Report Site Issues Here

Discussion about the Geocaching Australia web site
User avatar
Chwiliwr
10000 or more caches found
10000 or more caches found
Posts: 900
Joined: 10 April 05 10:39 pm
Location: Leeming Western Australia

Re: Report Site Issues Here

Post by Chwiliwr » 15 March 17 7:32 pm

Richary wrote:Seem to be having problems when it tries to connect to the forums using https.
Your connection is not secure

The owner of forum.geocaching.com.au has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Using Firefox 52.0 (32-bit)
That is just a new firefox thing reporting what it thinks as insecure. (If somebody that has access to your network they could see your password as you sign on if they are looking at raw network traffic.)

User avatar
CraigRat
850 or more found!!!
850 or more found!!!
Posts: 7015
Joined: 23 August 04 3:17 pm
Twitter: CraigRat
Facebook: http://facebook.com/CraigRat
Location: Launceston, TAS
Contact:

Re: Report Site Issues Here

Post by CraigRat » 15 March 17 7:48 pm

The site and forums are not configured for https. It's not improperly configured. It's just NOT configured.

User avatar
caughtatwork
Posts: 17015
Joined: 17 May 04 12:11 pm
Location: Melbourne
Contact:

Re: Report Site Issues Here

Post by caughtatwork » 15 March 17 7:52 pm

We don't do HTTPS.

User avatar
Richary
8000 or more caches found
8000 or more caches found
Posts: 4189
Joined: 04 February 04 10:55 pm
Location: Waitara, Sydney

Re: Report Site Issues Here

Post by Richary » 15 March 17 8:06 pm

Interesting that tonight was the first time it has complained when I just used my normal bookmark to come here. Must be something new in FF 52.0 which updated today. It was warning me that logins entered weren't secure, so I tried https instead. I will delve into FF settings and see if I need to mark the site as safe or something. And yes I would use Chrome instead like I do on the work machine but there are 2 users of this PC, so it makes sense for us to use different browsers so FF remembers my logins and Chrome can remember hers for things we both use.

User avatar
Chwiliwr
10000 or more caches found
10000 or more caches found
Posts: 900
Joined: 10 April 05 10:39 pm
Location: Leeming Western Australia

Re: Report Site Issues Here

Post by Chwiliwr » 15 March 17 8:13 pm

Richary wrote:Interesting that tonight was the first time it has complained when I just used my normal bookmark to come here. Must be something new in FF 52.0 which updated today. It was warning me that logins entered weren't secure, so I tried https instead. I will delve into FF settings and see if I need to mark the site as safe or something. And yes I would use Chrome instead like I do on the work machine but there are 2 users of this PC, so it makes sense for us to use different browsers so FF remembers my logins and Chrome can remember hers for things we both use.
If you do find something to turn it off please advise in here as I couldn't when I looked.

User avatar
caughtatwork
Posts: 17015
Joined: 17 May 04 12:11 pm
Location: Melbourne
Contact:

Re: Report Site Issues Here

Post by caughtatwork » 15 March 17 9:29 pm

Oh, FFS Firefox, stop being so freaken' annoying. This is indeed the age of the nanny state.

https://support.mozilla.org/t5/Protect- ... ta-p/27861

I don't use FF but try this:
There is a hidden preference to turn off the warnings if they really annoy you and you think they'll never be of value.
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste insec and pause while the list is filtered
(3) Double-click the security.insecure_field_warning.contextual.enabled preference to switch the value from true to false
(4) Assume this login could be easily stolen and avoid re-using it on important sites

User avatar
Richary
8000 or more caches found
8000 or more caches found
Posts: 4189
Joined: 04 February 04 10:55 pm
Location: Waitara, Sydney

Re: Report Site Issues Here

Post by Richary » 15 March 17 10:00 pm

Yes would be much nicer if we could just mark a site as safe. I am at home, there is no man in the middle attacks going to happen. And I hate to think what the new security options FF and Chrome are adding are going to do to me managing the work network. Some of our radios are https only, but on an internal 10.x.x.x address so of course they don't have valid security certificates. At the moment I can ignore that, but sooner or later who knows. We still have a few that use Java as an interface and I already have to go in and manually add that as an exception. You should be able to disable the warnings for a private network.

That said, is there a reason we don't do https and have a certificate (I guess it costs).

User avatar
CraigRat
850 or more found!!!
850 or more found!!!
Posts: 7015
Joined: 23 August 04 3:17 pm
Twitter: CraigRat
Facebook: http://facebook.com/CraigRat
Location: Launceston, TAS
Contact:

Re: Report Site Issues Here

Post by CraigRat » 16 March 17 7:31 am

There is now a free issuer of SSL certificates (letsencrypt), but it's a bit fiddly to set up (they expire in 3 months and a script mechanism is needed to keep them up to date).

Currently in the too-hard-for-just-now basket, but on the radar.

(I've had chrome warn me in the address bar recently too, doesnt do it all the time though)

User avatar
caughtatwork
Posts: 17015
Joined: 17 May 04 12:11 pm
Location: Melbourne
Contact:

Re: Report Site Issues Here

Post by caughtatwork » 16 March 17 8:53 am

Apart from the password (which you shouldn't be using for any other site), there is no need for SSL. There is nothing secret about passing a request for a cache and the response to the cache coming back unencrypted. It's a level of nanny-ism that shouldn't be tolerated but the tools that are on offer force that upon us.

It's an amount of money per year (probably in the order of $100) and if you forget, well, no site for you. Subdomains need coverage by a wildcard certificate so the wiki and forum would mean we need a wildcard and that's about $400 or so. It's a level of development (that I can't answer) to install and use it.

In it's simplest terms, it's not necessary. Keep your password separate to any other site and as we don't collect CC informarion (PayPal does all of that for us which is why we use it), there is no risk in using this site.

MavEtJu
Posts: 486
Joined: 07 January 15 9:15 pm
Twitter: @mavetju
Location: Caringbah
Contact:

Re: Report Site Issues Here

Post by MavEtJu » 18 March 17 10:36 am

caughtatwork wrote: It's an amount of money per year (probably in the order of $100) and if you forget, well, no site for you. Subdomains need coverage by a wildcard certificate so the wiki and forum would mean we need a wildcard and that's about $400 or so. It's a level of development (that I can't answer) to install and use it.
Let's Encrypt provides certificates for free.

All your other arguments are moot too.

Edwin

User avatar
caughtatwork
Posts: 17015
Joined: 17 May 04 12:11 pm
Location: Melbourne
Contact:

Re: Report Site Issues Here

Post by caughtatwork » 18 March 17 3:36 pm

That requires a skill I don't have, so I'll have to leave that to CR.

MavEtJu
Posts: 486
Joined: 07 January 15 9:15 pm
Twitter: @mavetju
Location: Caringbah
Contact:

Re: Report Site Issues Here

Post by MavEtJu » 18 March 17 8:24 pm

caughtatwork wrote:That requires a skill I don't have, so I'll have to leave that to CR.
Let me know if you need a hand with it.

Edwin

User avatar
caughtatwork
Posts: 17015
Joined: 17 May 04 12:11 pm
Location: Melbourne
Contact:

Re: Report Site Issues Here

Post by caughtatwork » 19 March 17 12:07 pm

Work with CR, please. Background server stuff is all his.

User avatar
mtrax
Posts: 1974
Joined: 19 December 06 9:57 am
Location: Weston Creek, Canberra

Re: Report Site Issues Here

Post by mtrax » 22 March 17 8:09 am

I know there is a problem with forum login, not sure if there is an issue with the Message / inbox feature as well, it doesn't seem to sort by newest, making it difficult to find new messages.

BTW is there a timeline for fixing the forum? its quiet difficult opening forum on mobile devices with the current bug.

User avatar
caughtatwork
Posts: 17015
Joined: 17 May 04 12:11 pm
Location: Melbourne
Contact:

Re: Report Site Issues Here

Post by caughtatwork » 22 March 17 8:32 am

It's all part of the same issue.

Post Reply