avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday December 10, 2023, 11:27 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - db90h [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 20next
Makes me remember, almost time to file my taxes ;).

Nice mobile app work Mouser. Glad you are proficient in this space.

Living Room / Re: Use a unique password for this site
« on: March 08, 2015, 09:15 AM »
2FA is the solution to many problems, but is imperfect in some ways itself. It encourages weak passwords, since you've got 2FA to back it up.

My friend Steve Gibson is working on SQRL, as many of you know, which does help a lot with this password mess.

We'll end this thread here, and hope DC goes full SSL when the site is refactored -- which I'm sure he'll do to save money, if nothing else. He's paying way too much as-is. It's just a lot of work, but will be a good learning experience, and he's more than capable.

Living Room / Re: Use a unique password for this site
« on: March 07, 2015, 05:00 PM »
Yea, that's why I send my mail on post cards.

It's a simple security thing. Easier to secure everything than cherry-pick. That's all.

Surely certain portions will be broken as necessary, man-in-the-middle attacks from a legit CA, etc.. the NSA will always have their ways.

But security isn't about 'criminals', it's about online safety and privacy, especially for those who live in countries where their political affiliation this year could cost them their life the next.

Living Room / Re: Use a unique password for this site
« on: March 07, 2015, 11:37 AM »
Yea, rainbow tables are the term you are looking for ;). They are, again, hopefully, neutralized by appropriately salting the hashed password.

Certainly your operation is safe and warning caps removed in good reason.

A single password manager introduces a single point of failure, but is otherwise good advice.

The entirety of web traffic will be encrypted in time, whether it be via HTTP 5 or simple prudence.

Living Room / Re: Use a unique password for this site
« on: March 07, 2015, 11:08 AM »
Still I prefer SSL, LOL.

The idea of everything I type, even drafts, going straight to any server plaintexxt... Well, it bothers me.

DC is fine here since SMF is designed to operate w/o SSL by hashing the password on the client side. They don't use SSL on their own site.

However, it's not 'fine' as to where are in society today, so it's just something to think about as the site is refactored someday.

Well I think I've already spent my good will, accidentally.

Still, I wish nothing but the best for mouser and his friends. I hope you guys succeed and harbor no grudges against my dumb ass for having to say something about the lack of https by default on logins, which I guess doesn't matter much since client-side hashing is apparently done by SMF javascript.

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:50 PM »
I still don't get what the big deal is, or why you're freaking out about it. It's pretty obvious that you're not going to have an encrypted connection if you don't use https.

Logins where credentials are supplied are presumed to at least have SSL encryption by industry standard.

I'm not freaking out.

If SMF hashes the password on the client side before sending it unencrypted, then you're not bad off.

But if you don't understand what I was concerned about, then you aren't trying very hard ;). Not everyone even knows what HTTPS is.

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:47 PM »
.delme. this post. or thread. I wasn't attacking you guys, but please, be reasonable, and acknowledge it as an issue that needs addressing sooner or later.

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:45 PM »
BTW, I have converted my entire SMF based forum to SSL, FWIW...  Doesn't have the mods yours has, but...

EDIT: Oh, ok, if it hashes the passwords on the client side, that helps ;)

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:43 PM »
@Deozaan: That is not the default address, unless maybe you use that HTTPEverywhere extension.

It defaults to HTTP.

So sorry to have brought this up. It's legit though.

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:30 PM »
If I could delete this topic, I would.. so am requesting you do .. for your privacy while you fix it.

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:28 PM »
Oh I feel like shit, why did I have to reveal that...

I just want to support you, please understand that. This could have come back to bite you much harder. Oh well. You are not blameless, it's your server. Keep it as secure as you want, I'll just remember no SSL here ;)

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:16 PM »
Recommend you issue a statement explaining the situation (you know it in detail) and recommended guidance. Stay ahead of it. No breach happened. No damage known to be done.

EDIT: Man, I hate i mentioned this, I am just so SSL aware right now, I couldn't help it -- especially since i just had to change a bunch of passwords, because it's hard, in practice, to use a unique password on *every* site. I reserve unique ones for mission critical sites.

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:13 PM »
Well, that's true, in part, but since one would HOPE that any modern server would store their passwords in hashed format, not plaintext. The purpose of the hash, as you know, is to prevent it from being reversed back to it's plaintext. Thus, if they get breached, they get no passwords.

Still, it is best practices to use different passwords, for other reasons, not that one in particular.

Please don't get defensive about this, you can delete this thread, I won't mention it again. Very sorry. Trying to help, came out wrong I guess. Wanted people to realize.

Living Room / Re: Use a unique password for this site
« on: March 06, 2015, 11:05 PM »
Gosh, I hated to be the one to notice and report this, but how could I not?

It's no biggie, so long as your password here is not used anywhere else, which is standard procedures.

Still, I prefer 100% SSL on *all* pages. I took this bold experiment myself. It was bold because Google treats you as a new domain and the CPU overhead can increase. My results were fine, as were Google's when they did the same to all their servers a while back.

Living Room / Use a unique password for this site
« on: March 06, 2015, 10:58 PM »
If you logout or open an ingognito tab, you may notice the login prompt in the upper left.

What you don't see is any SSL encryption.

EDIT: Since SMF hashes on the client side using javascript, you're fine, though of course all your information is still sent to the server plaintext.

Oh, no, that was truly meant as courage. Agreed on leaving it as-is though. I am no farther along in socioeconomic status than you, probably you farther than me. FWIW.

You know, there is something to be said for simply surviving, as an adult/site/business, for 10 years in this world.

Especially for someone who has put themselves 'out there', as mouser has.

Believe me when I say that it comes with more drawbacks than rewards, and takes true courage.

Bibbity bobbidy boo
I'm currently eating a shoe
My life, it sucks
Who gives two fucks?
And with that, off you can screw
[not really but i had to rhyme]

Good thing you posted that 'not really' in small font on the next page ;).

Life sucks for almost everyone right now. The reasons are complex.

For some, they suck more than others, but in those cases, you just have to make due with whatever unfair or unjustice was bestowed upon you. Can't wallow in it. Easier said than done, I know. Believe me.

Figured I'd post this, just to remember who the real 'enemy' is. Oldie, some may have seen it, but so funny every time -- to those who get it. It really is like this (or worse in many cases).

Server costs are still through the roof -- but changing servers is such a hassle though, and when the servers run smoothly i'm loathe to change anything..

On this, you gotta bite the bullet man. I can't tell you how many hours I've spent refactoring my server infastructure just to save costs or improve security. Sometimes I've taken a hit for it, but that's business.

If you're locked in, add up half the savings from one year, and I bet you could hire someone to 'unlock' you ;).

Just don't go too cheap, no 'shared cloud server' crap :)

Refreshed the page and got your answers.

Also noticed that the primary login didn't seem SSL encrypted by default either! DIdn't check if I could manually do it, it should have default.

Maybe we can work something out in the future, a business arrangement that requires us to neither agree nor be friends, just produce, do the customer right, and earn a living at the same time. Who knows. I'll brainstorm.

Amen. Especially when there is real evil out there ... even here in the USA. I mean, really - any differences we had, which I'l take the blame for, are pretty petty.

I've always been here. My regrets are only that I couldn't do more to help mouser, because I believe his heart is purer than most, and that I made mistakes that alienated us.

I think mouser+Bitsum could do a lot together. I just wish I knew a way to make it work. I would guess mouser also has a full time job these days? Not me, I struggle by with what I can. I tried a 'stable job', turns out most corporations are crazier than anyone you'll meet in any asylum ;p.

ProcessTamer / Re: Process Tamer and Process Lasso
« on: March 06, 2015, 07:44 PM »
Oh no, not this. I hate this not because of 'competition', but because I can't be friends with a competitor. And mouser is a great person and friend.

Process Lasso is what it is. Maintained frequently, come a long way. Lots of time and energy has went into it. Lots of functions. I've made Process Lasso my sole purpose in life for 10 years. Lasso is written in C++, so is as lightweight as anything.

Mouser's Process Tamer is more narrowly focused, as he said. Better system tray notifications.

Lasso is designed in a way such that running Tamer (or similar software) along side it will not impede it's functionality, at least with default settings. I can't say the same is true for other software.

Pages: [1] 2 3 4 5 6 ... 20next