Page 5 of 5

Re: Use HTTPS

PostPosted: 2019-10-14 21:52
by Gerowen
Head_on_a_Stick wrote:So you're using the same password everywhere? That's not wise.


No, I'm not, and that's not the point, you're deflecting. By that logic, you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form. You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.

Re: Use HTTPS

PostPosted: 2019-10-15 05:51
by kopper
Head_on_a_Stick wrote:And what information would that be then? This is a public forum, all of the posts are visible even to non-members.

Head_on_a_Stick wrote:So you're using the same password everywhere? That's not wise.


So you (deliberately?) miss the point to share assumptions on other users' behavior you have no knowledge about? Really builds your case.

I do agree, it's a public forum. I don't think that's conflicting with anything I said in my post.

Re: Use HTTPS

PostPosted: 2019-10-15 18:11
by Head_on_a_Stick
Gerowen wrote:you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.

Yes.

Gerowen wrote:You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.

Correct.

My $DAY_JOB is sufficiently dangerous that body armour is considered a legitimate tax-deductible expense so perhaps my perception of risk is skewed but I am very happy with the provisions of these boards.

The electrons aren't free and this site isn't under the aegis of debian.org so the orange folks have my gratitude for this playground :)

Re: Use HTTPS

PostPosted: 2019-10-15 22:13
by Gerowen
Head_on_a_Stick wrote:
Gerowen wrote:you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.

Yes.

Gerowen wrote:You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.

Correct.

My $DAY_JOB is sufficiently dangerous that body armour is considered a legitimate tax-deductible expense so perhaps my perception of risk is skewed but I am very happy with the provisions of these boards.

The electrons aren't free and this site isn't under the aegis of debian.org so the orange folks have my gratitude for this playground :)


What does your job have to do with the discussion at hand? You don't see me talking about getting free (to me anyway) body armor and ammo in Iraq because it doesn't have jack to do with what we're talking about here. Nice, not-so-low key humble brag though I guess.

On your other statement though about the electrons not being free, nobody is asking the forum admins to spend extra money; you can generate self signed certs, or if you don't want people to have to click past the message about an unknown cert, you can get a lets encrypt cert free of charge.

Re: Use HTTPS

PostPosted: 2019-10-16 00:01
by cuckooflew
Yea but to do that, it takes someone with full administrative privileges, full access to the server, and no one that is active here has those kind of privileges.

By that logic, you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.

I sure can't see any ones passwords,but sounds interesting, maybe you could explain how that is possible, and show some passwords you have seen, ? You probably can't. because you can not see other peoples passwords, if you can , prove it.

Oh, and then this is hilarious :
You don't see me talking about getting free (to me anyway) body armor and ammo in Iraq because it doesn't have jack to do with what we're talking about here. Nice, not-so-low key humble brag though I guess.
But you just had to brag about that, and now we all do see it.

Re: Use HTTPS

PostPosted: 2019-10-16 04:59
by andre@home
On the quoted weblink the discussion stopped in 2017.
viewtopic.php?f=12&t=118960

What I see on the internet there are 2 groups: the ones are "pro" htpps and the others are "against" https.
Apparently is seems virtually impossible for the one to convince the other, so it seems to be become more and more long semantic discussions....

So currently the choice is for the user, accept what it i now and stay or leave.
As users we do not have the influence to change this.

I'm putting my energy into other things....

Re: Use HTTPS

PostPosted: 2019-10-16 17:02
by Head_on_a_Stick
Gerowen wrote:Nice, not-so-low key humble brag though I guess.

Thanks, I've been waiting ages for an opportunity to shoehorn that into a post :mrgreen:

Gerowen wrote:You don't see me talking about getting free (to me anyway) body armor and ammo in Iraq

Holy shit d00d that's pretty extreme, why are you worrying about something as trivial as https?

Gerowen wrote:nobody is asking the forum admins to spend extra money; you can generate self signed certs, or if you don't want people to have to click past the message about an unknown cert, you can get a lets encrypt cert free of charge.

The admins have donated the server space that runs these forums, it is not covered by Debian donations (AFAIK) and so constitutes a gift to the community. With that in mind demands for "better service" seem a bit, well, rude. IMO.

Re: Use HTTPS

PostPosted: 2019-10-21 12:22
by sickpig
welcome to the club Gerowen, I have been d00ded by hoas too! cryptic bloke it is, but quite helpful