Eric

Hello all,

We've had some (very few, but more than zero) issues where database tables have crashed during times of heavy load on the server.  These load spikes are usually related to other sites that I'm responsible for that happen to share resources with the ATX Community.

These haven't been significant issues, and in fact have been very easy to resolve when they arise, but it does cause brief downtime on the Forum.

So, in the interest of constant improvement, I would like to move the ATX Community to its own server (VPS) with its own dedicated resources.  There are other server configuration changes/challenges that I'll tackle at the same time.  Because this is the only forum I maintain, I am less experienced with performance tuning for this software than, say, more standard website content management systems.

All that to say, I am expecting it to be a slightly bumpy transition but with improved speed and stability in the long term.  There might be as much as one or two days of downtime followed by intermittent hiccups until everything is smoothed out.  I'm aiming for mid-May to get this work done, but there is no hurry on my end.  If there are business reasons to put it off longer, please speak up!

Thanks!

45 minutes ago, Lion EA said:

Thank you for taking good care of us, Eric!

I was up late last night and saw the posts coming in. It was not all at once, automatically. There were a couple of screen names posting with about the speed of someone cut/pasting manually. It was kinda odd. I'd leave after a bunch/page-full and then return to another few, or I'd report some to see more came in while I was reporting, rinse & repeat. That kind of speed.

I apologize for inundating you with so many reports. In my sleep-deprived state it seemed like a good idea to report a bunch so you'd see the extent of the problem before you had to enter the message board or without looking farther.

I did see those reports along with Judy's email this morning.  

The registrations are happening manually.  They're answering the questions correctly and not trigging Google's ReCaptcha service.  They're also using unique email addresses for every registration. 

Once they made it past the registration process, they have a script that will automatically post content, but the forum doesn't allow people to post more than once very quickly, so that throttles how fast the spam can be added.  With 110 accounts, though, it can pile up quickly.

Your email addresses are not readily accessible on this website.  Only Judy and I can see email addresses for individual users.

You bet!

I may end up taking the forum down again soon, it looks like they're still making it through although more slowly than before.  I need some time to look at where these accounts are coming from--the registrations seem like they're being created manually, not by bots, and then once registered the posting is automated.  I may end up blocking all traffic from Russia and China, but need to investigate the traffic more closely to see how effective that would be.

I could also add a manual verification step to registration, but I need to look more closely at what that process would look like on our (your) end as well.

Happy Independence Day, everyone!

The forum was inundated with bots this morning and they were able to many accounts and many, MANY pages of spam topics in about 2 hours.  I've deleted 110 accounts and 2,568 topics from the site, so it should be all cleaned up now.  If you see anything that I've missed, please use the Report feature on the post.

I've made some minor changes that will hopefully keep this from occurring again, but I'm not completely confident that more significant changes aren't necessary so I'm keeping a close eye on the forum.  It should become apparent very quickly whether the bots are still able to get in once the forum is open again.

Thank you all for your patience!

My daughter (11) is a fan of Vihart's videos.

She let me know on the 14th that Phi is much cooler than Pi. Then I called her a nerd.

I think they're fixed!

Hey, look at that, they're broken.  Thanks for bringing this to my attention, I'm looking into it now.

I can only imagine it was a weird caching issue.  Even if you omit the 's' from https:// the site should redirect you to the secure version.

Mozart tells the most intricate poop jokes.

Windows 11 is mostly minor refinements, minor new features, and a fresh coat of paint compared to Windows 10, not a huge overhaul like the new version number would suggest.  I would say that if your software vendor says it's compatible, and manufacturer of your peripherals (printers, scanners, etc) are supporting Windows 11, then you're safe to use it.  Do whatever you're comfortable with.

https://support.atxinc.com/includes/atx system requirements.pdf

I think doom and gloom rants about either choice (sticking with Windows 10 or choosing to buy a Windows 11 computer) are probably a bit of an over-reaction.  I don't think there's much risk either way... but if you're the type to get flustered by technology changes, then right before tax season might not be the ideal time to start getting acquainted with a new version of Windows.

The article that I believe prompted the above comic:

https://www.baekdal.com/thoughts/password-security-usability/

From the article: It is 10 times more secure to use "this is fun" as your password, than "J4fS<2". At least, that was true until the article was published.

When I have to create passwords for another person's account, and I'm not sure if they'll take the time to change it, this is the method I use.  Example: purple-spotted-skipping-hamster

It's completely random, extremely secure, and easy to remember and type.

Unfortunately, even though the password would take hundreds or thousands of years to crack, it's deemed insecure by many password strength indicators because it's missing a number or a capital letter.

On 8/19/2022 at 7:30 PM, Lion EA said:

It did do a security update 8/17/2022. I'm nursing it through until the next version comes out.

Apple just released iOS 12.5.6 on August 31. This patches the same serious vulnerability that they had previously patched in newer versions of iOS.

https://support.apple.com/en-us/HT213428

https://arstechnica.com/gadgets/2022/09/apple-releases-rare-ios-12-update-to-patch-zero-day-webkit-vulnerability/

On 8/19/2022 at 5:51 PM, Lion EA said:

Wait, wait. So the iPhone 6S is newer than my iPhone 6? And, I won't need the security update? Or, I DO need a security update due to recent activities, but my phone is too old to get it?

The 6S is newer than your 6, and Apple's release says only the 6S and newer is affected.

There is the possibility that since the iPhone 6 is "stuck" on iOS 12, it never received version of iOS that was vulnerable in the first place.

Nope, not the case, they just took their time fixing the bug in iOS 12 and patched it weeks later.

According to their list, the latest security update for iOS 12 was 12.5.5 released September 2021.  You said you had an iPhone 6, but the release from Apple says the issue affects the iPhone 6S and newer.  If you really only have the 6, it may not be affected.

The Security update for iOS / iPadOS 15 is version 15.6.1 if you want to double check your husband's devices.

EDIT: The information on that first link does say that 15.6.1 is available for the iPhone 6S.  That, along with your iOS version being 12.5.5 tells me you do have an iPhone 6 (not 6S), and will not get (or need) the security update.

The only time I use a VPN is when I'm traveling and using free hotel WiFi which for me isn't that often.  I used Mullvad VPN during a recent trip to Boston, spent less than $6 for the month, and cancelled the service when I got back home.  I have never had issues connecting to any websites but it is an extra server to route all of your traffic through, so it can potentially be slower.  To directly answer your question, nope, I haven't heard of PIA.

In my opinion, the main benefits of using a VPN are privacy related.  You can keep your browsing from your ISP because all they see is encrypted traffic between sites and the VPN server.  If you don't trust your ISP to not sell your metadata to the highest bidder, then a VPN is a good way to avoid that.  Just make sure to pick a trustworthy VPN provider because they're the ones who will have that data instead of your ISP.

In terms of general security, most of the web now uses HTTPS anyway, so all of that traffic is already encrypted and secure.  Transmitting things like credit cards and passwords isn't improved by using a VPN. Some VPN providers have additional security measures that protect you from visiting harmful sites or downloading harmful files, but a little common sense about those things is a lot more effective.

There are some things that I think should be higher priority for online security:

• Don't reuse your passwords.  Create secure passwords and use a password manager to remember them for you.
• Even though it's a pain sometimes, use 2 Factor Authentication wherever it's supported.  The type that uses an Authenticator app (Authy, Microsoft Authenticator, Google Authenticator, etc) is better than relying on text messages, but the text messages are a lot better than a username/password alone.
• If privacy is your main concern, install an ad blocker extension for your browser.  uBlock Origin is a good example.  An unbelievable amount of tracking happens as you browse the web, and there's a lot of money in knowing who you are as an ad target.  A VPN generally doesn't do anything about this, because it's all happening in your browser which is communicating with the site you're visiting.  Encrypting the traffic through a VPN only means it's being securely sent directly to Facebook, for example.  An ad blocker will shut down most of that tracking and keep it from being shared with the sites you're visiting.

EDIT: I didn't realize this before, but Mullvad VPN, and probably other VPN providers include ad blocking and anti-tracking features which would be similar to what uBlock Origin does.  uBlock Origin is free, though.

Yep! What Judy said.

Thank you all again, and Happy New Year!

3 hours ago, jklcpa said:

 I do that every night.  Clear the cache, cookies, and the history.

And here I am dreading actually having to close all of the gazillion open tabs across multiple windows to allow my browser to update.

1 hour ago, cbslee said:

"Microsoft has decided to block the popular third-party app EdgeDeflector on Windows 11. The app helps users open links on browsers such as Google Chrome and Mozilla Firefox. With the new move, Microsoft will now force Windows 11 users to open URLs from Start menu and Widgets panel search results only on Edge browser. EdgeDeflector developer Daniel Aleksandersen criticised the blocking by saying the company appears to be prioritising “advertisement, bundleware, and service subscriptions” over user' productivity, as per a blog post"

Reminds me an awful lot of Windows 98, Internet Explorer, and a certain antitrust lawsuit.

Thank you all, and Merry Christmas

That's crazy, a friend of mine sent me this video earlier in the week; I did not expect to see it here! Very cool, Tom.

@Catherine Better late than never?  Choose "Custom" from the Categories dropdown! 

That's interesting, it should only ask once per browser.  Do you have them enabled or disabled?

You can check the setting for your current browser in the notification options at the bottom:

https://www.atxcommunity.com/notifications/options/

EDIT: Also, what browser are you using?  In Chrome, you can manually adjust Notification settings per website (or disable for all sites) here:

chrome://settings/content/notifications (copy and paste into Chrome's address bar)

Nope, not this site, but other sites on the server can affect the entire server when the load becomes high enough.

I'm not at all worried about the security of any of the sites--the passwords are strong for all administrator accounts... but it does take processing power to evaluate and deal with each password request. 

I am considering purchasing service from Cloudflare to handle all of that nonsense, but I'm still researching my options.

On 8/3/2021 at 11:39 PM, jklcpa said:

I see your response!

I cleared cache & history on my tablet earlier this evening and had NO TROUBLE logging in again.  

Thank you, Eric.

Well, now I see it too.  I'll delete it.  You're very welcome!

I host websites for a number of municipalities, banks, and hospitals, and they all seem to be common targets for brute force attacks, which can cause very high server load when multiple are ongoing simultaneously.  I'm working on mitigating those attacks, because I feel like these issues crop up on this website when the server bogs down due to the load.

I swore that I responded earlier.

I was getting that 2S119/1 error in the back end of the site.  I cleared/rebuilt the software's template cache and those errors went away.  Hopefully they went away on the front end of the site as well.

So far, so good it seems