About a serious security issue with the forum
-
- What is PSXDEV?
- Posts: 1
- Joined: Aug 18, 2020
About a serious security issue with the forum
I'd recommend using some form of HTTPS, such as SSL, as hosting a forum over HTTP makes all users vulnerable to man-in-the-middle attacks, which is really not good for the security of the site itself, as this allows malicious people to get access to accounts just through packet sniffing. Sure, VPNs exist, but not everyone is willing to pay a subscription fee for a trustworthy VPN, or risk anything with a free VPN.
This video is brought to you by NordVPN...
-
- Curious PSXDEV User
- Posts: 13
- Joined: Oct 14, 2014
- I am a: Tinkerer, gamer, solderer
- PlayStation Model: DTL-H1202
I believe the reason HTTPS is not enabled for this site is because it would render it innaccessible on older browsers that cannot use modern SSL ciphers. A lot of the PSX era of programs (such as the PsyQ SDK) and the hardware (using ISA slots) only work properly on older operating systems/hardware, and you often need to download extra little bits as you go along. You may think it's easy to just say "oh well, just download onto a USB pen on a newer computer and copy it to the older computer that way- problem solved". Unfortunately adding USB support (usually via PCI card) to older PCs is easier said than done when you have to manually deal with IRQs, etc, without breaking support for the development hardware because there aren't enough IRQs available.
Personally I too have run into this issue when trying to set up my PSX development hardware and had to burn CD after CD just to get everything that I needed moved (since that's how stuff was distributed in this era!). Eventually I found a very old FTP client that still works on Windows 98 and used that to fetch files over my network, but it was still such a faff.
I believe this is also the reason DDOS protection is permanently enabled on this site (hence it keeps doing a browser-check) as a compromise.
Personally I too have run into this issue when trying to set up my PSX development hardware and had to burn CD after CD just to get everything that I needed moved (since that's how stuff was distributed in this era!). Eventually I found a very old FTP client that still works on Windows 98 and used that to fetch files over my network, but it was still such a faff.
I believe this is also the reason DDOS protection is permanently enabled on this site (hence it keeps doing a browser-check) as a compromise.
The DDOS check makes this site unusable for me sometimes. I gotta do stupid captchas all the damn time here, it's really aggravating.
-
NITROYUASH Verified
- Extreme PSXDEV User
- Posts: 126
- Joined: Jan 07, 2018
- I am a: Game Designer
- PlayStation Model: SCPH-7502
- Contact:
same, i should select a car/plane/truck/etc, every time when i want to read this forum, this is so annoying.
-
Verified
- C Programming Expert
- Posts: 161
- Joined: Oct 06, 2012
- PlayStation Model: SCPH-5502
- Contact:
I already complained about the use of plain HTTP on this site back on December last year. Shadow replied but nothing was done so far. I avoid entering this site since this hCaptcha crap was introduced as I do not trust Cloudfare or they privacy-intruding policies.
Do you want to use a web browser supporting relatively new versions of TLS on your 64 MiB RAM Pentium I? Move to another operating system such as FreeBSD and luckily lynx might even work. But then you have no support for the ISA development boards. Otherwise, stay that machine away from any network if you decide to stick to Windows 98.
That simply sounds like a bad excuse. I'm sure the proprietary JavaScript-based hCaptcha crap from Cloudflare takes a lot more resources than TLS. Nowadays there are TLS libraries such as mbedtls that fit even on small, 64 KiB RAM microcontrollers. Moreover, running dead-old web browsers under dead-old unsupported proprietary operating systems also sounds like a terrible idea unless you are yourself open to tons of exploits.
Do you want to use a web browser supporting relatively new versions of TLS on your 64 MiB RAM Pentium I? Move to another operating system such as FreeBSD and luckily lynx might even work. But then you have no support for the ISA development boards. Otherwise, stay that machine away from any network if you decide to stick to Windows 98.
Potential DDoS attacks are not a reason to use privacy-intruding crap like Cloudflare's hCaptcha or Google's reCAPTCHA. I am sure there are many other ways, much likely based on free software, to mitigate DDoS attacks that do not involve cheap labor, user tracking and data selling. OTOH, some people prefer to disable JavaScript on their browsers for privacy and/or security reasons, and hCaptcha relies on it. Those legitimate users accessing from Tor cannot access this site since Tor exit nodes are detected as malicious users.
-
Verified
- Extreme PSXDEV User
- Posts: 131
- Joined: Jul 17, 2013
Not to mention that despite all those "countermeasures" spambots are still running amok, so I question the usefulness of all those checks
I'll go out on a limb here and say that ever since PSIO has moved to its own forum admins don't really give a shit about this place anymore.
I'll go out on a limb here and say that ever since PSIO has moved to its own forum admins don't really give a shit about this place anymore.
- szalay_1
- Active PSXDEV User
- Posts: 49
- Joined: Jan 22, 2019
- I am a: Cheat Device Code Creator
- PlayStation Model: 5502-7502
- Location: Hungary
- Contact:
YES same here, this is hella annoying !NITROYUASH wrote: ↑September 21st, 2020, 6:52 pm same, i should select a car/plane/truck/etc, every time when i want to read this forum, this is so annoying.
-
Verified
- C Programming Expert
- Posts: 161
- Joined: Oct 06, 2012
- PlayStation Model: SCPH-5502
- Contact:
rsoft is hosting a forums site at https://0x7b.de/psxugnd/bbs.php which does not rely on JS or captchas, uses HTTPS and also runs on open source software. I encourage everyone to move towards these forums as long as the admins from psxdev.net do not implement HTTPS and remove captchas on this site once and for all. There is currently a lack of content, but feel free to post your PSX-related ideas or questions.
We are also online almost daily at #psxugnd on Freenode.
See you there!
We are also online almost daily at #psxugnd on Freenode.
See you there!
-
Administrator Verified
- Admin / PSXDEV
- Posts: 2689
- Joined: Dec 31, 2012
- I am a: Shadow
- PlayStation Model: H2000/5502
Development Console: SCPH-5502 with 8MB RAM, MM3 Modchip, PAL 60 Colour Modification (for NTSC), PSIO Switch Board, DB-9 breakout headers for both RGB and Serial output and an Xplorer with CAETLA 0.34.
PlayStation Development PC: Windows 98 SE, Pentium 3 at 400MHz, 128MB SDRAM, DTL-H2000, DTL-H2010, DTL-H201A, DTL-S2020 (with 4GB SCSI-2 HDD), 21" Sony G420, CD-R burner, 3.25" and 5.25" Floppy Diskette Drives, ZIP 100 Diskette Drive and an IBM Model M keyboard.
PlayStation Development PC: Windows 98 SE, Pentium 3 at 400MHz, 128MB SDRAM, DTL-H2000, DTL-H2010, DTL-H201A, DTL-S2020 (with 4GB SCSI-2 HDD), 21" Sony G420, CD-R burner, 3.25" and 5.25" Floppy Diskette Drives, ZIP 100 Diskette Drive and an IBM Model M keyboard.
-
Administrator Verified
- Admin / PSXDEV
- Posts: 2689
- Joined: Dec 31, 2012
- I am a: Shadow
- PlayStation Model: H2000/5502
The main reason the CAPTCHA was added was that the server was under heavy load by a lot of unknown users and it was using a lot of bandwidth which was costing me a lot of money. PSXDEV.NET has always been free (never asked for any donations) or placed any ads and I intend to keep it that way (the way the Internet should be).
As for HTTPS, it's not a priority right now for me to add. I will add it at some stage, but for now it's okay without it and it's been running for over 8 years without it. The data from the server to the DNS is encrypted by Cloudflare.
As for HTTPS, it's not a priority right now for me to add. I will add it at some stage, but for now it's okay without it and it's been running for over 8 years without it. The data from the server to the DNS is encrypted by Cloudflare.
Development Console: SCPH-5502 with 8MB RAM, MM3 Modchip, PAL 60 Colour Modification (for NTSC), PSIO Switch Board, DB-9 breakout headers for both RGB and Serial output and an Xplorer with CAETLA 0.34.
PlayStation Development PC: Windows 98 SE, Pentium 3 at 400MHz, 128MB SDRAM, DTL-H2000, DTL-H2010, DTL-H201A, DTL-S2020 (with 4GB SCSI-2 HDD), 21" Sony G420, CD-R burner, 3.25" and 5.25" Floppy Diskette Drives, ZIP 100 Diskette Drive and an IBM Model M keyboard.
PlayStation Development PC: Windows 98 SE, Pentium 3 at 400MHz, 128MB SDRAM, DTL-H2000, DTL-H2010, DTL-H201A, DTL-S2020 (with 4GB SCSI-2 HDD), 21" Sony G420, CD-R burner, 3.25" and 5.25" Floppy Diskette Drives, ZIP 100 Diskette Drive and an IBM Model M keyboard.
-
Verified
- C Programming Expert
- Posts: 161
- Joined: Oct 06, 2012
- PlayStation Model: SCPH-5502
- Contact:
Thanks for not requiring hCaptcha to legitimate users.
That does not mean data from users to the server is encrypted, so sensible information might still be compromised e.g.: password hashes. There is no reason not to run HTTPS nowadays - getting a valid certificate is free via Let's Encrypt and very easy to set up. Even Cloudflare also issue free certificates if you prefer them. So please consider helping us all by getting a free certificate.
Who is online
Users browsing this forum: No registered users and 0 guests