Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 21 Apr 2018, 10:03
All times are UTC - 4
 Forum index » Off-Topic Area » Security
HTTPS everywhere except this forum
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [8 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1142
Location: Canada

PostPosted: Thu 15 Mar 2018, 15:32    Post subject:  HTTPS everywhere except this forum  

One line of defense is using HTTPS. Electronic Frontier Fondation (EFF) is offering one of the best plugins out there, on par with NoScript : HTTPS Everywhere.

Using this plugin for years, for some time now i use it with the setting Block All Unencrypted Request.

Unfortunately, i have to uncheck it to access Murga-Linux forum, i can not think of another web site i need to do that now.

With Let's Encrypt easing the way toward HTTPS, i wonder why Murga-Linux forum is still on old, soon-to-be deprecated, HTTP.

Have an idea?

Further reading :
https://www.itzgeek.com/how-tos/linux/how-to-install-lets-encrypt-on-centos-debian-ubuntu-running-apache-web-server.html

Last edited by labbe5 on Fri 16 Mar 2018, 20:40; edited 1 time in total
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 12815
Location: Arizona USA

PostPosted: Thu 15 Mar 2018, 16:38    Post subject:  

Other than encrypting your password, which is now sent in the clear, I don't see the point of HTTPS for this forum. Everything in it is available to anyone who wants to become a member and log in.
Back to top
View user's profile Send private message 
matchpoint

Joined: 26 Jan 2018
Posts: 169

PostPosted: Thu 15 Mar 2018, 17:30    Post subject:  

That we post publicly, what are you hoping it will protect you from?
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1511

PostPosted: Thu 15 Mar 2018, 18:30    Post subject:  

Flash wrote:
Other than encrypting your password, which is now sent in the clear, I don't see the point of HTTPS for this forum. Everything in it is available to anyone who wants to become a member and log in.


Flash,

You cannot possibly be serious, are you? Please tell me you are not. Https has little to do with "protecting" passwords. That is a side corollary, a little thing. There is another, a much bigger thing, one which encapsulate the whole https movement and its reason for being (and the push it is receiving).

Ask yourself: how many small scripts, pics and such do you think murga has on its account at the servers it contracts this forum out to (the web server company)? You think thousands? Hundred of thousands? More??? (it'd be wise to guess the last one).

Ask yourself each and every time one of those things are downloaded, how unbelievably easy it is to: a) impersonate this site, and b) for the end user would have no inkling it happened. Https fights on these two fronts. If you think about the ease of compromising http-only websites, you get an idea of what https would do for this site and its users.

I just wish people would stop putting out there what they think they know about https, and stop using lame, unapplicable excuses. Simply put, there is no way on this green Earth murga-liux.com can confidently tell any browser (who lands on its site today) that it is: a) actually the murga site, and; b) that any and/all scripts/programs that you download will be done securely & thanks to https will not be subject to easy MITM actions.

I've done https on the few sites I run. It is not hard. It is not expensive. It just takes time, not $$$$ or brainpower. It is just plain goddamn laziness (please excuse the language but it has gotten to the point this needs to be said)...it is just plain damn laziness that this site has not been converted to https.

So plz stop spreading mistruths (that https would do nothing for this site) and misconceptions about https overall. And, John, if you are reading this, get off of the eternal laziness pillow and get this done. It is inexcusable at this point in time, especially given the amount of material people have provided your site for decades now, that you've let this linger. Start acting like you want everything protected here. Do you? All of the users who uploaded and contributed stuff, do you value it? Or no??

If the web server provider you currently use will not help you move murga to https (which I cannot think of one on the planet that does not now offer this), then have the foresight to move.

Stop making excuses. This has went beyond ridiculous, especially for a site like murga & the content it holds.
Back to top
View user's profile Send private message 
Sailor Enceladus

Joined: 22 Feb 2016
Posts: 1475

PostPosted: Thu 15 Mar 2018, 21:29    Post subject:  

I like living in the past. All those new ad-filled social-media-connected javascript-filled CPU-tanking sites can go to hell Twisted Evil Laughing
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2248

PostPosted: Sat 17 Mar 2018, 17:00    Post subject:  

belham2 wrote:
Flash wrote:
Other than encrypting your password, which is now sent in the clear, I don't see the point of HTTPS for this forum. Everything in it is available to anyone who wants to become a member and log in.

You cannot possibly be serious, are you? Please tell me you are not. Https has little to do with "protecting" passwords. That is a side corollary, a little thing. There is another, a much bigger thing, one which encapsulate the whole https movement and its reason for being (and the push it is receiving).

LOL! Puppy is so fragmented, more of a DebianFrankenstein board nowadays. Insecure ...etc. And hardly a pleasant/helpful community/board for new visitors either.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 12815
Location: Arizona USA

PostPosted: Sat 17 Mar 2018, 19:45    Post subject:  

rufwoof wrote:
...hardly a pleasant/helpful community/board for new visitors either.

How so? Please explain.
Back to top
View user's profile Send private message 
matchpoint

Joined: 26 Jan 2018
Posts: 169

PostPosted: Sun 18 Mar 2018, 08:16    Post subject:  

For our daily 30,000 plus, key comments from a respected Windows MVP administrator and a realistic viewpoint on the topic.
Quote:
No, the use of SSL does not protect this website, its software or server. Someone asked me something similar offline from this, whether forcing SSL would prevent hackers from attacking. No, it won't. SSL is not a protective barrier keeping anyone out. Everyone can access the site using SSL if it is enabled - good guys and bad guys. And hack attempts, things like SQL injection, or other known exploitable holes in either the [blank] application or the underlying webserver software, are in no way prevented by implementing SSL.

Quote:
I will add that MITM attacks are just as easy against a site with a CA provided cert as a self-signed one. If a CA grants an open ended cert to some big company or govt agency, which everyone knows has been done, and they then put that between us and this forum, our browsers wouldn't object to that regardless of whether the cert here is self-signed or provided by a CA. It's the trust on the MITM cert that's important at that point, not the target site's certificate.

And no, I'm not interested in a debate.

Ref? You've got plenty to work with.


Peace.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [8 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0463s ][ Queries: 12 (0.0071s) ][ GZIP on ]