This bbs now uses https exclusively

Allan · 2010-07-17 08:48:47

Some people call both paranoia, some people call both essential. One person concerned about using https did something about one of them... if someone did the same for package signing then that would be done too. Story over.

Ronin-Sage · 2010-07-17 15:34:55

Personally, I would have rather the admins just use a GoDaddy certificate and be done with it. Yes, it costs a good bit year, but I find that GoDaddy's products are in some cases very, very inexpensive compared to others and you do get the one year free for being a FOSS project.

(That's not and endorsement of any kind, I would just rather not have my user experience interrupted by this warning message)

.:B:. · 2010-07-17 15:52:14

The last thing we want this thread to turn into is yet another package signing thread. dcc24: consider yourself warned.

dcc24 · 2010-07-17 15:58:26

.:B:. wrote:

dcc24: consider yourself warned.

Seriously?!?!? I have said absolutely nothing that needed a warning. I merely inquired as to why some people would consider SSL across the site a necessity and package signing "not a big deal". People responded to my inquiry with the technical aspects of it and their personal preferences. Not once, did I say "package signing should be implemented". I didn't even imply it, even remotely. The entire thread was civilized and on topic, until you posted.

Last edited by dcc24 (2010-07-17 16:01:09)

Misfit138 · 2010-07-17 16:27:37

dcc24, let's take a breath, make peace and move forward with this thread if possible.

Anikom15 · 2010-07-17 16:29:42

Don't dog on dcc24, geez, he's asking legitemate questions. I find this to be rather unneccessary as well. For one, any 'information' that might be 'stolen' is useless information. I think the worst would be passwords, which are already encrypted. Websites have been using http without the s for years, nobody has your information. Hey guess what. Wikipedia doesn't have SSL so some 'third party' can know you put 'boobs' into the search box and use it on you to sell you stuff. Bullshit, no one cares.

But I appreciate the effort.

dcc24 · 2010-07-17 16:37:26

Misfit138 wrote:

dcc24, let's take a breath, make peace and move forward with this thread if possible.

If censoring my post will take us forward, so be it. Also, if you are censoring someone, at least have the decency to do it in public. Silently removing it and sending a mail to me is really not ok. You made my post "less to the point", so the least you could do is mentioning (on my post) you did the removing, not me.

I believe I have a right to get pissed off by that "warning", hence please don't take the liberty of censoring me. If B thinks he is right, he could reply to me himself, either here or by mail.

Last edited by dcc24 (2010-07-17 16:38:49)

.:B:. · 2010-07-17 16:56:28

If I thought I was wrong, I would not have posted it. My warning concerns your bringing up the package signing issue in this topic. I suggest we take up further discussion outside this topic.

This is not a democracy; complaining about things not being done in public won't help you make your case. The moderation team does not answer to the userbase, they are not elected. I never saw insults as "adding to a point" either, by the way.

Leonid.I · 2010-07-17 16:56:37

brain0 wrote:

I just switched bbs.archlinux.org to use only https. http users are redirected automatically to https, so the transition should be without trouble.

Great news! Thank you very much!

Regaring problems. I'm currently on Ubuntu 9.10, my FF 3.5.9 complains about the untrusted certificate... oh well.

Skripka wrote:

Maybe, but why would anyone want to steal my login credentials to a linux bulletin board? It has to be the most worthless piece of digital info I have. Or are you thinking of things like IP # etc?

Actually, I agree -- forums are open anyways. If someone steals my credentials and starts a flame war , the moderator will just kill my login, and I start a new one. If I use the same password for Arch forums and my bank, then I deserve the consequences.

Some time ago, I was going to ask why the login page was plain HTTP, and it was exactly the above reasoning, what stopped me.

EDIT: But then again, you can't be too secure.

Last edited by Leonid.I (2010-07-17 17:15:03)

dcc24 · 2010-07-17 16:59:34

.:B:. wrote:

This is not a democracy; complaining about things not being done in public won't help you make your case. The moderation team does not answer to the userbase, they are not elected.

This was exactly the response I was excepting, the "not a democracy" argument. Thanks for illuminating me!

Edit: I wasn't going to write this but, oh well...

I never said "moderators should answer to the userbase". I know that's not the case here. But replying to me, even in private, is the DECENT thing to do. Silently censoring me might be part of your "moderator rights" and you may use that to escape from an argument and avoid an apology, but at the very least you COULD be DECENT ENOUGH to reply to me.

If your reply is going to be "this is not a democracy, so mods don't need to be decent (read 'civilized')", then I think I'm done with this thread.

Last edited by dcc24 (2010-07-17 17:08:51)

Leonid.I · 2010-07-17 17:06:11

Pierre wrote:

So for those who use third-party systems: install the class 1 and class 3 certs from http://www.cacert.org/index.php?id=3 (e.g. just click on both in pem-format)

Yes, that works. Thanks!

fsckd · 2010-07-17 18:54:44

Leonid.I wrote:

Skripka wrote:
Maybe, but why would anyone want to steal my login credentials to a linux bulletin board? It has to be the most worthless piece of digital info I have. Or are you thinking of things like IP # etc?
Actually, I agree -- forums are open anyways. If someone steals my credentials and starts a flame war , the moderator will just kill my login, and I start a new one. If I use the same password for Arch forums and my bank, then I deserve the consequences.
Some time ago, I was going to ask why the login page was plain HTTP, and it was exactly the above reasoning, what stopped me.
EDIT: But then again, you can't be too secure.

A lot of people judge the importance of a security feature by their personal needs. That's great if it were intended solely towards the individual, but when it is for a group you have to consider the group at whole. For example, consider what would happen if a nefarious character obtained ngoonee's login credentials. Also consider, there are developers from various open source projects with accounts here who give the community direct info in regards to their projects. If any of them have their accounts compromised it could be fairly disruptive. On the other hand, of course, there are some people whose accounts are worthless. If someone stole Anikom15's and started trolling the forum, I doubt anyone would notice the difference or even care.

The point is, login credentials establish a level of trust. If this trust is broken, the community can suffer and confidence will diminish.

That said, what about AUR? Are there any plans to bring SSL there?

wonder · 2010-07-17 19:36:25

fsckd wrote:

That said, what about AUR? Are there any plans to bring SSL there?

it has already support for ssl but is not default . it would be in the near future

Last edited by wonder (2010-07-17 19:37:41)

Leonid.I · 2010-07-17 22:04:22

fsckd wrote:

The point is, login credentials establish a level of trust. If this trust is broken, the community can suffer and confidence will diminish.

Fare enough Can't really argue with that.

Allan · 2010-07-17 22:09:44

fsckd wrote:

If someone stole Anikom15's and started trolling the forum, I doubt anyone would notice the difference or even care.

skottish · 2010-07-18 00:24:47

There's a bit of stress in this thread. Well, let me tell you all about other stress.

Just this morning I was cooking some food in a skillet. I picked up the glass lid that I use to keep the moisture in order to stir the food and flames flared from the lid when it was over a foot above the pan! I wasn't cooking with oil or anything else flammable. I'm not sure what happened yet.

.:B:. · 2010-07-18 00:29:56

dcc24 wrote:

This was exactly the response I was excepting, the "not a democracy" argument. Thanks for illuminating me!
Edit: I wasn't going to write this but, oh well...
I never said "moderators should answer to the userbase". I know that's not the case here. But replying to me, even in private, is the DECENT thing to do. Silently censoring me might be part of your "moderator rights" and you may use that to escape from an argument and avoid an apology, but at the very least you COULD be DECENT ENOUGH to reply to me.
If your reply is going to be "this is not a democracy, so mods don't need to be decent (read 'civilized')", then I think I'm done with this thread.

The tone in your reply to Pierre's statement is quite telling, as is your disposition in anticipating my answer on the democracy point. Also, the way you lashed out when I told you to watch what you were saying was surprising to me, and I don't feel that your aggression is warranted.

Your use of capitals suggests you feel very passionate about this. Don't misinterpret my 'warning' as singling you out - I was just performing my duty and keeping my responsibilty of protecting the thread from becoming any more unpleasant. You will no doubt agree that the other thread you mentioned resulted in several consecutive disastrous threads.. Please consider these facts, and lend me some understanding.

Wintervenom · 2010-07-18 01:10:58

Will enforcing HTTPS still allow the forum to be indexed so that one use Google (with all of its nice query operators and functions) and the like to search for things in the forum?

Last edited by Wintervenom (2010-07-18 01:19:17)

.:B:. · 2010-07-18 01:21:17

Try this:

http://www.google.be/search?q=site%3Abb … =firefox-a

Wintervenom · 2010-07-18 01:31:21

.:B:. wrote:

Try this [...]

Yay!

skottish · 2010-07-18 01:45:28

Wintervenom wrote:

.:B:. wrote:
Try this [...]
Yay!

No doubt! It was an excellent question.

Leonid.I · 2010-07-18 15:28:24

skottish wrote:

There's a bit of stress in this thread. Well, let me tell you all about other stress.
Just this morning I was cooking some food in a skillet. I picked up the glass lid that I use to keep the moisture in order to stir the food and flames flared from the lid when it was over a foot above the pan! I wasn't cooking with oil or anything else flammable. I'm not sure what happened yet.

What OS does your stove run?

Anikom15 · 2010-07-18 15:39:14

Sounds like you set the heat up too high.

vik_k · 2010-07-18 17:10:39

Leonid.I wrote:

skottish wrote:
There's a bit of stress in this thread. Well, let me tell you all about other stress.
Just this morning I was cooking some food in a skillet. I picked up the glass lid that I use to keep the moisture in order to stir the food and flames flared from the lid when it was over a foot above the pan! I wasn't cooking with oil or anything else flammable. I'm not sure what happened yet.
What OS does your stove run?

must be some unstable one!!!!

skottish · 2010-07-18 22:29:29

Anikom15 wrote:

Sounds like you set the heat up too high.

It was on 5 with 7 being the highest. Unfortunately, with Microsoft Stove 2010 it's very difficult to know the difference between stupidity and brilliance.

Arch Linux

#51 2010-07-17 08:48:47

Re: This bbs now uses https exclusively

#52 2010-07-17 15:34:55

Re: This bbs now uses https exclusively

#53 2010-07-17 15:52:14

Re: This bbs now uses https exclusively

#54 2010-07-17 15:58:26

Re: This bbs now uses https exclusively

#55 2010-07-17 16:27:37

Re: This bbs now uses https exclusively

#56 2010-07-17 16:29:42

Re: This bbs now uses https exclusively

#57 2010-07-17 16:37:26

Re: This bbs now uses https exclusively

#58 2010-07-17 16:56:28

Re: This bbs now uses https exclusively

#59 2010-07-17 16:56:37

Re: This bbs now uses https exclusively

#60 2010-07-17 16:59:34

Re: This bbs now uses https exclusively

#61 2010-07-17 17:06:11

Re: This bbs now uses https exclusively

#62 2010-07-17 18:54:44

Re: This bbs now uses https exclusively

#63 2010-07-17 19:36:25

Re: This bbs now uses https exclusively

#64 2010-07-17 22:04:22

Re: This bbs now uses https exclusively

#65 2010-07-17 22:09:44

Re: This bbs now uses https exclusively

#66 2010-07-18 00:24:47

Re: This bbs now uses https exclusively

#67 2010-07-18 00:29:56

Re: This bbs now uses https exclusively

#68 2010-07-18 01:10:58

Re: This bbs now uses https exclusively

#69 2010-07-18 01:21:17

Re: This bbs now uses https exclusively

#70 2010-07-18 01:31:21

Re: This bbs now uses https exclusively

#71 2010-07-18 01:45:28

Re: This bbs now uses https exclusively

#72 2010-07-18 15:28:24

Re: This bbs now uses https exclusively

#73 2010-07-18 15:39:14

Re: This bbs now uses https exclusively

#74 2010-07-18 17:10:39

Re: This bbs now uses https exclusively

#75 2010-07-18 22:29:29

Re: This bbs now uses https exclusively

Board footer