 2002 6:49 pm
Location: Luxembourg
Contact:

Re: https for atari-forum.com

Post by Gunstick »

Hi,

Making atari-forum support https, will not disable http. So both stay accessible.
There are 2 ways to force people to use https.
1) if they once visited https version, then the browser will always force https (via the HSTS header)
2) add the site to hstspreload.org so browsers supporting that, will go to https right away.

Do NOT set an automatic redirect on the http site to go to https, else CAB and others will be blocked.

So no need for ssl gateway or other fancy tricks to make old browsers work.
Maybe add a info on the login page "you use non secure connection, click here for the secure version".
So it stays optional and does not lock anyone out.

Georges

simonsunnyboy
Moderator
Moderator
Posts: 5225
Joined: Wed Oct 23, 2002 4:36 pm
Location: Friedrichshafen, Germany
Contact:

Re: https for atari-forum.com

Post by simonsunnyboy »

+1 for Gunstick's suggestion.

I personally strongly want to use SSL on my modern browser. I see no point in restricting 95% of the user base for those 100 people who actually use Atari's to surf the web.
Simon Sunnyboy/Paradize - http://paradize.atari.org/

Stay cool, stay Atari!

1x2600jr, 1x1040STFm, 1x1040STE 4MB+TOS2.06+SatanDisk, 1xF030 14MB+FPU+NetUS-Bee

User avatar
1st1
Atari Super Hero
Atari Super Hero
Posts: 877
Joined: Mon May 07, 2012 11:48 am

Re: https for atari-forum.com

Post by 1st1 »

Allmost a year since discussion start. Current webbrowser like Firefox 73, Chromium based Edge and Chrome istelf mark that website as unsecure. Next step will be with Chrome in 1-2 month that it will not allow anymore HTTP downloads from HTTPS websites. The day comes, when a browser will refuse to visit uncrypted websites like this.

By the way, for Firefox there is an addon called "HTTPS everywhere" which will try to load a HTTPS website if user goes to HTTP site.
Power without the Price. It's not a bug. It's a feature. _/|\_ATARI

1040STFM in PC-Tower (PAK68/2, OvrScn, 4 MB, 1GB SCSI, CD-ROM...) * 3x Falcon 030 * 3x TT030 * many 260 /520/1040ST(F)(M)(+) * 520/1040STE * many Mega ST * 2x Mega STE * Stacy * STBook * 2x SLM605 * 3x SLM804 * SMM804 * SH 204/205 * Megafile 30/44/60 * SF314 * SF354 * 5x Pofo * PC3 * ...

emcclariion
Captain Atari
Captain Atari
Posts: 212
Joined: Wed Nov 28, 2012 6:37 pm

Re: https for atari-forum.com

Post by emcclariion »

I think, where it comes to forums websites etc which deal with retro computers, unless they are doing financial transactions, which can be redirected to HTTPS, should be use Http....I browse this site using Highwire and it works fine, and using netsurf it works great on my TT.

even though Netsurf is HTTPS, but TT is not fast enough to use it, my CT60 can though
Atari TT Nova card Mach64, Lightning VME, 64MB of RAM, Mega STE 4MB, Nova mach 32 and Atari STE 4MB TOS 2.06 Netusb Ultrasatan 2, Atari Falcon CT60 512MB Netusb

Post Reply

Return to “Website Discussions”