This sites' connection is not safe?

[steve_v]

5 minutes ago, Gordon Fecyk said:

somehow make Let's Encrypt work on IIS so the auto-renewal works

Never used IIS, but it's falling-off-a-log easy with Debian + Apache + Certbot

[Gordon Fecyk]

I get that, with Apache just reading the cert and private key from a file and Certbot replacing that file every two months or so. Making it work on IIS is not impossible; for those interested the client is on GitHub: LetsEncrypt-Win-Simple. I have special requirements on my site that complicate things, but that's my problem.

This just goes to show, even if this forum were running on IIS, there's even less of an excuse.

[monophonic]

On Saturday, May 13, 2017 at 3:47 PM, WildLynx said:

They had moderator account compromised not long ago, what led to trashing the SpaceX thread and many others, but they don't want to change anything.

They should take notice that Google has already announced they will start dropping rankings on sites that do not employ SSL. That results in a certain amount of people never finding KSP that otherwise would have. Since some of those people would have bought the game, not using SSL has a monetary cost attached to it.

How big that cost is, and whether the sales would cover the cost of maintaining the certification is a different problem. Only Squad knows how much traffic they get from search hits to forum and what conversion rate that traffic carries.

[munlander1]

5 hours ago, monophonic said:

That results in a certain amount of people never finding KSP that otherwise would have. Since some of those people would have bought the game, not using SSL has a monetary cost attached to it.

The store, is encrypted. Anyone would only not be able to find the forum.

[monophonic]

3 hours ago, munlander1 said:

The store, is encrypted. Anyone would only not be able to find the forum.

Forum is way bigger search target than the store. To hit the store you pretty much have to include "kerbal" in the query i.e. be at least aware of the name of the game. Looking for info on say SpaceX or Blue Origin can easily bring you to their threads on the science subforum. Some will first learn of the game there - of course some will not even realize it is a game forum, some will not find it interesting, but some will and buy it too. Of course the overall conversion factor is tiny, in the order of a million hits to generate one sale. That is exactly why you don't want to lose any visibility that you can help.

[Wallygator]

We can only hope that the take two takeover will also include better oversight regarding security for the forum and store (OK maybe a pipe dream) and also proper app signing regarding the mac version.

All it takes is one disgruntled hack-savvy user or insider to cause a singular issue that destroys trust.

[stibbons]

1 hour ago, Wallygator said:

We can only hope that the take two takeover will also include better oversight regarding security for the forum and store (OK maybe a pipe dream) and also proper app signing regarding the mac version

What about the store is insecure? 

[Wallygator]

6 hours ago, stibbons said:

What about the store is insecure? 

I did not say is was insecure, I only indicated that better security oversight is a good thing - and that such oversight should include both the store and forum.

Additionally, such oversight should include the transfer of play data from live instances back to squad.

[Gordon Fecyk]

On ‎5‎/‎24‎/‎2017 at 3:50 PM, monophonic said:

They should take notice that Google has already announced they will start dropping rankings on sites that do not employ SSL.

I could say something about Google regarding this.

Quote

That's a lovely site you have there. I'd hate to see something bad happen to its page rankings...

 

[stibbons]

4 hours ago, Wallygator said:

I did not say is was insecure, I only indicated that better security oversight is a good thing - and that such oversight should include both the store and forum.

Additionally, such oversight should include the transfer of play data from live instances back to squad.

What about the store security needs better oversight? And what's wrong with the oversight it already has? You're making grave allegations here, and I'm curious about what they're founded on. 

Edited June 15, 2017 by stibbons

[Wallygator]

1 hour ago, stibbons said:

What about the store security needs better oversight? And what's wrong with the oversight it already has? You're making grave allegations here, and I'm curious about what they're founded on. 

Allegations?  What allegations are you talking about? I am now quite curious...

[stibbons]

11 minutes ago, Wallygator said:

What allegations are you talking about?

 

14 hours ago, Wallygator said:

We can only hope that the take two takeover will also include better oversight regarding security for the forum and store (OK maybe a pipe dream) and also proper app signing regarding the mac version.

All it takes is one disgruntled hack-savvy user or insider to cause a singular issue that destroys trust.

So, what's wrong with the current oversight of the store security? Why is improving it a pipe dream? What about it needs improving? Why is defending what you say so hard?

[Wallygator]

2 minutes ago, stibbons said:

 

So, what's wrong with the current oversight of the store security? Why is improving it a pipe dream? What about it needs improving? Why is defending what you say so hard?

One does not need to state that something specific is wrong in order to propose that a general principle is good.

What specifically are you concerned about regarding the concept of holistic/integrated security oversight?

Edited June 15, 2017 by Wallygator

[stibbons]

1 minute ago, Wallygator said:

One does not need to state that something specific is wrong in order to propose that a general principle is good.

You're still avoiding the question. Why would you bring up store security at all here if by your own admission there's nothing wrong apart from baseless fearmongering?

[Wallygator]

4 minutes ago, stibbons said:

You're still avoiding the question. Why would you bring up store security at all here if by your own admission there's nothing wrong apart from baseless fearmongering?

I never intimated there was an issue with store security.

I suggested that security oversight should include the store, the forum and data transmission.

Did you actually read and comprehend my posts?  It's OK if you did not - not offence taken.

Edited June 15, 2017 by Wallygator

[stibbons]

1 minute ago, Wallygator said:

I never said there was an issue with store security.

You said it needs better oversight.

 

1 minute ago, Wallygator said:

Did you actually read and comprehend my posts?

Did you see the part where I asked you what's wrong with the current oversight? Would you like to go back and have another go at answering the question?

[Wallygator]

1 minute ago, stibbons said:

You said it needs better oversight.

 

Did you see the part where I asked you what's wrong with the current oversight? Would you like to go back and have another go at answering the question?

"things can always get better"

Would it be more acceptable to use the phrase "continuously improved"?

Edited June 15, 2017 by Wallygator

[stibbons]

Right. So nothing's wrong with it? We're back to baseless fearmongering? Goodo.

[Wallygator]

1 hour ago, stibbons said:

Right. So nothing's wrong with it? We're back to baseless fearmongering? Goodo.

Enough now. I have just reminded myself that I should not engage against logical fallacies. (Edit: specifically syllogistic in this instance if I am correct in my recollection)

Edited June 16, 2017 by Wallygator

[Vanamonde]

Okay, this has turned into an argument. Time to move on.