Topic: https://

enable it? yes? or should we wait till there's more forum traffic

Last edited by klepto (2007-07-25 07:23:29)

Re: https://

I think running an https server entails a lot more than simply "enabling" it. not sure it's worth the effort to secure something as trivial as an account on a moderated forum.

I don't run the site by any means though, so don't take my word as final or anything.

Re: https://

That's a bummer. I was all ready to make a backup of my credit card details on my profile page.

NetBSD, FreeBSD, Mac OS X (with pkgsrc)
"Capistrano? Sounds like coffee. Mmm... coffee..."

Re: https://

This thread is geared toward the site admins, not a general query or "what is your opinion" thread.

Re: https://

HTTPS would be nice, yes, but I can't enable it at the moment, too few IP adresses. I'll see what I can do about enabling HTTPS just for the login, with some redirect magic.

Re: https://

klepto wrote:

enable it? yes? or should we wait till there's more forum traffic

klepto wrote:

This thread is geared toward the site admins, not a general query or "what is your opinion" thread.

that's a rather asshole approach to the matter.

'Should we enable 'https://''
'Should we wait till there's more forum traffic?'

then you go on to say that it's geared towards the site admins. since when does 'we' include you when speaking of site admins? moreover your assumption that volume of traffic has some sort of relationship to securing a site is retarded.

you decide to post in feedback no less..

"Feedback - Suggestions, opinions and the like about these forums"

I think you should have specified the thread to the admins then, since in this forum opinions are encouraged.

Re: https://

dannyp wrote:

that's a rather asshole approach to the matter.

Get used to it, I don't have time for "opinions", if I wanted to read opinions, I would read some fuckin blogs.

then you go on to say that it's geared towards the site admins. since when does 'we' include you when speaking of site admins? moreover your assumption that volume of traffic has some sort of relationship to securing a site is retarded.

You don't like my wording? I'm supposed to be careful around you? Please.

Of course the volume of traffic has a relationship, as you can see from the admin Jage's comment, 'too few ip addresses".

'Feedback' is the only forum where you can make suggestions, who can implement them? only the admins, so it's trivial to ask other members what's their opinion when they have no admin rights whatsoever.

Seems like the only retard is around you, trying to be capn save the day because a member on the forum doesn't put up with bullshit.

Re: https://

okay guys let's step back a second.

dannyp: I think you came on a little strong. if klepto wouldn't like my opinion then that's fine. if an admin sees the thread and thinks it's a worthy cause, good. if the thread dies without any discussion of the matter, whatever. no need for this to descend to name-calling or other silly fighting.

klepto: I don't think jage was talking about the number of IP addresses that visit the site. I do think brushing off my opinion was kind of rude but I haven't taken offense to it or anything. I would just like my opinion to be known to the admins because I hope that well-thought-out opinions of long-time forum users would be taken into consideration when making a final decision.

if people don't seem to care about https being implemented, then I would hope it would affect an admin's decision appropriately. if there is a high demand for https then that should be similarly reflected in their decision. that is at least how I hope these forums work smile.

Last edited by asemisldkfj (2007-07-26 04:24:45)

Re: https://

wow.

anyway, https is an alright idea, but i'm used to using passwords that i know are transmitted in cleartext. having one of the five forums that i visit regularly on https doesn't do much for me.

what is this good for besides keeping your password secure?

password attacks are so rare that in the event of one, an admin can easily revert the damage (assuming there are backups or the forum is versioned).

Re: https://

http://clanbbw.com/publicimg/data/images/thief.gif

Re: https://

DannyP, you're either making off with MIPS Altair or a Betamax machine. Sorry, couldn't resist smile

Anyway yeah https would be nice, but I'm sure the admins on this forum have very busy lives and right now I don't think it's an absolute necessity.

As for comments regarding the relevance of non-admins posting about requested features, if the aforementioned non-admins didn't respond to said feature requests, then the aforementioned admins would find it difficult, if not impossible, to gauge the necessity of such a feature in the eyes of the people who would be uilitisng it: the users. There's a reason it's called a "forum".

But what do I know, I only arrived this month wink. Keep it cool yah?

NetBSD, FreeBSD, Mac OS X (with pkgsrc)
"Capistrano? Sounds like coffee. Mmm... coffee..."

Re: https://

here's my thought:

as long as there's a reply box, i'm probably going to post my opinion

Re: https://

What's so cool about using https ?

It takes more ressource, slow things down, ...

Do we need it ?

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: https://

I don't think https is necessary. And you need a separate IP for that. Why waste an IP ? Just my opinion.

Last edited by arun (2007-07-27 12:14:33)

Keep Smiling

Re: https://

What's here that needs to be secure? The idea of a forum is to build an open community of users.

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: https://

as much of a community as we are, I don't want you to know my password! tongue

Re: https://

with a guy named klepto running around, it's pretty much necessary!

Re: https://

arun wrote:

I don't think https is necessary. And you need a separate IP for that. Why waste an IP ? Just my opinion.

You can run HTTP and HTTPS on the same IP, you just need to use mod_ssl and put the port number into each <VirtualHost> tag.

19

Re: https://

rubenerd wrote:

DannyP, you're either making off with MIPS Altair or a Betamax machine.

No way you easily could carry an Altair under one arm unless you are a lot stronger than I am.  The old S-100 machines weigh a friggin' ton!

Personally I don't care much if someone steals my PW here.  It is easy enough to reassign, and I don't use it anywhere else.  Has this ever happened, anyway?  With all due respect, this is not exactly a high-traffic site, and pretty much everyone knows everyone else anyway.  So aberrant behavior is easy enough to spot.  Though klepto is showing a tone in this and in other threads that is pretty foreign to the community I've found here.

Re: https://

phoenix wrote:

You can run HTTP and HTTPS on the same IP, you just need to use mod_ssl and put the port number into each <VirtualHost> tag.

The problem is running several HTTPS virtual hosts on the same IP. Since the server certificate is handed out before the client specifies which host it wants to talk to (via the Host: header of the HTTP request), all virtual hosts running on the same IP would have to use the same certificate. The certificate however is bound to a given hostname, so for all but one virtual host there'd be a certificate hostname mismatch.

Re: https://

Alright, enough with the name-calling already! Geez guys, relax a bit, will you?

I will delete any further non-technical posts in this thread.

Re: https://

moderation of posts sucks sad

p.s. i guess this isn't a technical issue :x

Re: https://

dannyp wrote:

http://clanbbw.com/publicimg/data/images/thief.gif

this pretty much says it all, fortunately most people are confused about the reference.

Last edited by dannyp (2007-07-29 10:36:56)