Image Map Image Map
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Issues with NEC Versa 4000D Laptop

  1. #11

    Default

    Quote Originally Posted by MrAureliusR View Post
    This forum is pretty awesome! A bit of a shame that it doesn't have HTTPS though, sending credentials in the clear is so.. retro :P
    If you are that worried you might want to look into a VPN.
    PM me if you're looking for 3" or 5" floppy disks. EMail For everything else, Take Another Step

  2. #12

    Default

    Quote Originally Posted by Stone View Post
    If you are that worried you might want to look into a VPN.
    That wouldn't solve the problem - it's still be in the clear from the VPN to the web server.

  3. #13
    Join Date
    Apr 2015
    Location
    Austin, Texas
    Posts
    1,923

    Default

    Quote Originally Posted by MrAureliusR View Post
    This forum is pretty awesome! A bit of a shame that it doesn't have HTTPS though, sending credentials in the clear is so.. retro :P
    You basically answered your own question.

    HTTPS and TLS connections require a perpetually renewing set of security certificates, something which only works on modern up to date browsers. Go back even a few years and this stops working, and even farther back to the computers of 20+ years ago and browsers have no concept of what these features are. HTTPS and TLS also require a lot of processing grunt, something of which many retro computers don't have, so it's a non-starter even trying to communicate securely.

    Be responsible for your own security, don't use a common username or password you use elsewhere and you have nothing to worry about.

    Quote Originally Posted by Stone View Post
    If you are that worried you might want to look into a VPN.
    VPNs won't help you here due to the site not being encrypted. But VPNs aren't 100% secure either, as shown by the NordVPN hack just a week ago. I bet all of those Youtube shills are regretting shilling for them now.

    https://techcrunch.com/2019/10/21/no...it-was-hacked/

  4. #14

    Default

    Quote Originally Posted by GiGaBiTe View Post
    You basically answered your own question.

    HTTPS and TLS connections require a perpetually renewing set of security certificates, something which only works on modern up to date browsers. Go back even a few years and this stops working, and even farther back to the computers of 20+ years ago and browsers have no concept of what these features are. HTTPS and TLS also require a lot of processing grunt, something of which many retro computers don't have, so it's a non-starter even trying to communicate securely.

    Be responsible for your own security, don't use a common username or password you use elsewhere and you have nothing to worry about.



    VPNs won't help you here due to the site not being encrypted. But VPNs aren't 100% secure either, as shown by the NordVPN hack just a week ago. I bet all of those Youtube shills are regretting shilling for them now.

    https://techcrunch.com/2019/10/21/no...it-was-hacked/
    I already do those things. If the concern is having older computers being able to connect, there's no reason you can't run both HTTP and HTTPS. I mean in this day and age, with free certificates, it's surprising to find a site that doesn't use TLS.

    Anyway this is way off topic.

  5. #15
    Join Date
    Apr 2015
    Location
    Austin, Texas
    Posts
    1,923

    Default

    I don't think you understand how browser security works if you think mixing unencrypted and encrypted traffic is somehow better than not having it at all, because it's not. It actually creates more vulnerabilities because the endpoint (your browser) thinks its communicating securely when it's not.

    It also doesn't matter if there are free HTTPS and TLS certificates, you still need a modern and updated browser to use them.

  6. #16

    Default

    Quote Originally Posted by GiGaBiTe View Post
    I don't think you understand how browser security works if you think mixing unencrypted and encrypted traffic is somehow better than not having it at all, because it's not. It actually creates more vulnerabilities because the endpoint (your browser) thinks its communicating securely when it's not.

    It also doesn't matter if there are free HTTPS and TLS certificates, you still need a modern and updated browser to use them.
    I never suggested mixing them. You can have websites which can be accessed with both, individually and separately. I have 2 websites which can be accessed through either HTTP or HTTPS. When using HTTPS ​all traffic goes through TLS.
    Also, if you have some things being loaded through HTTP when the site is using a certificate, any modern browser will throw up a big red flag.

  7. #17
    Join Date
    Apr 2015
    Location
    Austin, Texas
    Posts
    1,923

    Default

    You don't seem to understand that having HTTP and HTTPS mixing on the server side is enough of a vulnerability. Mixed content over a secure connection is another issue entirely.

    If the server is compromised over unencrypted HTTP, the attacker is free to do whatever they want, which includes sending/receiving data over encrypted HTTPS since they now own the server. HTTP and TLS are only end to end encryption solutions, they don't cover what happens on the server.

  8. #18

    Default

    Quote Originally Posted by Stone View Post
    I've used a parallel cable with LapLink quite extensively and it's never been an issue, whatsoever. Plus it's many times faster than the serial method.
    My main computers have not had true parallel ports for many years now. As far as I know, USB printer adapters do not work well for LapLink uses, and the software itself doesn't run on my main computer either. You simply assume that everyone is able and willing to go through an intermediate machine.

    I consider serial connections far more flexible, and have no problems running SLIP, XModem or other protocols directly from a modern Linux computer to a 40-year old iron running MS-DOS 3. For high-speed transfers, I prefer Ethernet.

    Quote Originally Posted by MrAureliusR View Post
    This forum is pretty awesome! A bit of a shame that it doesn't have HTTPS though, sending credentials in the clear is so.. retro :P
    It is surprisingly hard to run both HTTP and HTTPS on the same server. You want to avoid links bleeding over to the other protocol (which would either downgrade security or exclude older machines), which is not supported well on most software, or at least not well-tested. Also, providing identical content both encrypted and unencrypted is defying the purpose of encrypting, and weakening the encryption layer somewhat to support some older machines is pretending to have security when you actually have none. In addition, the modern internet seems to agree that "bad HTTPS" is far worse than "no HTTPS", with browsers automatically moving to HTTPS.

    I've run my main page using HTTP and a separate page on HTTPS for a while. Eventually, I had to reconfigure because browsers would refuse to show the main page at all. It is far easier to disable HTTPS completely than it is to run both side-by-side.

  9. #19

    Default

    Quote Originally Posted by Svenska View Post
    My main computers have not had true parallel ports for many years now.
    Using that analogy it's also fair to say they haven't had true serial ports either.

    Quote Originally Posted by Svenska View Post
    I consider serial connections far more flexible, and have no problems running SLIP, XModem or other protocols directly from a modern Linux computer to a 40-year old iron running MS-DOS 3. You simply assume that everyone is able and willing to go through an intermediate machine.
    Linux, here, is also an intermediate machine. And it's one that all IBM users don't necessarily even have. Don't assume that everyone has the same setup options that you do.

    Parallel is not only faster but way easier to configure as it's pretty much plug'n play. No unwieldy protocols to have to deal with. KISS
    PM me if you're looking for 3" or 5" floppy disks. EMail For everything else, Take Another Step

  10. #20

    Cool

    Quote Originally Posted by Svenska View Post
    My main computers have not had true parallel ports for many years now. As far as I know, USB printer adapters do not work well for LapLink uses, and the software itself doesn't run on my main computer either. You simply assume that everyone is able and willing to go through an intermediate machine.

    I consider serial connections far more flexible, and have no problems running SLIP, XModem or other protocols directly from a modern Linux computer to a 40-year old iron running MS-DOS 3. For high-speed transfers, I prefer Ethernet.

    It is surprisingly hard to run both HTTP and HTTPS on the same server. You want to avoid links bleeding over to the other protocol (which would either downgrade security or exclude older machines), which is not supported well on most software, or at least not well-tested. Also, providing identical content both encrypted and unencrypted is defying the purpose of encrypting, and weakening the encryption layer somewhat to support some older machines is pretending to have security when you actually have none. In addition, the modern internet seems to agree that "bad HTTPS" is far worse than "no HTTPS", with browsers automatically moving to HTTPS.

    I've run my main page using HTTP and a separate page on HTTPS for a while. Eventually, I had to reconfigure because browsers would refuse to show the main page at all. It is far easier to disable HTTPS completely than it is to run both side-by-side.
    Well, all arguments aside, this website is also accessible via port 443 but it's completely broken and the cert is expired, so I just gave up.

    Back to the actual topic at hand, I have checked the LapLink website and I can't find any mention of legacy support whatsoever, it's all USB3/2 and Ethernet. I'm assuming there are older versions floating around that support parallel/serial? They seem to have many different products under the LapLink name -- which one am I looking for?

    My main desktop machine at home has a PCIe dual serial/parallel card in it, and my motherboard actually has the standard COM header on it that a serial port could plug into, which is cool. So I do have options, I was just hoping to be able to get something working during my visit here in Ottawa. The machine does run fine, and I have no reason to believe anything other than the floppy drive is broken. That wifi card I picked up is indeed CardBus (I didn't know there was a difference) but it could be handy anyway, and it was only $4. My dad has so much computer-related junk in the basement here, I was sure we'd be able to find another working machine with a serial port, but it seems he has cleared out a lot of the older stuff, so I can't really do much until I get back home.

    I am definitely going to order the dual CompactFlash to 44-pin IDE replacement that I saw on Amazon/eBay, and I will hopefully just be able to go to CompactFlash only, which will be great. However, the issue comes up of how to install DOS on it -- in theory, I could format the CompactFlash cards and then copy DOS over, but I have heard there may be issues doing this? My main machine is Manjaro Linux, and when I saw that HyperTerminal supported Zmodem etc. I knew that I would be able to get files on/off of it with ease, but it's just that first step of getting the operating system onto the CompactFlash. I could potentially just clone the existing hard drive right onto a partition of the CompactFlash card, and then create more partitions for space. I don't really know how much space I'm going to need, but I want to be able to both play DOS games, and have a good working development environment for both C and assembly programming.

    The parallel port does support an "Enhanced" mode which according to the manual is EPP. So I guess it would be pretty quick as well if I got it working. However, serial connections can also go pretty fast with good cables, and in most cases the files are so small that speed isn't really my concern, reliability is. The one thing I like about serial is the cable size -- parallel cables are so thick and clunky to move around.

    Thanks again for all the great ideas I will report here when I get things working and/or I break more things.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •