Debian User Forums

2019 and still no HTTPS? What is wrong with this forum, people?

D2b2426R5d wrote:2019 and still no HTTPS? What is wrong with this forum, people?

The forum admins belong to a group of shamen who live in a remote mountain region unknown to mere mortals. They visit civilisation every few years to gauge the progress of humankind, always returning home shortly afterwards in exasperation and despair.

It's all just a toy anyway, why do you think the versions are "toy story" characters ?.
And, P.S.

They visit civilisation every few years to gauge the progress of humankind,

What civilization ? Humans are not civilized, nor are considered a intelligent life form where I live.

If you really want to be enlightned , try this:

debiman wrote:

dotlj wrote:Many other CAs are also U.S. based. Does that bother you when you connect to Amazon, Apple, Google, or any other of the most commonly used websites?
I can't see how being U.S. based means the Let's Encrypt certificates are less trustworthy than any other CA. Why pay any of the big companies when Let's Encrypt is doing so much to promote and support a safer Internet?

i should have clarified:
my comment was from the point of view of the server owner who decides to employ letsencrypt.
i was on the verge of doing it once and, apart from a deep mistrust in handing control to my complete system over to some unknown python script, i remember 100% that i read that i am effectively entering into some sort of contract with said entity, under US law.
i think you will understand that i, a citizen of an entirely different continent, both online and IRL, do not want to do that.

this has no impact on the person who browses the site, i'll agree to that.

btw, cacert.org is based in australia.
i used them for a while, but unfortunately their certificates are not "browser trusted"
i think it takes serious money to buy that trust (sic) - another interesting thought, what's letsencrypt's motivation of spending that and then giving the certificates away for free?

Please edit your post to capitalize Australia. i dont care about the rest of your spellings, grammar or sentence construction but when it comes to nations kindly bear some respect. Thanks.

sickpig wrote:Please edit your post

debiman doesn't post here any more, he can't stand to be on the same boards as me

He's active over at linuxquestions.org if you want to go and bother him there. Tell him HoaS says [redacted].

sickpig wrote:
Please edit your post to capitalize Australia. i dont care about the rest of your spellings, grammar or sentence construction but when it comes to nations kindly bear some respect. Thanks.

It actually has nothing to do with respect.
It's proper english to capitalize the first letter to the name of a country.

Can some admin seriously answer the question, what the f*ck is wrong with this forum? no TLS in 2019? Is someone stuck in 90's or something?

ask the orange guys

GoodLuck at getting a reply, but if https is important to you, there are several groups on face book, they are all https :
https://web.facebook.com/debian/
Or this one:
https://web.facebook.com/groups/lifewithdebian/
Personally I trust this site with http, more then I do any site with https, the only thing https does is help trick the visitors into thinking they are more secure, when they aren't.

theblueplll wrote:

sickpig wrote:
Please edit your post to capitalize Australia. i dont care about the rest of your spellings, grammar or sentence construction but when it comes to nations kindly bear some respect. Thanks.

It actually has nothing to do with respect.
It's proper english to capitalize the first letter to the name of a country.

ur reply has been edited or is altogether new. the earlier one entitled repercussions which Karma will ensure. cheers!

I mean in NIX isn't it like Old Beth's old Empire the big island, or OBoE/tbi; kinda like USA/possessions/pr/vi/guam/etc. compared to say USA/Chicago

Just teasing.

TC

good one, me like

Drop me a PM when this forum has HTTPS...
I'll take a break until then.

It will be a long vacation, hope you enjoy it.
Honestly , I do not see why people think https is so important, it does nothing to keep your system secure, and as mentioned earlier , if https is so important, there is all ways sites like FaceBook, that use it.
===================
https://authentic8.blog/https-beware-th ... -security/
===================
https://www.semrush.com/blog/https-a-mo ... -security/

That leads to something else that has all ways been suspicious to me, Why does Google, promote and try to force everyone to use ssl certificates and https ? Any way, enjoy the vacation.

It's 2019 and the site still isn't using https...smdh

The point of using SSL is to encrypt the traffic while it's in transit. It seems logical to me that any site that takes input from the user, such as login credentials, would want that information encrypted while it is in transit. Sure, sites using https may embed third party content, malware, etc., but that's not what we're talking about. We're not talking about the safety of this site or the validity of its content, we're talking about a simple and easy to implement feature to enhance the security of how this site operates. Hell, my personal server uses TLS; my personal, in my house server, is hosting its public facing webpage with https enabled. Is it perfect? Does it guarantee that a determined attacker can never gain entry? Absolutely not, but it's sure as crap better than not even trying and using regular http for something that handles user logins. All we're talking about is the very basic concept that a normally functioning website should in some way encrypt and/or otherwise obfuscate user logon credentials while they are in transit over the internet, and using https/SSL/TLS is a simple to implement and industry standard way of doing that.

cuckooflew wrote:Honestly , I do not see why people think https is so important, it does nothing to keep your system secure

"Nothing" is not the word one would describe something encrypting the traffic between end-used and web service. False sense of security regarding this topic comes from the lack of knowledge, i.e. understanding what is protected and what is not.

cuckooflew wrote:, if https is so important, there is all ways sites like FaceBook, that use it.

This is dumb. Like saying "you can always use sandals with socks if you can't use hiking boots". As if people were using the internet just because you can't use SSL without it.

cuckooflew wrote: That leads to something else that has all ways been suspicious to me, Why does Google, promote and try to force everyone to use ssl certificates and https ? Any way, enjoy the vacation.

This is also dumb. Being suspicious is in many cases warranted, but in this case it seems that you don't have a clear understanding how SSL works and why it is used. Google does many crappy things, but this is not one of them. At least in real world. You may hold up to any conspiracy BS you want in your own imaginary hellhole.

We're almost in 2020. I find it weird, that one of the most basic tool to protect the people from so-much-feared surveillance is ignored by the (allegedly) tech-savvy community. Not having simple, fundamental best-practices in place makes it very hard to uphold any credibility. Even more importantly, it's stating that you don't respect your users enough to go through a few extra steps in your maintenance routine. And yes, not encrypting your users' credentials in-transit is exactly what constitutes as lack of respect. While this is not a service which users' life depend on, at least users should be able to trust that information they give to the service is handled with appropriate care. So many people on these forums seem to whine about big corporations not handling their data up to standards, but at the same time think the same rules don't apply to open-source community.

kopper wrote:at least users should be able to trust that information they give to the service is handled with appropriate care

And what information would that be then? This is a public forum, all of the posts are visible even to non-members.

Head_on_a_Stick wrote:

kopper wrote:at least users should be able to trust that information they give to the service is handled with appropriate care

And what information would that be then? This is a public forum, all of the posts are visible even to non-members.

Usernames and passwords.

So you're using the same password everywhere? That's not wise.