Use HTTPS

Code of conduct, suggestions, and information on forums.debian.net.
Message
Author
D2b2426R5d
Posts: 8
Joined: 2015-12-23 10:48

Re: Use HTTPS

#41 Post by D2b2426R5d »

2019 and still no HTTPS? What is wrong with this forum, people? :shock:

User avatar
sunrat
Global Moderator
Global Moderator
Posts: 3764
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 3 times
Been thanked: 12 times

Re: Use HTTPS

#42 Post by sunrat »

D2b2426R5d wrote:2019 and still no HTTPS? What is wrong with this forum, people? :shock:
The forum admins belong to a group of shamen who live in a remote mountain region unknown to mere mortals. They visit civilisation every few years to gauge the progress of humankind, always returning home shortly afterwards in exasperation and despair.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

cuckooflew
Posts: 680
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Use HTTPS

#43 Post by cuckooflew »

It's all just a toy anyway, why do you think the versions are "toy story" characters ?.
And, P.S.
They visit civilisation every few years to gauge the progress of humankind,
What civilization ? Humans are not civilized, nor are considered a intelligent life form where I live.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!

cuckooflew
Posts: 680
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Use HTTPS

#44 Post by cuckooflew »

If you really want to be enlightned , try this:

Code: Select all

curl -s -I forums.debian.net 
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Use HTTPS

#45 Post by sickpig »

debiman wrote:
dotlj wrote:Many other CAs are also U.S. based. Does that bother you when you connect to Amazon, Apple, Google, or any other of the most commonly used websites?
I can't see how being U.S. based means the Let's Encrypt certificates are less trustworthy than any other CA. Why pay any of the big companies when Let's Encrypt is doing so much to promote and support a safer Internet?
i should have clarified:
my comment was from the point of view of the server owner who decides to employ letsencrypt.
i was on the verge of doing it once and, apart from a deep mistrust in handing control to my complete system over to some unknown python script, i remember 100% that i read that i am effectively entering into some sort of contract with said entity, under US law.
i think you will understand that i, a citizen of an entirely different continent, both online and IRL, do not want to do that.

this has no impact on the person who browses the site, i'll agree to that.

btw, cacert.org is based in australia.
i used them for a while, but unfortunately their certificates are not "browser trusted" :(
i think it takes serious money to buy that trust (sic) - another interesting thought, what's letsencrypt's motivation of spending that and then giving the certificates away for free?
Please edit your post to capitalize Australia. i dont care about the rest of your spellings, grammar or sentence construction but when it comes to nations kindly bear some respect. Thanks.

User avatar
Head_on_a_Stick
Posts: 13446
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

#46 Post by Head_on_a_Stick »

sickpig wrote:Please edit your post
debiman doesn't post here any more, he can't stand to be on the same boards as me :mrgreen:

He's active over at linuxquestions.org if you want to go and bother him there. Tell him HoaS says [redacted].
Black Lives Matter

Debian buster-backports ISO image: for new hardware support

theblueplll
Posts: 154
Joined: 2019-04-29 01:17

Re: Use HTTPS

#47 Post by theblueplll »

sickpig wrote:
Please edit your post to capitalize Australia. i dont care about the rest of your spellings, grammar or sentence construction but when it comes to nations kindly bear some respect. Thanks.

It actually has nothing to do with respect.
It's proper english to capitalize the first letter to the name of a country.

D2b2426R5d
Posts: 8
Joined: 2015-12-23 10:48

Re: Use HTTPS

#48 Post by D2b2426R5d »

Can some admin seriously answer the question, what the f*ck is wrong with this forum? no TLS in 2019? Is someone stuck in 90's or something?

User avatar
4D696B65
Site admin
Site admin
Posts: 2683
Joined: 2009-06-28 06:09
Been thanked: 18 times

Re: Use HTTPS

#49 Post by 4D696B65 »

ask the orange guys

cuckooflew
Posts: 680
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Use HTTPS

#50 Post by cuckooflew »

GoodLuck at getting a reply, but if https is important to you, there are several groups on face book, they are all https :
https://web.facebook.com/debian/
Or this one:
https://web.facebook.com/groups/lifewithdebian/
Personally I trust this site with http, more then I do any site with https, the only thing https does is help trick the visitors into thinking they are more secure, when they aren't.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Use HTTPS

#51 Post by sickpig »

theblueplll wrote:
sickpig wrote:
Please edit your post to capitalize Australia. i dont care about the rest of your spellings, grammar or sentence construction but when it comes to nations kindly bear some respect. Thanks.

It actually has nothing to do with respect.
It's proper english to capitalize the first letter to the name of a country.
ur reply has been edited or is altogether new. the earlier one entitled repercussions which Karma will ensure. cheers!

trinidad
Posts: 210
Joined: 2016-08-04 14:58
Been thanked: 4 times

Re: Use HTTPS

#52 Post by trinidad »

I mean in NIX isn't it like Old Beth's old Empire the big island, or OBoE/tbi; kinda like USA/possessions/pr/vi/guam/etc. compared to say USA/Chicago

Just teasing.

TC
You can't believe your eyes if your imagination is out of focus.

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Use HTTPS

#53 Post by sickpig »

:D :lol: good one, me like

User avatar
yeti
Posts: 68
Joined: 2009-03-30 14:22

Re: Use HTTPS

#54 Post by yeti »

Drop me a PM when this forum has HTTPS...
I'll take a break until then.
"I have a natural instinct for science" — DJ Trump.
"Vrijdag voor VT100!" — Yeti.
"There is no PLANET-B!" — ???

cuckooflew
Posts: 680
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Use HTTPS

#55 Post by cuckooflew »

It will be a long vacation, hope you enjoy it.
Honestly , I do not see why people think https is so important, it does nothing to keep your system secure, and as mentioned earlier , if https is so important, there is all ways sites like FaceBook, that use it.
===================
https://authentic8.blog/https-beware-th ... -security/
===================
https://www.semrush.com/blog/https-a-mo ... -security/

That leads to something else that has all ways been suspicious to me, Why does Google, promote and try to force everyone to use ssl certificates and https ? Any way, enjoy the vacation.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!

Gerowen
Posts: 148
Joined: 2011-04-11 05:12
Has thanked: 1 time

Re: Use HTTPS

#56 Post by Gerowen »

It's 2019 and the site still isn't using https...smdh

The point of using SSL is to encrypt the traffic while it's in transit. It seems logical to me that any site that takes input from the user, such as login credentials, would want that information encrypted while it is in transit. Sure, sites using https may embed third party content, malware, etc., but that's not what we're talking about. We're not talking about the safety of this site or the validity of its content, we're talking about a simple and easy to implement feature to enhance the security of how this site operates. Hell, my personal server uses TLS; my personal, in my house server, is hosting its public facing webpage with https enabled. Is it perfect? Does it guarantee that a determined attacker can never gain entry? Absolutely not, but it's sure as crap better than not even trying and using regular http for something that handles user logins. All we're talking about is the very basic concept that a normally functioning website should in some way encrypt and/or otherwise obfuscate user logon credentials while they are in transit over the internet, and using https/SSL/TLS is a simple to implement and industry standard way of doing that.

kopper
Posts: 136
Joined: 2016-09-30 14:30

Re: Use HTTPS

#57 Post by kopper »

cuckooflew wrote:Honestly , I do not see why people think https is so important, it does nothing to keep your system secure
"Nothing" is not the word one would describe something encrypting the traffic between end-used and web service. False sense of security regarding this topic comes from the lack of knowledge, i.e. understanding what is protected and what is not.
cuckooflew wrote:, if https is so important, there is all ways sites like FaceBook, that use it.
This is dumb. Like saying "you can always use sandals with socks if you can't use hiking boots". As if people were using the internet just because you can't use SSL without it.
cuckooflew wrote: That leads to something else that has all ways been suspicious to me, Why does Google, promote and try to force everyone to use ssl certificates and https ? Any way, enjoy the vacation.
This is also dumb. Being suspicious is in many cases warranted, but in this case it seems that you don't have a clear understanding how SSL works and why it is used. Google does many crappy things, but this is not one of them. At least in real world. You may hold up to any conspiracy BS you want in your own imaginary hellhole.

We're almost in 2020. I find it weird, that one of the most basic tool to protect the people from so-much-feared surveillance is ignored by the (allegedly) tech-savvy community. Not having simple, fundamental best-practices in place makes it very hard to uphold any credibility. Even more importantly, it's stating that you don't respect your users enough to go through a few extra steps in your maintenance routine. And yes, not encrypting your users' credentials in-transit is exactly what constitutes as lack of respect. While this is not a service which users' life depend on, at least users should be able to trust that information they give to the service is handled with appropriate care. So many people on these forums seem to whine about big corporations not handling their data up to standards, but at the same time think the same rules don't apply to open-source community.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian

User avatar
Head_on_a_Stick
Posts: 13446
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

#58 Post by Head_on_a_Stick »

kopper wrote:at least users should be able to trust that information they give to the service is handled with appropriate care
And what information would that be then? This is a public forum, all of the posts are visible even to non-members.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support

Gerowen
Posts: 148
Joined: 2011-04-11 05:12
Has thanked: 1 time

Re: Use HTTPS

#59 Post by Gerowen »

Head_on_a_Stick wrote:
kopper wrote:at least users should be able to trust that information they give to the service is handled with appropriate care
And what information would that be then? This is a public forum, all of the posts are visible even to non-members.
Usernames and passwords.

User avatar
Head_on_a_Stick
Posts: 13446
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Use HTTPS

#60 Post by Head_on_a_Stick »

So you're using the same password everywhere? That's not wise.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support

Post Reply