You can insist all you like, but I don't see many people agreeing with you. And it's pretty pointless addressing your demand to moderators, because they don't have the power to change it anyway.I still insist that logon should be protected by SSL.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Logging on to this forum
- roseway
- Posts: 1528
- Joined: 2007-12-31 22:50
- Location: Kent, UK
- Has thanked: 3 times
- Been thanked: 4 times
Re: Logging on to this forum
Eric
Re: Logging on to this forum
Well, is the forum account so valuable that it we need to insist on it?
Because let’s face it, the unfortunate aspect of software development is that it involves humans. Mewling, disorganized, miserably analog humans. Sometimes they smell bad.
-
- Posts: 1014
- Joined: 2009-06-15 01:19
https now!
There are many good reasons for the recent trend towards "https everywhere". If you are interested in learning what some of them are, try these links:
[ EDIT 5 May 2011: a not-so-obvious reason why https is a good idea: far from discouraging us from assuming DUF is powerless against state actors, Comodogate (an incident which some feel reflects attempted retaliation by the government of Iran against its own citizens) and an even more recent incident disclosed by the EFF which appears to suggest attempted retaliation by the government of Syria against its own citizens), these incidents seem to suggest that even state actors may find it difficult to misuse fraudulent certs without leaving traces which can be discovered and publicized by organizations like the EFF. ]
If you are persuaded to give it a try, see How to Deploy HTTPS Correctly, Chris Palmer, EFF, 15 November 2010,
As for Debian User Forums, does anyone know who I should petition?
- HTTPS is more secure, so why isn't the Web using it?, Scott Gilbertson, Wired, 20 March 2011
- HTTPS is great: here's why everyone needs to use it (so we can too), Clint Ecker and Kurt Mackey, Ars Technica, 22 March 2011
- HTTPS Now Campaign Urges Users to Take an Active Role in Protecting Internet Security, Eva Galperin, EFF, 20 April 2011
[ EDIT 5 May 2011: a not-so-obvious reason why https is a good idea: far from discouraging us from assuming DUF is powerless against state actors, Comodogate (an incident which some feel reflects attempted retaliation by the government of Iran against its own citizens) and an even more recent incident disclosed by the EFF which appears to suggest attempted retaliation by the government of Syria against its own citizens), these incidents seem to suggest that even state actors may find it difficult to misuse fraudulent certs without leaving traces which can be discovered and publicized by organizations like the EFF. ]
If you are persuaded to give it a try, see How to Deploy HTTPS Correctly, Chris Palmer, EFF, 15 November 2010,
As for Debian User Forums, does anyone know who I should petition?
Ahtiga Saraz
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
-
- Posts: 6
- Joined: 2011-05-28 17:25
- Location: Georgetown, TX, USA
Re: Logging on to this forum
@ Ahtiga Saraz
I wholeheartedly agree with your position on encrypting the username and password. Actually, I am quite surprised, both at the general attitude against your position here, and also that Firefox hasn't warned me about this (I thought that I had it set to warn me whenever I send unencrypted information).
Also, I am so glad to see that someone else chooses to disable javascript for security reasons. I was really beginning to think that I was the only one who was even aware of javascript any more. So, @ forum maintainers, please I beg you to avoid a javascript solution (assuming that you may decide to implement a solution at all).
I wholeheartedly agree with your position on encrypting the username and password. Actually, I am quite surprised, both at the general attitude against your position here, and also that Firefox hasn't warned me about this (I thought that I had it set to warn me whenever I send unencrypted information).
Also, I am so glad to see that someone else chooses to disable javascript for security reasons. I was really beginning to think that I was the only one who was even aware of javascript any more. So, @ forum maintainers, please I beg you to avoid a javascript solution (assuming that you may decide to implement a solution at all).
Re: Logging on to this forum
Some of the concern may be from people who are using their real, "meatspace", name as a username, perhaps they would have some "reputation" issues if their account was compromised.
From my point of view, if someone took over the username Thorny, it would not affect the size of my pension check nor my ability to eat, drink and breathe. I'd even be able to get another username, possibly even convince a moderator that I should have the old one back (but maybe not, that should be hard to do).
So, at the end of the day, I could survive the disaster. I'd also expect anyone stealing a username would have a specific reason for doing so and very likely would attract moderation and loss of account fairly soon. I rarely use the same username on different forums and my usernames (and passphrases) don't correspond to any email account I use for my mission-critical stuff. I don't even always tell the truth about personal stuff in cyberspace.
From my point of view, if someone took over the username Thorny, it would not affect the size of my pension check nor my ability to eat, drink and breathe. I'd even be able to get another username, possibly even convince a moderator that I should have the old one back (but maybe not, that should be hard to do).
So, at the end of the day, I could survive the disaster. I'd also expect anyone stealing a username would have a specific reason for doing so and very likely would attract moderation and loss of account fairly soon. I rarely use the same username on different forums and my usernames (and passphrases) don't correspond to any email account I use for my mission-critical stuff. I don't even always tell the truth about personal stuff in cyberspace.
- Telemachus
- Posts: 4574
- Joined: 2006-12-25 15:53
- Been thanked: 2 times
Re: https now!
I believe that only Mez can make this change. PM him directly, I suppose.Ahtiga Saraz wrote:As for Debian User Forums, does anyone know who I should petition?
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System