SoylentNews is people
SoylentNews
My book site, mcgrewbooks.com, has been online for years now. It doesn’t really need SSL because there is no sensitive information shared, just HTML to read, pictures to look at, links to follow, and free e-books to download. To buy a physical book there’s a link to Lulu, which does have SSL.
That is, there’s no technical reason to need SSL.
Then a few years ago Google said sites without SSL would be downgraded in their search algorithm, and I worried a little, but my traffic numbers didn’t drop.
But looking at the site after Firefox’s last upgrade I noticed a broken padlock next to the URL. Most people don’t know anything about SSL, but a broken padlock sure looks ominous to them!
So I started looking into it. My host wants almost half of what I pay for hosting to add SSL, which would only serve to make my readers less uncomfortable. It’s not really expensive, about twenty five bucks a year.
Then I found LetsEncrypt.org, which offers free SSL certificates. I don’t know if my host (R4L) would allow it, and it would take some research to figure out how to use it.
What do you folks think?
(Score: 3, Informative) by fustakrakich on Wednesday March 18 2020, @11:33PM (1 child)
Resistance is futile. Broken padlock today can only mean total blockage tomorrow.
Yeah, use the freebie if it will work, might take some research, you're not really pressed for time these days, are ya? :-)
La politica e i criminali sono la stessa cosa..
(Score: 3, Informative) by mcgrew on Thursday March 19 2020, @01:13PM
I'm retired, but I don't know how I ever found time to go to work.
Carbon, The only element in the known universe to ever gain sentience
(Score: 3, Insightful) by takyon on Wednesday March 18 2020, @11:35PM (1 child)
Not using HTTPS could hurt your search engine (The GOOG) ranking.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by barbara hudson on Thursday March 19 2020, @03:29PM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday March 18 2020, @11:49PM (1 child)
I'm still on Firefox 60.9.0esr (changed a flag for the bug that led to .1 some months ago)
What version shows you the open padlock symbol?
I have a couple of sites like yours, absolutely no commerce being done, information only.
We've been happy with Stablehost.com for a few years now. They offer SSL for $5/month (or more, depending on type). But, when I searched their knowledge base I found this page:
https://support.stablehost.com/en/articles/2086984-do-you-offer-let-s-encrypt [stablehost.com]
> Yes, we support Let's Encrypt, it's available in cPanel.
Anyone tried this? I'm a real novice with this stuff.
(Score: 1, Informative) by Anonymous Coward on Thursday March 19 2020, @06:20AM
Here's some introductory information*:
https://letsencrypt.org/getting-started/ [letsencrypt.org]
According to Let's Encrypt, your hosting provider [letsencrypt.org] does, in fact, support Let's Encrypt.
Here's a site that purports to give generic install instructions for cPanel:
https://www.hostinger.com/tutorials/ssl/installing-ssl-letsencrypt [hostinger.com]
As does this one:
https://tophostcoupon.com/how-to-install-a-free-ssl-certificate-lets-encrypt-on-cpanel-hosting/ [tophostcoupon.com]
Here's a *video* that purports to show a certificate being installed via cPanel on a Stablehost system:
https://www.youtube.com/watch?v=KEg74oAxm4o [youtube.com]
*Search engines are your friend.
(Score: 0) by Anonymous Coward on Wednesday March 18 2020, @11:54PM (1 child)
I know many soylentils don't like cloudflare [cloudflare.com] but encryption doesn't need to be end to end for many small business sites that just have information. The argument for end to end encryption is fulfilled by using cloudflare as an SSL proxy.
(Score: 3, Interesting) by Pino P on Monday May 11 2020, @01:45PM
The incentive for HTTPS on "small business sites that just have information" is so that an attacker cannot falsify contact phone numbers and other "information" in transit from "small business sites" to their viewers. This could be solved using a signing-only cipher suite, but browser publishers haven't deemed signing-only operation to be worth the time to implement.
(Score: 2) by NotSanguine on Thursday March 19 2020, @12:28AM (1 child)
That said, the more web traffic is encrypted, the harder it is for spies and thieves to zero in on anything.
Let's Encrypt is easy to use ( https://letsencrypt.org/getting-started/ [letsencrypt.org] ) and maintain.
If your hosting provider won't let you use it and wants exorbitant fees to provide you with an SSL cert, perhaps it's time to change hosting providers. Or just don't bother unless and until the lack of "the padlock" negatively impacts site usage -- if you want site usage.
Personally, I prefer that no one visit my sites -- yet I use Let's Encrypt. :)
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Insightful) by mcgrew on Thursday March 19 2020, @01:19PM
Well, the fee isn't exorbitant and their hosting is cheap. I'll probably be lazy and just pay.
Carbon, The only element in the known universe to ever gain sentience
(Score: 0) by Anonymous Coward on Thursday March 19 2020, @02:42AM
Ok, so maybe I do want SSL. How should I go about getting it?
Simple, there is only one answer: Lets Encrypt. You'll get an SSL certificate for free, and provided you setup auto-renewal, you'll get automatic renewal of that certificate for free as well. Then all your wants above will be satisfied.
(Score: 1, Insightful) by Anonymous Coward on Thursday March 19 2020, @04:32AM
I am using a vps that costs $3 dollars per month. It is cheap. I have no visitors so that's something I don't have to think about, and I set up Let's Encrypt a long time ago (like 2 years ago maybe). Looks like win-win to me.
(Score: 1, Funny) by Anonymous Coward on Thursday March 19 2020, @05:37AM
No, you do not, since you will die soon, and then nothing will matter, except the fortunes of your granddaughter, Mulan. Consult the Great Stone Dragon, or have some Mushu at your local Chinese restaurant. Probably still open, since it is only at Trump virus.
(Score: 3, Informative) by Bot on Thursday March 19 2020, @12:24PM
Try to see if it works with shared hosting, I dunno. If you are out of luck, i'd spend the money for a cert to get a cheapo VPS and seed to ipfs (pin in ipfsspeak) and use the ipfs official servers as my CDN, if I have bandwidth probs. But sharing books should not cause you probs.
https://certbot.eff.org/instructions [eff.org]
Account abandoned.
(Score: 3, Funny) by Runaway1956 on Thursday March 19 2020, @03:06PM
First, you have to conform, or be left behind!
Second, if you don't lock the Wuhan Fu out of your server, everyone will get Kung Flu, or worse!!! And, please don't allow more than ten browsers to congregate on your site at one time. We've all got to do our part!
Abortion is the number one killed of children in the United States.
(Score: 3, Funny) by Freeman on Thursday March 19 2020, @05:22PM
While your site may not actually need SSL, everything is moving and will eventually be forced to SSL. The people behind the move, can't imagine someone using a basic website that doesn't need SSL. There must be some sort of javascript adfu in there somewhere. Also, why aren't you hoovering up your users' data? I mean, what are you, privacy conscious?
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 4, Insightful) by ze on Thursday March 19 2020, @06:11PM
I say encrypt everything that can be snooped or leak data, regardless of content.
Don't make it so easy to distinguish "interesting" connections from mundane ones, or for ISPs/mitm to ever tell what pages you're loading (use a secure dns solution too... I recently setup a getdns-backed local cache, for whatever that's worth).
Honestly, I think everything should just be secure by default. Why do we ever want to enable eavesdropping? Everyone legit has stuff to hide (not only the plain old right to personal privacy, but also obviously stuff like passwords and financial info), and it's hidden better if you don't even know when/where to look for it. And when nobody's building a profile based on seemingly innocuous info that actually ends up revealing more than you could guess. And you never even know what innocent stuff some batshit assholes somewhere will want to imprison or murder people over.
Lets just encrypt it all, and normalize that. Nobody accuses you of being a criminal, terrorist, or heathen just because you're "hiding" your letters in sealed envelopes, and that's how it should stay, and that's how digital communication should work too.
And there's long been repeated attacks on internet security by lawmakers, who want it to be magically broken for them alone, for their convenience. So we should all push the opposite as hard as possible, just in principle. Lets just make every bit of it totally unsnoopable in practice.