[opensuse] Why https for a public, nothing to hide webpage?
On Tue, 20 Nov 2018 12:09:05 +0100, Richard Brown wrote:
Care to show the re-create btrfs structure wiki page somewhere?
it's unnecessary if you use btrfs restore
But if someone wants to make such a wiki page, a copy/paste of this CC-BY-SA blog post wouldn't be a bad start https://rootco.de/2018-01-19-opensuse-btrfs-subvolumes/
(https://lists.opensuse.org/opensuse/2018-11/msg00397.html) Richard, Could you please explain, why it is necessary to use/require secure (https) connection to publish/read the above page titled "Creating openSUSE-style btrfs root partition & subvolumes"? I don't understand the rationale. In my opinion this is an example of abusing secure protocol, not to mention that older browsers and wget cannot access the site. Thanks, Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 20 Nov 2018 at 15:42, Istvan Gabor <suseuser04@gmail.hu> wrote:
(https://lists.opensuse.org/opensuse/2018-11/msg00397.html)
Richard,
Could you please explain, why it is necessary to use/require secure (https) connection to publish/read the above page titled "Creating openSUSE-style btrfs root partition & subvolumes"?
I don't understand the rationale. In my opinion this is an example of abusing secure protocol, not to mention that older browsers and wget cannot access the site.
I consider it important to use https as much as possible for a multitude of reasons, so many I'm just going to link various sites that cover some of them https://developers.google.com/web/fundamentals/security/encrypt-in-transit/w... https://mashable.com/2011/05/31/https-web-security/?europe=true https://www.cloudflare.com/learning/security/why-use-https/ https://https.cio.gov/everything/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op dinsdag 20 november 2018 15:42:14 CET schreef Istvan Gabor:
On Tue, 20 Nov 2018 12:09:05 +0100, Richard Brown wrote:
Care to show the re-create btrfs structure wiki page somewhere?
it's unnecessary if you use btrfs restore
But if someone wants to make such a wiki page, a copy/paste of this CC-BY-SA blog post wouldn't be a bad start https://rootco.de/2018-01-19-opensuse-btrfs-subvolumes/
(https://lists.opensuse.org/opensuse/2018-11/msg00397.html)
Richard,
Could you please explain, why it is necessary to use/require secure (https) connection to publish/read the above page titled "Creating openSUSE-style btrfs root partition & subvolumes"?
I don't understand the rationale. In my opinion this is an example of abusing secure protocol, not to mention that older browsers and wget cannot access the site.
Thanks,
Istvan Please, do some reading on why not using http. Over here in the Netherlands we even have TV ads by the government warning people not to use http sites. Older browser? Update wget? works fine with https URLs
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 21/11/18 1:47 am, Knurpht-openSUSE wrote:
Op dinsdag 20 november 2018 15:42:14 CET schreef Istvan Gabor:
On Tue, 20 Nov 2018 12:09:05 +0100, Richard Brown wrote:
Care to show the re-create btrfs structure wiki page somewhere? it's unnecessary if you use btrfs restore
But if someone wants to make such a wiki page, a copy/paste of this CC-BY-SA blog post wouldn't be a bad start https://rootco.de/2018-01-19-opensuse-btrfs-subvolumes/ (https://lists.opensuse.org/opensuse/2018-11/msg00397.html)
Richard,
Could you please explain, why it is necessary to use/require secure (https) connection to publish/read the above page titled "Creating openSUSE-style btrfs root partition & subvolumes"?
I don't understand the rationale. In my opinion this is an example of abusing secure protocol, not to mention that older browsers and wget cannot access the site.
Thanks,
Istvan Please, do some reading on why not using http. Over here in the Netherlands we even have TV ads by the government warning people not to use http sites. Older browser? Update wget? works fine with https URLs
The installation of the "Alpha" version of Leap 15.1 has all the URLs of repositories starting with "http://..." All the repositories in Leap 15.0 and Tumbleweed also have them starting with "http://...". Should users manually edit all the URLs to show "https://..." or will this be done automatically by some amendment to the YaST or zypper programs? BC -- God created war so that Americans can learn geography. Mark Twain -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Basil Chupin wrote:
The installation of the "Alpha" version of Leap 15.1 has all the URLs of repositories starting with "http://..."
All the repositories in Leap 15.0 and Tumbleweed also have them starting with "http://...".
Should users manually edit all the URLs to show "https://..." or will this be done automatically by some amendment to the YaST or zypper programs?
The openSUSE mirroring infrastructure does not currently support https. -- Per Jessen, Zürich (0.8°C) member, openSUSE Heroes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
In data mercoledì 21 novembre 2018 08:33:50 CET, Per Jessen ha scritto:
Basil Chupin wrote:
The installation of the "Alpha" version of Leap 15.1 has all the URLs of repositories starting with "http://..."
All the repositories in Leap 15.0 and Tumbleweed also have them starting with "http://...".
Should users manually edit all the URLs to show "https://..." or will this be done automatically by some amendment to the YaST or zypper programs?
The openSUSE mirroring infrastructure does not currently support https. Which is in my experience (I was living in Geneva, Brussels, among others, in virtually an ecosystem of Linda's "red herrings") bad. I thought after Snowden people would have had a wake up call.
But then, given that soon in Europe there will be (if the politicians get their will) an official surveillance interface to break encryption for the local "intelligence", it may not be important. Always remember: Orwell was a How To for governments and criminals, not a warning! BTW. You do not have to go so far as a government. I was in October in Italy, with my laptop (opensuse). I was logged in a non encrypted WLAN. I did not do banking. But I had my gsm with me. Somehow, when I came home I found out that: my VISA card was by somebody set to "3 D secure", my Bank had my cell phone number already registered (although I did NOT communicate it) and a transaction had been tried with the gsm number on a camping site (in October??) I never had been. Since I did not confirm this protocol the transaction was denied. So far about the "safety" of a gsm token for banking protocols. So I insist, "F!", do encrypt were ever this is possible, use VPN, as you have(!) things to hide. You just do not know what is precious to know of you, to others. Not doing so, is to live like in the US in a countryside, with the veranda door wide open. Well, for years that may go very well. And than suddenly you finish like the victim of some cheap B movie. Just to save the effort to lock the door.... Https instead of http: just to save some "overhead"? Really? _________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postfächer sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
stakanov wrote:
In data mercoledì 21 novembre 2018 08:33:50 CET, Per Jessen ha scritto:
Basil Chupin wrote:
The installation of the "Alpha" version of Leap 15.1 has all the URLs of repositories starting with "http://..."
All the repositories in Leap 15.0 and Tumbleweed also have them starting with "http://...".
Should users manually edit all the URLs to show "https://..." or will this be done automatically by some amendment to the YaST or zypper programs?
The openSUSE mirroring infrastructure does not currently support https.
Which is in my experience (I was living in Geneva, Brussels, among others, in virtually an ecosystem of Linda's "red herrings") bad.
This has been discussed a number of times and it's not really very "bad". However, there is one key reason why we do not support it - because mirrorbrain, which runs our mirrors, does not support it.
BTW. You do not have to go so far as a government. I was in October in Italy, with my laptop (opensuse). I was logged in a non encrypted WLAN.
That in itself doesn't sound like a good idea. We're going off-topic though. -- Per Jessen, Zürich (1.4°C) member, openSUSE Heroes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Istvan Gabor wrote:
On Tue, 20 Nov 2018 12:09:05 +0100, Richard Brown wrote:
Care to show the re-create btrfs structure wiki page somewhere?
it's unnecessary if you use btrfs restore
But if someone wants to make such a wiki page, a copy/paste of this CC-BY-SA blog post wouldn't be a bad start https://rootco.de/2018-01-19-opensuse-btrfs-subvolumes/
(https://lists.opensuse.org/opensuse/2018-11/msg00397.html)
Richard,
Could you please explain, why it is necessary to use/require secure (https) connection to publish/read the above page titled "Creating openSUSE-style btrfs root partition & subvolumes"?
I don't understand the rationale. In my opinion this is an example of abusing secure protocol, not to mention that older browsers and wget cannot access the site.
Using https has become much more widespread after Google started favouring it and Lets Encrypt (and others) issuing free certificates. -- Per Jessen, Zürich (2.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/11/2018 15.42, Istvan Gabor wrote:
Could you please explain, why it is necessary to use/require secure (https) connection to publish/read the above page titled "Creating openSUSE-style btrfs root partition & subvolumes"?
I don't understand the rationale. In my opinion this is an example of abusing secure protocol, not to mention that older browsers and wget cannot access the site.
Me neither, but I can give you one big reason: Google wants it. Meaning that non https results are disfavoured on results, and eventually will not be shown. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas))
On 11/20/2018 6:42 AM, Istvan Gabor wrote:
On Tue, 20 Nov 2018 12:09:05 +0100, Richard Brown wrote:
Care to show the re-create btrfs structure wiki page somewhere? it's unnecessary if you use btrfs restore But if someone wants to make such a wiki page, a copy/paste of this CC-BY-SA blog post wouldn't be a bad start https://rootco.de/2018-01-19-opensuse-btrfs-subvolumes/ (https://lists.opensuse.org/opensuse/2018-11/msg00397.html) Richard,
Could you please explain, why it is necessary to use/require secure (https) connection to publish/read the above page titled "Creating openSUSE-style btrfs root partition & subvolumes"?
I don't understand the rationale. In my opinion this is an example of abusing secure protocol, not to mention that older browsers and wget cannot access the site.
Despite links sent by others and, at this point, government propaganda, I agree. If I really don't care to find out whether or not someone sees me downloading opensuse material, there is no need to encrypt. I guess the exception would be if *someone* cares...though I'd really like to understand that case, since I believe it is a red-herring. If I have to login to any site, I'd prefer https enryption, however, since it is only protecting me in transit across the network, it doesn't save me from those who access the site's account database in cleartext. If that is available, (and no way can https guarantee you that it is not), then I don't see any reason to secure transit routes into a clear-text database. Until I know that sites' using https also use 1-way encryption on my login info, https is only a time & cpu waste. -l NOTE: Now I wonder how many encrypt their personal email contents that support web-text encryption. Seems email would be more likely to hold sensitive information. At the very least, there is no excuse for supporters of https not to, at least, have all of their emails cryptographically *signed* to guarantee that they came from the professed sender, since some of the reasons for https involve identity assurance. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/20/2018 01:29 PM, L A Walsh wrote:
I guess the exception would be if *someone* cares...though I'd really like to understand that case, since I believe it is a red-herring.
Google gives higher rank to https sites. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/20/2018 2:17 PM, James Knott wrote:
On 11/20/2018 01:29 PM, L A Walsh wrote:
I guess the exception would be if *someone* cares...though I'd really like to understand that case, since I believe it is a red-herring.
Google gives higher rank to https sites.
So Google rates sites based on conformance with Google's policy rather than by relevance to a searched-on topic. In this case, it will be older sites that will have more accurate historical information that google is downrating, while sites following more "trendy" news and mandates will be rated first. If you were to use google's algorithms on the sites it is derating, I'll bet there will be a higher correlation with sites not using http, with there being accurate information on the site. Got https?: Trendy site...trendy news. Seems like it is time to search for a different "information filter", er, "search engine". That's what it is becoming -- an information filter. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/22/2018 05:43 PM, L A Walsh wrote:
So Google rates sites based on conformance with Google's policy rather than by relevance to a searched-on topic. In this case, it will be older sites that will have more accurate historical information that google is downrating, while sites following more "trendy" news and mandates will be rated first. If you were to use google's algorithms on the sites it is derating, I'll bet there will be a higher correlation with sites not using http, with there being accurate information on the site.
My understanding is that it's just one factor that affects rank. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (9)
-
Basil Chupin -
Carlos E. R. -
Istvan Gabor -
James Knott -
Knurpht-openSUSE -
L A Walsh -
Per Jessen -
Richard Brown -
stakanov