|
Post by Darrin on Dec 31, 2015 8:49:54 GMT
Question: When the new site's up, where will it be announced? Where will the link be provided? Here, and then we move? Or on the deviant art journal? Sorry if it's already been answered and I'm just blind to see it, but I kidna just want a little clarification. I will post it here, it will be on Sneezefurs.org, or will be on MasterXtreme's dA, and it will probably be elsewhere. There are actually quite a lot of people posting about it. Once it is posted, people will have to move one last time to the official PSF forum and we will grow from there. Here are a few other links to some big profiles that have brought up PSF. sneezingponies.tumblr.com/post/135831447729/psf-shut-down-for-no-reason#notesscootaloosscootaquest.tumblr.com/post/135833251987/psf-shut-downThere was a topic on ponychan/mlpchan about PSF going down too. As well, there were many DA accounts and other social media members who brought it up. I didn't know we made such a splash. We weren't even that big! I wonder if we could get like a redirect link set up. Like, on this site, if people click to join it they're redirected to the new site. Maybe with the old site too? I have no control over this site, it was made by a PSF member, and not PSF staff. But being that is ProBoards, and we are trying to forget the rough altercation with them, we want nothing to do with them. We will take this situation as a growing experience and rebrand PSF to encompass more, but it will be the same you remember from before, but with a bigger focus.
|
|
|
Post by fullmetalpikmin on Dec 31, 2015 9:09:08 GMT
Well, I'm hyped for this! Hopefully a lot of the older members will join this new website!
|
|
yasl
New Member
Posts: 20
|
Post by yasl on Dec 31, 2015 11:37:21 GMT
We will probably contact you through Sneezefurs if that is all right, yasl! Works for me Slight concern about Lunarpages' Acceptable Use Policy ( www.lunarpages.com/legal/acceptable-use-policy ): Whether sneeze smut counts as pornographic by itself is debatable, but this clause feels a little too restrictive, given the nature of the forum.
|
|
yasl
New Member
Posts: 20
|
Post by yasl on Dec 31, 2015 14:28:01 GMT
If you /really/ want shared hosting, rather than a VM, I recommend evaluating NearlyFreeSpeech.net (NFSN). They offer the traditional LAMP stack (Linux/Apache/MySQL/PHP) on which SMF runs. Most usefully, they have a very robust Abuse Policy, really as good as you could reasonably hope for: www.nearlyfreespeech.net/help/abuseTLDR: If it's illegal in the US: no; otherwise: yes. Delicate sensibilities need not apply. They charge by usage. For a super-niche forum like this, that might just be the cheapest means of hosting. See their calculator: www.nearlyfreespeech.net/estimateI got $28/yr (or $38 with domain registration) using "medium" usage, 200MB storage, 5GB transfer. (That storage figure is lowball if lots of images will be hosted locally, but highball if most will be living elsewhere (DA, *booru, etc) and just linked from the forum.) And if it turns out that the usage guesses used were wrong, there's nothing stopping a structured move away to Lunarpages or a VM, etc. Since, you know, there's basically no chance of NFSN them suddenly shutting PSF down.
|
|
|
Post by Darrin on Dec 31, 2015 17:59:40 GMT
We just sent the bill to Lunarpages, but we will certainly look more.
Thank you for the links and more info.
|
|
yasl
New Member
Posts: 20
|
Post by yasl on Dec 31, 2015 18:24:47 GMT
Lunarpages seems to have a decent reputation in its category, but there are elements that concern me. e.g.: - As noted, they seem to prohibit "pornography". As they do not define what that includes, even an "SFW" PSF might be at the mercy of the sensibilities of support staff. - They claim "unlimited" storage but asterisk it with "related to your site", and even then I suspect that if one of the major *boorus moved in and started consuming a terabyte of disk, they'd find themselves being forced onto the "business" plans pretty quickly. So they have a marketing term obscuring some magic threshold or arcane load calculation. - They're too eager to get you to sign up for 5 years. The advertised price of all their services is for 5 years. Want to test it out for just 6 months? The per-month cost /doubles/ and you get a $30 "set-up fee". Such a steep long-term discount gradient suggests that they are growing fat off disused sites for which the owners have already paid upfront. - They want $109/yr to give you an SSL certificate. What? Cheap SSL certs are on the order of $25/yr or less, and there is /no difference/ between a cheap and an expensive SSL domain validation cert. This smells like gouging. Also, as of this month, LetsEncrypt ( letsencrypt.org/ ) has moved to public beta, so now anyone with a VM can get an SSL DV cert /for free/. - To use SSL, they also require a dedicated IP address, charged at $5/month. Unless you need to support IE6, it is not necessary to have a dedicated address for SSL. A decade ago? Legit. Now? Gouging. Now I'll segue into a distinct personal bias: I /really/ want PSF to support SSL/TLS. Require it, if possible. It's laughably easy to capture traffic from machines on the same LAN or WiFi network (FireSheep was a cute and well-publicized demonstration/automation of this). Without SSL/TLS, your account is in the lap of the gods, and gods are nothing if not capricious. Near as I can tell, implementing SSL/TLS at Lunarpages will cost $169/yr, or ~$850 over 5 years. Yikes! Perhaps you can BYO certificate, perhaps not, but even if so they'd still require a dedicated IP address, for $300 over 5 years. NearlyFreeSpeech will issue a certificate on your behalf for $20/yr, or $35/2yrs, so $90 over 5 years. Running a VM instead of shared hosting, thanks to the advent of LetsEncrypt, means SSL/TLS comes free (and you'll always get a dedicated IP address with a VM). The base cost of all 3 (LunarPages, NFSN, a DigitalOcean VM) is $5/month (likely less for NFSN). I fear that Lunarpages may conceal the most hidden costs, and be impractical to deploy SSL/TLS on. But, if the transaction's already done, perhaps I'd best stop this doom-saying and get on with making myself available for any deployment questions or assistance XD
|
|
|
Post by leapingriver on Dec 31, 2015 21:46:24 GMT
Wow! You sure know you're stuff. Maybe the admins will find this helpful
|
|
|
Post by Darrin on Jan 1, 2016 6:54:18 GMT
Should I be worried after reading all that? I feel worried.
We choose Lunarpages because another person who runs a sneeze forum uses Lunarpages and they said they have been great to them. We did already purchase our account with them, but have yet to receive an email saying we purchased anything, and have no link to anything to help us out.
|
|
|
Post by Blurr001 on Jan 1, 2016 6:57:43 GMT
What other sneeze forum would this be?
|
|
yasl
New Member
Posts: 20
|
Post by yasl on Jan 1, 2016 8:03:12 GMT
Oh, no, as I said, my understanding is that Lunarpages is pretty decent within its category. I shortlisted it for a small site once, some (~7) years back.
If another sneeze forum is running successfully, then maybe AUP item #6 about the "no pornography" is treated fairly narrowly. On the other hand, maybe said other sneeze site wouldn't stand up to a staff review. It's hard to guess, so I don't really know whether that's something worth worrying about. If I recall correctly, PSF originally allowed locally-posted material further along the NSFW spectrum until ProBoards rapped you guys on the knuckles; I feel that Lunarpages' AUP #6 will mean keeping the current NSFW balance. Though I don't have much of an opinion on it myself, I know some hoped it might be possible to loosen the restrictions.
PSF is not likely to be in danger of overrunning any magic secret quotas, I just felt that reflected poorly on their marketing department.
I guess signing up to anything for 5 years with payment upfront is cause for concern, just from the perspective that it's hard to back out. If they have a no-questions money-back guarantee for the first month or fortnight, that's less of an issue, but I've not checked.
My biggest selfish concern is the SSL/TLS thing. I mean, as an infosec guy, I truly, deeply think it's important for everyone, particularly admins and mods, but I have a large selfish bias too. See, I like to keep my kink browsing at arm's length, so I access these sites through Tor. Without boring you, the security implications are very similar to browsing from a public WiFi hotspot -- SSL/TLS sites are secure, as long as you don't ignore SSL/TLS warning messages, but plain HTTP is exceptionally insecure. It's actually a little worse than WiFi, since anyone can set up a Tor exit server and read their subset of traffic going from the Tor network to the public internet; they don't have to be physically close.
At present, no sneeze forums that I know of support SSL/TLS. Which is a real bugger, because there's a very real chance that one day my traffic will go through a malicious exit node and someone with too much time on their hands will steal my account. For lulz, or whatever.
|
|
|
Post by Darrin on Jan 2, 2016 21:18:17 GMT
The other forum that recommended Lunarpages was Sneezefurs.org. Our payment hasn't gone through yet, because now we are holding to make sure this is 100% what we wanna do. Yasl seems to know what they are talking about. What does SSL/TLS do for a website and what are the advantages? How would the average user notice this implementation? I know you explained it, but tell me like I am 4 years old. Lastly, I will need to check this www.nearlyfreespeech.net site. Is it reliable?
|
|
yasl
New Member
Posts: 20
|
Post by yasl on Jan 3, 2016 4:43:14 GMT
NFSN has been reliable for me /but/ I've only ever used their static site, domain registration, and DNS facilities. So, I can't vouch for their "dynamic" stuff (PHP, MySQL). They have a good "smell" about them -- just the right degree of nerdiness (look at their metering system, or their account reset security options) and, of course, the right approach to hosted content. That said, they are smaller than Lunarpages, and they may carry a fair bit more "bus risk" -- I'm not sure that the core development team is more than a handful of people. I feel that this is offset by the pay-as-you-go model, since it means that abandoning them for Lunarpages carries only a small cost (plus labor) while going the other way... you've already paid for 5 years of hosting. As for SSL/TLS. SSL/TLS is a means of securing the connection between 2 applications on different computers, so that third parties on the networks between those computers can neither read nor modify data flowing across the connection. It's the difference between HTTP (http://) and HTTPS (https://) (that's the key thing an average user would notice, really). HTTPS is HTTP "tunneled" through an SSL/TLS session. Some nomenclature: TLS ("Transport Layer Security") is essentially just a newer version of SSL; TLSv1.0 == "SSLv4.0". SSL ("Secure Sockets Layer"), unqualified, has referred to "SSLv3" for about 2 decades. Everyone came to know this functionality as "SSL". Severe weaknesses have been discovered in SSLv3 and it has now been deprecated, so everyone uses (or should be using) TLS, but this name is less well-known in the wider community, so it's often referred to SSL/TLS. Lots of folks have done a lot of advocacy to increase adoption of SSL/TLS, particularly in the last half-decade. Googling for a few links, here are a few from early 2011, when the SSL/TLS push was just starting to gather momentum (note that there used to be anxiety about performance costs, but these mostly failed to materialize, and in hindsight were far overblown): - arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/- mashable.com/2011/05/31/https-web-security/- www.snopes.com/computer/internet/https.aspAnd one more recently: - rythie.com/blog/blog/2014/03/05/should-all-sites-use-https/The main web standards bodies are moving in the same direction. While the new version of HTTP, v2, technically does not require the use of TLS, it almost did, and the major browser vendors have indicated that they will not support unencrypted HTTPv2 (though, the current version, HTTPv1.1, will remain supported indefinitely, so this is just a "sign of the times" rather than something to be worried about for the site). Note that the 2011 sites all still use HTTP rather than HTTPS! This is likely because they all generate their revenue from ads. Ad networks have a very bad reputation at the moment of not supporting HTTPS properly, and if you embed non-HTTPS content on an HTTPS page, browsers will generate warnings. Non-ad-supported sites, or those only using Google ads (presumably amongst some other HTTPS-supporting ad providers out there) are not affected. To clarify the risk a bit better, cleartext communications (HTTP, including the site's "cookies" which are sent at the top of every request and, if stolen, let the bearer steal your session & impersonate your account) are vulnerable to anyone who can sniff or modify the traffic between you and the server. e.g.: - Other machines on your local network / LAN (by performing ARP poisoning to pretend to be the local router); - All other machines on your local WiFi network, even if using a password (username-and-password or certificate (aka "Enterprise mode") logins are safe from this one, but the only place that /might/ use that mode is an office); - Neighbors and other proximates who have cracked your WiFi password; - The administrator of your local network (family member, room mate, cafe staff, or office IT department); - People who have compromised you local network's infrastructure; - Your ISP (internet service provider, AT&T or Comcast, etc, etc); - Any other ISP whose network you data transits; - Anyone else who's compromised any of said ISPs; - The governments of any country across whose land your data transits (by compelling the local ISP); - The governments of any well-financed nation (espionage); - The operator of any proxy the client uses, or of the exit node of a Tor user; - The staff of the datacenter in which the server resides; - Potentially any other server on the same local network segments (depending on the datacenter); and - Anyone who has spoofed or comprised your DNS records, either globally or to a targeted user. Someone who administers or who has compromised your server can also sniff this, but SSL/TLS doesn't protect against them
|
|
|
Post by leapingriver on Jan 3, 2016 5:48:47 GMT
Dude.... I'm so lost. All this computer stuff. I do know about the difference http and https though. I felt smart up until that sentence. Then I got confused haha.
|
|
yasl
New Member
Posts: 20
|
Post by yasl on Jan 3, 2016 6:42:05 GMT
Haha, I probably should have deferred the "nomenclature" paragraph to the end. I'd recommend you read through the first handful of dot points of parties who could read your traffic or steal your account, since they're probably the most relevant 95% of the time Darrin: If you're interested in investigating NFSN, I'd recommend getting an account there (doing so is free) and then poking around the control panel interface. If not immediately turned off, you could then load some nominal amount on to your account, say $10, and start playing around with an actual test site. (Enabling SSL/TLS requires a support request and certificate, so can't really test that, but most other functionality should be testable.)
|
|
|
Post by Blurr001 on Jan 3, 2016 7:46:59 GMT
cant wait
|
|