Can we make https work for the new forum?

I can not agree more with @Blsteinhauer88 and am honoured to be called a friend.
The topic was started because Firefox was nagging me with warnings placed over the login fields.
Privacy on an Open-source Project in a Forum was never an issue for me and from my believe does not exist in the grid anyway.

Totally off-topic:
Unless we hijack this amazing project to form a group or religion to overthrow the systems in place preventing us from saving this planet, no Red Flags will be raised by the scripts reading along.

Be aware:
If we would dare to use the Maslow as a prove that the borders drawn on the map are ridiculous (given the fact that the earth is round an we all sit on it and have nowhere else to go) and that we get along nicely just with a little respect, then we would become a threat.

Be aware#2:
If we would form a religion they might call us Chip-Monks!

4 Likes

Why form a new religion when we could join the Pastafarians? Worship the flying spaghetti monster, and ponder such weighty questions as “Can Pastafarians eat Pasta?”?

I’m sure we could start a Chip Monk branch, although cutting a colander on a Maslow should be a requirement. Hmm, nesting concentric rings and a bit of sanding and it could work.

If the earth was really round we’d all fall off and hit the great A’Tuin, annoying him (her?) immensely

2 Likes

I disagree with the last part of that statement :slight_smile:

1 Like

The turtle moves…
:slight_smile:

You don’t think the Great A’Tuin would be annoyed? You may be right, we could be too small

30000 RPM Wiiiiiiiiiiiiiii (as alternative to Ooooooohm)

I’ll try not to get triggered by politics again.

2 Likes

This thread has diverged to other topics, but I still feel that https is important. My concern is username password security, without encryption your login is sent in the clear and anyone able to watch the network traffic could intercept. I agree that an open source forum is not a high value target, but adding https to a site is not onerous and gives a modicum of peace of mind. Just because it is open source does not mean basic security practices should be ignored.

3 Likes

Thanks for that basic login security reminder.

Everyone who made a slingshot knows that any potential target can and will be used as target practice.

Stuff with low value will be shot at without hesitation, Stuff that looks well protected will most likely not be shot at when the shooter has the feeling that someone is watching.

A low value opensource forum in what category is that?

I nowadays request a new randomised password everytime when I’m no longer able to login somewhere.
This way I never need to remember any password for ‘less important’ websites.

1 Like

:grinning: We should have https working very soon so let’s not find out

It’s working right now if you add it manually to the URL

It broke the google and github logins so I’ve got to update those before we make it the default

2 Likes

I’m far more concerned about that GPS, camera, and microphone in your pocket that’s potentially always tracking, watching, and listening you. The apps that are keeping your location “timeline”? All those cell phone pics with location info that get posted?

Did you know they do vehicle tracking studies (At least when I was involved in local 911 in the aughts) by querying passing cell phones? Plus there’s the guys selling your location data

Did anybody investigate if the forum software actually sends clear text passwords?

Yeah, well, maybe this really isn’t a moose posting and he’s been kracked

Since nothing on the forum currently is encrypted, everything, including the
passwords that your browser sends to the server are in clear text.

I would like to say thank you @bar and to all others giving suggestions and inspirations. It’s working, meaning that my Firefox is not nagging me any more. I am happy :vulcan_salute:

Edit1: Almost happy. Can a Regular close a Topic?
Edit2: If he is the creator?
Edit3: Not going to study discourse, a little digging reveals that there should be a :wrench: , this might be Admin only.
The choice the Team made for this Forum was great :+1:

3 Likes

Thanks @Bar for fixing this on top of all the other work.

It’s really appreciated.

1 Like

Maybe for you. All my data is DOUBLE rot-13 encrypted. :slight_smile:

Pertinent discussion on Slashdot today. As usual the comments are the best part, relevant comments on both sides of the question.

https://m.slashdot.org/story/332661

So Google claims to be the one to push for https? While google is the biggest devil when it comes to collecting peoples privacy. Hypocrisy at ‘Clintonian’ levels. :slight_smile:

A shame that Slashdot has so much embedded crap in their website, I can’t even fully load it when I turn off all protections.