|
|
06-24-2019, 07:15 PM
|
#21
|
Senior Member
Join Date: Jan 2018
Location: Raleigh, NC
Posts: 9,613
|
1466 posts
Quote:
Originally Posted by NMWildcat
If you are a little too thin skinned for a little gratuitous advice, you are going to have a lot of fun on forums
|
I wouldn't have 1466 posts if I were thin-skinned.
I am a bit considerate of those who subscribed out of interest in the posting problem, like lschwartz. They didn't need to be subjected to off-topic "advice" they didn't want/need.
Larry
|
|
|
06-24-2019, 07:31 PM
|
#22
|
Senior Member
Join Date: Jun 2012
Location: Southern NM
Posts: 9,562
|
Alrighty then
__________________
Scott and Liz - Southern NM
2012 Wildcat Sterling 32RL - w/level up (best option ever)
2007 Chevy 2500HD Duramax
Reese Fifth Airborne Sidewinder
|
|
|
06-30-2019, 01:53 PM
|
#23
|
Senior Member
Join Date: Jan 2018
Location: Raleigh, NC
Posts: 9,613
|
Making progress
Making progress!
I have reproduced this problem on a second computer, configured the same as the first, except for hardware. Different processor and video adapter, so it's not a driver issue. And LSwartz has reproduced it.
But here's the biggie: I've also reproduced it on other websites--and what they have in common with FRF is that they also use insecure HTTP instead of HTTPS with TLS.
It doesn't surprise me that Chrome is treating the HTTP sites differently. Their rationale might be that since the sites are "dangerous" they are making it hard to enter what might be personal information. I've written them to ask and will report back.
Meanwhile, this question comes to mind: "Why in this day and age would a website not use HTTPS?" There's no excuse for it. The formerly expensive ($200 for two years) certificates may now be had for free from Let's Encrypt. It's a simple matter of requesting and receiving a certificate and configuring the web server to use it.
I am webmaster for four or five rinky-dink websites (URLs available on request); high school class reunion, family reunion, two non-profits doing disaster recovery. Every single one of these has HTTPS. Before I got HTTPS onto the high-school reunion website, I actually had classmates emailing me that they were afraid to visit the website until it was updated. FRF could be losing contributors for the same reason.
Larry
|
|
|
06-30-2019, 04:34 PM
|
#24
|
Site Team
Join Date: Nov 2010
Location: Northeast Louisiana
Posts: 33,951
|
Quote:
Originally Posted by Larry-NC
Meanwhile, this question comes to mind: "Why in this day and age would a website not use HTTPS?" There's no excuse for it. The formerly expensive ($200 for two years) certificates may now be had for free from Let's Encrypt. It's a simple matter of requesting and receiving a certificate and configuring the web server to use it.
Larry
|
This question was brought up last year, and this was the answer:
The reason is a little convoluted but here goes:
Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.
The forum software is built on an http platform and so this is difficult. We hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks the forum. Offsite links and hosted images no longer work, ads don't display, photos, etc.
So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. There's little we can do to change this until we move to a new forum software platform which eventually we will have to do.
You can read more about the google alerts here: https://www.wired.com/story/google-c...-secure-label/
__________________
2011 Flagstaff 831 RLBSS
A 72 hour hold in a psych unit is beginning to intrigue me as a potential vacation opportunity.
|
|
|
06-30-2019, 04:55 PM
|
#25
|
Senior Member
Join Date: Jan 2018
Location: Raleigh, NC
Posts: 9,613
|
Well, maybe so
Quote:
Originally Posted by wmtire
Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.
|
Exactly. Google was/is trying to force the whole world onto Transport Layer Security (TLS, shows as HTTPS in the browser). That's why I was/am suspicious that messing with popups is now part of Google's campaign. I became especially skeptical when the other site started doing so, because the disabled popups were autocomplete choices. I inferred that Google might be trying to "protect" me by not allowing my Personally Identifiable Information (PII) to be easily or automatically disclosed.
Quote:
Originally Posted by wmtire
The forum software is built on an http platform and so this [conversion of the site to https] is difficult.
|
I am dubious. I prefer to design my web pages directly in HTML, using Notepad as my HTML editor. One site is completely developed that way. The other three are run by Content Management Systems (CMS, = Drupal or WordPress), but 100% of the content I provide is still done in raw HTML. If you study your pages for a bit and do a search for all uses of HTTP in the code, it becomes feasible to write scripts to change all the files and code which creates content.
It's already been done. FRF is using vBulletin 3.8.8 Beta 1. Here are the instructions to convert a forum to HTTPS. https://forum.vbulletin.com/articles...forum-to-https. Sorry that I cannot insert this as a nice link for you, but that's one of the things that's broken.
Quote:
Originally Posted by wmtire
|
Dead link.
Larry
|
|
|
06-30-2019, 05:05 PM
|
#26
|
Site Team
Join Date: Nov 2010
Location: Northeast Louisiana
Posts: 33,951
|
Quote:
Originally Posted by Larry-NC
It's already been done. FRF is using vBulletin 3.8.8 Beta 1. Here are the instructions to convert a forum to HTTPS. https://forum.vbulletin.com/articles...forum-to-https. Sorry that I cannot insert this as a nice link for you, but that's one of the things that's broken.
Larry
|
As per your link above, and affirms what was stated in my previous response, the links to off-site images will be broken, and as many as we have, this is just not viable right now.
THAT'S IT!You shouldn't encounter any difficulties and your site should be showing a green padlock in most browsers.
You may run into issues with 'embedded images', where people have embedded external images or videos from third party sites into your posts, where those sites are or were not using https. These will trigger what is called a 'Mixed Content Warning' in the padlock area of the browser. In practice, what this means is that such embedded images or videos will not show and users may just see a blank space. You should aim to convert these images to attachments, subject to copyright, though this will be a manual task and can be fairly arduous if there are lots of them. Alternatively you can manually edit the embedded URL to change it to https. This will work for major sites like YouTube, but on some sites it may not work if https is not available. There are some third party add-ons that can help with this problem such as THIS ONE, however vBulletin cannot provide official support for third party code.
It is what it is, whether you are dubious or not (your words). We have other forums that may interest you, and are located at the bottom of every page when using the full site. There are a couple of the IT and computer types.
__________________
2011 Flagstaff 831 RLBSS
A 72 hour hold in a psych unit is beginning to intrigue me as a potential vacation opportunity.
|
|
|
06-30-2019, 05:23 PM
|
#27
|
Senior Member
Join Date: Jan 2018
Location: Raleigh, NC
Posts: 9,613
|
Well, now I'm getting it
Quote:
Originally Posted by wmtire
As per your link above, and was stated in my previous response, the links to off-site images will be broken, and as many as we have, this is just not viable right now.
THAT'S IT!You shouldn't encounter any difficulties and your site should be showing a green padlock in most browsers.
You may run into issues with 'embedded images', where people have embedded external images or videos from third party sites into your posts, where those sites are or were not using https. These will trigger what is called a 'Mixed Content Warning' in the padlock area of the browser. In practice, what this means is that such embedded images or videos will not show and users may just see a blank space. You should aim to convert these images to attachments, subject to copyright, though this will be a manual task and can be fairly arduous if there are lots of them. Alternatively you can manually edit the embedded URL to change it to https. This will work for major sites like YouTube, but on some sites it may not work if https is not available. There are some third party add-ons that can help with this problem such as THIS ONE, however vBulletin cannot provide official support for third party code.
It is what it is, whether you are dubious or not (your words). We have other forums that may interest you, and are located at the bottom of every page when using the full site. There are a couple of the IT and computer types.
|
Ahh, so user-provided embedded links are the issue. The site I completely do myself has no user-posted content. I looked at one of the other sites, and (as you stated), they convert http requests to https requests.
I definitely understand the issue now. That said, so many links are to Amazon, eBay, Flixxy, Flickr, etc. that it would be interesting to scan the entire forum database, sort target domains by count, and see how far you get down the list before you hit ones that don't support TLS.
Use the standard tools to
--Find all the URLs in user-posted content
--Discard all the ones that already start with https
--For each URL, look for the first "/" beyond position 8. Discard it and everything beyond it. This gives you a list of all the domains.
--Count the number of occurrences of each domain and sort the list by counts descending.
Larry
|
|
|
06-30-2019, 07:38 PM
|
#28
|
Senior Member
Join Date: Jul 2012
Location: Maryland
Posts: 713
|
Interesting thread, thank you very much.
I think this also explains why I get ‘Not Secure - forestriverforums.com’ in Safari on my iPad. I can add a link https://www.google.com so I might not fully understand.
__________________
2021 Rockwood Mini Lite 2109S
2010 Toyota Tundra 4WD
|
|
|
09-04-2019, 07:25 PM
|
#29
|
Senior Member
Join Date: Jan 2018
Location: Raleigh, NC
Posts: 9,613
|
Followup
Just to follow up on this one, about four days ago I received an update to the Chrome browser and all the problems have gone away. It wasn't my imagination.
__________________
Larry
"Everybody's RV is not like your RV."
"Always take pictures with the button on the right."
"Always bypass the water heater before opening the low-point drains."
Sticks and Bricks: Raleigh, NC
2008 Cherokee 38P: at Ivor, VA permanently
|
|
|
09-10-2019, 08:06 AM
|
#30
|
Site Team
Join Date: Mar 2014
Location: Grayson County, Texas
Posts: 21,578
|
Quote:
Originally Posted by Larry-NC
Just to follow up on this one, about four days ago I received an update to the Chrome browser and all the problems have gone away. It wasn't my imagination.
|
... nor was it this site, right?
__________________
2015 FR Wildcat 295RSX / GMC Sierra
Nights Camped: '13 = 49/'14 = 74/'15 = 74/'16 = 85/'17 = 110/'18 = 111/'19 = 86/'20 =108/'21 = 115/'22 = 135/'23 = 78; Booked for 2024 = 69
|
|
|
09-10-2019, 08:31 AM
|
#31
|
Senior Member
Join Date: Jan 2018
Location: Raleigh, NC
Posts: 9,613
|
Hard to say
Quote:
Originally Posted by Mr. Dan
... nor was it this site, right?
|
Hard to say, Dan. There are still a couple of things that aren't quite right. And no other site I visit performs the same functions in the same way.
I visit a couple of sites that have embedded rich text editors similar to this one but not exactly the same. I used to be able to enter a list in either of two ways:
1) Create the list items in flat text, separated by newlines. Then highlight the entire list and click the list icon, which inserts the markup.
2) Click the list icon with nothing highlighted. A dialog box pops up with instructions something like "Enter list items separated by newlines. Enter a newline on blank item to complete.
Method 2 still fails, but slightly differently. No other embedded editor I use works exactly this way so I cannot tell whether it's Chrome or the site editor.
__________________
Larry
"Everybody's RV is not like your RV."
"Always take pictures with the button on the right."
"Always bypass the water heater before opening the low-point drains."
Sticks and Bricks: Raleigh, NC
2008 Cherokee 38P: at Ivor, VA permanently
|
|
|
09-10-2019, 08:37 AM
|
#32
|
Site Team
Join Date: Mar 2014
Location: Grayson County, Texas
Posts: 21,578
|
Quote:
Originally Posted by Larry-NC
Hard to say, Dan. There are still a couple of things that aren't quite right. And no other site I visit performs the same functions in the same way.
I visit a couple of sites that have embedded rich text editors similar to this one but not exactly the same. I used to be able to enter a list in either of two ways:
1) Create the list items in flat text, separated by newlines. Then highlight the entire list and click the list icon, which inserts the markup.
2) Click the list icon with nothing highlighted. A dialog box pops up with instructions something like "Enter list items separated by newlines. Enter a newline on blank item to complete.
Method 2 still fails, but slightly differently. No other embedded editor I use works exactly this way so I cannot tell whether it's Chrome or the site editor.
|
I don’t know about all this. I was just going by your comment that “I received an update to the Chrome browser and all the problems have gone away.” I’m moving on. Thx.
__________________
2015 FR Wildcat 295RSX / GMC Sierra
Nights Camped: '13 = 49/'14 = 74/'15 = 74/'16 = 85/'17 = 110/'18 = 111/'19 = 86/'20 =108/'21 = 115/'22 = 135/'23 = 78; Booked for 2024 = 69
|
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Discussions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|