Life without FreeBSD Forums is hard!

jbodenmann

Aspiring Daemon

Reaction score: 461
Messages: 680

*Checks notes*
People say that this isn't useful and actually worsens the password situation.
Well, that article also states that this refers to changing one easy-to-remember password for another easy-to-remember password in which case password quality is the main issue and changing a low-quality password regularly is indeed of little benefit.
This does not seem to apply to proper, strong passwords (randomly generated 16+ character passwords).
Other than that, my post was supposed to leave a sarcastic vibe. I certainly don't change my forum password every week.
 

eternal_noob

Daemon

Reaction score: 1,239
Messages: 1,513

I didn't read that article, it was the first on that topic i could find via Google.
Yes, strong passwords are a must! There is no point in using "pasword1234"-style passwords.

Btw. I recognized the sarcasm. 🎉
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 13,892
Messages: 40,608

Your being both an admin and a moderator (and staff), shouldn't you enable 3FA or even 4FA?
Every month I have to pick a rare flower from the top of the Alps and do a ritual with underwear tied on my head.
 

Attachments

  • qZQZra3tUB16ynYlPaVDNlUL0XdbJG.jpg
    qZQZra3tUB16ynYlPaVDNlUL0XdbJG.jpg
    52 KB · Views: 67

astyle

Daemon

Reaction score: 986
Messages: 1,972

😩
The weather was awful in North Carolina, local authorities declared a state of emergency, and there were power outages. Apparently, the power outages also affected the data center where the forums are hosted. Expect the forums' availability to be rather unreliable all winter, until either the weather gets better, or we get a failover host elsewhere, like Arizona.
 
OP
H

hruodr

Daemon

Reaction score: 318
Messages: 1,011

Also note that you can enable 2FA on your forum account
I find more interesting the authentication with client certificates, but I have never seen it on the web.

Even the keygen tag, for easily generating a client certificate on the client machine, keep the private key reachable by the browser and send the public key to the server, is deprecated:

 

msplsh

Aspiring Daemon

Reaction score: 316
Messages: 784

authentication with client certificates, but I have never seen it on the web
I use that on my website to block off admin stuff. It's too complicated for use in mass market solutions, though, due to chain of custody (who creates the keypair, did you write it to some unencrypted place?), installation and revocation issues.
 
OP
H

hruodr

Daemon

Reaction score: 318
Messages: 1,011

It's too complicated for use in mass market solutions, though, due to chain of custody (who creates the keypair, did you write it to some unencrypted place?), installation and revocation issues.
It seems everything with certificates is too complicated for the average user.

Encryption is the solution for the privacy of email and the two standards are old, but we still cannot dream that the masses use it.

Since the web is being used for everything, also for reading mail, I think it could facilitate the use of public key encryption.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 13,892
Messages: 40,608

So far I've gone through a bunch of logs on the host that runs the forums. But everything just abruptly stops Sunday afternoon and has a 3 day gap until it got back up and running this morning. So it wasn't caused by anything running on the forum host itself. We need to look for the root cause beyond my access level.
 

grahamperrin

Son of Beastie

Reaction score: 1,640
Messages: 4,973

Really? There MUST be a cause and it MUST be communicated.

Really? Let's pretend, for a moment, that the cause was a vulnerability. Should the administrators now shout "HERE'S A VULNERABILITY"?

Demanding openness is not appropriate.
 

eternal_noob

Daemon

Reaction score: 1,239
Messages: 1,513

Demanding openness is not appropriate.
Of course it is. Hiding vulnerabilities doesn't help with credibility and trust.
It causes concern that there isn't a statement from the foundation yet.

It may not only a problem with the forums but the whole infratructure may be compomised. The home page (freebsd.org) was down too for a short time.
Additionally to the problems with the forum, I've noticed problem with pkg upgrading, every time I tried it, pkg complained about package size mismatch error (more precisely it was openjdk in a loop).
What about the packages? Are they clean? Do i install a trojan if i upgrade them?
 
Top