doomed - use! HTTPS Everywhere - google explained why

For friendly off topic discussion not covered in a forum above.
Forum rules
No politics, please.
User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Sun Apr 22, 2018 2:21 am

Reasons got exposed in the Google I/O 2014 talk.

And People have already started to use https even on their intranet. Computers inside the companies, computers whose traffic will never be delivered to the internet outside the company. Even these computers need certificates, SSL, TLS, ... https.

Apple will require HTTPS connections for iOS apps *even for those will run on the intranet* by the end of 2018.

What next? Should I expose any official document released by the government when we take a coffee in the relax area of the company? Yeah, Tim can be the man in the middle and hear the conversation, when I speak about your wife's apple cakes.
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Sun Apr 22, 2018 6:14 pm

shutitalldown wrote:Reasons got exposed in the Google I/O 2014 talk.

And People have already started to use https even on their intranet ...

I wish you wouldn't put this kind of thing up. I was having a perfectly enjoyable Sunday until I made the mistake of looking at this ... thing.

Luckily, I wasn't there. 'Cuz if I had been, you'd be reading about an upset person who leaped onto the stage and ripped ths asshole's throat out with his teeth, then drop-kicked the spinning head out into the audience.

People complain about the cultural revolution but it did serve a purpose. These two worthless creeps need to spend the next ten years mining coal with a pick and shovel.
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

User avatar
Raion-Fox
Donor
Donor
Posts: 1622
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby Raion-Fox » Sun Apr 22, 2018 9:36 pm

Yeah I get that SSL is a pretty poor security system, but since the RSA Encryption Engine never took off (this was the competitor to SSL in the 1990s and featured in NetPositive, the Be Inc. browser) we're stuck with it.

I had to rotate my passwords recently and for Nekochan I had to verify and scrutinize literally everything.

Hell, even a self-signed cert would work to put my mind at ease.
:O3x02L: R16000 700MHz 8GB RAM kanna
:Tezro: Quad R16000 700MHz V12 8GB RAM murasaki
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)

I am probably posting from yangxiaolong, HP Z230 with Xeon E3-1245v3, 16GB RAM, GeForce 750ti, and running Xen on NetBSD dom0 with FreeBSD and Windows 8.1 Embedded.
Owner and operator of http://irix.cc

User avatar
commodorejohn
Posts: 698
Joined: Tue Oct 02, 2012 1:22 pm
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby commodorejohn » Sun Apr 22, 2018 9:49 pm

HTTPS is just an extortion racket pushed by certificate authorities.
Computers: Amiga 1200, DEC VAXStation 4000/60, DEC MicroPDP-11/73
Synthesizers: Roland JX-10/SH-09/MT-32/D-50, Yamaha DX7-II/V50/TX7/TG33/FB-01, Korg MS-20 Mini/ARP Odyssey/DW-8000/X5DR, Ensoniq SQ-80, E-mu Proteus/2, Moog Satellite, Oberheim SEM

robespierre
Posts: 1698
Joined: Mon Sep 12, 2011 2:28 pm
Location: Boston

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby robespierre » Sun Apr 22, 2018 10:00 pm

I don't have time to watch that whole talk; do they mention that SNI completely invalidates their argument about passive eavesdropping and building profiles of users?

slide here shows the profile built by the sites he visited; but SNI means that all those hostnames are always sent in plaintext when HTTPS is used.
:PI: :O2: :Indigo2IMP: :Indigo2IMP:

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Mon Apr 23, 2018 2:30 am

robespierre wrote:I don't have time to watch that whole talk; ...

Me either, the first five minutes was enough to make me start throwing things. Another five minutes of their garbage and I'd have destroyed my monitor, keyboard and probably hanged an innocent bystander with the mouse cable.

It's like watching a gathering of creationists or flat-earthers, except these fools not only have the potential but will in fact, destroy what the internet was intended to be. For nothing ... because their stupid shit does not work. At least, not for its proclaimed purpose.

Morons is an underestimation. In fact they are the minions of satan. Perhaps we could burn them at the stake ?
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

User avatar
jan-jaap
Donor
Donor
Posts: 5071
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby jan-jaap » Mon Apr 23, 2018 3:33 am

commodorejohn wrote:HTTPS is just an extortion racket pushed by certificate authorities.

Letsencrypt ended that two years ago. It's a matter of seconds to install, and renews certificates automatically.

I don't get what the fuss is all about, to be honest. I run techpubs.jurassic.nl, which comes in both flavors (HTTP and HTTPS). It scores well on the Qualys SSL test, but works in the stock 'zilla supplied with IRIX 6.5.30. Since this is a 'special interest' site I don't redirect to HTTPS so even if you visit with with something truly arcane it will work. Want to guess how many people did that the last six months? People are using Internet Explorer, though. :roll:

User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Mon Apr 23, 2018 4:02 am

HTTP or HTTPS. Users are now of two kinds: those who still click on a link without caring at the red-lock, and those who only look at links with green-lock. In their mind everything is not green-lock is insecure, thus to be avoided.

A lot of older URLs will be no more visited.
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Mon Apr 23, 2018 4:21 am

jan-jaap wrote: I run techpubs.jurassic.nl, which comes in both flavors (HTTP and HTTPS).

You are in the tiniest of minorities - people who know what they are doing. The number of sites that fireflop will not access because the owner forgot to add the www prefix to his certificate is appalling. And worse than annoying - it is infuriating. When I cannot go somewhere I want to go purely because some braindead little asshole at Mozilla has decided "it's not saaafe !" but then you also can't go to many of these places with freedom-embracing older browsers because their stinking http is "modern" ...

For the doubleplusungood vision of the future internet, imagine google's boot stamping on a human face — forever.
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Mon Apr 23, 2018 5:33 am

For Chrome on XP those are becoming a "no-go" :roll:

Btw, it's also irritating when you need a datasheet, or when you want to read a paper, and the website complains that it's mandatory to use HTTPs and authenticate through Facebook :roll:
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Mon Apr 23, 2018 5:45 am

shutitalldown wrote: ... authenticate through Facebook

That's satire, right ?
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

User avatar
Dodoid
Posts: 746
Joined: Mon Jul 04, 2016 1:36 pm
Location: Ottawa, Canada
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby Dodoid » Mon Apr 23, 2018 5:58 am

hamei wrote:
shutitalldown wrote: ... authenticate through Facebook

That's satire, right ?

Nope, Facebook logins on third party sites are quite common (though usually there's a way to sign up without one as well). See https://developers.facebook.com/docs/facebook-login .

I do see where shutitalldown is coming from with his "two types of users" though. I have a friend who refused to load pages on Nekochan because it didn't support HTTPS. While I think it would be good if the site supported HTTPS, I think that's a little ridiculous.
:Onyx: :O2000: :Fuel: :Octane: :Octane: :Octane: :O2: :O2: :Indigo2: :Indigo2: :Indy: :Indy:
and a small army of Image

User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Mon Apr 23, 2018 6:20 am

Browing an http-forum has never hurt anyone, even if it's a "red-lock" for today standards.

I wish it was satire, Hame. Anyway, someone of those allows you to *choose* the authentication between Facebook and Google; based on what I usually need to access, it's usually a common practice for paid papers that, ironically, are grabbed from universities, i.e. thesis, short-papers, laboratory reports. I had to create a fake facebook account just to download pdf and zip files.
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Mon Apr 23, 2018 8:03 am

Jonathan Swift wrote: In the name of Security, please sign in with Facebook ...

And people go along with this ... I guess it's true what they say, half the people are stupider than average :D
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

JacquesT
Posts: 503
Joined: Mon Jan 28, 2008 11:50 am
Location: Somerset, UK

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby JacquesT » Mon Apr 23, 2018 1:15 pm

I don't proclaim to know anything about http vs https. I don't use facebook, twitter, snapchat etc. I can't stand social media. I generally don't browse a huge amount as the internet has become a massive advertising billboard, and I can't stand advertising. (Don't have a TV either! :) )

However, with current https issues with firefox, is it possible to port the NetSurf browser to Irix? Its on a few platforms already (RISC OS), Amiga etc) . I believe it was developed for PDAs etc and runs on some very basic hardware?
:Octane: - 1xR12k 400Mhz, 1GB, V8, 18Gb 10K & 36Gb 15K HDD, 6.5.30
:Octane: - 1xR12k 300Mhz, 384MB, SSE, 18Gb 10K HDD, 6.5.30
:O2: :1600SW: - 300Mhz R5200, 384MB, 36Gb 15K HDD, A/V, FPA, 4x CD-ROM, 6.5.30
"Ho Ho," Says the keeper of the beat.


Return to “Everything Else”

Who is online

Users browsing this forum: No registered users and 1 guest