This bbs now uses https exclusively

litemotiv · 2010-07-18 23:14:57

skottish wrote:

It was on 5 with 7 being the highest. Unfortunately, with Microsoft Stove 2010 it's very difficult to know the difference between stupidity and brilliance.

You can try disabling Spatty, the stove assistant, it is known to cause erratic behavior on Stove 2010. Did you check your fireblanket?

mrunion · 2010-07-18 23:58:37

OK, just chiming in about the https thing:

1) Do whatever, it doesn't matter to me
2) I don't get it, though. Seems like overkill to me. Bu it doesn't bother me.

Xyne · 2010-07-19 01:23:46

brain0 wrote:

I just switched bbs.archlinux.org to use only https.

Thanks!

Pierre wrote:

Yes, I am serious. Everything should be encrypted. The internet is simply not a trusted network.

I feel the same. Even if you think no one is interested in your data, there is still no reason to leave it in the open and it's better to roll out encryption now then wait for a pressing reason to do so. ISPs are growing bolder in exploring new ways to exploit your data for profit* and I'm sure there are other groups who are interested in monitoring traffic in detail. Encryption isn't just for whistle-blowers and dissidents in autocratic regimes.

Even if you are not concerned about privacy, there is still no reason to be against it.

* concrete example and a potential taste of things to come: direct insertion of data into your data stream for marketing purposes

Last edited by Xyne (2010-07-19 01:38:55)

iphitus · 2010-07-19 01:36:51

Any chance we can get a cert with wider acceptance? So far nothing other than Arch Linux browser have accepted the CACert.

Anikom15 · 2010-07-19 03:10:41

Firefox on Windows doesn't like the cert.

Allan · 2010-07-19 03:16:58

Anikom15 wrote:

Firefox on Windows doesn't like the cert.

Great to see you read the first post...

fukawi2 · 2010-07-19 06:50:43

iphitus wrote:

Any chance we can get a cert with wider acceptance? So far nothing other than Arch Linux browser have accepted the CACert.

Firefox on Fedora accepts it too.

Anikom15 · 2010-07-19 17:31:00

Allan wrote:

Anikom15 wrote:
Firefox on Windows doesn't like the cert.
Great to see you read the first post...

It never explicitly said it.

Now if was in a later post.

Allan · 2010-07-19 17:35:28

Anikom15 wrote:

Allan wrote:
Anikom15 wrote:
Firefox on Windows doesn't like the cert.
Great to see you read the first post...
It never explicitly said it.
Now if was in a later post.

brain0 wrote:

3) Our certificate is from CACert. AFAIK, this is not included in many browsers by default. If you use Arch Linux, at least everything that uses the OpenSSL certificate store and all Mozilla browsers are CACert-enabled - on other operating systems, our certificate might show up as untrusted.

Not sure how much more explicit it could be... I suppose he could of said "on other operating systems such as Windows"...

moljac024 · 2010-07-19 17:47:54

fukawi2 wrote:

iphitus wrote:
Any chance we can get a cert with wider acceptance? So far nothing other than Arch Linux browser have accepted the CACert.
Firefox on Fedora accepts it too.

No, it doesn't.

Acecero · 2010-07-19 17:50:27

Anikom15 wrote:

It never explicitly said it.
Now if was in a later post.

Allan wrote:

Not sure how much more explicit it could be... I suppose he could of said "on other operating systems such as Windows"...

I think it was clear enough that it meant on other operating systems besides Arch Linux, if you read what I bold here.

brain0 wrote:

3) Our certificate is from CACert. AFAIK, this is not included in many browsers by default. If you use Arch Linux, at least everything that uses the OpenSSL certificate store and all Mozilla browsers are CACert-enabled - on other operating systems, our certificate might show up as untrusted.

Last edited by Acecero (2010-07-19 17:57:17)

fsckd · 2010-07-19 19:44:32

http://wiki.cacert.org/InclusionStatus

fukawi2 · 2010-07-19 22:37:53

moljac024 wrote:

fukawi2 wrote:
iphitus wrote:
Any chance we can get a cert with wider acceptance? So far nothing other than Arch Linux browser have accepted the CACert.
Firefox on Fedora accepts it too.
No, it doesn't.

Hmm, maybe I've imported the root cert previously because I use CAcert for other things... I certainly don't get any warnings or errors on F12

stryder · 2010-07-20 02:35:30

I got warned while checking the forum using firefox from my ibook. The warning from firefox is pretty severe and continues even when you are determined to carry on and make an exception. Safari is less intimidating. It is no problem for me as I already know and understand what was going on but for someone who found arch googling for some answers it would take a brave and determined or at least knowledgeable person to click through all the warnings. So too those who are checking out arch as a possible distro that they might like. We commonly check out the community first. These are people who don't use arch and so the warning will most certainly be triggered. At the very least some explanation should be on the home page. That was where I went when it was first triggered. Perhaps there is some way to redirect to an explanation page and subsequent visits can be passed through via cookie. Better still if we can use a cert that is mostly recognized and accepted. Or we implement security at the points where security is called for, like log in.

iphitus · 2010-07-20 06:05:07

Sorry, to clarify before, it was Firefox, Opera, Chrome and IE on windows

moljac024 · 2010-07-20 07:05:26

fukawi2 wrote:

moljac024 wrote:
fukawi2 wrote:
Firefox on Fedora accepts it too.
No, it doesn't.
Hmm, maybe I've imported the root cert previously because I use CAcert for other things... I certainly don't get any warnings or errors on F12

Yup, you have to manually import the root cert because Fedora doesn't provide it.

yejun · 2010-07-20 09:50:05

Why not use startssl's certificate which is free and accepted by all linux, windows and mac except opera.

CyrIng · 2010-07-20 09:50:29

Firefox [ Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ] does not accept the forum's certificat.

Access is granted if an exception is stored.

Pierre · 2010-07-20 10:00:43

yejun wrote:

Why not use startssl's certificate which is free and accepted by all linux, windows and mac except opera.

It's not free (also quite cheap). Only their cert for a single sub domain is free.

@CyrIng: Try reading this thread. Of course Microsoft does not include the cacert cert by default.

yejun · 2010-07-20 10:06:29

Pierre wrote:

yejun wrote:
Why not use startssl's certificate which is free and accepted by all linux, windows and mac except opera.
It's not free (also quite cheap). Only their cert for a single sub domain is free.
@CyrIng: Try reading this thread. Of course Microsoft does not include the cacert cert by default.

But since SNI client is requied in this case, they may as well use single certificate.

CyrIng · 2010-07-20 17:03:17

@CyrIng: Try reading this thread. Of course Microsoft does not include the cacert cert by default.

Hi

This is what I'm looking for : in 6 steps .

http://wiki.cacert.org/BrowserClients

( whenever I need to secure I use stunnel http://www.stunnel.org )

ss2 · 2010-07-21 17:38:35

Anikom15 wrote:

Hey guess what. Wikipedia doesn't have SSL so some 'third party' can know you put 'boobs' into the search box and use it on you to sell you stuff. Bullshit, no one cares.

no?

Since a couple of years I know that Wikipedia is addressable over a secure layer. But they don't advertise this fact. afaik. Out of one good reason:

SSL can create a massive overhead (Traffic and melting CPUs) once many connections need to be maintained simultaneously. And this seems to be one of the reasons why SSL does not get much attention.

I really appreciate it to read across this site over https now.

regards

toxygen · 2010-07-21 18:04:34

ss2 wrote:

Anikom15 wrote:
Hey guess what. Wikipedia doesn't have SSL so some 'third party' can know you put 'boobs' into the search box and use it on you to sell you stuff. Bullshit, no one cares.
no?
Since a couple of years I know that Wikipedia is addressable over a secure layer. But they don't advertise this fact. afaik. Out of one good reason:
I really appreciate it to read across this site over https now.

OT, and on a related note the firefox search engines for the search bar include wiki ssl search, google ssl search (and quite a few others) so it's not completely unheard of.

yejun · 2010-07-21 19:27:36

ss2 wrote:

SSL can create a massive overhead (Traffic and melting CPUs) once many connections need to be maintained simultaneously. And this seems to be one of the reasons why SSL does not get much attention.

All intel's new cpu of this year have hardware aes, so hardware problem should go away soon.

Last edited by yejun (2010-07-21 19:28:10)

fukawi2 · 2010-07-21 22:59:25

yejun wrote:

ss2 wrote:
SSL can create a massive overhead (Traffic and melting CPUs) once many connections need to be maintained simultaneously. And this seems to be one of the reasons why SSL does not get much attention.
All intel's new cpu of this year have hardware aes, so hardware problem should go away soon.

That doesn't help the server...

Arch Linux

#76 2010-07-18 23:14:57

Re: This bbs now uses https exclusively

#77 2010-07-18 23:58:37

Re: This bbs now uses https exclusively

#78 2010-07-19 01:23:46

Re: This bbs now uses https exclusively

#79 2010-07-19 01:36:51

Re: This bbs now uses https exclusively

#80 2010-07-19 03:10:41

Re: This bbs now uses https exclusively

#81 2010-07-19 03:16:58

Re: This bbs now uses https exclusively

#82 2010-07-19 06:50:43

Re: This bbs now uses https exclusively

#83 2010-07-19 17:31:00

Re: This bbs now uses https exclusively

#84 2010-07-19 17:35:28

Re: This bbs now uses https exclusively

#85 2010-07-19 17:47:54

Re: This bbs now uses https exclusively

#86 2010-07-19 17:50:27

Re: This bbs now uses https exclusively

#87 2010-07-19 19:44:32

Re: This bbs now uses https exclusively

#88 2010-07-19 22:37:53

Re: This bbs now uses https exclusively

#89 2010-07-20 02:35:30

Re: This bbs now uses https exclusively

#90 2010-07-20 06:05:07

Re: This bbs now uses https exclusively

#91 2010-07-20 07:05:26

Re: This bbs now uses https exclusively

#92 2010-07-20 09:50:05

Re: This bbs now uses https exclusively

#93 2010-07-20 09:50:29

Re: This bbs now uses https exclusively

#94 2010-07-20 10:00:43

Re: This bbs now uses https exclusively

#95 2010-07-20 10:06:29

Re: This bbs now uses https exclusively

#96 2010-07-20 17:03:17

Re: This bbs now uses https exclusively

#97 2010-07-21 17:38:35

Re: This bbs now uses https exclusively

#98 2010-07-21 18:04:34

Re: This bbs now uses https exclusively

#99 2010-07-21 19:27:36

Re: This bbs now uses https exclusively

#100 2010-07-21 22:59:25

Re: This bbs now uses https exclusively

Board footer