Life without FreeBSD Forums is hard!

[jbo@]

*Checks notes*
People say that this isn't useful and actually worsens the password situation.

Well, that article also states that this refers to changing one easy-to-remember password for another easy-to-remember password in which case password quality is the main issue and changing a low-quality password regularly is indeed of little benefit.
This does not seem to apply to proper, strong passwords (randomly generated 16+ character passwords).
Other than that, my post was supposed to leave a sarcastic vibe. I certainly don't change my forum password every week.

 

[eternal_noob]

I didn't read that article, it was the first on that topic i could find via Google.
Yes, strong passwords are a must! There is no point in using "pasword1234"-style passwords.

Btw. I recognized the sarcasm. ?

 

[SirDice]

Your being both an admin and a moderator (and staff), shouldn't you enable 3FA or even 4FA?

Every month I have to pick a rare flower from the top of the Alps and do a ritual with underwear tied on my head.

 

[Crivens]

4FA would be like this?

View: https://m.youtube.com/watch?v=Z-Ij7ElJnqM


And having power loss for days because rain/snow... when do you yanks get your infrastructure in gear?

 

[jbo@]

Every month I have to pick a rare flower from the top of the Alps and do a ritual with underwear tied on my head.

I shall start scouting my surroundings for you from now on.

 

[eternal_noob]

I took a photo of him once.

 

[Crivens]

The "flower" is not this leafy thing, by any chance?

 

[astyle]

?
The weather was awful in North Carolina, local authorities declared a state of emergency, and there were power outages. Apparently, the power outages also affected the data center where the forums are hosted. Expect the forums' availability to be rather unreliable all winter, until either the weather gets better, or we get a failover host elsewhere, like Arizona.

Gov. Cooper issues state of emergency ahead of NC weekend winter weather

North Carolina Gov. Roy Cooper signed a State of Emergency Thursday night ahead of the impending weekend weather.

www.cbs17.com

 

[astyle]

4FA would be like this?

View: https://m.youtube.com/watch?v=Z-Ij7ElJnqM


And having power loss for days because rain/snow... when do you yanks get your infrastructure in gear?

When you let us in for endpoint verification and inspection. No matter how you slice it, Al Gore still paid for it with our money.

 

[hruodr]

Also note that you can enable 2FA on your forum account

I find more interesting the authentication with client certificates, but I have never seen it on the web.

Even the keygen tag, for easily generating a client certificate on the client machine, keep the private key reachable by the browser and send the public key to the server, is deprecated:

<keygen> - HTML: HyperText Markup Language | MDN

The <keygen> HTML element exists to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. It is expected that the <keygen> element will be used in an HTML form along with...

developer.mozilla.org

 

[msplsh]

authentication with client certificates, but I have never seen it on the web

I use that on my website to block off admin stuff. It's too complicated for use in mass market solutions, though, due to chain of custody (who creates the keypair, did you write it to some unencrypted place?), installation and revocation issues.

 

[Cath O'Deray]

How nice to find things back up. Big thanks to the admins, and to any others who may have been involved behind the scenes.

… We will try to provide them if/when we can.

Answers will be nice, but I'll understand if no definite cause can be found.

Every month I have to …

Humour is always appreciated.

 

[eternal_noob]

but I'll understand if no definite cause can be found.

Really? There MUST be a cause and it MUST be communicated.

 

[hruodr]

It's too complicated for use in mass market solutions, though, due to chain of custody (who creates the keypair, did you write it to some unencrypted place?), installation and revocation issues.

It seems everything with certificates is too complicated for the average user.

Encryption is the solution for the privacy of email and the two standards are old, but we still cannot dream that the masses use it.

Since the web is being used for everything, also for reading mail, I think it could facilitate the use of public key encryption.

 

[SirDice]

So far I've gone through a bunch of logs on the host that runs the forums. But everything just abruptly stops Sunday afternoon and has a 3 day gap until it got back up and running this morning. So it wasn't caused by anything running on the forum host itself. We need to look for the root cause beyond my access level.

 

[drhowarddrfine]

SirDice Did it come back up on its own?

 

[covacat]

is it a physical box or a vm ?

 

[eternal_noob]

How are our passwords stored? Hashed and salted or another way?

 

[covacat]

rot13

 

[eternal_noob]

Double rot13

 

[astyle]

Pickled with dill, vinegar and garlic

 

[Cath O'Deray]

Really? There MUST be a cause and it MUST be communicated.

Really? Let's pretend, for a moment, that the cause was a vulnerability. Should the administrators now shout "HERE'S A VULNERABILITY"?

Demanding openness is not appropriate.

 

[eternal_noob]

Demanding openness is not appropriate.

Of course it is. Hiding vulnerabilities doesn't help with credibility and trust.
It causes concern that there isn't a statement from the foundation yet.

It may not only a problem with the forums but the whole infratructure may be compomised. The home page (freebsd.org) was down too for a short time.

Additionally to the problems with the forum, I've noticed problem with pkg upgrading, every time I tried it, pkg complained about package size mismatch error (more precisely it was openjdk in a loop).

What about the packages? Are they clean? Do i install a trojan if i upgrade them?

 

[cederom]

Hello World

 

[drr]

Thanks for getting the forum up and running again.