6502.org Forum  Projects  Code  Documents  Tools  Forum
It is currently Fri Nov 22, 2024 5:03 pm

All times are UTC




Post new topic Reply to topic  [ 22 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: HTTPS for 6502.org?
PostPosted: Tue Apr 11, 2023 6:37 am 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10985
Location: England
Thanks Alex - already mentioned upthread.

BigEd wrote:
(I know Mike is aware of a need, eventually, to go to HTTPS, and is aware of LetsEncrypt and similar, but it's evidently not a priority. I've offered to help, too. It feels best not to keep bugging him about it!)


Top
 Profile  
Reply with quote  
 Post subject: Re: HTTPS for 6502.org?
PostPosted: Sun Jun 11, 2023 6:35 pm 
Offline

Joined: Wed Jan 08, 2014 3:31 pm
Posts: 578
Here's a funny story about HTTPS.

I was at a hotel in Washington yesterday and tried to use their WiFi. I could connect, but when I went to Google I got an error that the browser wouldn't let me proceed due to a broken SSL connection and Googles HSTS policy. I was completely baffled as previously I would just hit the proceed link at the bottom and the captive portal would authenticate.

So what do you do when you have a baffling error and can't Google it? I popped out my phone and used the wireless network to Google it, and went down the HTTP Strict Transport Security (HSTS) headers and captive portal authentication gotcha rabbit hole.

The bottom line is that the only workaround is to go to a HTTP site first, allow the captive portal to authenticate, then go to HTTPS sites afterwards. But what sites are using HTTP now? I tried all manner of sites and kept getting hit with the bug.

Then a solution hit me, a site that is steadfastly using HTTP! I went to this forum and the problem was solved. But quite honestly this is a huge flaw that Google is ignoring and they need to work with the captive portal venders to fix it.


Top
 Profile  
Reply with quote  
 Post subject: Re: HTTPS for 6502.org?
PostPosted: Sun Jun 11, 2023 7:50 pm 
Offline
User avatar

Joined: Sat Dec 01, 2018 1:53 pm
Posts: 730
Location: Tokyo, Japan
Martin_H wrote:
The bottom line is that the only workaround is to go to a HTTP site first, allow the captive portal to authenticate, then go to HTTPS sites afterwards. But what sites are using HTTP now?

example.com. And it always will be, because that's the IETF standard test site for HTTP.

As for the security stuff; it's easy to fabricate excuses for why bad actors shouldn't be interested in attacking your system. But that's generally a good way to have a security issue in the future, because the attackers are far more motivated than you are to find some way to make use of your system for nefarious purposes.

_________________
Curt J. Sampson - github.com/0cjs


Top
 Profile  
Reply with quote  
 Post subject: Re: HTTPS for 6502.org?
PostPosted: Mon Jun 12, 2023 12:12 am 
Offline

Joined: Wed Jan 08, 2014 3:31 pm
Posts: 578
cjs wrote:
example.com. And it always will be, because that's the IETF standard test site for HTTP.

Hey thanks for the link! That will help in the future.

As for the captive portal issue. I have noticed a number of hotels getting rid of the authentication screen, and I wondered why. My guess is explaining this issue to random guests isn't possible. Telling them to type in example.com first is a lost cause.


Top
 Profile  
Reply with quote  
 Post subject: Re: HTTPS for 6502.org?
PostPosted: Mon Jun 12, 2023 12:48 am 
Offline
Site Admin
User avatar

Joined: Fri Aug 30, 2002 1:08 am
Posts: 281
Location: Northern California
Martin_H wrote:
Then a solution hit me, a site that is steadfastly using HTTP! I went to this forum and the problem was solved.

There's nothing steadfast about it, there's an active effort to migrate, which has already been talked about on the forum.

_________________
- Mike Naberezny (mike@naberezny.com) http://6502.org


Top
 Profile  
Reply with quote  
 Post subject: Re: HTTPS for 6502.org?
PostPosted: Mon Jun 12, 2023 9:23 am 
Offline

Joined: Wed Jan 08, 2014 3:31 pm
Posts: 578
Mike Naberezny wrote:
There's nothing steadfast about it, there's an active effort to migrate, which has already been talked about on the forum.

OK, unfortunate choice of words then. I just thought I would share both the knowledge of the captive portal authentication bug, and how the current configuration solved my issue.


Top
 Profile  
Reply with quote  
 Post subject: Re: HTTPS for 6502.org?
PostPosted: Wed Jun 21, 2023 8:32 am 
Offline
User avatar

Joined: Tue Oct 25, 2016 8:56 pm
Posts: 362
Yeah, I can confirm that it is in-progress. Mike actually showed me the new HTTPS enabled version of the site, as-was at the time. Though the link appears to be dead now :shock:

_________________
Want to design a PCB for your project? I strongly recommend KiCad. Its free, its multiplatform, and its easy to learn!
Also, I maintain KiCad libraries of Retro Computing and Arduino components you might find useful.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 22 posts ]  Go to page Previous  1, 2

All times are UTC


Who is online

Users browsing this forum: No registered users and 12 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: