Logging on to this forum

Have something to say about forums.debian.net itself?

Re: Logging on to this forum

Postby roseway » 2011-04-24 21:35

I still insist that logon should be protected by SSL.

You can insist all you like, but I don't see many people agreeing with you. And it's pretty pointless addressing your demand to moderators, because they don't have the power to change it anyway.
Eric
User avatar
roseway
 
Posts: 1518
Joined: 2007-12-31 22:50
Location: Kent, UK

Re: Logging on to this forum

Postby Tadeas » 2011-04-24 21:53

Well, is the forum account so valuable that it we need to insist on it?
Because let’s face it, the unfortunate aspect of software development is that it involves humans. Mewling, disorganized, miserably analog humans. Sometimes they smell bad.
User avatar
Tadeas
 
Posts: 1017
Joined: 2008-09-22 09:11
Location: Prague

https now!

Postby Ahtiga Saraz » 2011-04-30 21:29

There are many good reasons for the recent trend towards "https everywhere". If you are interested in learning what some of them are, try these links:
As the Comodogate breach demonstrated, https does not by itself provide guaranteed authenticity, security, or privacy, but it can and should play an important role in mitigating many of the most common problems.

[ EDIT 5 May 2011: a not-so-obvious reason why https is a good idea: far from discouraging us from assuming DUF is powerless against state actors, Comodogate (an incident which some feel reflects attempted retaliation by the government of Iran against its own citizens) and an even more recent incident disclosed by the EFF which appears to suggest attempted retaliation by the government of Syria against its own citizens), these incidents seem to suggest that even state actors may find it difficult to misuse fraudulent certs without leaving traces which can be discovered and publicized by organizations like the EFF. ]


If you are persuaded to give it a try, see How to Deploy HTTPS Correctly, Chris Palmer, EFF, 15 November 2010,

As for Debian User Forums, does anyone know who I should petition?
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: Logging on to this forum

Postby michaelburns » 2011-05-28 18:44

@ Ahtiga Saraz

I wholeheartedly agree with your position on encrypting the username and password. Actually, I am quite surprised, both at the general attitude against your position here, and also that Firefox hasn't warned me about this (I thought that I had it set to warn me whenever I send unencrypted information).

Also, I am so glad to see that someone else chooses to disable javascript for security reasons. I was really beginning to think that I was the only one who was even aware of javascript any more. So, @ forum maintainers, please I beg you to avoid a javascript solution (assuming that you may decide to implement a solution at all).
michaelburns
 
Posts: 6
Joined: 2011-05-28 17:25
Location: Georgetown, TX, USA

Re: Logging on to this forum

Postby Thorny » 2011-05-29 14:19

Some of the concern may be from people who are using their real, "meatspace", name as a username, perhaps they would have some "reputation" issues if their account was compromised.

From my point of view, if someone took over the username Thorny, it would not affect the size of my pension check nor my ability to eat, drink and breathe. I'd even be able to get another username, possibly even convince a moderator that I should have the old one back (but maybe not, that should be hard to do).

So, at the end of the day, I could survive the disaster. I'd also expect anyone stealing a username would have a specific reason for doing so and very likely would attract moderation and loss of account fairly soon. I rarely use the same username on different forums and my usernames (and passphrases) don't correspond to any email account I use for my mission-critical stuff. I don't even always tell the truth about personal stuff in cyberspace.
User avatar
Thorny
 
Posts: 542
Joined: 2011-02-27 13:40

Re: https now!

Postby Telemachus » 2011-05-29 20:12

Ahtiga Saraz wrote:As for Debian User Forums, does anyone know who I should petition?

I believe that only Mez can make this change. PM him directly, I suppose.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
User avatar
Telemachus
 
Posts: 4677
Joined: 2006-12-25 15:53

Previous

Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 1 guest

fashionable