- Files: GIF, JPG, PNG, Maximum:4000 KB, Thumbnails: 600x600 pixels
- Currently 1154 unique user posts. View catalogue
[ Return ] [ Entire Thread ] [ Last 50 posts ]
Posting mode: Reply [Last 50 posts][ Reply ]
41 posts omitted. Last 50 posts shown.
Expand all images.
|>>|| No. 10933
Please make .gs use HTTPS so the three/four letter agencies have it a little more difficult.
|>>|| No. 13360
Malicious Wi-Fi hotspots that inject shite into unencrypted traffic, maybe.
Sage thoroughly checked because I don't know if this applies to Blighty.
|>>|| No. 13361
Things like Quantum Insert just wouldn't work if every site on the internet used SSL. Even if you had the private key of every SSL provider on the internet, that'd only really help you to crack encrypted traffic later on (and that's only if they're not using PFS, which they should be) - certainly the extra latency involved in calculating SSL on the fly would almost certainly push the timings needed for QI type attacks into the realm of the very improbable.
> Sage thoroughly checked because I don't know if this applies to Blighty.
> they can own any widely used SSL for sure
It's ok, I'm pretty sure he doesn't know very much about blighty either.
Sage checked for rampant foreigner-hating and baiting.
|>>|| No. 13402
The Govt making all unencrypted traffic light reading for your local council's IT department is surely the impetus we need to implement this.
IRC supports SSL, so why not allow encryption on .gs?
|>>|| No. 13404
Jokes aside, this is a pretty serious invasion of privacy.
Expressing you opinion anonymously is something this site enshrines. We need HTTPS now for that to remain true.
|>>|| No. 13405
We've needed it for years, but the admin team has never been able (or willing?) to provide it. With Let's Encrypt it should now be a relatively straightforward affair - providing the admin team doesn't make a dog's dinner out of it and sets PFS up properly. Providing that is done I'll put myself up for writing a short guide on how to do certificate pinning correctly so that anyone who wants to use this site as securely as possible will be able to.
|>>|| No. 13406
The Admin team is nonexistent. purple left the website in the hands of one of the teenagers and nothing really will ever get done on this site anymore. It's a shame, it used to be quite fun.
|>>|| No. 13407
Don't be a cock I read every day.
I've actually changed my mind on the issue - >>13402 is right, this latest change in the law does make me very minded to encrypt a lot more.
|>>|| No. 13410
Pound works pretty well for adding an SSL layer and has a fairly low admin overhead.
|>>|| No. 13411
Surely if someone packet sniffs the entire conversation on https, they would be able to decrypt the traffic?
|>>|| No. 13412
No. The whole point of HTTPS is that it allows a secure session to be established over an insecure channel. If the client, server and certificate authority are trustworthy then the session is (in theory) perfectly secure.
HTTPS has a vital role to play in reducing the reach of surveillance, which is why Lets Encrypt is such an important project. The NSA and YMCA have spent close to a billion dollars attempting to undermine HTTPS and other cryptosystems, with only shape-shifting reptilianest success. The techies are outpacing the spooks.
|>>|| No. 13413
>The techies are outpacing the spooks.
I suspect that we only hear half of what they are capable of. All the typical "black" projects in othe defence sectors (you know, like all the skunkworks stuff) aren't admitted about for years. How long did they keep the stealth bomber a secret for? I imagine it's much the same with whatever vile electronic glass against our wall they are using.
|>>|| No. 13414
>YMCA have spent close to a billion dollars attempting to undermine HTTPS and other cryptosystems
It was only a matter of time...
|>>|| No. 13542
That's interesting. I managed to get on the Lets Encrypt beta list, but there were two issues - they're currently rotating certificates every six to eight weeks, which is boring and they wanted to publish my email address, which is also tedious.
|>>|| No. 13814
Any updates on this modlads? It's been another six months. I guess I'll have another dig around and see if things are any easier than they were then, although I'd hope they are.
While I'm here (and because there's no Sheds General thread), I noticed that the geofag for Brazil is 'Nutfag', which while a clever play on Brazil Nuts, isn't really all that funny. I humbly offer up the following alternatives:
I also look forward to hearing any other suggestions our users may have.
No sage because I want to bump this onto the first page of /shed/
|>>|| No. 13815
This thread was an amusing read, I think I just avoided it in the past because I don't even know what http means.
What does https do? And what is robots.txt? I've seen the little fucker pop up a lot but I don't know what it is or why it's so named.
|>>|| No. 13816
HTTP stands for Hyper-Text Transfer Protocol. It's the system used to send webpages and other data from web servers to your computer. The S in HTTPS stands for "secure". HTTPS adds a layer of encryption to HTTP, preventing the data from being intercepted by an eavesdropper. It is essential for things like online shopping and banking, but there is a movement to make it standard on all websites. This movement has been accelerated by the Snowden revelations.
Robots.txt is a standard system for web servers to communicate with automated systems like search engines. It can be used to declare certain files or folders as off-limits to automated systems, or to request that they only access files at a certain rate. It is purely advisory, but systems that ignore the robots.txt can be assumed to be malicious and automatically blocked by a firewall. It's normally used to stop irrelevant things from cluttering up search engine listings, or to stop search engines from battering a server with too many requests.
|>>|| No. 13817
n1 m8 gs wont no wot hit it.jpg
Why bother? There's nothing of security interest here. If Spooks In Specs, Gigantic Crania Hacking Quietly or Mission Impossible 5 decide they'd like a poke around some corner of the domestic internet I strongly doubt even .gs' legendary webmaster could keep them at bay.
I'm not advancing the 'nothing to hide, nothing to fear' trope, just saying it's a bit of a pointless concern. Like investing in a sturdier umbrella to protect against meteorite strikes you don't need it and it wouldn't work if you did. Must say I love the image of some whizzkid locked away in the Doughnut trawling through /iq/ and trying not to snigger.
|>>|| No. 13819
>Must say I love the image of some whizzkid locked away in the Doughnut trawling through /iq/ and trying not to snigger.
It's not about people, it's about algorithms. HTTPS thwarts the bulk collection and analysis of intercepted data. It forces the spooks to work for their intel, rather than getting an instant picture of who you are, who you know and what you think just by searching for your name in a database.
If you're a target then you're fucked, but good data hygiene can stop you from becoming a target, it can stop you from getting swept up in a dragnet.
|>>|| No. 13821
Damned near anything that the government considers suspicious. Socialising with the wrong people, visiting the wrong website, signing the wrong petition, travelling to the wrong country, exceeding an arbitrary threshold on some nebulous "risk algorithm" based on your browsing history and the content of your e-mails.
Back in the '70s, my dad had an MI5 file because he was a Student Union rep. Special Branch put me under surveillance because I was involved in the Stop The War Coalition. A photographer friend of mine had a "friendly visit" from SO15 because he was spotted taking photos near the Thames Barrier. Given the scale of their resources today, I expect that GCHQ are monitoring a vast number of people.
I know for a fact that this post has been intercepted and logged by GCHQ, and that the keywords in it will increase the risk score associated with my IP address. I doubt that any human being will ever read it, but I know that it's part of the intelligence profile being constructed about me. If I raise enough red flags, an intelligence analyst will have a good rummage through the collected data to see if I'm a wrong'un.
|>>|| No. 13822
>Back in the '70s, my dad had an MI5 file because he was a Student Union rep. Special Branch put me under surveillance because I was involved in the Stop The War Coalition.
And you know this because...?
|>>|| No. 13823
Well for a start you've just posted in an imageboard thread about encryption and GCHQ.
Less facetiously, look at it like this: You lock your door when you leave for work. You're not a criminal, but presumably you're not going to leave a spare key with the police just in case they want to take a look around.
|>>|| No. 13825
Jews, Allah, Mohammed, IRA, Republican, Fertiliser, Jet fuel can't melt steel beams.
|>>|| No. 13826
It's actually more like when you stumble home from the pub, pissed, but then get to the door and find you've left your keys on the bar, so you try and climb over the garden fence so you can get to the shed and get a ladder to go through the bedroom window you left open, but you kick over some paint cans and wake up your neighbour, and they ring the rozzers who come and spend an hour questioning you before they leave, and then when you wake up in the morning you find you've shat yourself.
|>>|| No. 13827
My father learned of the existence of his file the late 90s, after an investigation and legal challenge by Liberty. If memory serves, the matter was precipitated by the Shayler affair.
My own surveillance was overt, I suspect because it was primarily intended to intimidate me. The officers tasked with monitoring me introduced themselves to my friends, neighbours and colleagues. They were gathering intelligence, but they were also sending a clear message. Overt surveillance is a common tactic in the policing of protest and civil disobedience, the most common form being the Met's use of Forward Intelligence Teams.
|>>|| No. 13828
My parents had some overt surveillance too, back in the 70s. It clearly worked because they stopped going to protests and settled down into normal lives and even went as far as to tell me about it as a scare story.
|>>|| No. 13829
Why the fuck do they care about people protesting war? Where's the security threat there?
|>>|| No. 13831
It's an indirect threat. It may prevent action to thwart direct threats elsewhere. See Syria, for example. Protests against engagement persuaded the pollies to prevent us from going in, and the net result was ISIS taking over half the place.[oversimplification]
|>>|| No. 14280
I'll be setting up LetsEncrypt and HTTPS in advance of the October deadline from the Google Chrome team - at that point, any site that is submitting forms and suchlike will get an insecure content warning, which would be quite boring.
|>>|| No. 14381
Pardon the necromancy, but LetsEncrypt makes this cost-free as long as you trust certbot (style encryption). If gs these days uses a cdn, then I give up because I don't know what I'm talking about but if it's still single endpoint it should be doable. "Pound" is a great front-end for whatever service does the work. It's all a layer before it hits brian and a layer where filtering would prevent more traffic... as far as I can see should be fine.
|>>|| No. 14383
I've been looking for this site which I found interesting when it was first posted, so thanks for bumping this thread so I could find it again. I was Googling 'https why' and similar terms and it wasn't coming up.
|>>|| No. 14385
If we were having this conversation in person this is where I would stare at you until you stopped being a dumbarse.
|>>|| No. 14389
It's the Christmas cunt-off and is fairly friendly by our standards.
But agree entirely, obvs.
[ Return ] [ Entire Thread ] [ Last 50 posts ]