Planned (sort of) downtime

Talk about whatever you feel like.
Post Reply
User avatar
Martin Blank
Knower of Things
Knower of Things
Posts: 12513
Joined: Fri Feb 07, 2003 4:11 am
Real Name: Jarrod Frates
Gender: Male
Omnicode: sxy cm163 kg76 eso.#_glasses sp= Ag1974.October anE hdd Zot RlM Kd1y PeC&C FHb IN14 PrPython(3)^(7)&C(2)^(5)&C++(2)^(7)&JavaScript(2)^(5)&Ruby(1)^(5)&PHP(2)^(5) GM-6DN LAEN(9)&ES(2)^(6)&EO(1)^(7) Crc(6).Security MvD BA! PlM
Location: Dallas, TX
Contact:

Planned (sort of) downtime

Post by Martin Blank » Fri Oct 06, 2017 10:11 pm

The forums and all other sites hosted on this server will be down, possibly for a few days, sometime in the next three weeks. I'm moving from a CentOS-based VM to one based on Debian 9, which will bring along a slew of features for the back-end including:
  • Apache 2.4.25
  • PHP 7
  • OpenSSL 1.1
  • MariaDB 10
All of these have useful roles in protecting the site. I will also be able to tinker with upgrading the structure. Right now, RLF is stuck on an old, MySQL4-based structure which leaves some potential problems and inefficiencies. By bringing it up to date, I hope to be able to avoid some of the errors that have occurred in the last year.

In addition, because Debian moves faster than RHEL/CentOS (boy, a few years ago, I never thought I'd be saying that) and has a means of upgrading between versions (unlike RHEL/CentOS), the ability to keep up with changing technology will improve. With some luck, at some point, some of you will be able to claim to have been RLFers for 20 years.
If I show up at your door, chances are you did something to bring me there.

User avatar
Deacon
Shining Adonis
Posts: 44010
Joined: Wed Jul 30, 2003 3:00 pm
Gender: Male
Location: Lakehills, TX

Re: Planned (sort of) downtime

Post by Deacon » Tue Oct 10, 2017 7:24 pm

*Like*

Those are some substantial upgrades. You’re aware more than most the challenges that come along with keeping systems both secure and functional.
The follies which a man regrets the most in his life are those which he didn't commit when he had the opportunity. - Helen Rowland, A Guide to Men, 1922

User avatar
Martin Blank
Knower of Things
Knower of Things
Posts: 12513
Joined: Fri Feb 07, 2003 4:11 am
Real Name: Jarrod Frates
Gender: Male
Omnicode: sxy cm163 kg76 eso.#_glasses sp= Ag1974.October anE hdd Zot RlM Kd1y PeC&C FHb IN14 PrPython(3)^(7)&C(2)^(5)&C++(2)^(7)&JavaScript(2)^(5)&Ruby(1)^(5)&PHP(2)^(5) GM-6DN LAEN(9)&ES(2)^(6)&EO(1)^(7) Crc(6).Security MvD BA! PlM
Location: Dallas, TX
Contact:

Re: Planned (sort of) downtime

Post by Martin Blank » Wed Nov 08, 2017 3:39 pm

Sorry about the extended downtime. Non-RLF real life got in the way. This should be stable, but I don't entirely trust the other server (which is still up) to try to steal back the IP addresses.

That said, all of the above is still relevant, plus two other changes that will mostly be of interest to the most technical of people:
  • All database tables have been altered to InnoDB. This gives some flexibility and stability going forward.
  • HTTP/2 is now enabled. Using any modern browser (Chrome, Firefox, Edge, maybe Safari), you should now be connecting over the newer protocol.
  • Some further behind-the-scenes security improvements, including new security headers in the HTTP Response, sufficient to get an A on SecurityHeaders.io. The only major one missing now is Content-Security-Policy, and that should be coming along soonish.
  • Further tightening of the crypto policy. Some older browsers and mobile devices may have difficulty connecting, but anything that supports TLSv1.2 should work fine. It's enough to get an A+ at SSLLabs
Of course, the IPv6 functionality is still there for those who have access to it. I've also been able to tighten up some server-side settings now that I'm no longer using Interworx.

If you run into any issues, please let me know. I'll get to them as soon as I can.
If I show up at your door, chances are you did something to bring me there.

User avatar
Rorschach
Crazy Person
Posts: 17527
Joined: Tue Feb 18, 2003 7:35 am
Gender: Male
Location: Glasgow, Scotland

Re: Planned (sort of) downtime

Post by Rorschach » Fri Nov 10, 2017 12:21 pm

I am both grateful and baffled that you keep the forums ticking along, but never take it for granted since I get even an inkling of what else you have on your plate.
Thank-you.
To Let

User avatar
Martin Blank
Knower of Things
Knower of Things
Posts: 12513
Joined: Fri Feb 07, 2003 4:11 am
Real Name: Jarrod Frates
Gender: Male
Omnicode: sxy cm163 kg76 eso.#_glasses sp= Ag1974.October anE hdd Zot RlM Kd1y PeC&C FHb IN14 PrPython(3)^(7)&C(2)^(5)&C++(2)^(7)&JavaScript(2)^(5)&Ruby(1)^(5)&PHP(2)^(5) GM-6DN LAEN(9)&ES(2)^(6)&EO(1)^(7) Crc(6).Security MvD BA! PlM
Location: Dallas, TX
Contact:

Re: Planned (sort of) downtime

Post by Martin Blank » Fri Nov 10, 2017 6:21 pm

Part of it is nostalgia, part of it is duty, and part of it is using you all as experiments in my attempts to create a usable but relatively secure platform, knowledge that I then use in my day job to profit off of you peons enhance the overall security of the world.
If I show up at your door, chances are you did something to bring me there.

User avatar
Deacon
Shining Adonis
Posts: 44010
Joined: Wed Jul 30, 2003 3:00 pm
Gender: Male
Location: Lakehills, TX

Re: Planned (sort of) downtime

Post by Deacon » Wed Nov 15, 2017 6:17 pm

I miss when Chrome would make info like SSL/TLS version and cert info readily available.
The follies which a man regrets the most in his life are those which he didn't commit when he had the opportunity. - Helen Rowland, A Guide to Men, 1922

User avatar
raptor9k
Crazy Person
Posts: 1261
Joined: Tue May 15, 2007 8:33 pm
Gender: Male
Location: Arkansas
Contact:

Re: Planned (sort of) downtime

Post by raptor9k » Wed Nov 15, 2017 6:45 pm

Yeah, I don't really get why you can't view it from the green lock anymore. The security tab in dev tools is great but most users don't know to look there.

User avatar
Martin Blank
Knower of Things
Knower of Things
Posts: 12513
Joined: Fri Feb 07, 2003 4:11 am
Real Name: Jarrod Frates
Gender: Male
Omnicode: sxy cm163 kg76 eso.#_glasses sp= Ag1974.October anE hdd Zot RlM Kd1y PeC&C FHb IN14 PrPython(3)^(7)&C(2)^(5)&C++(2)^(7)&JavaScript(2)^(5)&Ruby(1)^(5)&PHP(2)^(5) GM-6DN LAEN(9)&ES(2)^(6)&EO(1)^(7) Crc(6).Security MvD BA! PlM
Location: Dallas, TX
Contact:

Re: Planned (sort of) downtime

Post by Martin Blank » Fri Nov 17, 2017 7:51 pm

You can go to chrome://flags, look for Show Certificate Link, click Enable, and relaunch the browser. After that, you'll get an option to show the certificate (look for Valid or Invalid under Certificate at the top of the menu when you click the lock icon).
If I show up at your door, chances are you did something to bring me there.

User avatar
NorthernComfort
Crazy Person
Posts: 2749
Joined: Fri May 23, 2003 8:13 pm
Real Name: Alex
Gender: Male
Location: Brooklyn, NY

Re: Planned (sort of) downtime

Post by NorthernComfort » Mon Nov 20, 2017 3:54 pm

Or uninstall Chrome and just use extra-verbose curl for everything, so you may read -- nay, so you may CHERISH -- the certificate info with every request.
"I guess I have a gift for expressing pedestrian tastes. In a way, it's kind of depressing." -Bill Watterson

User avatar
Deacon
Shining Adonis
Posts: 44010
Joined: Wed Jul 30, 2003 3:00 pm
Gender: Male
Location: Lakehills, TX

Re: Planned (sort of) downtime

Post by Deacon » Fri Nov 24, 2017 11:49 pm

Haha, NC, that may be a bit much for some users. Not me, though, of course...

>.>
<.<

MB, thanks for that little tidbit. I don't know why they hid it in the first place, but they also hid the encryption details (protocol, key exchange, cipher). CTLR+SHIFT+I is fine, but why hide it?
The follies which a man regrets the most in his life are those which he didn't commit when he had the opportunity. - Helen Rowland, A Guide to Men, 1922

User avatar
Metzgirl
Crazy Person
Posts: 2646
Joined: Fri Feb 14, 2003 2:09 pm
Real Name: Kim
Gender: Female
Location: Nebraska

Re: Planned (sort of) downtime

Post by Metzgirl » Tue Mar 13, 2018 2:28 am

I realize now, upon reading this post I kind of understand, that most of my inherited nerdiness probably started in this forum.

User avatar
Deacon
Shining Adonis
Posts: 44010
Joined: Wed Jul 30, 2003 3:00 pm
Gender: Male
Location: Lakehills, TX

Re: Planned (sort of) downtime

Post by Deacon » Wed Mar 14, 2018 11:42 am

We do what we can :)
The follies which a man regrets the most in his life are those which he didn't commit when he had the opportunity. - Helen Rowland, A Guide to Men, 1922

Post Reply

Who is online

Users browsing this forum: No registered users and 7 guests