Go Back    Forum > Featured > General Discussion

Reply
 
LinkBack Thread Tools
  #1  
08-22-2022, 05:23 AM
lordsmurf's Avatar
lordsmurf lordsmurf is online now
Site Staff | Video
 
Join Date: Dec 2002
Posts: 12,164
Thanked 2,247 Times in 1,930 Posts
The latest Chrome update broke the site, send it into an infinite loading loop. Google really sucks at SSL/https, and this latest attempt to force sites to use SSL, and break the sites, proves it beyond a doubt.

Anyway, SSL added (it will be messy for many more days).

Testing attachment function:

gargamel-avatar289606.jpg



- Did my advice help you? Then become a Premium Member and support this site.
- For sale in the marketplace: TBCs, workflows, capture cards, VCRs
Reply With Quote
The following users thank lordsmurf for this useful post: BarryTheCrab (08-22-2022)
Someday, 12:01 PM
admin's Avatar
Ads / Sponsors
 
Join Date: ∞
Posts: 42
Thanks: ∞
Thanked 42 Times in 42 Posts
  #2  
08-22-2022, 08:07 AM
hodgey hodgey is offline
Free Member
 
Join Date: Dec 2017
Location: Norway
Posts: 1,472
Thanked 404 Times in 344 Posts
test test

posting using the non-https site seems bugged now? at least on firefox

My Video gear overview/test/repair/stuff yt channel http://youtu.be/cEyfegqQ9TU
Reply With Quote
  #3  
08-22-2022, 08:16 AM
admin's Avatar
admin admin is offline
Site Staff | Web Development
 
Join Date: Jul 2003
Posts: 4,334
Thanked 641 Times in 453 Posts
The latest Chrome update is having a fit with the site. Chrome is becoming a POS lately.

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
  #4  
08-22-2022, 11:56 AM
RobustReviews RobustReviews is offline
Free Member
 
Join Date: Oct 2020
Location: London - UK
Posts: 569
Thanked 86 Times in 75 Posts
At last!

I would recommend you set the Cloudflare up properly though, there are a few things that still aren't set up properly and it's pretty easy to 'jump over' the CF with moderate determination.

There's also an open goal somewhere on this site too.

PM if you want to discuss.
Reply With Quote
  #5  
08-22-2022, 12:05 PM
lordsmurf's Avatar
lordsmurf lordsmurf is online now
Site Staff | Video
 
Join Date: Dec 2002
Posts: 12,164
Thanked 2,247 Times in 1,930 Posts
Quote:
Originally Posted by RobustReviews View Post
At last!

I would recommend you set the Cloudflare up properly though, there are a few things that still aren't set up properly and it's pretty easy to 'jump over' the CF with moderate determination.

There's also an open goal somewhere on this site too.

PM if you want to discuss.
As has been discussed before, this isn't simple, and some stuff may have to remain broken until the new site is ready. vBulletin core, for example, predates modern SSL, and is a b!tch to get working.

Chrome forced this BS about 3 days ago. Ironically, the site is probably less secure now, not more, because of all the workarounds. Which is also why it was not attempted in the past.

https/SSL isn't what people think it is. They see a pretty padlock, and assume it's "secure" (whatever that means). Ridiculous.

CloudFlare is setup properly. It's not the problem.

I don't know what "open goal" means. Please clarify.

- Did my advice help you? Then become a Premium Member and support this site.
- For sale in the marketplace: TBCs, workflows, capture cards, VCRs
Reply With Quote
  #6  
08-22-2022, 12:13 PM
RobustReviews RobustReviews is offline
Free Member
 
Join Date: Oct 2020
Location: London - UK
Posts: 569
Thanked 86 Times in 75 Posts
Quote:
Originally Posted by lordsmurf View Post
As has been discussed before, this isn't simple, and some stuff may have to remain broken until the new site is ready. vBulletin core, for example, predates modern SSL, and is a b!tch to get working.

Chrome forced this BS about 3 days ago. Ironically, the site is probably less secure now, not more, because of all the workarounds. Which is also why it was not attempted in the past.

https/SSL isn't what people think it is. They see a pretty padlock, and assume it's "secure" (whatever that means). Ridiculous.

CloudFlare is setup properly. It's not the problem.

I don't know what "open goal" means. Please clarify.
I'm more than aware of the purpose of SSL, don't conflate what I'm trying to gently tell you with thinking a padlock makes a site secure. As I said previously the purpose for a site like this SSL is more of an SEO tool than anything else.

I think you forget there are a lot of posters here with a lot of skills and interests, we are not all clueless idiots who don't know a TLD from a reverse proxy.

What issues make you think it's less secure now? Maybe we can help?

Also I don't use Chrome (yuck) but I am using a Chromium based browser at the moment (Brave) and haven't had any issues if that helps in any way with diagnosis?

Do you want me to clarify on the open forum?
Reply With Quote
  #7  
08-22-2022, 12:53 PM
lordsmurf's Avatar
lordsmurf lordsmurf is online now
Site Staff | Video
 
Join Date: Dec 2002
Posts: 12,164
Thanked 2,247 Times in 1,930 Posts
Quote:
Originally Posted by RobustReviews View Post
I'm more than aware of the purpose of SSL, don't conflate what I'm trying to gently tell you with thinking a padlock makes a site secure.
Well, good. Too many folks think it prevents hacking, etc. Again, all ridiculous. All SSL does is encrypt form data, which you'd want on unknown networks, or untrustworthy VPNs. Those are minority needs.

Quote:
As I said previously the purpose for a site like this SSL is more of an SEO tool than anything else.
Sad, isn't it?

Quote:
I think you forget there are a lot of posters here with a lot of skills and interests, we are not all clueless idiots who don't know a TLD from a reverse proxy.
Problem there is that the few times I've posted about needing something, there's usually no responses, or limited responses. To date, I've only gotten 3 solutions to dozens of posted needs. So I've lost faith in this approach in recent years, I'll just have to pay a reputable coder or small business, when we can't figure it out here. Or we'll just have to all do without.

Quote:
What issues make you think it's less secure now? Maybe we can help?
The backend of vB fails without CF exclusions. The security hole must be limited.

Quote:
Also I don't use Chrome (yuck)
For the forum, I use Firefox. But on tablet, Google Chrome.

Quote:
but I am using a Chromium based browser at the moment (Brave) and haven't had any issues if that helps in any way with diagnosis?
This issue was reported about 2-3 days ago. Not just us, but many sites, see Reddit subs for Chrome. I suspected, as did some others, that it was badly forced SSL. And it definitely was. My tablet updated this weekend, and the site entered a redirect loop in that browser. Everything else seems fine, be it Edge, Firefox, Brave, Chromium, and others.

Quote:
Do you want me to clarify on the open forum?
If you think it needs to be private, PM it.

- Did my advice help you? Then become a Premium Member and support this site.
- For sale in the marketplace: TBCs, workflows, capture cards, VCRs
Reply With Quote
  #8  
08-22-2022, 01:48 PM
RobustReviews RobustReviews is offline
Free Member
 
Join Date: Oct 2020
Location: London - UK
Posts: 569
Thanked 86 Times in 75 Posts
As I said, the CF isn't doing its job from this perspective.

This is WP underneath isn't it?

I can imagine now anybody looking at a messy PHP site just doesn't want the 'agro' of fixing it, it is slowly (!) dying thank heavens, shame as PHP8 actually looks quite impressive, but prehistoric PHP as I'm sure you're only too aware is a nightmare to maintain. I actually quite like PHP for what it is, and we all cut out teeth on it, it's childishly simple sometimes but spaghetti PHP is an absolute pest to try and maintain.

I'm not suggesting that PHP itself is the problem per-se, but as you know it's a bloody minefield to straighten out, doubly so as it is here, a rather old version running in 2022. Might be a reason people don't want to 'get involved'?

The old adage about the 'Swiss Army Chainsaw' springs to mind.

AWS does not support PHP natively in Lambda functions which I think might be quite telling for how things are moving.

Anyway, this wasn't a discussion of PHP but more a potential reason why some people are a bit shy to chip in?

I'm very pro SSL being adopted, whilst for legacy sites it is a pain I can fully see the logic in it and since Lets Encrypt and their ilk there is little reason if any for it not to become a complete standard. Even on here I would wager there are often large chucks of personal data transmitted in PMs etc. I fully appreciate your remarks about the purpose of SSL and I do understand your misgivings about public perceptions but some burden in my opinion, should be shared with the user. Remember passwords and similar from this site can be easily captured and it's now no more than a little trickier than plaintext with MD5.

Whether you 'care' or not - or shift the burden is your call, I'm not writing your compliance statements, but adding SSL in my opinion is no bad thing, especially when MD5 is being used. I still can't believe MD5 is now 30 years old.

As you know this is also open to other exploits.

Then we move on to on databases....
Reply With Quote
  #9  
08-22-2022, 01:55 PM
lordsmurf's Avatar
lordsmurf lordsmurf is online now
Site Staff | Video
 
Join Date: Dec 2002
Posts: 12,164
Thanked 2,247 Times in 1,930 Posts
SSL isn't a bad thing, but it's also not the wheel or sliced bread. It's an ancient piece of the web going back decades, and is mostly a placebo. Something for Google's PR to claim "more security" when in facts it's not really. It's quite amusing when you consider how unsafe DNS is. The web itself is spaghetti code.

WP is the main site, yes.
vB is the forum.
php and MySQL are what they are. Yes, comparatively, somewhat easy. But obvious learning curves.

- Did my advice help you? Then become a Premium Member and support this site.
- For sale in the marketplace: TBCs, workflows, capture cards, VCRs
Reply With Quote
  #10  
08-22-2022, 02:10 PM
RobustReviews RobustReviews is offline
Free Member
 
Join Date: Oct 2020
Location: London - UK
Posts: 569
Thanked 86 Times in 75 Posts
Quote:
Originally Posted by lordsmurf View Post
SSL isn't a bad thing, but it's also not the wheel or sliced bread. It's an ancient piece of the web going back decades, and is mostly a placebo. Something for Google's PR to claim "more security" when it facts it's not really. It's quite amusing when you consider how unsafe DNS is. The web itself is spaghetti code.

WP is the main site, yes.
vB is the forum.
php and MySQL are what they are. Yes, comparatively, somewhat easy. But obvious learning curves.
Old yes, (remember the Thwaite* seals on sites!?) but it is incrementally improved and hasn't stood still by any margin.

It's no bad thing, at least it stops the most simple exploits for PW theft. I know we can blame the user, but like I said, if everybody shoulders a bit of burden then a huge major flaw becomes somewhat deminished.

SQL (proper) and old PHP I'm sure you know are a disastrous combination if not very carefully handled, I think you're still running procedural calls to the DB here, again, something I would audit carefully.... It only takes one little mistake if you're following?

*Brits who adore the late Rik Mayall instantly reminded of 'Mr Twat? It's pronounced Thwaite gag.... Swear filter test too
Reply With Quote
  #11  
08-22-2022, 02:32 PM
lordsmurf's Avatar
lordsmurf lordsmurf is online now
Site Staff | Video
 
Join Date: Dec 2002
Posts: 12,164
Thanked 2,247 Times in 1,930 Posts
Quote:
Originally Posted by RobustReviews View Post
Old yes, (remember the Thwaite* seals on sites!?)
Thank gave me a chuckle. I forgot about those.

Right now, the headers are not displaying on the site, at least in Chrome. No idea what's wrong, everything looks correct. The crappy old menu was javascript, and we'll try to do a pure CSS in a few days.

- Did my advice help you? Then become a Premium Member and support this site.
- For sale in the marketplace: TBCs, workflows, capture cards, VCRs
Reply With Quote
  #12  
08-24-2022, 12:07 PM
RobustReviews RobustReviews is offline
Free Member
 
Join Date: Oct 2020
Location: London - UK
Posts: 569
Thanked 86 Times in 75 Posts
Quote:
Originally Posted by lordsmurf View Post
The crappy old menu was javascript, and we'll try to do a pure CSS in a few days.
Burn it, burn it with fire.

100% on CSS these days, nasty ancient JQuery type JS is just nasty and also nasty.
Reply With Quote
  #13  
08-24-2022, 12:36 PM
lordsmurf's Avatar
lordsmurf lordsmurf is online now
Site Staff | Video
 
Join Date: Dec 2002
Posts: 12,164
Thanked 2,247 Times in 1,930 Posts
Quote:
Originally Posted by RobustReviews View Post
Burn it, burn it with fire.
100% on CSS these days, nasty ancient JQuery type JS is just nasty and also nasty.
Was JS ever not nasty? It was a necessary evil at the time.

Bad JS was replaced by bad CMS plugins, with bad, dupe, worthless, and looping php.

Sadly, not all JS can be replaced. Part of the SSL issue is non-compliance within the plugins themselves. This is what we tried to avoid. If Google Chrome didn't have such a large % user base, we'd have fully ignored like we did with IE and Safari years ago.

- Did my advice help you? Then become a Premium Member and support this site.
- For sale in the marketplace: TBCs, workflows, capture cards, VCRs
Reply With Quote
  #14  
08-24-2022, 12:49 PM
RobustReviews RobustReviews is offline
Free Member
 
Join Date: Oct 2020
Location: London - UK
Posts: 569
Thanked 86 Times in 75 Posts
Quote:
Originally Posted by lordsmurf View Post
Was JS ever not nasty? It was a necessary evil at the time.

Bad JS was replaced by bad CMS plugins, with bad, dupe, worthless, and looping php.

Sadly, not all JS can be replaced. Part of the SSL issue is non-compliance within the plugins themselves. This is what we tried to avoid. If Google Chrome didn't have such a large % user base, we'd have fully ignored like we did with IE and Safari years ago.
Modern JS has a place, old crusty JS tarted up with the clown-shoes JQuery is just passť now. It was alright when we all went Bootstrap mad years ago and soon woke up from the delusion. You're right about a necessary evil though, completely. Wholly unavoidable.

As I've said before, trying to ignore these things whilst trying to be a repository of web-hosting information to me at least, looks a bit suspect, but it's your site ultimately, do as you wish, I'm just making a suggestion.

It's only going to get worse, not better.
Reply With Quote
  #15  
08-26-2022, 08:24 PM
Hushpower Hushpower is online now
Premium Member
 
Join Date: Apr 2020
Posts: 471
Thanked 87 Times in 85 Posts
Better revert, LS, I can't see any main menus in Edge or Chrome.
Reply With Quote
  #16  
08-26-2022, 08:49 PM
lordsmurf's Avatar
lordsmurf lordsmurf is online now
Site Staff | Video
 
Join Date: Dec 2002
Posts: 12,164
Thanked 2,247 Times in 1,930 Posts
Quote:
Originally Posted by Hushpower View Post
Better revert, LS, I can't see any main menus in Edge or Chrome.
New menus will be created this weekend. https broke the JS menu.

- Did my advice help you? Then become a Premium Member and support this site.
- For sale in the marketplace: TBCs, workflows, capture cards, VCRs
Reply With Quote
The following users thank lordsmurf for this useful post: Hushpower (08-26-2022)
  #17  
08-28-2022, 10:56 AM
admin's Avatar
admin admin is offline
Site Staff | Web Development
 
Join Date: Jul 2003
Posts: 4,334
Thanked 641 Times in 453 Posts
Menu fixed. It was actually easier to edit the JS than write a new CSS menu. This is all temp anyway, new site is still in pipeline.

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
The following users thank admin for this useful post: Hushpower (08-28-2022)
Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
Please enable HTTPS on this website murfmurfmurf General Discussion 3 08-05-2019 11:59 AM
Test post for Free Member usergroup test.lordsmurf Copy DVDs, Duplicate, Replicate 1 03-18-2010 07:45 AM
Photo forum test post admin Photo Cameras: Buying & Shooting 0 03-27-2007 11:59 PM
Jvc drmh20 sucks muchly! wigam Capture, Record, Transfer 2 04-06-2006 01:09 AM

Thread Tools



 
All times are GMT -5. The time now is 07:43 AM