Use HTTPS

Have something to say about forums.debian.net itself?

Re: Use HTTPS

Postby Gerowen » 2019-10-14 21:52

Head_on_a_Stick wrote:So you're using the same password everywhere? That's not wise.


No, I'm not, and that's not the point, you're deflecting. By that logic, you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form. You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.
Gerowen
 
Posts: 146
Joined: 2011-04-11 05:12

Re: Use HTTPS

Postby kopper » 2019-10-15 05:51

Head_on_a_Stick wrote:And what information would that be then? This is a public forum, all of the posts are visible even to non-members.

Head_on_a_Stick wrote:So you're using the same password everywhere? That's not wise.


So you (deliberately?) miss the point to share assumptions on other users' behavior you have no knowledge about? Really builds your case.

I do agree, it's a public forum. I don't think that's conflicting with anything I said in my post.
Debian 9.9 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
kopper
 
Posts: 134
Joined: 2016-09-30 14:30

Re: Use HTTPS

Postby Head_on_a_Stick » 2019-10-15 18:11

Gerowen wrote:you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.

Yes.

Gerowen wrote:You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.

Correct.

My $DAY_JOB is sufficiently dangerous that body armour is considered a legitimate tax-deductible expense so perhaps my perception of risk is skewed but I am very happy with the provisions of these boards.

The electrons aren't free and this site isn't under the aegis of debian.org so the orange folks have my gratitude for this playground :)
Don't break DebianHow to report bugs

SharpBang GNU/Linux — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10613
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

Postby Gerowen » 2019-10-15 22:13

Head_on_a_Stick wrote:
Gerowen wrote:you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.

Yes.

Gerowen wrote:You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.

Correct.

My $DAY_JOB is sufficiently dangerous that body armour is considered a legitimate tax-deductible expense so perhaps my perception of risk is skewed but I am very happy with the provisions of these boards.

The electrons aren't free and this site isn't under the aegis of debian.org so the orange folks have my gratitude for this playground :)


What does your job have to do with the discussion at hand? You don't see me talking about getting free (to me anyway) body armor and ammo in Iraq because it doesn't have jack to do with what we're talking about here. Nice, not-so-low key humble brag though I guess.

On your other statement though about the electrons not being free, nobody is asking the forum admins to spend extra money; you can generate self signed certs, or if you don't want people to have to click past the message about an unknown cert, you can get a lets encrypt cert free of charge.
Gerowen
 
Posts: 146
Joined: 2011-04-11 05:12

Re: Use HTTPS

Postby cuckooflew » 2019-10-16 00:01

Yea but to do that, it takes someone with full administrative privileges, full access to the server, and no one that is active here has those kind of privileges.

By that logic, you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.

I sure can't see any ones passwords,but sounds interesting, maybe you could explain how that is possible, and show some passwords you have seen, ? You probably can't. because you can not see other peoples passwords, if you can , prove it.

Oh, and then this is hilarious :
You don't see me talking about getting free (to me anyway) body armor and ammo in Iraq because it doesn't have jack to do with what we're talking about here. Nice, not-so-low key humble brag though I guess.
But you just had to brag about that, and now we all do see it.
cuckooflew
 
Posts: 55
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Use HTTPS

Postby andre@home » 2019-10-16 04:59

On the quoted weblink the discussion stopped in 2017.
viewtopic.php?f=12&t=118960

What I see on the internet there are 2 groups: the ones are "pro" htpps and the others are "against" https.
Apparently is seems virtually impossible for the one to convince the other, so it seems to be become more and more long semantic discussions....

So currently the choice is for the user, accept what it i now and stay or leave.
As users we do not have the influence to change this.

I'm putting my energy into other things....
andre@home
 
Posts: 347
Joined: 2011-10-02 08:00

Re: Use HTTPS

Postby Head_on_a_Stick » 2019-10-16 17:02

Gerowen wrote:Nice, not-so-low key humble brag though I guess.

Thanks, I've been waiting ages for an opportunity to shoehorn that into a post :mrgreen:

Gerowen wrote:You don't see me talking about getting free (to me anyway) body armor and ammo in Iraq

Holy shit d00d that's pretty extreme, why are you worrying about something as trivial as https?

Gerowen wrote:nobody is asking the forum admins to spend extra money; you can generate self signed certs, or if you don't want people to have to click past the message about an unknown cert, you can get a lets encrypt cert free of charge.

The admins have donated the server space that runs these forums, it is not covered by Debian donations (AFAIK) and so constitutes a gift to the community. With that in mind demands for "better service" seem a bit, well, rude. IMO.
Don't break DebianHow to report bugs

SharpBang GNU/Linux — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10613
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

Postby sickpig » 2019-10-21 12:22

welcome to the club Gerowen, I have been d00ded by hoas too! cryptic bloke it is, but quite helpful
User avatar
sickpig
 
Posts: 319
Joined: 2019-01-23 10:34

Previous

Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable