Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
HTTPS now available
It is now possible to access sciencemadness over HTTPS as well as HTTP. The <A HREF="http://www.sciencemadness.org/">main
page</A> now has a link enabling HTTPS access to the forum. Unfortunately, the HTTPS connection currently works only for sciencemadness.org, not
www.sciencemadness.org. I'll try to figure out how to get that fixed in the near future. Since I generated my own certificate instead of
paying for one from a well-known certificate authority, you'll have to put up with a browser warning when using the HTTPS link for the first time
at least. Ordinary HTTP access should not be affected.
PGP Key and corresponding e-mail address
|
|
|
BromicAcid
International Hazard
Posts: 3246
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline
Mood: Rock n' Roll
|
|
I just love the certificate information 
I’ll probably end up using HTTPS access all the time even though I have no paranoia simply because it seems neat, great work Polverone!
|
|
|
cyclonite4
Hazard to Others
Posts: 480
Registered: 16-11-2004
Location: is unknown
Member Is Offline
Mood: Amphoteric
|
|
It's great we have HTTPS access, I see the funds are going to good use. It wouldnt really matter to me whether I use HTTPS or not, but I might as
well because it was payed for (expect some contribution after I have bought my Organic Chem equipment  ).
Welcome to the forum Madandcrazy, try to clean up on the 'engish' a bit. 
\"It is dangerous to be right, when your government is wrong.\" - Voltaire
|
|
|
denatured
Hazard to Others
Posts: 151
Registered: 7-8-2004
Location: -
Member Is Offline
Mood: HCl 50%?
|
|
What is the difference between https and http?
|
|
|
neutrino
International Hazard
Posts: 1583
Registered: 20-8-2004
Location: USA
Member Is Offline
Mood: oscillating
|
|
https is encrypted, http isn't.
|
|
|
denatured
Hazard to Others
Posts: 151
Registered: 7-8-2004
Location: -
Member Is Offline
Mood: HCl 50%?
|
|
Sorry for the stupid question , but who is the protected one ... the site or the users viewing it?
|
|
|
Organikum
resurrected
Posts: 2337
Registered: 12-10-2002
Location: Europe
Member Is Offline
Mood: frustrated
|
|
Did you ever hear of Google? Go and search for HTTP and HTTPS at Google when you have such questions thats really not to much demanded.
/ORG
|
|
|
cyclonite4
Hazard to Others
Posts: 480
Registered: 16-11-2004
Location: is unknown
Member Is Offline
Mood: Amphoteric
|
|
Organikum, help him a bit more by directing him to this this link
\"It is dangerous to be right, when your government is wrong.\" - Voltaire
|
|
|
chemoleo
Biochemicus Energeticus
Posts: 3005
Registered: 23-7-2003
Location: England Germany
Member Is Offline
Mood: crystalline
|
|
Oh comon.
This isn't scienceharshness board.
I didnt know about it either.
Of course I could look it up. But I could look up one zillion things, and still not know all.
Much easier just to post a quick explanation here, no?
This is predominantly a chem board, so don't expect extraordinary computer literacy here.
Seriously, chill. I don't like the harsh tone that's sprung up here lately. Nor do I like the increasing amount of bullshitting/pointless
posts here of late.
[Edited on 13-5-2005 by chemoleo]
Never Stop to Begin, and Never Begin to Stop...
Tolerance is good. But not with the intolerant! (Wilhelm Busch)
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
some explanation
Here's more or less what I sent Chemoleo when he asked about HTTPS:
Using HTTPS means that the traffic between the server and your computer is encrypted. This means that nobody can see exactly what you read or post by
looking at the packets being sent back and forth between your computer and the server. Of course it's still possible to see what you're
doing if the security of your computer or the server is compromised: HTTPS protects only the information in transit. It is also possible for an
outsider to see that your computer is communicating with the sciencemadness server, though the outsider will not know the contents of those
communications.
Why bother with encryption? The US National Security Agency in cooperation with Australian, Canadian, and UKian intelligence/security services
monitored international telephone and telegraph communications over satellite links and cables for many years. The monitoring was often with the
direct and secret collaboration of the communications providers, even when such activity was officially illegal (the laws in the US, at least, have
changed to legitimize it now). Similar activity probably continues today. See The Puzzle Palace for further details about the historical
arrangements, or try searches like "Echelon" or "UKUSA agreement" on your favorite search engine. It's a natural extension to
imagine that they now monitor internet traffic by special arrangement with the major Internet backbone providers. Although it seems unlikely that
national security services would care about what people post here, the idea that monitoring may occur is enough to make some people itch for
encryption. With strong encryption like that now offered here, it's impossible for the NSA or any other party to lazily intercept and scan the
communications between the sciencemadness server and your PC. If a security or law enforcement agency cared enough to target sciencemadness, they
could easily compel Micfo to grant them access to the server. Encryption protects us only against opportunistic communications intelligence, because I
don't have full control over the server or the PCs connecting to it.
HTTPS does not hide your IP address. HTTPS does not make your U2U messages any more secure on the server. It will protect information in transit
against snooping by the rare dedicated hacker or the (likely far more common) automatic information scanning-and-pattern-matching tools used by
governments. I am always happy to throw a few grains of sand in the gears of surveillance machinery, so I have enabled HTTPS access for this site.
It's a tiny gesture, but better than nothing.
Edit: if you search for echelon and "UKUSA agreement" as I have suggested, you may stumble across some wildly speculative pages. Be wary if
the author is trying to warn you about UFOs and mind control as well as spy agencies. Although the system that people call echelon attracts a certain
amount of kook-speculation, I am sure that the basic technology is quite real and in active use.
[Edited on 5-13-2005 by Polverone]
PGP Key and corresponding e-mail address
|
|
|
Madandcrazy
Hazard to Others
Posts: 117
Registered: 11-5-2005
Member Is Offline
Mood: annoyed
|
|
HTTPS traffic can be a filter for paged links
which spaming out your informations which you typed in.
It is my opinion too, it is a seriously chem board, no dicussion for internet security.
Advisable, using a separat browser or computer for the certificate informations .
|
|
|
wa gwan
Harmless
Posts: 37
Registered: 15-4-2005
Member Is Offline
Mood: No Mood
|
|
More sand in the gears
Anyone interested in protecting their anonymity and security online should also consider using JAP
, or Tor in combination with Privoxy.
The Jap servers act as a proxy fetching pages on your behalf (the target site will see Japs IP requesting the pages not yours) and provides encryption
between your machine and their servers, so your ISP can't see the content of the traffic to-and-fro nor it's destination and origin.
Tor in combination with Privoxy is essentially the same thing except each program performs the functions seperately, Privoxy acting as the proxy and
Tor acting as the encrypted 'mix'. Both programs can be used independently.
Jap can be used in combination with Tor for the really paranoid.
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
| Quote: | Originally posted by Polverone
Why bother with encryption? The US National Security Agency in cooperation with Australian, Canadian, and UKian intelligence/security services
monitored international telephone and telegraph communications over satellite links and cables for many years. The monitoring was often with the
direct and secret collaboration of the communications providers, even when such activity was officially illegal (the laws in the US, at least, have
changed to legitimize it now). Similar activity probably continues today. See The Puzzle Palace for further details about the historical
arrangements, or try searches like "Echelon" or "UKUSA agreement" on your favorite search engine. It's a natural extension to imagine that they now
monitor internet traffic by special arrangement with the major Internet backbone providers. Although it seems unlikely that national security services
would care about what people post here, the idea that monitoring may occur is enough to make some people itch for encryption. With strong encryption
like that now offered here, it's impossible for the NSA or any other party to lazily intercept and scan the communications between the sciencemadness
server and your PC. |
Nearly a year ago, when I wrote these words, I felt a little embarassed almost immediately afterward. It would take a massive technical effort to
process backbone internet traffic wholesale and would be illegal too. I was just letting my imagination run wild, right? Maybe not. I'm happier today than I have ever been before that I paid the few extra dollars it took to offer SSL on this site.
PGP Key and corresponding e-mail address
|
|
|
wa gwan
Harmless
Posts: 37
Registered: 15-4-2005
Member Is Offline
Mood: No Mood
|
|
Most times I'm trying to find something on this site I search google for it because the site search engine isn't very good. And often I click on the
links google gives me without thinking. The google links are all http not https. All your search engine traffic is coming in unencrypted.
Thats OK (for me) because I always torify my connection so it doesn't matter if I browse this site with or without SSL. My ISP can't see a damn thing
not even the web addresses and my IP can't be lifted from a log should a site/server be compromised.
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
SSL cert is being changed
Our certificate is about to expire and I'm generating a new one. Do not be alarmed by the new certificate.
PGP Key and corresponding e-mail address
|
|
|
Mason_Grand_ANNdrews
Hazard to Self
Posts: 63
Registered: 19-1-2006
Location: New Berlin City !!
Member Is Offline
Mood: crabby
|
|
I`ve a comment to the HTTPS. Some days ago i tried to download a attachment. The attachment could be downloaded in unencrypted connection only. I
don`t know what the reasons are ?
|
|
|
![[*]](images/xpblue/default_icon.gif){kind=icon}
