×

Notice

The forum is in read only mode.
× Feel free to discuss any typical forums accepted topic here, Whateley or otherwise. Let's avoid the usual suspects: politics, religion, and so forth that tend to result in flame wars and angered forums readers. Other topics will be considered fair game unless they prove to be too volatile, at which point we'll use Devisor created anti-flame chemicals on the subject.

Question So, I do wierd shit at 2 in the morning.

4 years 1 month ago #1 by CrazyMinh
  • CrazyMinh
  • CrazyMinh's Avatar Topic Author


  • Posts: 758

  • Gender: Male
  • Birthdate: Unknown
    • ...like figuring out that the physical location of this site is somewhere in the vicinity of the Sillicon Valley Church of Scientology, a Taco Bell, and Moffett Federal Airfield.

    ...and that this site is worth around $5480 USD

    ...and that we get 199 unique visitors on average every day.
    You can find my stories at Fanfiction.net here .

    You can also check out my fanfiction guest riffs at Library of the Dammed


    4 years 1 month ago #2 by CrazyMinh
    • CrazyMinh
    • CrazyMinh's Avatar Topic Author


  • Posts: 758

  • Gender: Male
  • Birthdate: Unknown
    • Oh, and the Google campus. And the Social Services agency of Santa Clara. Also three gas stations and a putting green.
    You can find my stories at Fanfiction.net here .

    You can also check out my fanfiction guest riffs at Library of the Dammed


    4 years 1 month ago #3 by CrazyMinh
    • CrazyMinh
    • CrazyMinh's Avatar Topic Author


  • Posts: 758

  • Gender: Male
  • Birthdate: Unknown
    • Oh, and for pete’s sake, encrypt the Secure Socket Layer!!! Who the hell uses unencrypted SSL???
    You can find my stories at Fanfiction.net here .

    You can also check out my fanfiction guest riffs at Library of the Dammed


    4 years 1 month ago #4 by Rose Bunny
    • Rose Bunny
    • Rose Bunny's Avatar


  • Posts: 1956

  • Gender: Unknown
  • Birthdate: Unknown
    • Should you really be saying anything about vulnerabilities out in the open?
    High-Priestess of the Order of Spirit-Chan
    4 years 1 month ago #5 by CrazyMinh
    • CrazyMinh
    • CrazyMinh's Avatar Topic Author


  • Posts: 758

  • Gender: Male
  • Birthdate: Unknown
    • Probs not, but this isn't that big of a deal really. Securing the SSL just means that those naughty hackers trying to steal your precious information can't intercept information being sent between The Crystal Hall and your computer. Or even pretend to be the site as part of a Man In the Middle attack. But, seeing as this is a forum where people are a) unlikely to post shit like credit card info, ID photos, or other personal information that hackers just love to exploit; and b) there's no gain for anyone to try and attempt a MitM attack, seeing as this is a relatively obscure site with little to target except rather excellent stories.

    SSL encryption is basically there to make sure that people's information doesn't get intercepted or otherwise leaked. Unless this site magically developed a shop that accepts credit card details, or suddenly started requiring a paid membership, everything's mostly fine.
    You can find my stories at Fanfiction.net here .

    You can also check out my fanfiction guest riffs at Library of the Dammed


    4 years 1 month ago - 4 years 1 month ago #6 by Kettlekorn
    • Kettlekorn
    • Kettlekorn's Avatar


  • Posts: 1383

  • Gender: Unknown
  • Birthdate: Unknown

    • Rose Bunny wrote: Should you really be saying anything about vulnerabilities out in the open?

    In this case, yes. Whether a site uses SSL is public information (note the crossed out lock icon in the URL bar and the browser's warning that it's an insecure connection when logging in), so discussing it doesn't reveal any dark secrets that potential attackers wouldn't immediately discover on their own. If anything, talking about it reduces the risk of harm by reminding folks that they shouldn't use this site for anything that would be problematic if intercepted unless they take measures of their own to protect their privacy (e.g. VPN).

    Of course, as CrazyMinh said, there's not a lot at risk since no money is involved. The main danger would be some idiot using the same password here as they use at their bank or primary email, or sending similarly confidential information via private message. Beyond that, the next groups I'd be worried about would be people living under oppressive regimes who might lose credit with their government if it learns they write certain things, and people who are high profile enough that having their posts or WhatIFs connected to their identity could be damaging to their careers.

    Unfortunately for those last two categories, even with SSL the ISP would still know you're visiting this URL, and they'd know how much data you're sending and receiving (e.g. if they wanted to distinguish between those who merely read, those who participate on the forum, and those who might be writing full fledged stories). So if mere association or participation with the Whateley project would be a problem, SSL won't help you. And when the attacker is willing to spend the extra effort (e.g. they're looking for dirt on a specific high profile target), the fact that posts include timestamps means that they could potentially link the timing of transmissions to this site with the individual posts that appeared at those times.

    But if you're a relative nobody and your government doesn't care if you visit Whateley but does care if an automated system notices that you badmouthed them or wrote a story that contains a negative view of them, then SSL is a great thing to have. Especially if your country blocks VPNs or treats them as an offense in their own right.
    I am the kernel that pops in the night. I am the pain that keeps your dentist employed.
    Last Edit: 4 years 1 month ago by Kettlekorn. Reason: Replaced mentions of Tor with VPN, as using Tor without SSL exposes you to having a malicious exit node steal your password.
    4 years 1 month ago #7 by Kristin Darken
    • Kristin Darken
    • Kristin Darken's Avatar


  • Posts: 3898

  • Gender: Unknown
  • Birthdate: Unknown

    • CrazyMinh wrote: ...like figuring out that the physical location of this site is somewhere in the vicinity of the Sillicon Valley Church of Scientology, a Taco Bell, and Moffett Federal Airfield.

    ...and that this site is worth around $5480 USD

    ...and that we get 199 unique visitors on average every day.


    There is no physical location of this site. It's a virtual machine running with an ephemeral IP address that is only visible internally... and a static IP address through which public access goes. An IP lookup of the site only reveals the location of the system routing the static IP.

    The 'per day' average sounds about right... our 'per week' numbers are generally a better indication because of the weekly release of content. There are far more people visiting the site to read stories than those who participate in the community / forums. And even that stat is down, because many of the more active voices now use Discord instead of the forums... so we see no activity due to discussion that isn't directly feedback to the authors or about stories.

    'Value' of the site is ... one of those numbers that is kinda hard to actually pin down. The value of the IP curated by the site is worth significantly more... but its all owned by its creators, not by the 'site' as an organization. We draw a small amount of donations, but a majority of that is used for operating costs, domain fees, and software licensing. And going back to ad revenue now that site visits are lower, I doubt we could sustain ourselves on that anymore. So... I don't know... I think that value is a 'nonsense' number. It might mean something if certain conditions were met... but I doubt it 'really' applies to anything.

    SSL / https ?

    Well... I've already discussed this at length openly. If this were a physical server with a static IP and regular administrative tools... we could easily spend the money to get a security certificate and use https. It's not simple. It's not free. And it takes a regular commitment of time to keep it active... yes, you can get a free certificate. But the free ones have to be renewed every other month or so. Longer duration ones? Hundreds to thousands of dollars. And there's still a process involved that takes some know how. Yes, there are guides... again, if this were a physical server and etc, etc.

    As it is, it is not possible for the virtual server we are currently running on to do SSL/https. I've spent a lot of time working on the problems and it really comes down to the way the virtual machines are set up. I don't have the ability to upgrade certain underlying software and I can't get a working certificate. I've tried. Maybe someone who spends more time working with the google platform and handling this sort of thing could get it working where I cannot. Unfortunately, such a person who we also trust with the keys to everything... does not exist. Nor does that person fall within our allocated budget (there's a reason sites like BCTS ask for donations of several thousand dollars a month while we shuffle by on a couple hundred).
    Fate guard you and grant you a Light to brighten your Way.
    Moderators: WhateleyAdminKristin DarkenE. E. NalleyelrodwNagrijMageOhkiAstrodragonNeoMagusWarrenMorpheusWasamonsleethrOtherEricBek D CorbinMaLAguASouffle GirlPhoenix SpiritusStarwolfDanZillaKatie_LynMaggie FinsonDrBenderJGBladedancerRenae_Whateley
    Powered by Kunena Forum