Jump to content
Have You Played Atari Today?
2600|5200|7800|Lynx|Jaguar|Forums|Store
IGNORED

BitsofthePast website is down

Dropcheck

By Dropcheck
in Atari 8-Bit Computers

 Share

Recommended Posts

Dropcheck Stargunner

Dropcheck

Posted
Posted

FYI:

 

Somehow I managed to nuke the website while doing maintenance today. I'm now in the process of reinstalling from a back up. It may take some time to get everything back up and working though.

 

For those who have ordered either the ECI2PBI or XF551 I had printed out the invoices a day or so ago. So don't worry. I also have the Paypal info to fall back on if needed.

 

I'll post an update when the site is functioning again, until then it's anybody's guess what you'll see when you access the site. Might be entertaining. :(

Link to comment
Share on other sites
_The Doctor__ Quadrunner

_The Doctor__

Posted
Posted (edited)

oh noes, I've done that before... it taught me something I still have trouble with today.... keeping duplicate of last rendition... Sure hope a backup is hiding somewhere... very hopeful it won't be too hard to repair......with little loss of hair!

Edited by _The Doctor__
Link to comment
Share on other sites
Dropcheck Stargunner

Dropcheck

Posted
  • Author
Posted (edited)

Did your keyboard move on you again? :) :-D

 

James

 

:) No...... I committed the unpardonable sin of trying to add additional features to the domain. In the process I decided to clean up odds and ends from previous failed efforts.

 

Who needs that orphaned database? Zap! Who needs that other orphaned database? Zap! Oh.... what's this.... an uninstall script to totally remove that failed wordpress install? Okay..... now we're cooking. Why am I still seeing both versions? It should have updated by now. Maybe I didn't press hard enough on the mouse button. There...... now. What????? WTF????!!!!! :skull: :mad:

 

 

Sometimes it's best to leave well enough alone..... :( Four hours later I was finally back up and running. The website isn't as up to date as I'd like. Some posts are missing. But I've decided I've had enough messing with it today. :twisted: :)

 

But maybe you're right the keyboard/mouse did move on me. ;)

Edited by Dropcheck
  • Like 4
Link to comment
Share on other sites
Timothy Kline Moonsweeper

Timothy Kline

Posted
Posted

 

:) No...... I committed the unpardonable sin of trying to add additional features to the domain. In the process I decided to clean up odds and ends from previous failed efforts.

 

Who needs that orphaned database? Zap! Who needs that other orphaned database? Zap! Oh.... what's this.... an uninstall script to totally remove that failed wordpress install? Okay..... now we're cooking. Why am I still seeing both versions? It should have updated by now. Maybe I didn't press hard enough on the mouse button. There...... now. What????? WTF????!!!!! :skull: :mad:

 

There's a certain sick comfort in my seeing that I am not the only one to do this same thing, except in my case I've done it twice in my life: one with one of my own sites, and the other time when I inadvertently took out one of my client's online stores. That last one was a doozy, because I found out that the daily backup I thought had been going on didn't exist because I never set it back up when I switched from a virtual host over to my own dedicated hosting server. That was the worst 72 hours of my 20+ years as a webmaster and hosting provider as I had to rebuild their store almost from scratch. Ugh!

 

Not to suggest your sudden panic level as you realized what happened didn't nearly lead to your head exploding, too.

 

Happy to hear you got yourself back up and going again, Dropcheck! Site management is not for the weak-of-heart. :-o

 

--Tim

  • Like 2
Link to comment
Share on other sites
David_P Stargunner

+David_P

Posted
Posted

You mean like when your main system's main drive, with all those photos you were planning to back up sometime soon stops and refuses to start in any machine?

 

...hence why I now have everything on the computer automatically backed up to the NAS as well, which is automatically backed up to the cloud...

  • Like 2
Link to comment
Share on other sites
  • 1 month later...
_The Doctor__ Quadrunner

_The Doctor__

Posted
Posted (edited)

firefox update breaks the site for me again.... can't see the product price boxes floating... and of course certificate expired warnings and refusals..... they are keeping us so safe we can't do anything! way to go Mozilla!

 

fire fox locks the site out completely if you click on anything.... my lord we gotta blow the browsers up!

Edited by _The Doctor__
Link to comment
Share on other sites
Mclaneinc Quadrunner

Mclaneinc

Posted
Posted (edited)

Yup, borked here too for same reasons....IE says

 

 

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website.

 

 

---------------------------------------------

 

I'd remove the buying section for the moment as seeing that as a would be customer might scare the bejesus out of you and give the impression its a scammers site..

 

Regulars will of course know its a problem with the site and you are a great guy and no scammer but its not complimentary when IE says that :)

 

Best of luck

 

Paul..

Edited by Mclaneinc
Link to comment
Share on other sites
Madi Moonsweeper

Madi

Posted
Posted

Yup, borked here too for same reasons....IE says

 

 

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website.

 

 

Best of luck

 

Paul..

 

post-37046-0-43397900-1489672844_thumb.png

 

madi

Link to comment
Share on other sites
Dropcheck Stargunner

Dropcheck

Posted
  • Author
Posted

Yup, borked here too for same reasons....IE says

 

 

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website.

 

 

---------------------------------------------

 

I'd remove the buying section for the moment as seeing that as a would be customer might scare the bejesus out of you and give the impression its a scammers site..

 

Regulars will of course know its a problem with the site and you are a great guy and no scammer but its not complimentary when IE says that :)

 

Best of luck

 

Paul..

 

Some information on the concern and my thoughts...... Such as they are. :)

 

The SSL certificate issue is becoming more and more a scam perpetrated by forces wanting to monetize the world wild web. I know this sounds like one of those conspiracy fire-breathing screamers. But there is no protection that the 'certificate' offers a visitor against fraud or deception. That is up to the website owner's own integrity. The CA authority is not going to get involved in squabbles between customer and seller, nor are they going to manually investigate the veracity of the website. The level of 'certificate' that turns your address bar green and gives you a locked graphic is simply an automated WHOIS lookup with encryption in transition. It does nothing for the security at the beginning point or ending point of the communication session. :(

 

The CA authority that had been providing me with a free year long SSL DV level certification was informed by Google and Firefox that their browsers would no longer accept their SSL certificates in October, with an effective date of Jan this year. When I did a search for other CA authorities that offered free SSL DV certificates, I ran across numerous indications that those browser providers were pressuring and rejecting other CA authorities free SSL certificates or demanding changes in their offering which effectively kill the free part of the equation. Right now the longest I can get a free SSL certificate is 90 days. Hardly worth it. :thumbsdown:

 

Now if I am willing to pay $80+ per year for an SSL DV level certificate I can lease one for a year. But again that provides nothing but an automated WHOIS lookup with encryption during the session. If I was really processing payment information, then the need for secure communication is justified. But I am not.

 

Some hosting sites do provide a free SSL DV certificate as part of the hosting plan, but that requires moving to their servers and taking a chance on their service level. And for how long? When I first started with GoDaddy, six/seven years ago they offered free SSL DV level certificates as part of the hosting plan. They stopped doing that a little over a year ago, deciding to charge now for what had been included in their web commerce hosting plans. :(

 

If I was really doing something nefarious on my site, I could understand the caution. But the warning is a broad brush with no attempt to really check if the website is even valid, much less actually check for wrong doing. The certificate I have is for bitsofthepast.com. My hosting provider can list the site as that or www.bitsofthepast.com. They are the same, but not as far as the browsers are concerned. The browsers are not smart enough to know there is no difference and they yell like the kid yelling fire in the theater when there is not even an ember, much less any smoke. :?

 

It is fear mongering, to try and force hapless small website owners into shelling out tens and hundreds of dollars to 3rd parties to project a security that doesn't really exist or in most small ecommerce sites is needed. Most small ecommerce website owners like me don't do their own payment processing. Once we have the billing and shipping address to verify with the payment processor and figure the order cost with shipping we throw that info to a 3rd party payment processor, like Paypal to finalize the actual payment. That's where the real encryption security is and should be.

 

If you in fact cannot create an exception in your browser for websites you know to be benign, then that is a red flag for the browser. It's in control of your browsing, not you. ;)

 

As far as the price box issue, I fear that is a problem with the age of the software plugin that allows that on the website. It's creaking along at four years old now. Old age for the internet. I am working on updating the site. I just don't want to drop a grenade into the works and lose my database. I could just turn off the plugin though. :)

Link to comment
Share on other sites
Dropcheck Stargunner

Dropcheck

Posted
  • Author
Posted

Still, for a normal user, such security certificate worming (on an empty page with red triangle Alert) is most likely will discourage him from entering the site.

This may directly/indirectly affects sales.

 

madi

 

That is the hammer the browser is using. To force compliance to an arbitrary demand. :(

 

I'm not saying it's not effective. :)

  • Like 1
Link to comment
Share on other sites
Mclaneinc Quadrunner

Mclaneinc

Posted
Posted (edited)

Hi Dropcheck,

 

Re the whole web commerce thing, indeed, the con is on as they say, its a license to print money and making low turnover sites struggle to stay on a level playing field, I myself don't do any of this stuff but I'm pretty sure the merits of having said certificate are pretty much superficial in the way of things and just gloss of an illusion of credibility but all I'm saying is that would be new buyers and we want those in spades, seeing suggestions of scams on MS's cash cow system browser will put off people. Oddly I was at he bank today and they were doing a huge Fraud Awareness scheme and customers were being lectured in 'how to be safe' so I asked who they were hoping to target with this advice and was told, the young and new to online purchases etc and I happily told the lady that they were missing the real issue, the main target being the elderly being forced in to online banking etc who have almost ZERO clue about any of it let alone, fire walls, anti virus, phishing scam etc etc, they get picked off in all types of fraud daily and the banks let them down.

 

The point being that the banks who rake it in roll out the same sort of 'peace of mind' BS a bit like the certificates in question and yet neither actually safeguards anyone truthfully...

 

 

 

Paul.

Edited by Mclaneinc
  • Like 2
Link to comment
Share on other sites
_The Doctor__ Quadrunner

_The Doctor__

Posted
Posted (edited)

damn it I am getting told by longtime friends that their private self certificates are being rejected now as wtf the web locked down?

 

why can't we just run encryption without the damn certificate intermediary?

 

 

Is it possible to set up your own ssl server and have ocsp check your own server? not someone elses? and then your own CA...... I remember vaguely that open SSL did such a thing

 

https://www.openca.org/

 

https://www.openssl.org/

 

between these two things you may finally lick these problems...

Edited by _The Doctor__
  • Like 1
Link to comment
Share on other sites
_The Doctor__ Quadrunner

_The Doctor__

Posted
Posted

http://www.ibm.com/developerworks/lotus/library/ls-Certification_Authority/index.html

 

is an old explanation of what was needed years ago to satisfy a project not sure it still holds true but you can get some ideas at least... to help get an idea when looking at the current crop of crap...

Link to comment
Share on other sites
kheller2 River Patroller

+kheller2

Posted
Posted

The CN on the certificate is for bitsofthepast.com, not www.bitsofthepast.com. To have both, you typically need a SAN cert that lists out all the Subject Alternative Names (like www).

A sad way to quickly fix this is to not redirect your Top Level Domain to www. Or, redirect www to your TLD. Or just procure the cert with the right CN to begin with.

 

And yes, certs just "verify" that who you are connecting to is who they say they are. Little green URL bars, and other fancy icons are typically granted/generated based upon one's ability to pass certain security measures related only to the SSL connection itself... do you get an A+ from Qualsys/SSL Labs, for example because you aren't using SSLv3, TLS1.0 with a beast exploit, SHA1, blah blah.

 

Btw, you pass just fine on the CVE lists:

Heartbleed (CVE-2014-0160) not vulnerable (OK), timed out

CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 6/9 ciphers)
DROWN (2016-0800, CVE-2016-0703) not vulnerable on this port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) TLS1: DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA
AES128-SHA DHE-RSA-AES128-SHA AES256-SHA
DHE-RSA-AES256-SHA CAMELLIA128-SHA DHE-RSA-CAMELLIA128-SHA
CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-DES-CBC3-SHA
ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA
VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
And yes, there is a push to remove the "free" providers as it were, be it because of a security concern or what not. Some folks might be upset if a trusted free SSL provider granted me a cert for www.atariage.com. So there are some concerns at the moment in some circles about who to trust for validation of said certs.
But I digress.
  • Like 2
Link to comment
Share on other sites
gozar Stargunner

gozar

Posted
Posted

 

The CA authority that had been providing me with a free year long SSL DV level certification was informed by Google and Firefox that their browsers would no longer accept their SSL certificates in October, with an effective date of Jan this year. When I did a search for other CA authorities that offered free SSL DV certificates, I ran across numerous indications that those browser providers were pressuring and rejecting other CA authorities free SSL certificates or demanding changes in their offering which effectively kill the free part of the equation. Right now the longest I can get a free SSL certificate is 90 days. Hardly worth it. :thumbsdown:

 

StartSSL was banned for good reason. They were back dating certificates and issuing certificates for companies they shouldn't have been.

 

For free, there are two options:

 

1) Cloudflare - You put Cloudflare in front of your website, and they offer SSL and IPv6. Problem is that traffic from Cloudflare to your site is unencrypted, but all traffic from Cloudflare to visitors is. For your website, this would probably be fine. Paypal's SSL takes over when the real information gets transferred.

 

2) Let's Encrypt - Sounds like you've looked at this. The 90 day expiration isn't a big deal since Let's Encrypt is designed to automatically update the certificates for you. That works if you have shell access and can run a cron job.

  • Like 1
Link to comment
Share on other sites
  • 5 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
AtariAge
Forums
Store
General
Follow AtariAge

Copyright ©1998-2023 AtariAge

×
×
  • Create New...