Use HTTPS

Code of conduct, suggestions, and information on forums.debian.net.
Message
Author
User avatar
Head_on_a_Stick
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

#46 Post by Head_on_a_Stick »

sickpig wrote:Please edit your post
debiman doesn't post here any more, he can't stand to be on the same boards as me :mrgreen:

He's active over at linuxquestions.org if you want to go and bother him there. Tell him HoaS says [redacted].
Black Lives Matter

Debian buster-backports ISO image: for new hardware support

theblueplll
Posts: 154
Joined: 2019-04-29 01:17

Re: Use HTTPS

#47 Post by theblueplll »

sickpig wrote:
Please edit your post to capitalize Australia. i dont care about the rest of your spellings, grammar or sentence construction but when it comes to nations kindly bear some respect. Thanks.

It actually has nothing to do with respect.
It's proper english to capitalize the first letter to the name of a country.

D2b2426R5d
Posts: 8
Joined: 2015-12-23 10:48

Re: Use HTTPS

#48 Post by D2b2426R5d »

Can some admin seriously answer the question, what the f*ck is wrong with this forum? no TLS in 2019? Is someone stuck in 90's or something?

User avatar
4D696B65
Site admin
Site admin
Posts: 2623
Joined: 2009-06-28 06:09
Been thanked: 5 times

Re: Use HTTPS

#49 Post by 4D696B65 »

ask the orange guys

cuckooflew
Posts: 681
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Use HTTPS

#50 Post by cuckooflew »

GoodLuck at getting a reply, but if https is important to you, there are several groups on face book, they are all https :
https://web.facebook.com/debian/
Or this one:
https://web.facebook.com/groups/lifewithdebian/
Personally I trust this site with http, more then I do any site with https, the only thing https does is help trick the visitors into thinking they are more secure, when they aren't.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Use HTTPS

#51 Post by sickpig »

theblueplll wrote:
sickpig wrote:
Please edit your post to capitalize Australia. i dont care about the rest of your spellings, grammar or sentence construction but when it comes to nations kindly bear some respect. Thanks.

It actually has nothing to do with respect.
It's proper english to capitalize the first letter to the name of a country.
ur reply has been edited or is altogether new. the earlier one entitled repercussions which Karma will ensure. cheers!

trinidad
Posts: 188
Joined: 2016-08-04 14:58
Been thanked: 2 times

Re: Use HTTPS

#52 Post by trinidad »

I mean in NIX isn't it like Old Beth's old Empire the big island, or OBoE/tbi; kinda like USA/possessions/pr/vi/guam/etc. compared to say USA/Chicago

Just teasing.

TC
You can't believe your eyes if your imagination is out of focus.

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Use HTTPS

#53 Post by sickpig »

:D :lol: good one, me like

User avatar
yeti
Posts: 68
Joined: 2009-03-30 14:22

Re: Use HTTPS

#54 Post by yeti »

Drop me a PM when this forum has HTTPS...
I'll take a break until then.
"I have a natural instinct for science" — DJ Trump.
"Vrijdag voor VT100!" — Yeti.
"There is no PLANET-B!" — ???

cuckooflew
Posts: 681
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Use HTTPS

#55 Post by cuckooflew »

It will be a long vacation, hope you enjoy it.
Honestly , I do not see why people think https is so important, it does nothing to keep your system secure, and as mentioned earlier , if https is so important, there is all ways sites like FaceBook, that use it.
===================
https://authentic8.blog/https-beware-th ... -security/
===================
https://www.semrush.com/blog/https-a-mo ... -security/

That leads to something else that has all ways been suspicious to me, Why does Google, promote and try to force everyone to use ssl certificates and https ? Any way, enjoy the vacation.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!

Gerowen
Posts: 146
Joined: 2011-04-11 05:12

Re: Use HTTPS

#56 Post by Gerowen »

It's 2019 and the site still isn't using https...smdh

The point of using SSL is to encrypt the traffic while it's in transit. It seems logical to me that any site that takes input from the user, such as login credentials, would want that information encrypted while it is in transit. Sure, sites using https may embed third party content, malware, etc., but that's not what we're talking about. We're not talking about the safety of this site or the validity of its content, we're talking about a simple and easy to implement feature to enhance the security of how this site operates. Hell, my personal server uses TLS; my personal, in my house server, is hosting its public facing webpage with https enabled. Is it perfect? Does it guarantee that a determined attacker can never gain entry? Absolutely not, but it's sure as shit better than not even trying and using regular http for something that handles user logins. All we're talking about is the very basic concept that a normally functioning website should in some way encrypt and/or otherwise obfuscate user logon credentials while they are in transit over the internet, and using https/SSL/TLS is a simple to implement and industry standard way of doing that.

kopper
Posts: 136
Joined: 2016-09-30 14:30

Re: Use HTTPS

#57 Post by kopper »

cuckooflew wrote:Honestly , I do not see why people think https is so important, it does nothing to keep your system secure
"Nothing" is not the word one would describe something encrypting the traffic between end-used and web service. False sense of security regarding this topic comes from the lack of knowledge, i.e. understanding what is protected and what is not.
cuckooflew wrote:, if https is so important, there is all ways sites like FaceBook, that use it.
This is dumb. Like saying "you can always use sandals with socks if you can't use hiking boots". As if people were using the internet just because you can't use SSL without it.
cuckooflew wrote: That leads to something else that has all ways been suspicious to me, Why does Google, promote and try to force everyone to use ssl certificates and https ? Any way, enjoy the vacation.
This is also dumb. Being suspicious is in many cases warranted, but in this case it seems that you don't have a clear understanding how SSL works and why it is used. Google does many crappy things, but this is not one of them. At least in real world. You may hold up to any conspiracy BS you want in your own imaginary hellhole.

We're almost in 2020. I find it weird, that one of the most basic tool to protect the people from so-much-feared surveillance is ignored by the (allegedly) tech-savvy community. Not having simple, fundamental best-practices in place makes it very hard to uphold any credibility. Even more importantly, it's stating that you don't respect your users enough to go through a few extra steps in your maintenance routine. And yes, not encrypting your users' credentials in-transit is exactly what constitutes as lack of respect. While this is not a service which users' life depend on, at least users should be able to trust that information they give to the service is handled with appropriate care. So many people on these forums seem to whine about big corporations not handling their data up to standards, but at the same time think the same rules don't apply to open-source community.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian

User avatar
Head_on_a_Stick
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

#58 Post by Head_on_a_Stick »

kopper wrote:at least users should be able to trust that information they give to the service is handled with appropriate care
And what information would that be then? This is a public forum, all of the posts are visible even to non-members.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support

Gerowen
Posts: 146
Joined: 2011-04-11 05:12

Re: Use HTTPS

#59 Post by Gerowen »

Head_on_a_Stick wrote:
kopper wrote:at least users should be able to trust that information they give to the service is handled with appropriate care
And what information would that be then? This is a public forum, all of the posts are visible even to non-members.
Usernames and passwords.

User avatar
Head_on_a_Stick
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

#60 Post by Head_on_a_Stick »

So you're using the same password everywhere? That's not wise.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support

Gerowen
Posts: 146
Joined: 2011-04-11 05:12

Re: Use HTTPS

#61 Post by Gerowen »

Head_on_a_Stick wrote:So you're using the same password everywhere? That's not wise.
No, I'm not, and that's not the point, you're deflecting. By that logic, you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form. You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.

kopper
Posts: 136
Joined: 2016-09-30 14:30

Re: Use HTTPS

#62 Post by kopper »

Head_on_a_Stick wrote:And what information would that be then? This is a public forum, all of the posts are visible even to non-members.
Head_on_a_Stick wrote:So you're using the same password everywhere? That's not wise.
So you (deliberately?) miss the point to share assumptions on other users' behavior you have no knowledge about? Really builds your case.

I do agree, it's a public forum. I don't think that's conflicting with anything I said in my post.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian

User avatar
Head_on_a_Stick
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

#63 Post by Head_on_a_Stick »

Gerowen wrote:you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.
Yes.
Gerowen wrote:You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.
Correct.

My $DAY_JOB is sufficiently dangerous that body armour is considered a legitimate tax-deductible expense so perhaps my perception of risk is skewed but I am very happy with the provisions of these boards.

The electrons aren't free and this site isn't under the aegis of debian.org so the orange folks have my gratitude for this playground :)
Black Lives Matter

Debian buster-backports ISO image: for new hardware support

Gerowen
Posts: 146
Joined: 2011-04-11 05:12

Re: Use HTTPS

#64 Post by Gerowen »

Head_on_a_Stick wrote:
Gerowen wrote:you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.
Yes.
Gerowen wrote:You're basically admitting that this website has weak security, but it's acceptable because we shouldn't be reusing passwords anyway.
Correct.

My $DAY_JOB is sufficiently dangerous that body armour is considered a legitimate tax-deductible expense so perhaps my perception of risk is skewed but I am very happy with the provisions of these boards.

The electrons aren't free and this site isn't under the aegis of debian.org so the orange folks have my gratitude for this playground :)
What does your job have to do with the discussion at hand? You don't see me talking about getting free (to me anyway) body armor and ammo in Iraq because it doesn't have jack to do with what we're talking about here. Nice, not-so-low key humble brag though I guess.

On your other statement though about the electrons not being free, nobody is asking the forum admins to spend extra money; you can generate self signed certs, or if you don't want people to have to click past the message about an unknown cert, you can get a lets encrypt cert free of charge.

cuckooflew
Posts: 681
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Use HTTPS

#65 Post by cuckooflew »

Yea but to do that, it takes someone with full administrative privileges, full access to the server, and no one that is active here has those kind of privileges.
By that logic, you're basically saying it's perfectly ok for people to be allowed to see usernames and passwords being sent to this website in an unencrypted form.
I sure can't see any ones passwords,but sounds interesting, maybe you could explain how that is possible, and show some passwords you have seen, ? You probably can't. because you can not see other peoples passwords, if you can , prove it.

Oh, and then this is hilarious :
You don't see me talking about getting free (to me anyway) body armor and ammo in Iraq because it doesn't have jack to do with what we're talking about here. Nice, not-so-low key humble brag though I guess.
But you just had to brag about that, and now we all do see it.

Post Reply