[zimmertr]

Hello, NWHikers does not currently have an active SSL certificate. This opens a lot of pretty dangerous security issues that could compromise the future of this forum. I am a system engineer so I can assist in configuring the site with an SSL certificate if needed. If funding is a problem, Lets Encrypt offers free SSL certificates and the procedure is automated via many tools. One of which is certbot. https://certbot.eff.org/

[Jaberwock]

Maybe you could help Tom move to Flarum while you're at it?

[neek]

Early beta, written by a kid in med school? Hmm... Login creds are sent in cleartext, so no one should use the same password elsewhere. (Of course you shouldn't do this anyway.) HTTPS would be a good first step, but can be expensive.

[zimmertr]

I agree that a forum software migration isn't in order but it is trivial to add a free SSL certificate to a website that is automatically rotated with a cronjob. And I would be willing to help as well, of course. It's not an exercise in moderate security. It's a necessity on the modern internet.

[Tom]

I can look into it. Have some other priorities right now (preserving a half million flickr images). And yeah, not moving to flarum (looked good a few years ago but there are better options out there).

[zimmertr]

Good luck Tom. Sounds rough.

[Matt Lemke]

Tom, I am bringing this back from the dead because I have a pretty big issue. As you know I use NWHikers almost exclusively for my trip reports, and I then copy the html to my personal website. The newest version of Google Chrome (Version 85) now prevents photos hosted from websites not having an SSL certificate to be displayed on other websites as both thumbnails, or as larger photos . Because of this, many reports from my website will not show any photos because Chrome sees they are not from a trusted website. They are blocked from loading, unless you click the link for each photo, then it will actually load the NWH page in a new tab (but that's annoying to do). For now, other browsers don't have this as a feature, but I worry that other browsers will soon follow suit since Chrome is the worlds most popular browser. It will quite literally take me weeks of time to re-write these reports on Weebly (the location I host my website on) to include every photo manually. This is why I periodically email you about the longevity of NWH because I also personally have a lot of time invested using it. For an example, if you view the following page in version 85 of Google Chrome, you will see all the photos have the error loading icon associated with them (looks like the piece of paper) Trip Report If you were to see it in any of the earlier versions of Chrome all photo thumbnails loaded just fine. This error is affecting many dozens of pages from my site. I am sure there are others out there having a similar issue as well. Can you please look into getting this site an SSL certificate? Otherwise I won't really be able to use NWH anymore, and will have weeks of lost time. I would be willing to help do this if needed, and cover the cost personally if any cost is required. Thanks! Edit: I actually just found out that even in IE and Firefox the same issue persists....I didn't have the most recent version of either browser installed when I checked.

[Tom]

NWH uses thumbnails that are hosted on a different domain so I'd think NWH would have the same problem. Or is it because NWH is not using https so it doesn't manifest on the thumbnails that are also not htttps?

[Matt Lemke]

Tom, Thats correct. As an example, the html code used for displaying each NWH hosted photo on my site is shown below...every photo has the same basic code with just the source being different: <div class="pic"><a title="All the food I brought for the trip" href="https://www.nwhikers.net/forums/viewtopic.php?sid=c86dac0d9c69294a3983c72eeada38f7&amp;p=1194827#&amp;pid=45b7c126a3db09146a22d6c99ebfa4a6" target="_blank" rel="noopener" name="0" data-pid="45b7c126a3db09146a22d6c99ebfa4a6" data-c="" data-vr=""><img class="pic_thumb" src="http://www.nwhikers.org/forums/uploads/a4/a6/45b7c126a3db09146a22d6c99ebfa4a6_427x240.jpg" alt="All the food I brought for the trip" width="427" height="240" border="0" /></a> <div class="pic_caption">All the food I brought for the trip</div> Browsers I have discovered now are setup to automatically add the "s" to the http in front of all source codes before building thumbnails, and if the https version of the source doesnt exist due to the site not having the SSL cert, the thumbnail will fail to get created (at least that's how I understand it from troubleshooting). Maybe you know how to workaround this issue?

[puzzlr]

FWIW, that Wind River Slam TR looks fine on all three browsers I tried. All are the most recent official builds and I haven't made preference settings that would affect this. Firefox 81.0.1 Chrome 85.0.4183.121 Safari 14.0 (14610.1.28.1.9) However Firefox and Chrome display a small warning in the address bar about some insecure elements. I grumpily added a free LetsEncrypt cert to my website even though there's no reason for it -- all static content with no logins. But I'd agree this is where things are going and nwhikers should probably get a cert at some point or risk having it stop working correctly with a future browser update.

[Matt Lemke]

Puzzlr, Wait really? That is so strange. When I tested it with a handful of different laptops, all tested with 3 of the most common browsers (IE, Firefox and Chrome) the photos never popped up. Only on my phone it worked. I even emailed some random people to check for me and they had the same issue.

[reststep]

They work for me Matt. I am using some version of chrome.

[Matt Lemke]

What operating system are you guys using?

[Josh Journey]

On Linux using Google Chrome and Firefox everything displays fine on Matt's trip report. However on my laptop (Windows 10) when using Google Chrome at first all thumbnails loaded. Then Google Chrome auto updated. After the update all thumbnails from NWHikers would not load due to Chrome automatically parsing all image tags as https which would then fail to load any images. Upon further research many other folks have been upset about this which the only solution is having sourced images to have an SSL certificate. Because Chrome and Windows 10 are a common scenario, it's likely 50% or so people looking at Matt's trip reports will see broken images. Another site I contributed to had been hacked multiple times. SSL was installed which I haven't heard of any happening since. SSL is also important when connecting to public networks due to how easy it is to intercept login and other data when non encrypted. There are other benefits of https such as better search engine ranking, here's an article listing many benefits to SSL: https://www.bluecorona.com/blog/https-and-seo/ Installing "Let's Encrypt" on shared hosts takes less than 2 minutes. If coupled with HTTP/2 the performance boost is quite noticeable.

[puzzlr]

OS is MacOs Mojave, 10.14.6