LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm sure there's no problem, but just because this is a site about Linux doesn't mean that everything about it is $0 and done through non-profit trusts. Linux runs on servers, which costs money, the servers use network bandwidth which costs money, the servers use electricity and cooling, which costs money. Enterprises using Linux often generate a lot of money. And due to the slightly odd notion of trusted CA's SSL certs implemented in the more professional way also involves money.
But I only just discovered this today, by accident! Shouldn't this be the default? Shouldn't users who for some reason cannot use https be directed to an instruction page for how to obtain it, and everyone else just get https connection?
Also, about the "remember me": according to what I have been told, checking this means that the forum software assumes you have a fixed IP and will automatically log anyone using that IP into your LQ user account. This could be very dangerous for those of us who do not come here from fixed IPs. Can some LQ official give a clear and correct explanation of what checking "remember me" does at LQ?
When I use the feature, I see a lock icon for a second, which is then replaced by another icon, and a mouse over pops up "Warning! Contains unauthenticated content". I presume this is due to problems with RSS feeds or something like that?
Has anyone carefully checked that username and password are transmitted properly encrypted for those using the https feature?
I believe I may have been targeted, or at least affected, by the 15 March 2011 incident known as Comodogate, and by a 15 June 2011 repeat. So I am very concerned that https work properly for me at LQ.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Rep:
We don't currently have the resources to make https the default for everyone, but it's something we offer for those interested. We currently do not serve images via https, hence the warning in some browsers. "Remember Me" is in no way related to IP address, it simply sets a browser cookie that keeps you logged in across sessions.
Fine by me, since I disable image loading anyway, for security reasons. I also have disabled Java and javascript.
Quote:
"Remember Me" is in no way related to IP address, it simply sets a browser cookie that keeps you logged in across sessions.
What if someone steals such a login session cookie? How long is it valid? At some sites it is apparently for a year. That could be disastrous.
In principle, my IP should appear different each time I visit, and could be reused by thousands of different visitors, so it is critically important not to confuse me with any of them.
I have noticed some alarming phenomena which I will explain if further observation confirms (I have only been experimenting with the https for a day).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.