Re: [GNC] Site certificate expiry warning
On Thu, Mar 30, 2023 at 03:56:25PM -0400, p...@kroitor.ca wrote: > In fact, Google has been on a broad push to get rid of http since early > 2018: > https://www.blog.google/products/chrome/milestone-chrome-security-marking-ht > tp-not-secure/ > https://www.nationalweb.com/blog/high-time-provide-security-googles-https-pu > sh-and-what-it-means-your-business-website > https://www.getcloudapp.com/productivity/why-google-is-pushing-https/ > > Their "experience report" would seem to be programmed to discourage any and > all http sites from the get-go. > Well, only sites that want to be found by Google! I have a couple of web sites (some wikis in particular) which are only for my personal and family use. I don't care in the slightest if they don't get good Google ratings, in fact it's almost an advantage as it will probably reduce any 'unfriendly' access attempts! :-) -- Chris Green ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
On Thu, Mar 30, 2023 at 08:47:50PM +0100, Dr. David Kirkby wrote: > On Thu, 30 Mar 2023 at 19:42, Patrick James > wrote: > > > About two months ago, there was a major ice storm in Austin, and the area > > was completely unprepared for such a storm. A friend of mine was without > > power for about 12 days. He has two small children, and he has good local > > resources, which were also impacted by the ice storm, and it was not easy > > on him. > > > > From the other messages here, the web server is in Austin, and was > > impacted by the storm. The basic claim extends to the ISP in terms of > > recovery from the ice storm, which propagated to the GnuCash server. > > > > No one here seems to have a philosophical problem with https, but when an > > ice storm bring the system down, well, that's a problem. > > > > There are people here that do not see the advantages of it. To quote Chris > Green above. > > "How does that make the site 'dangerous'? All it means is that > communication between you (i.e. the user) and the site isn't > encrypted. As you don't need to send or receive any confidential > information the lack of encryption is wholly irrelevant! > That hardly says that I do not "see the advantages"! :-) I was just saying that I think the concept that a non-encrypted HTTP: site is 'dangerous' is misleading. If all you are doing is looking at the site and reading information then it doesn't matter in the slightest. > I would argue it is *not **wholly irrelevant* when the largest search > engine uses it as a ranking factor. Quite true, if the site in question want's to be found easily. Though in the case of someone searching for 'gnucash' I can't see how it makes much differenc, you can only really find gnucash if you search for 'gnucash'. The one case where better/higher Google ranking might be if someone searches for 'accounting software'. So, somewhat sadly, I agree that gnucash.org being an HTTPS: site is probably a good idea. It's just for not very good reasons IMHO. -- Chris Green ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
In fact, Google has been on a broad push to get rid of http since early 2018: https://www.blog.google/products/chrome/milestone-chrome-security-marking-ht tp-not-secure/ https://www.nationalweb.com/blog/high-time-provide-security-googles-https-pu sh-and-what-it-means-your-business-website https://www.getcloudapp.com/productivity/why-google-is-pushing-https/ Their "experience report" would seem to be programmed to discourage any and all http sites from the get-go. Paul -Original Message- From: gnucash-user On Behalf Of Dr. David Kirkby Sent: Thursday, March 30, 2023 1:47 PM Cc: gnucash-user@gnucash.org Subject: Re: [GNC] Site certificate expiry warning I noticed from the Google website - actually Google, not what someone says they think about Google. https://support.google.com/webmasters/answer/10218333?hl=en-GB#not_enough_da ta "The Page Experience report provides a summary of the user experience of visitors to your site. Google evaluates page experience metrics for individual URLs on your site and will use them as a ranking signal for a URL in Google Search results" Then under "Here are the criteria for a URL to rate as good in page experience status in Google Search:: - *Failed:* The URL is served using HTTP, not HTTPS. So it seems to me that the argument that a website does not collect personal information, so does not need HTTPS, is flawed. You can argue the technical merits of Google's approach, but it does seem to be the case that the use of HTTPS is a good thing if you want the website to do well in Google. ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All. ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
On Thu, 30 Mar 2023 at 19:42, Patrick James wrote: > About two months ago, there was a major ice storm in Austin, and the area > was completely unprepared for such a storm. A friend of mine was without > power for about 12 days. He has two small children, and he has good local > resources, which were also impacted by the ice storm, and it was not easy > on him. > > From the other messages here, the web server is in Austin, and was > impacted by the storm. The basic claim extends to the ISP in terms of > recovery from the ice storm, which propagated to the GnuCash server. > > No one here seems to have a philosophical problem with https, but when an > ice storm bring the system down, well, that's a problem. > There are people here that do not see the advantages of it. To quote Chris Green above. "How does that make the site 'dangerous'? All it means is that communication between you (i.e. the user) and the site isn't encrypted. As you don't need to send or receive any confidential information the lack of encryption is wholly irrelevant! I would argue it is *not **wholly irrelevant* when the largest search engine uses it as a ranking factor. ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
About two months ago, there was a major ice storm in Austin, and the area was completely unprepared for such a storm. A friend of mine was without power for about 12 days. He has two small children, and he has good local resources, which were also impacted by the ice storm, and it was not easy on him. From the other messages here, the web server is in Austin, and was impacted by the storm. The basic claim extends to the ISP in terms of recovery from the ice storm, which propagated to the GnuCash server. No one here seems to have a philosophical problem with https, but when an ice storm bring the system down, well, that's a problem. > On 03/30/2023 11:36 AM Tom Weichmann wrote: > > > I'm confused, is someone arguing against using HTTPS on gnucash.org? Is > there some cost that is trying to be avoided or something like that? I use > HTTPS on my little personal website because why have any data on the > internet that isn't encrypted. I can't think of a downside > > On Thu, Mar 30, 2023 at 2:29 PM Dr. David Kirkby < > drkir...@kirkbymicrowave.co.uk> wrote: ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
I'm confused, is someone arguing against using HTTPS on gnucash.org? Is there some cost that is trying to be avoided or something like that? I use HTTPS on my little personal website because why have any data on the internet that isn't encrypted. I can't think of a downside On Thu, Mar 30, 2023 at 2:29 PM Dr. David Kirkby < drkir...@kirkbymicrowave.co.uk> wrote: > On Thu, 30 Mar 2023 at 19:03, Michael or Penny Novack < > stepbystepf...@comcast.net> wrote: > > > > > > "Here are the criteria for a URL to rate as good in page experience > > status > > > in Google Search:: > > > > > > - *Failed:* The URL is served using HTTP, not HTTPS. > > > > > > So it seems to me that the argument that a website does not collect > > > personal information, so does not need HTTPS, is flawed. You can argue > > the > > > technical merits of Google's approach, but it does seem to be the case > > that > > > the use of HTTPS is a good thing if you want the website to do well in > > > Google. > > > > Except you seriously misunderstand the difference between HTTP and HTTPS. > > > > I do know the difference. > > > > This has nothing to do with the capability of collecting personal > > information. It has to do with the SECURITY of what is transmitted. In > > other words, IF personal data were collected by a site using HTTP it > > would be insecure during transmission. Therefore a site should not be > > collecting personal data without being HTTPS. > > > > Google is down rating sites using HTTP because it doesn't know what the > > site is doing (collecting personal data or not). It is telling users > > "this site less safe" because IF the site is collecting personal > > information would be less secure. > > > > But that still means if you want to do well in Google, you maximise your > chances if you use HTTPS. Even if you have a completely static website, > with no possibility of a user entering even an email address or name. > > > > > > Michael D Novack > > > > Dave > ___ > gnucash-user mailing list > gnucash-user@gnucash.org > To update your subscription preferences or to unsubscribe: > https://lists.gnucash.org/mailman/listinfo/gnucash-user > - > Please remember to CC this list on all your replies. > You can do this by using Reply-To-List or Reply-All. > ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
I keep trying to figure out what to do with all my "likes" on various social media sites, and as of today, no one can really explain why I want/desire/need more "likes," or similar. > On 03/30/2023 11:29 AM Dr. David Kirkby > wrote: > > But that still means if you want to do well in Google, you maximise your > chances if you use HTTPS. Even if you have a completely static website, > with no possibility of a user entering even an email address or name. > > > > Dave ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
On Thu, 30 Mar 2023 at 19:03, Michael or Penny Novack < stepbystepf...@comcast.net> wrote: > > > "Here are the criteria for a URL to rate as good in page experience > status > > in Google Search:: > > > > - *Failed:* The URL is served using HTTP, not HTTPS. > > > > So it seems to me that the argument that a website does not collect > > personal information, so does not need HTTPS, is flawed. You can argue > the > > technical merits of Google's approach, but it does seem to be the case > that > > the use of HTTPS is a good thing if you want the website to do well in > > Google. > > Except you seriously misunderstand the difference between HTTP and HTTPS. > I do know the difference. > This has nothing to do with the capability of collecting personal > information. It has to do with the SECURITY of what is transmitted. In > other words, IF personal data were collected by a site using HTTP it > would be insecure during transmission. Therefore a site should not be > collecting personal data without being HTTPS. > > Google is down rating sites using HTTP because it doesn't know what the > site is doing (collecting personal data or not). It is telling users > "this site less safe" because IF the site is collecting personal > information would be less secure. > But that still means if you want to do well in Google, you maximise your chances if you use HTTPS. Even if you have a completely static website, with no possibility of a user entering even an email address or name. > > Michael D Novack > Dave ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
"Here are the criteria for a URL to rate as good in page experience status in Google Search:: - *Failed:* The URL is served using HTTP, not HTTPS. So it seems to me that the argument that a website does not collect personal information, so does not need HTTPS, is flawed. You can argue the technical merits of Google's approach, but it does seem to be the case that the use of HTTPS is a good thing if you want the website to do well in Google. Except you seriously misunderstand the difference between HTTP and HTTPS. This has nothing to do with the capability of collecting personal information. It has to do with the SECURITY of what is transmitted. In other words, IF personal data were collected by a site using HTTP it would be insecure during transmission. Therefore a site should not be collecting personal data without being HTTPS. Google is down rating sites using HTTP because it doesn't know what the site is doing (collecting personal data or not). It is telling users "this site less safe" because IF the site is collecting personal information would be less secure. Michael D Novack ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
I noticed from the Google website - actually Google, not what someone says they think about Google. https://support.google.com/webmasters/answer/10218333?hl=en-GB#not_enough_data "The Page Experience report provides a summary of the user experience of visitors to your site. Google evaluates page experience metrics for individual URLs on your site and will use them as a ranking signal for a URL in Google Search results" Then under "Here are the criteria for a URL to rate as good in page experience status in Google Search:: - *Failed:* The URL is served using HTTP, not HTTPS. So it seems to me that the argument that a website does not collect personal information, so does not need HTTPS, is flawed. You can argue the technical merits of Google's approach, but it does seem to be the case that the use of HTTPS is a good thing if you want the website to do well in Google. ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
I agree--the reality of any risk is small enough to normal people to be irrelevant, but the damage to credibility among those who might want to use GNC but are not familiar with the significance of public key asymmetric cryptography, is not at all trivial. Meanwhile, thank you Dr. Kirbly, your note on letsencrypt was spectacularly timely, I was literally just in the process of trying to work out how to get a certificate for a "scratch domain" I'd set up in AWS, and this has worked a treat :) Cheers, Simon On Fri, Mar 24, 2023 at 11:53 AM Dr. David Kirkby < drkir...@kirkbymicrowave.co.uk> wrote: > On Fri, 24 Mar 2023 at 15:22, wrote: > > > On Fri, Mar 24, 2023 at 11:16:09AM +, Michael Hendry wrote: > > > I’ve been promoting GnuCash to incoming Rotary Club Treasurers, and > I’ve > > > just been informed that www.gnucash.org is being flagged up as > dangerous > > > because its site certificate expired recently. > > > > > How does that make the site 'dangerous'? All it means is that > > communication between you (i.e. the user) and the site isn't > > encrypted. As you don't need to send or receive any confidential > > information the lack of encryption is wholly irrelevant! > > > > -- > > Chris Green > > > Whilst I don’t disagree with you on a technical level, you need to bear in > mind that browsers are going to warn people, and that will put people off. > > There’s a body of opinion that this will impact Google ranking. > > I have in the past paid for a fairly expensive EV SSL certificate, but now > I use > > https://letsencrypt.org/ > > on Debian Linux. The certificates are valid for 90 days, but renewed after > 60 days. > > Dave. > -- > Dr. David Kirkby, > Kirkby Microwave Ltd, > drkir...@kirkbymicrowave.co.uk > https://www.kirkbymicrowave.co.uk/ > Telephone 01621-680100./ +44 1621 680100 > > Registered in England & Wales, company number 08914892. > Registered office: > Stokes Hall Lodge, Burnham Rd, Althorne, Chelmsford, Essex, CM3 6DT, United > Kingdom > ___ > gnucash-user mailing list > gnucash-user@gnucash.org > To update your subscription preferences or to unsubscribe: > https://lists.gnucash.org/mailman/listinfo/gnucash-user > - > Please remember to CC this list on all your replies. > You can do this by using Reply-To-List or Reply-All. > -- Simon Roberts (303) 249 3613 ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
On Fri, 24 Mar 2023 at 15:22, wrote: > On Fri, Mar 24, 2023 at 11:16:09AM +, Michael Hendry wrote: > > I’ve been promoting GnuCash to incoming Rotary Club Treasurers, and I’ve > > just been informed that www.gnucash.org is being flagged up as dangerous > > because its site certificate expired recently. > > > How does that make the site 'dangerous'? All it means is that > communication between you (i.e. the user) and the site isn't > encrypted. As you don't need to send or receive any confidential > information the lack of encryption is wholly irrelevant! > > -- > Chris Green Whilst I don’t disagree with you on a technical level, you need to bear in mind that browsers are going to warn people, and that will put people off. There’s a body of opinion that this will impact Google ranking. I have in the past paid for a fairly expensive EV SSL certificate, but now I use https://letsencrypt.org/ on Debian Linux. The certificates are valid for 90 days, but renewed after 60 days. Dave. -- Dr. David Kirkby, Kirkby Microwave Ltd, drkir...@kirkbymicrowave.co.uk https://www.kirkbymicrowave.co.uk/ Telephone 01621-680100./ +44 1621 680100 Registered in England & Wales, company number 08914892. Registered office: Stokes Hall Lodge, Burnham Rd, Althorne, Chelmsford, Essex, CM3 6DT, United Kingdom ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
On Fri, Mar 24, 2023 at 11:16:09AM +, Michael Hendry wrote: > I’ve been promoting GnuCash to incoming Rotary Club Treasurers, and I’ve > just been informed that www.gnucash.org is being flagged up as dangerous > because its site certificate expired recently. > How does that make the site 'dangerous'? All it means is that communication between you (i.e. the user) and the site isn't encrypted. As you don't need to send or receive any confidential information the lack of encryption is wholly irrelevant! -- Chris Green ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
On 3/24/2023 9:30 AM, Simon Roberts wrote: On this, I would disagree. The certificate verifies that the *connection* has not been usurped by a "man in the middle" attack, and thereby that the target site is the one you believe it to be. The certificate says absolutely nothing about the quality or reliab\ility of the content of the site. So, if you are concerned about the (extremely small, to be fair) risk that there's a pirate version of a site being fed to you, you need to ensure the certificate is validated. Sorry, I was really being unclear. I did NOT mean "without first checking with the site owners" and that using an address from them from before (in other words, I would not trust a "contact address" not obtained until the site had an expired warning. I did NOT mean for any and all purposes. It would depend very much on what I was doing at the site, how I was going to be interacting with it. Until the problem fixed, would not download software, would not log in for any financial activities, etc. LOOK at the site, yes. Thus I might look at a vendor site while doing comparison shopping, checking for product availability, etc. but not place an order. Michael D Novack ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
On Fri, 24 Mar 2023 at 11:16, Michael Hendry wrote: > I’ve been promoting GnuCash to incoming Rotary Club Treasurers, and I’ve > just been informed that www.gnucash.org is being flagged up as dangerous > because its site certificate expired recently. > > I can get through by overriding the warnings, but I don’t think I should > be advising others to do so. > > Regards, > > Michael > I find https://www.downnotifier.com/?ref=700351 really good for monitoring a website. The basic service is free, and it will send an email if a certificate is soon to expire. It also gives you the uptime percentage over various periods of time. I pay about $15/year for the premium monitoring, which sends me text alerts if the website goes down. The nice thing about that site is it looks for specific text on a webpage (in my case I set it to be "attenuator"). That means it reports an error, even if the server responded with a missing page, internal error or similar Dave ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
On 3/24/2023 7:16 AM, Michael Hendry wrote: I’ve been promoting GnuCash to incoming Rotary Club Treasurers, and I’ve just been informed that www.gnucash.org is being flagged up as dangerous because its site certificate expired recently. I can get through by overriding the warnings, but I don’t think I should be advising others to do so. Regards, Site certificate warnings are most important when it is a site unknown to you. When it is trusted site, one that you have been visiting for years, the more usual assumption should be that there has been some delay in arranging for certificate renewal. Especially make this assumption for "small" sites. The IT department of a major corporation would have a tech team to make sure things like that don't happen. That is not true when would be just one person. Michael D Novack ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
Re: [GNC] Site certificate expiry warning
Point them to https://code.gnucash.org/website/ The maintainer of www.gnucash.org has been having issues since a major power outage in February and has been fighting with his system ever since. -derek On Fri, March 24, 2023 7:16 am, Michael Hendry wrote: > I’ve been promoting GnuCash to incoming Rotary Club Treasurers, and I’ve > just been informed that www.gnucash.org is being flagged up as dangerous > because its site certificate expired recently. > > I can get through by overriding the warnings, but I don’t think I should > be advising others to do so. > > Regards, > > Michael > ___ > gnucash-user mailing list > gnucash-user@gnucash.org > To update your subscription preferences or to unsubscribe: > https://lists.gnucash.org/mailman/listinfo/gnucash-user > - > Please remember to CC this list on all your replies. > You can do this by using Reply-To-List or Reply-All. > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
[GNC] Site certificate expiry warning
I’ve been promoting GnuCash to incoming Rotary Club Treasurers, and I’ve just been informed that www.gnucash.org is being flagged up as dangerous because its site certificate expired recently. I can get through by overriding the warnings, but I don’t think I should be advising others to do so. Regards, Michael ___ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user - Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.