You are not logged in.

#51 2010-07-17 08:48:47

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,479
Website

Re: This bbs now uses https exclusively

Some people call both paranoia, some people call both essential.   One person concerned about using https did something about one of them...  if someone did the same for package signing then that would be done too.   Story over.

Offline

#52 2010-07-17 15:34:55

Ronin-Sage
Member
Registered: 2008-10-24
Posts: 153
Website

Re: This bbs now uses https exclusively

Personally, I would have rather the admins just use a GoDaddy certificate and be done with it. Yes, it costs a good bit year, but I find that GoDaddy's products are in some cases very, very inexpensive compared to others and you do get the one year free for being a FOSS project.

(That's not and endorsement of any kind, I would just rather not have my user experience interrupted by this warning message)

Offline

#53 2010-07-17 15:52:14

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: This bbs now uses https exclusively

The last thing we want this thread to turn into is yet another package signing thread. dcc24: consider yourself warned.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#54 2010-07-17 15:58:26

dcc24
Member
Registered: 2009-10-31
Posts: 732

Re: This bbs now uses https exclusively

.:B:. wrote:

dcc24: consider yourself warned.

Seriously?!?!? I have said absolutely nothing that needed a warning. I merely inquired as to why some people would consider SSL across the site a necessity and package signing "not a big deal". People responded to my inquiry with the technical aspects of it and their personal preferences. Not once, did I say "package signing should be implemented". I didn't even imply it, even remotely. The entire thread was civilized and on topic, until you posted.

Last edited by dcc24 (2010-07-17 16:01:09)


It is better to keep your mouth shut and be thought a fool than to open it and remove all doubt. (Mark Twain)

My AUR packages

Offline

#55 2010-07-17 16:27:37

Misfit138
Misfit Emeritus
From: USA
Registered: 2006-11-27
Posts: 4,189

Re: This bbs now uses https exclusively

dcc24, let's take a breath, make peace and move forward with this thread if possible.

Offline

#56 2010-07-17 16:29:42

Anikom15
Banned
From: United States
Registered: 2009-04-30
Posts: 836
Website

Re: This bbs now uses https exclusively

Don't dog on dcc24, geez, he's asking legitemate questions. I find this to be rather unneccessary as well. For one, any 'information' that might be 'stolen' is useless information. I think the worst would be passwords, which are already encrypted. Websites have been using http without the s for years, nobody has your information. Hey guess what. Wikipedia doesn't have SSL so some 'third party' can know you put 'boobs' into the search box and use it on you to sell you stuff. Bullshit, no one cares.

But I appreciate the effort.


Personally, I'd rather be back in Hobbiton.

Offline

#57 2010-07-17 16:37:26

dcc24
Member
Registered: 2009-10-31
Posts: 732

Re: This bbs now uses https exclusively

Misfit138 wrote:

dcc24, let's take a breath, make peace and move forward with this thread if possible.

If censoring my post will take us forward, so be it. Also, if you are censoring someone, at least have the decency to do it in public. Silently removing it and sending a mail to me is really not ok. You made my post "less to the point", so the least you could do is mentioning (on my post) you did the removing, not me.

I believe I have a right to get pissed off by that "warning", hence please don't take the liberty of censoring me. If B thinks he is right, he could reply to me himself, either here or by mail.

Last edited by dcc24 (2010-07-17 16:38:49)


It is better to keep your mouth shut and be thought a fool than to open it and remove all doubt. (Mark Twain)

My AUR packages

Offline

#58 2010-07-17 16:56:28

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: This bbs now uses https exclusively

If I thought I was wrong, I would not have posted it. My warning concerns your bringing up the package signing issue in this topic. I suggest we take up further discussion outside this topic.

This is not a democracy; complaining about things not being done in public won't help you make your case. The moderation team does not answer to the userbase, they are not elected. I never saw insults as "adding to a point" either, by the way.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#59 2010-07-17 16:56:37

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: This bbs now uses https exclusively

brain0 wrote:

I just switched bbs.archlinux.org to use only https. http users are redirected automatically to https, so the transition should be without trouble.

Great news! Thank you very much!

Regaring problems. I'm currently on Ubuntu 9.10, my FF 3.5.9 complains about the untrusted certificate... oh well.

Skripka wrote:

Maybe, but why would anyone want to steal my login credentials to a linux bulletin board?  It has to be the most worthless piece of digital info I have. Or are you thinking of things like IP # etc?

Actually, I agree -- forums are open anyways. If someone steals my credentials and starts a flame war wink, the moderator will just kill my login, and I start a new one. If I use the same password for Arch forums and my bank, then I deserve the consequences.

Some time ago, I was going to ask why the login page was plain HTTP, and it was exactly the above reasoning, what stopped me.

EDIT: But then again, you can't be too secure.

Last edited by Leonid.I (2010-07-17 17:15:03)


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#60 2010-07-17 16:59:34

dcc24
Member
Registered: 2009-10-31
Posts: 732

Re: This bbs now uses https exclusively

.:B:. wrote:

This is not a democracy; complaining about things not being done in public won't help you make your case. The moderation team does not answer to the userbase, they are not elected.

This was exactly the response I was excepting, the "not a democracy" argument. Thanks for illuminating me!

Edit: I wasn't going to write this but, oh well...

I never said "moderators should answer to the userbase". I know that's not the case here. But replying to me, even in private, is the DECENT thing to do. Silently censoring me might be part of your "moderator rights" and you may use that to escape from an argument and avoid an apology, but at the very least you COULD be DECENT ENOUGH to reply to me.

If your reply is going to be "this is not a democracy, so mods don't need to be decent (read 'civilized')", then I think I'm done with this thread.

Last edited by dcc24 (2010-07-17 17:08:51)


It is better to keep your mouth shut and be thought a fool than to open it and remove all doubt. (Mark Twain)

My AUR packages

Offline

#61 2010-07-17 17:06:11

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: This bbs now uses https exclusively

Pierre wrote:

So for those who use third-party systems: install the class 1 and class 3 certs from http://www.cacert.org/index.php?id=3 (e.g. just click on both in pem-format)

Yes, that works. Thanks!


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#62 2010-07-17 18:54:44

fsckd
Forum Fellow
Registered: 2009-06-15
Posts: 4,173

Re: This bbs now uses https exclusively

Leonid.I wrote:
Skripka wrote:

Maybe, but why would anyone want to steal my login credentials to a linux bulletin board?  It has to be the most worthless piece of digital info I have. Or are you thinking of things like IP # etc?

Actually, I agree -- forums are open anyways. If someone steals my credentials and starts a flame war wink, the moderator will just kill my login, and I start a new one. If I use the same password for Arch forums and my bank, then I deserve the consequences.

Some time ago, I was going to ask why the login page was plain HTTP, and it was exactly the above reasoning, what stopped me.

EDIT: But then again, you can't be too secure.

A lot of people judge the importance of a security feature by their personal needs. That's great if it were intended solely towards the individual, but when it is for a group you have to consider the group at whole. For example, consider what would happen if a nefarious character obtained ngoonee's login credentials. Also consider, there are developers from various open source projects with accounts here who give the community direct info in regards to their projects. If any of them have their accounts compromised it could be fairly disruptive. On the other hand, of course, there are some people whose accounts are worthless. If someone stole Anikom15's and started trolling the forum, I doubt anyone would notice the difference or even care.

The point is, login credentials establish a level of trust. If this trust is broken, the community can suffer and confidence will diminish.

That said, what about AUR? Are there any plans to bring SSL there?


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#63 2010-07-17 19:36:25

wonder
Developer
From: Bucharest, Romania
Registered: 2006-07-05
Posts: 5,941
Website

Re: This bbs now uses https exclusively

fsckd wrote:

That said, what about AUR? Are there any plans to bring SSL there?

it has already support for ssl but is not default . it would be in the near future

Last edited by wonder (2010-07-17 19:37:41)


Give what you have. To someone, it may be better than you dare to think.

Offline

#64 2010-07-17 22:04:22

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: This bbs now uses https exclusively

fsckd wrote:

The point is, login credentials establish a level of trust. If this trust is broken, the community can suffer and confidence will diminish.

Fare enough smile Can't really argue with that.


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#65 2010-07-17 22:09:44

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,479
Website

Re: This bbs now uses https exclusively

fsckd wrote:

If someone stole Anikom15's and started trolling the forum, I doubt anyone would notice the difference or even care.

yikes

Offline

#66 2010-07-18 00:24:47

skottish
Forum Fellow
From: Here
Registered: 2006-06-16
Posts: 7,942

Re: This bbs now uses https exclusively

There's a bit of stress in this thread. Well, let me tell you all about other stress.

Just this morning I was cooking some food in a skillet. I picked up the glass lid that I use to keep the moisture in order to stir the food and flames flared from the lid when it was over a foot above the pan! I wasn't cooking with oil or anything else flammable. I'm not sure what happened yet.

Offline

#67 2010-07-18 00:29:56

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: This bbs now uses https exclusively

dcc24 wrote:

This was exactly the response I was excepting, the "not a democracy" argument. Thanks for illuminating me!

Edit: I wasn't going to write this but, oh well...

I never said "moderators should answer to the userbase". I know that's not the case here. But replying to me, even in private, is the DECENT thing to do. Silently censoring me might be part of your "moderator rights" and you may use that to escape from an argument and avoid an apology, but at the very least you COULD be DECENT ENOUGH to reply to me.

If your reply is going to be "this is not a democracy, so mods don't need to be decent (read 'civilized')", then I think I'm done with this thread.

The tone in your reply to Pierre's statement is quite telling, as is your disposition in anticipating my answer on the democracy point. Also, the way you lashed out when I told you to watch what you were saying was surprising to me, and I don't feel that your aggression is warranted.

Your use of capitals suggests you feel very passionate about this. Don't misinterpret my 'warning' as singling you out - I was just performing my duty and keeping my responsibilty of protecting the thread from becoming any more unpleasant. You will no doubt agree that the other thread you mentioned resulted in several consecutive disastrous threads.. Please consider these facts, and lend me some understanding.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#68 2010-07-18 01:10:58

Wintervenom
Member
Registered: 2008-08-20
Posts: 1,011

Re: This bbs now uses https exclusively

Will enforcing HTTPS still allow the forum to be indexed so that one use Google (with all of its nice query operators and functions) and the like to search for things in the forum?

Last edited by Wintervenom (2010-07-18 01:19:17)

Offline

#69 2010-07-18 01:21:17

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: This bbs now uses https exclusively


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#70 2010-07-18 01:31:21

Wintervenom
Member
Registered: 2008-08-20
Posts: 1,011

Re: This bbs now uses https exclusively

.:B:. wrote:

Try this [...]

Yay!  big_smile

Offline

#71 2010-07-18 01:45:28

skottish
Forum Fellow
From: Here
Registered: 2006-06-16
Posts: 7,942

Re: This bbs now uses https exclusively

Wintervenom wrote:
.:B:. wrote:

Try this [...]

Yay!  big_smile

No doubt! It was an excellent question.

Offline

#72 2010-07-18 15:28:24

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: This bbs now uses https exclusively

skottish wrote:

There's a bit of stress in this thread. Well, let me tell you all about other stress.

Just this morning I was cooking some food in a skillet. I picked up the glass lid that I use to keep the moisture in order to stir the food and flames flared from the lid when it was over a foot above the pan! I wasn't cooking with oil or anything else flammable. I'm not sure what happened yet.

big_smile What OS does your stove run?


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#73 2010-07-18 15:39:14

Anikom15
Banned
From: United States
Registered: 2009-04-30
Posts: 836
Website

Re: This bbs now uses https exclusively

Sounds like you set the heat up too high.


Personally, I'd rather be back in Hobbiton.

Offline

#74 2010-07-18 17:10:39

vik_k
Member
From: Pune, India
Registered: 2009-07-12
Posts: 227
Website

Re: This bbs now uses https exclusively

Leonid.I wrote:
skottish wrote:

There's a bit of stress in this thread. Well, let me tell you all about other stress.

Just this morning I was cooking some food in a skillet. I picked up the glass lid that I use to keep the moisture in order to stir the food and flames flared from the lid when it was over a foot above the pan! I wasn't cooking with oil or anything else flammable. I'm not sure what happened yet.

big_smile What OS does your stove run?

must be some unstable one!!!! tongue


"First learn computer science and all the theory. Next develop a programming style. Then forget all that and just hack." ~ George Carrette

Offline

#75 2010-07-18 22:29:29

skottish
Forum Fellow
From: Here
Registered: 2006-06-16
Posts: 7,942

Re: This bbs now uses https exclusively

Anikom15 wrote:

Sounds like you set the heat up too high.

It was on 5 with 7 being the highest. Unfortunately, with Microsoft Stove 2010 it's very difficult to know the difference between stupidity and brilliance.

Offline

Board footer

Powered by FluxBB