Korg Forums Forum Index Korg Forums
A forum for Korg product users and musicians around the world.
Moderated Independently.
Owned by Irish Acts Recording Studio & hosted by KORG USA
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

HTTPS please!

 
Post new topic   Reply to topic    Korg Forums Forum Index -> Testing This Forum
View previous topic :: View next topic  
Author Message
scippie



Joined: 29 Sep 2022
Posts: 14

PostPosted: Thu Sep 29, 2022 7:24 am    Post subject: HTTPS please! Reply with quote

Before I post anything, I just want to notify you of the bad security on this website.
There are a lot of posts about this already and I am adding one in the hopes that the person who can do something about it changes it.

Please enable HTTPS, SSL. You can get a free certificate from Let's Encrypt: https://letsencrypt.org/

Another post already showed how outdated the server is. All our e-mail addresses and passwords are for grabs. Because of this, I registered with a specific e-mail address only for this forum and with a password I never use anywhere else.

Please...
Back to top
View user's profile Send private message
Sharp
Site Admin


Joined: 02 Jan 2002
Posts: 18197
Location: Ireland

PostPosted: Fri Sep 30, 2022 11:43 am    Post subject: Reply with quote

Not so easy. This site has no income whatsoever and there’s other complications. I paid of all the costs directly out of my own pocket for the first 10 years or so, but we have grown so big that a dedicated server was needed eventually. Which as of now, KORG USA have provided free of charge, but I’ve no access to it at any meaningful level to even install an SSL cert.

Even if I did, that’s still not the answer to securing the site’s future as I’ve been warned already by KORG that the hardware is getting VERY old.

In truth, we need our own dedicated server from an actual real hosting company. Such things cost money and given I run this site for free, the only way I can ever have a dedicated server from a real hosting company is if I pay for it out of my own pocket.

Then the question is, why should I. I’ve said enough to KORG directly to know that they don’t care what happens to this site.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
scippie



Joined: 29 Sep 2022
Posts: 14

PostPosted: Fri Sep 30, 2022 11:52 am    Post subject: Reply with quote

Ahhh... enough said then. How terrible.
I've been a webmaster of a big community (poetry and story writing) for 10 years and payed for everything. I started asking donations and almost nobody gave any. After trying for years I stopped working hard to pay and maintain a great website everybody loved but didn't want to pay for.

Thanks for keeping this one up despite Korg's disinterest.
Back to top
View user's profile Send private message
Derek Cook
Approved Merchant
Approved Merchant


Joined: 20 Jul 2014
Posts: 1279
Location: Wales, UK

PostPosted: Fri Sep 30, 2022 6:50 pm    Post subject: Reply with quote

I think the first question would be, why do you need SSL on a site like this (and I do not mean that in a disparaging way)? What benefit would an SSL session provide me? Does it make me secure given that the information I post on the site is public, and what risk does my profile information expose me to if hacked because the connection is not encrypted?

I mean

  • It is a forum about synthesisers
  • I have a unique logon password, but if hacked it only means somebody can pretend to me on this forum.If anybody uses the same password on this forum as they do their bank, then more fool them.
  • I have no details stored on this site that would cause me a problem if hacked (i.e. no financial details)
  • People may know that I have one or more Korg synths as a result of being on here, but so what? If somebody stranger visits my house and happens to see my studio, then they will know that as well


So based on that, why would an SSL cert make the site any more secure to users (and I speak of somebody who has applied SSL to my own sites)?

The question should be more along the lines of "why are the major browsers forcing SSL on sites like this where (in my opinion) there is very little benefit and very little risk removed?

It is like as a developer, I have been basically been forced to pay companies like Apple and Microsoft about $100 a year for the privilege of code signing certificates that prove that the code has come from me. Maybe that gives some users some confidence, but I have never been in the business of adding malware to my code, so the net benefit to users of my software is zero, but it costs me money that so far I am absorbing.
_________________
Derek Cook - Java Developer



Follow kronos.factory development and submit ideas over at the kronos.factory Trello Board

My Echoes Music Website
My Carreg Ddu Music Website
Back to top
View user's profile Send private message Visit poster's website
scippie



Joined: 29 Sep 2022
Posts: 14

PostPosted: Fri Sep 30, 2022 7:13 pm    Post subject: Reply with quote

You... just like me, are aware of all that, you... just like me uses a login just for this site, you... just like me, don't share personal information that could be abused. I'm a developer too and I hate that I can't release a simple executable anymore without paying money to make sure people dare to use it.

But these days, most people still use the same passwords on all their sites, they need to be protected because they don't understand why it's important. Not because they're dumb, but because they simply want to use the internet as a tool, not create stuff for it. People start all kinds of executables without hesitation. People also still make friends online and share information after feeling they can trust someone and then get abused somehow.

Yes, you're right, on a simple forum like this, what can be so important, but however small the detail, people should be able to trust a website for making things that little bit more secure for them.

And it's not even about the passwords alone. Simply stealing the e-mail address is enough to send a huge amount of SPAM e-mails to that address, or even phishing mails. I want my e-mail address to be as private as possible. That's why I made one address specifically for this forum, so that if it gets spammed too much, I can remove it.

And I do agree: it's only about synthesizers, but still, every detail should count, however small. I actually mind that even one little detail could arrive in wrong hands. You can never really prevent that from happening, but every effort helps. When adding protection costs money, you must weigh the pro's and con's but adding SSL is free now. You can get a free certificated from Letsencrypt and they provide tools to automate the process.

But I agree on the Microsoft and Apple statement. I have been there too.

But all that aside, this website runs on a very old machine with old software and the webmaster has no control over it while the owners don't care. They might even shut it down tomorrow without any notice in advance. So it doesn't matter what some of us would like or want anyway.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Korg Forums Forum Index -> Testing This Forum All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group