Goto Chockstone Home

  Guide
  Gallery
  Tech Tips
  Articles
  Reviews
  Dictionary
  Links
  Forum
  Search
  About

      Sponsored By
      ROCK
   HARDWARE

  Shop
Chockstone Photography
Australian Landscape Photography by Michael Boniwell
Australian Landscape Prints





Chockstone Forum - Chockstone Feedback

Provide Feedback About This Website

 Page 1 of 2. Messages 1 to 20 | 21 to 33
Author
SSL / secure passwords
halcyonCorsair
10-Feb-2014
8:52:01 PM
Is there any chance of getting SSL and secure passwords for the site?
strerror
11-Feb-2014
10:23:30 AM
+1

shortman
11-Feb-2014
10:27:46 AM
Why?

Sabu
11-Feb-2014
10:40:44 AM
You can try sending Mike (the website developer) a PM or email if you want - he's the only person who would be able to answer that.

ajfclark
11-Feb-2014
12:35:33 PM
I'd guess not. Getting a cert worth using costs money and I can't imagine the advertising if covering the costs as is.

Then there's a bunch of overhead in managing the cert, etc.

Given how low value a chockstone login is, I can't see snooping being a real issue.
strerror
11-Feb-2014
1:35:57 PM
bunch of reasons most of which won't make a lot of sense unless you do IT security for a living, I guess the most accessible answer goes something like this.

Most people reuse the same passwords for a majority of things. They shouldn't, it's bad etc etc but they do. So in the interests of not feeding the "bad guys (tm)" any more valid passwords that will work across a variety of logins, it's best if we can prevent it. It's not hard to prevent it and almost any site worth the name these days does authentication via an encrypted mechanism for that reason.
Re the costs, somewhat valid, but personally i'd be happy to accept a chockstone self signed cert for the purpose. Yes it will pop up a security alert saying it's not a big verisign / thwate certificate that cost a lot of money but equally it will go someway to helping enhance the security.

Other concerns include traffic analysis and a bunch of other potential privacy issues which I admit are somewhat esoteric but still relevant.

ajfclark
11-Feb-2014
1:50:08 PM
Having worked support somewhere they thought a self signed cert would do, the volume of support requests involved is insane and unless you actually check the cert it doesn't prevent MITM. While it works for peeps that understand, for those that don't it makes them make life hell for the support staff.

In some other contexts (eg. router to router certs inside an organisation or group thereof) I've actually argued for a local signing authority as we were better equipped to verify the requests than verisign etc but was shouted down.

Sabu
11-Feb-2014
2:00:26 PM
Given this site is effectively supported and maintained on a volunteer basis I would suggest it very unlikely that something like this would be feasible given the extra work requirement and financial cost.

Miguel75
11-Feb-2014
2:31:00 PM
What about a special Chockstone decoder ring. I'm not sure exactly how/if it'll work though I reckon It'd look stylish and be a great talking point while going shirtless at your local crag/drain. Men/women would want you and men/women would want to be you.

Be that as it may, and you new people take note, the first rule of Chocky is we don't talk about climbing! The second rule of Chockstone is we don't talk about climbing and the third rule of Chocky is something really important but I can't remember exactly what it was. I think it involved a stuffed buffalo and a pitching wedge but I can't be sure...

Macciza
11-Feb-2014
3:51:16 PM
Sounds like the internet equivalent of numbly sport climbing . ...

Hey, we do all these weird things that are not really recommended, and we would like the system changed so we can just keep doing what we do rather then what we should do .....

Maybe you all should just have a chockstone specific password .....
strerror
11-Feb-2014
4:08:26 PM
On 11/02/2014 Macciza wrote:
>Sounds like the internet equivalent of numbly sport climbing . ...

not at all, but seeing as that's your pet dead horse to flog, by all means draw the comparison.

>Hey, we do all these weird things that are not really recommended, and
>we would like the system changed so we can just keep doing what we do rather
>then what we should do .....
>
>Maybe you all should just have a chockstone specific password .....

ofcourse everyone should, but that's not the only concern here. Even if it was the only concern, it's a valid one and given how trivial it is to fix, ie enable ssl and put a self signed cert on it, it's not a reason not to do it.

To aj's point, he's right having browser warnings about the cert does often confuse / cause problems, but it's better then nothing if finances are that tight / problematic.

sbm
11-Feb-2014
5:09:40 PM
On 11/02/2014 Macciza wrote:
>Sounds like the internet equivalent of numbly sport climbing . ...
>

Nah Chockstones technology is the internet equivalent of climbing on rigid stem Friends with home sewn slings.

This post is like your climbing partner gently suggesting that you can get C4s for a pretty good price these days, maybe you should have a look some time...?

sbm
11-Feb-2014
5:15:58 PM
On one hand, it's just Chockstone, no one cares unless someone hacks a prominent account to post out of character ethical opinions for laughs.

On the other hand, isn't my Chockstone password the same as the password I use for.... Brb changing password
rolsen1
11-Feb-2014
5:36:55 PM
Surely if you care, cough up the $70 or so (per year) that a certificate would cost and no doubt the admin would implement it.

Yes, and don't reuse your passwords, I use msecure to manage my passwords.
martym
12-Feb-2014
10:29:44 AM
On 11/02/2014 strerror wrote:
>Most people reuse the same passwords for a majority of things. They shouldn't,
>it's bad etc etc but they do. So in the interests of not feeding the "bad
>guys (tm)" any more valid passwords that will work across a variety of
>logins, it's best if we can prevent it. It's not hard to prevent it and
>almost any site worth the name these days does authentication via an encrypted
>mechanism for that reason.

In this day and age if you don't know about password fraud it's your own fault - definitely not the responsibility of an internet forum manager.

I've used the same 6 letter password for most forums & websites i'm not bothered by being hacked - noone's outed me or admitted adultry or abused anyone on my behalf.
Anything worth keeping secure I change every 3 months or so and keep a copy in my desk drawer. If you want access to my bank details - break into my office... my desk is the one on the left when you walk past reception....

ajfclark
12-Feb-2014
10:45:13 AM
I have a few of pages of passwords in my desk drawer too; 8 passwords a line, 80 lines to a page. Have fun.

Mike
13-Feb-2014
9:07:49 AM
Your passwords are encrypted, so even I can't tell what they are.

ambyeok
14-Feb-2014
2:06:54 PM
Encouraging the non-tech savy public to ignore security warnings for self-signed certificates is not a good idea.

For my money we should follow ODH's lead and just post the most offensive content we can - that way if our account gets hacked at least it can't get any worse ;)

IdratherbeclimbingM9
14-Feb-2014
2:37:48 PM
On 14/02/2014 ambyeok wrote:
>(snip)
>For my money we should follow ODH's lead and just post the most offensive
>content we can - that way if our account gets hacked at least it can't
>get any worse ;)

I laughed at that!
Although it has a grain of truth, Chockstone is super-very-mild when compared to many other sites for offensive content...
Congratulations to the Site Moderators for keeping it that way!

If anyone ever hacks my login, then it may only get better?
Heh, heh, heh.

ajfclark
24-Feb-2014
10:14:49 AM
Turns out that if you're on an (unpatched) Apple device SSL is massively broken anyway: https://gotofail.com/

Whoops.

 Page 1 of 2. Messages 1 to 20 | 21 to 33
There are 33 messages in this topic.

 

Home | Guide | Gallery | Tech Tips | Articles | Reviews | Dictionary | Forum | Links | About | Search
Chockstone Photography | Landscape Photography Australia | Australian Landscape Photography | Landscape Photos Australia

Please read the full disclaimer before using any information contained on these pages.



Australian Panoramic | Australian Coast | Australian Mountains | Australian Countryside | Australian Waterfalls | Australian Lakes | Australian Cities | Australian Macro | Australian Wildlife
Landscape Photo | Landscape Photography | Landscape Photography Australia | Fine Art Photography | Wilderness Photography | Nature Photo | Australian Landscape Photo | Stock Photography Australia | Landscape Photos | Panoramic Photos | Panoramic Photography Australia | Australian Landscape Photography | High Country Mountain Huts | Mothers Day Gifts | Gifts for Mothers Day | Mothers Day Gift Ideas | Ideas for Mothers Day | Wedding Gift Ideas | Christmas Gift Ideas | Fathers Day Gifts | Gifts for Fathers Day | Fathers Day Gift Ideas | Ideas for Fathers Day | Landscape Prints | Landscape Poster | Limited Edition Prints | Panoramic Photo | Buy Posters | Poster Prints