Sciencemadness Discussion Board
Not logged in [Login ]
Go To Bottom

Printable Version  
Author: Subject: HTTPS now available
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 10-5-2005 at 18:59
HTTPS now available


It is now possible to access sciencemadness over HTTPS as well as HTTP. The <A HREF="http://www.sciencemadness.org/">main page</A> now has a link enabling HTTPS access to the forum. Unfortunately, the HTTPS connection currently works only for sciencemadness.org, not www.sciencemadness.org. I'll try to figure out how to get that fixed in the near future. Since I generated my own certificate instead of paying for one from a well-known certificate authority, you'll have to put up with a browser warning when using the HTTPS link for the first time at least. Ordinary HTTP access should not be affected.



PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
BromicAcid
International Hazard
*****




Posts: 3246
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline

Mood: Rock n' Roll

[*] posted on 10-5-2005 at 19:04


I just love the certificate information :D

I’ll probably end up using HTTPS access all the time even though I have no paranoia simply because it seems neat, great work Polverone!




Shamelessly plugging my attempts at writing fiction: http://www.robvincent.org
View user's profile Visit user's homepage View All Posts By User
cyclonite4
Hazard to Others
***




Posts: 480
Registered: 16-11-2004
Location: is unknown
Member Is Offline

Mood: Amphoteric

[*] posted on 11-5-2005 at 06:49


It's great we have HTTPS access, I see the funds are going to good use. It wouldnt really matter to me whether I use HTTPS or not, but I might as well because it was payed for (expect some contribution after I have bought my Organic Chem equipment ;)).

Welcome to the forum Madandcrazy, try to clean up on the 'engish' a bit. :)




\"It is dangerous to be right, when your government is wrong.\" - Voltaire
View user's profile View All Posts By User This user has MSN Messenger
denatured
Hazard to Others
***




Posts: 151
Registered: 7-8-2004
Location: -
Member Is Offline

Mood: HCl 50%?

[*] posted on 12-5-2005 at 00:14


What is the difference between https and http?
View user's profile View All Posts By User
neutrino
International Hazard
*****




Posts: 1583
Registered: 20-8-2004
Location: USA
Member Is Offline

Mood: oscillating

[*] posted on 12-5-2005 at 02:26


https is encrypted, http isn't.
View user's profile View All Posts By User
denatured
Hazard to Others
***




Posts: 151
Registered: 7-8-2004
Location: -
Member Is Offline

Mood: HCl 50%?

[*] posted on 12-5-2005 at 12:27


Sorry for the stupid question , but who is the protected one ... the site or the users viewing it?
View user's profile View All Posts By User
Organikum
resurrected
*****




Posts: 2337
Registered: 12-10-2002
Location: Europe
Member Is Offline

Mood: frustrated

[*] posted on 12-5-2005 at 12:51


Did you ever hear of Google? Go and search for HTTP and HTTPS at Google when you have such questions thats really not to much demanded.

/ORG




Irgendwas is ja immer
View user's profile View All Posts By User
cyclonite4
Hazard to Others
***




Posts: 480
Registered: 16-11-2004
Location: is unknown
Member Is Offline

Mood: Amphoteric

[*] posted on 12-5-2005 at 17:24


Organikum, help him a bit more by directing him to this this link ;)



\"It is dangerous to be right, when your government is wrong.\" - Voltaire
View user's profile View All Posts By User This user has MSN Messenger
chemoleo
Biochemicus Energeticus
*****




Posts: 3005
Registered: 23-7-2003
Location: England Germany
Member Is Offline

Mood: crystalline

[*] posted on 12-5-2005 at 17:45


Oh comon.
This isn't scienceharshness board.
I didnt know about it either.
Of course I could look it up. But I could look up one zillion things, and still not know all.
Much easier just to post a quick explanation here, no?

This is predominantly a chem board, so don't expect extraordinary computer literacy here.

Seriously, chill. I don't like the harsh tone that's sprung up here lately. Nor do I like the increasing amount of bullshitting/pointless posts here of late.

[Edited on 13-5-2005 by chemoleo]




Never Stop to Begin, and Never Begin to Stop...
Tolerance is good. But not with the intolerant! (Wilhelm Busch)
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 12-5-2005 at 18:10
some explanation


Here's more or less what I sent Chemoleo when he asked about HTTPS:

Using HTTPS means that the traffic between the server and your computer is encrypted. This means that nobody can see exactly what you read or post by looking at the packets being sent back and forth between your computer and the server. Of course it's still possible to see what you're doing if the security of your computer or the server is compromised: HTTPS protects only the information in transit. It is also possible for an outsider to see that your computer is communicating with the sciencemadness server, though the outsider will not know the contents of those communications.

Why bother with encryption? The US National Security Agency in cooperation with Australian, Canadian, and UKian intelligence/security services monitored international telephone and telegraph communications over satellite links and cables for many years. The monitoring was often with the direct and secret collaboration of the communications providers, even when such activity was officially illegal (the laws in the US, at least, have changed to legitimize it now). Similar activity probably continues today. See The Puzzle Palace for further details about the historical arrangements, or try searches like "Echelon" or "UKUSA agreement" on your favorite search engine. It's a natural extension to imagine that they now monitor internet traffic by special arrangement with the major Internet backbone providers. Although it seems unlikely that national security services would care about what people post here, the idea that monitoring may occur is enough to make some people itch for encryption. With strong encryption like that now offered here, it's impossible for the NSA or any other party to lazily intercept and scan the communications between the sciencemadness server and your PC. If a security or law enforcement agency cared enough to target sciencemadness, they could easily compel Micfo to grant them access to the server. Encryption protects us only against opportunistic communications intelligence, because I don't have full control over the server or the PCs connecting to it.

HTTPS does not hide your IP address. HTTPS does not make your U2U messages any more secure on the server. It will protect information in transit against snooping by the rare dedicated hacker or the (likely far more common) automatic information scanning-and-pattern-matching tools used by governments. I am always happy to throw a few grains of sand in the gears of surveillance machinery, so I have enabled HTTPS access for this site. It's a tiny gesture, but better than nothing.

Edit: if you search for echelon and "UKUSA agreement" as I have suggested, you may stumble across some wildly speculative pages. Be wary if the author is trying to warn you about UFOs and mind control as well as spy agencies. Although the system that people call echelon attracts a certain amount of kook-speculation, I am sure that the basic technology is quite real and in active use.

[Edited on 5-13-2005 by Polverone]




PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
Madandcrazy
Hazard to Others
***




Posts: 117
Registered: 11-5-2005
Member Is Offline

Mood: annoyed

[*] posted on 26-5-2005 at 06:33


HTTPS traffic can be a filter for paged links
which spaming out your informations which you typed in.

It is my opinion too, it is a seriously chem board, no dicussion for internet security.

Advisable, using a separat browser or computer for the certificate informations ;).
View user's profile View All Posts By User
wa gwan
Harmless
*




Posts: 37
Registered: 15-4-2005
Member Is Offline

Mood: No Mood

[*] posted on 26-5-2005 at 11:04
More sand in the gears


Anyone interested in protecting their anonymity and security online should also consider using JAP
, or Tor in combination with Privoxy.
The Jap servers act as a proxy fetching pages on your behalf (the target site will see Japs IP requesting the pages not yours) and provides encryption between your machine and their servers, so your ISP can't see the content of the traffic to-and-fro nor it's destination and origin.

Tor in combination with Privoxy is essentially the same thing except each program performs the functions seperately, Privoxy acting as the proxy and Tor acting as the encrypted 'mix'. Both programs can be used independently.

Jap can be used in combination with Tor for the really paranoid. :)
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 7-4-2006 at 11:38


Quote:
Originally posted by Polverone
Why bother with encryption? The US National Security Agency in cooperation with Australian, Canadian, and UKian intelligence/security services monitored international telephone and telegraph communications over satellite links and cables for many years. The monitoring was often with the direct and secret collaboration of the communications providers, even when such activity was officially illegal (the laws in the US, at least, have changed to legitimize it now). Similar activity probably continues today. See The Puzzle Palace for further details about the historical arrangements, or try searches like "Echelon" or "UKUSA agreement" on your favorite search engine. It's a natural extension to imagine that they now monitor internet traffic by special arrangement with the major Internet backbone providers. Although it seems unlikely that national security services would care about what people post here, the idea that monitoring may occur is enough to make some people itch for encryption. With strong encryption like that now offered here, it's impossible for the NSA or any other party to lazily intercept and scan the communications between the sciencemadness server and your PC.

Nearly a year ago, when I wrote these words, I felt a little embarassed almost immediately afterward. It would take a massive technical effort to process backbone internet traffic wholesale and would be illegal too. I was just letting my imagination run wild, right? Maybe not. I'm happier today than I have ever been before that I paid the few extra dollars it took to offer SSL on this site.




PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
wa gwan
Harmless
*




Posts: 37
Registered: 15-4-2005
Member Is Offline

Mood: No Mood

[*] posted on 8-4-2006 at 12:36


Most times I'm trying to find something on this site I search google for it because the site search engine isn't very good. And often I click on the links google gives me without thinking. The google links are all http not https. All your search engine traffic is coming in unencrypted.

Thats OK (for me) because I always torify my connection so it doesn't matter if I browse this site with or without SSL. My ISP can't see a damn thing not even the web addresses and my IP can't be lifted from a log should a site/server be compromised.
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 3-5-2006 at 22:39
SSL cert is being changed


Our certificate is about to expire and I'm generating a new one. Do not be alarmed by the new certificate.



PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
Mason_Grand_ANNdrews
Hazard to Self
**




Posts: 63
Registered: 19-1-2006
Location: New Berlin City !!
Member Is Offline

Mood: crabby

[*] posted on 15-7-2006 at 11:11


I`ve a comment to the HTTPS. Some days ago i tried to download a attachment. The attachment could be downloaded in unencrypted connection only. I don`t know what the reasons are ?
View user's profile View All Posts By User

  Go To Top