SoylentNews is people
SoylentNews
So, I know its been a bit quiet here, but we're working through getting through the last few items relating to cutting over to newer infrastructure. As such, its been working through the bug list, and there's one issue I want to get some feedback on.
Back in November when the infrastructure was upgraded to Ubuntu 22.04, a few users with older devices stopped being able to connect to SoylentNews. This confused me, since we've been using the same NGINX SSL termination setup that has been in use since at least 2016. Well, I finally found the root cause, and as it turns out, Canonical bumped up the minimum OpenSSL security level, which disabled several ciphers, and broke devices not supporting TLS 1.2 or later.
By testing the site with the SSL Labs site checker, it appears anything older than Android 4.0, or iOS 5 is broken. This mostly seems to be devices that are over a decade old at this point, and won't be able to browse the vast majority of sites on the Internet as is. We discussed this internally a bit, and I'm of the opinion that its not worth re-enabling the older ciphers to allow these devices to reconnect, especially since we're working to modernize the stack, and get it as up to date as we can get it. I also believe we had very few users who were actually affected by this, however, as the editors did get a few emails about SN breaking after the site upgrade, I wanted to poll the community, and make sure this is not a more widespread issue than initially believed.
Ultimately, this is going to be part of a broader discussion on what we will and won't support on SoylentNews going forward, and this seems as good of place as any to get the ball rolling.
~ NCommander
(Score: 5, Insightful) by janrinok on Wednesday July 05 2023, @06:05AM (3 children)
I agree with much of your comment. The problem is that there are some in our community who were simply cut off from accessing our site last November. We have now lost them. I have no way of contacting them to tell them that they can now reconnect. For the last 7-8 months they have been unable to do so. How long would you go on trying to reconnect in the hope that somebody would realise your plight and correct things? I do not want to arbitrarily cut off community members when we can still allow them to remain with us.
The encryption might not be the most secure, but kolie has said that there are ways we can protect the site while still allowing those who rely on earlier encryption to join in discussions. They might remain vulnerable but our site will not. Therefore it was not a case of SN being unable to support the software, but actually not being prepared to do so. We stated when we started that we would create a simple system that did not rely on later software developments that we simply do not require. We are now setting the bar a little higher but not, as far as I can see, for any good reason.
Should we now also insist on ecmascript being enabled? Will future displays depend upon Bootstrap or some other technology which needs ecmascript? Are we moving to a site that requires a modern, high resolution, device?
There are some who cannot update their 'phones, cannot simply upgrade their computers, and cannot simply do the things that you and I have taken for granted for a long time. They still have to use a specific version of Windows because that it all that the teaching material they use in their school will work with. They have a single 'phone (provided by charity) that provides a connection to the internet for multiple households. One teacher using such a network was a member of our community. He has now gone. Others also reported the problem so he was not the only one.
There are several points that I would like to make:
How about we first fix the bugs that the community are complaining about and discuss the changes that they are asking for?
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 1) by Runaway1956 on Wednesday July 05 2023, @01:53PM (2 children)
Quite honestly, I can and will make a determined effort, after a time. There is a site I frequently visit, which does go down from time to time. Downtime is usually over the weekend, and generally lasts until mid-day Monday. It recently went down, to all appearances, but I didn't worry about it. On Monday, it hadn't come up. On Tuesday, it wasn't back. On Wednesday, I checked one of those "Is the site down" pages, to find that the site was up, and healthy. So, I started digging, only to learn that the site was blocking my VPN due to abuse from the VPN. I switched VPN servers, and immediately connected.
So, the answer to your question is, "Depends on how badly a person wants to fix the problem." If he doesn't really care, he'll make no effort. If he really cares, he'll put in a lot of effort.
In other words, you probably didn't lose anyone who cared very much.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 4, Informative) by janrinok on Wednesday July 05 2023, @03:28PM (1 child)
You are missing the point I think. It was 7 months before the problem was fixed, not a weekend. There is little he can do to fix anything. He is not behind a VPN, he isn't using any clever software. He is in Africa. Life is quite different there for many people.
He actually cared very much.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by ElizabethGreene on Thursday July 06 2023, @01:54AM
If your hypothetical African needs a modern TLS capable browser, I believe the MyPal browser supports TLS1.2 and works as far back as XP. I don't have an alternative solution for non-windows devices though.
Opening a page like e.g. cnn.com hoovers across almost 10mb of content even with ublock origin; Can an older PC or phone (Circa 2005?) handle that or do they run out of RAM?