Re: [sword-devel] Please support HTTPS repositories.

[Greg Hellings]

On Sat, Jan 15, 2022, 21:24 Michael Johnson  wrote:

> I thank God for you all who volunteer to work on the Sword Project.
>
> I have been upgrading and refining my server layout for eBible.org and a
> dozen other Bible sites. Keeping FTP going is becoming harder all of the
> time. Indeed, HTTP (not S) is getting harder, too. HTTPS is the
> future-resistant protocol to access a Sword repository. I think this is not
> a problem for currently updated Sword front ends using current back ends.
> However, the ancient FTP protocol is a terrible protocol to rely on because
> by default, there is no security to it at all for authentication or content
> protection. It is easy to abuse. All major browsers have now stopped
> supporting it. HTTP without TLS is likewise lacking, but at least it is
> mostly supported by major browsers and libraries. Google and Apple are
> nudging everyone to use HTTPS instead of HTTP. Of course, mainland China
> often blocks HTTPS traffic, trying to force traffic into the clear where it
> is easier to spy on and modify. It is a strange political environment,
> indeed.
>

Any build using the libcurl interfaces should support HTTPS without any
modifications necessary, provided libcurl was compiled with SSL/TLS
support. But I owe Troy an overdue response to our conversation back in
November wherein I test that to be sure.


> THEREFORE, the eBible.org Sword repository at https://eBible.org/sword/
> is the preferred repository to use for the modules I maintain.
>
> I try to keep http://eBible.org/sword/ (not https) working, but it is
> getting hard to test that, as most modern browsers "help" me to a more
> secure connection.
>

You should be able to use CURL on the command line to check. I believe it
won't follow Location header redirects by default (if it does, then there
is a command line switch to disable it), so you should be able to check
easily in an automated fashion using that.


> Anonymous FTP does not work on the main eBible.org (no ftp.) server. It
> does work most of the time on a separate machine named ftp.eBible.org.
> That machine is running a software configuration with a known bug that I
> don't yet know how to work around that causes it to go down at seemingly
> random times, usually when I'm asleep or out of my office.
>

It is a shame that FTP has gotten such a bad rap. Yes, it's plaintext but
there ARE times when encryption is unnecessary and just a burden. This is
one of those times.

--Greg

>
> Just FYI...
>
> --
> signature
>
> Aloha,
> */Michael Johnson/**
> 26 HIWALANI LOOP • MAKAWAO HI 96768-8747*• USA
> mljohnson.org  • eBible.org 
> • WorldEnglish.Bible  • PNG.Bible <
> https://PNG.Bible>
> Signal/Telegram/WhatsApp/Telephone: +1 808-333-6921
> Skype: kahunapule • Telegram/Twitter: @kahunapule • Facebook:
> fb.me/kahunapule 
>
> ___
> sword-devel mailing list: sword-devel@crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
___
sword-devel mailing list: sword-devel@crosswire.org
http://crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page

[sword-devel] Please support HTTPS repositories.

[Michael Johnson]

I thank God for you all who volunteer to work on the Sword Project.

I have been upgrading and refining my server layout for eBible.org and a dozen other Bible sites. Keeping FTP going is becoming harder all of the time. Indeed, HTTP (not S) is getting harder, too. HTTPS is the future-resistant protocol to access a Sword repository. I think this is not a problem for currently updated Sword front ends using current back ends. However, the ancient FTP protocol is a terrible protocol to rely on because by default, there is no security to it at all for authentication or content 
protection. It is easy to abuse. All major browsers have now stopped supporting it. HTTP without TLS is likewise lacking, but at least it is mostly supported by major browsers and libraries. Google and Apple are nudging everyone to use HTTPS instead of HTTP. Of course, mainland China often blocks HTTPS traffic, trying to force traffic into the clear where it is easier to spy on and modify. It is a strange political environment, indeed.


THEREFORE, the eBible.org Sword repository at https://eBible.org/sword/ is the 
preferred repository to use for the modules I maintain.

I try to keep http://eBible.org/sword/ (not https) working, but it is getting hard to 
test that, as most modern browsers "help" me to a more secure connection.

Anonymous FTP does not work on the main eBible.org (no ftp.) server. It does 
work most of the time on a separate machine named ftp.eBible.org. That machine 
is running a software configuration with a known bug that I don't yet know how 
to work around that causes it to go down at seemingly random times, usually 
when I'm asleep or out of my office.

Just FYI...

--
signature

Aloha,
*/Michael Johnson/**
26 HIWALANI LOOP • MAKAWAO HI 96768-8747*• USA
mljohnson.org  • eBible.org  • 
WorldEnglish.Bible  • PNG.Bible 
Signal/Telegram/WhatsApp/Telephone: +1 808-333-6921
Skype: kahunapule • Telegram/Twitter: @kahunapule • Facebook: fb.me/kahunapule 


___
sword-devel mailing list: sword-devel@crosswire.org
http://crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page