X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f
X-Recipient: geda-user AT delorie DOT com
X-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=w9nOGFL8efd13gURnjNRtNZFf1sFfThhoHmnt9j/vWg=;
        b=r2dme4H0cjWyVkslQ7+JX5FPNbb/WJUWgpPKfQ7NAvVAj/nPNLwQ+QmYTmRXo8V+Jw
         /O671V77rw4/fP62RmElrmoHvsjUHK5yh+1dNZjyd+9gNDH219RRu1dIHZAuftTM9Jen
         Xrx+e2gtBfi/irzMFdUraWURtw8c0p9mMyIQP/RHj/UgLS5cTQG4xeIyEGshRR3Z1GsZ
         VY23vQRJM36zRo4cWwKYs2/IE9hdfBoad1i08+MR43qnKqm8khun+GzxDM6YIvHIIdGy
         yUB4D9nnmO6C0AJNoaz0aOJWz2+i3ku+lsAJxa9wcT0A38pM4IOPRVgRdVjqUnmPximZ
         hS3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=w9nOGFL8efd13gURnjNRtNZFf1sFfThhoHmnt9j/vWg=;
        b=traQouaOsL5Z8PJLaAmjU5H7dEHOqNlXhHvFiJTy6L9590NEgEVZkJHRm5R3NpVP5D
         MbXPJX8qG3ZGKAmLjfnv4+1WS5HGAwLAVcZKQfL857e8ayD5p7OP9AGIytfHv0Zl1u8L
         QvgassJns2zIZ4+drvb/PjZj4z/0dXW4TTuaB4zn1XrzEL5uJjZrp0tUzsBUj9wWn73f
         6ueF0DNWeTWMGdP2GzARDPoUVsAjJ1lELcvoyXyYZ2r2eMJSkHHVLCpmrDSUxZQzOYLo
         mRPF0PPYs3D+ciY7Qxcp53Ai0Q3W/XB+PHNjQtRT/wRzAkpdfdy6KUbvBxTHOguT26Jn
         dEhg==
X-Gm-Message-State: AOAM531oP0ipT0vWyyuvAL6RW3GTQRLq7wLemWzAHRDaE1QRcWWnmFFB
	xRTOBb8J+V2uRKwATsPRkHtqn/FlI0sbICbiPHM6Nk48oEQ=
X-Google-Smtp-Source: ABdhPJyTRYdVCgZDNvZJc4ng1ZkMERDQcPJIGsOPMSj3HsNPJ+EoVt5DJZSCXdf37+UryxIG792DPTstG8MJl2h+yl4=
X-Received: by 2002:a05:6512:131f:: with SMTP id x31mr10665005lfu.552.1613441625292;
 Mon, 15 Feb 2021 18:13:45 -0800 (PST)
MIME-Version: 1.0
References: <bde96a88-b800-6222-6138-69de5d03f0c2 AT fastmail DOT com>
 <20210110065529 DOT A5C7E82966EF AT turkos DOT aspodata DOT se> <63b86b32-75be-dbff-7215-e3c35c484808 AT fastmail DOT com>
In-Reply-To: <63b86b32-75be-dbff-7215-e3c35c484808@fastmail.com>
From: "Marvin Dickens (mpdickens AT gmail DOT com) [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com>
Date: Mon, 15 Feb 2021 21:13:34 -0500
Message-ID: <CANEvwqi8u9R5_rQkgcCy=ozuCDQQ0NhjZS2-=QAvBe4V-SGrPQ@mail.gmail.com>
Subject: Re: [geda-user] No https for pcb-rnd
To: geda-user <geda-user AT delorie DOT com>
Content-Type: multipart/alternative; boundary="000000000000f1045c05bb6aa62a"
Reply-To: geda-user AT delorie DOT com

--000000000000f1045c05bb6aa62a
Content-Type: text/plain; charset="UTF-8"

When I see stuff like what is in this thread I am embarrassed. This thread
is TOTAL GARBAGE.
The things that made this project great are gone. I am opting out of this
disaster.

Marvin Dickens

On Sun, Jan 10, 2021 at 6:19 PM Girvin Herr (gherrl AT fastmail DOT com) [via
geda-user AT delorie DOT com] <geda-user AT delorie DOT com> wrote:

>
> On 1/9/21 10:55 PM, karl AT aspodata DOT se [via geda-user AT delorie DOT com] wrote:
> > Girvin Herr:
> >> In the name of computer security, I am going through all of my browser
> >> bookmarks and rejecting all websites that do not support the https
> >> protocol.
> > ...
> >
> > So would a self signed certificate suffice -- since then you are using
> > "https".
> >
> > And next, what kind of security do you want ?
> > a, the middleman cannot see what you transfer
> > b, the middleman cannot change what you transfer
> > c, the middleman cannot cannot see that you have contact or are
> >     transferring (https doesn't solve that)
> > d, to be sure that the site is indeed authentic (use dns-sec for that)
> > e, something else I haven't thought about
> >
> > If you don't trust a self signed certificate, why would you trust
> > some random certificate authority and not some person writing
> > useful code that serves us well. See e.g.
> >
> https://www.theregister.com/2013/12/10/french_gov_dodgy_ssl_cert_reprimand/
> >
> > You know, https isn't the final answer to computer security.
> >
> > And lastly, why don't you do a simple request on the pcb-rnd mailing
> > list, what has geda-user have to do with this.
> >
> > Regards,
> > /Karl Hammar
> >
> Karl,
>
> I don't know why you are so resistant to computer security. The majority
> of websites I visit and I have bookmarks for are already https
> compliant, including many, if not most, open source websites like gEDA.
> I finally got to my gEDA bookmarks and the gEDA websites are not https
> compliant either! It is about time the gEDA websites get on the
> bandwagon and improve their website security. Not having a web server, I
> cannot attest to what is needed to add a https port, but IMHO not doing
> so is risky. https is not the end-all of security. It takes constant
> vigilance to keep up with the bad guys and the tools, such as https,
> help and it should be a minimum.
>
> Why did I post my concern about pcb-rnd on this forum? Good question. I
> thought about it a while and decided that since pcb-rnd was on this
> forum in the past, and that it may be polled by the pcb-rnd devs, and
> that some pcb-rnd users who read the postings on this forum should know
> that the pcb-rnd website may not be as secure as they think, I decided
> to post here. That may be a political mistake and I apologize if it
> offends anyone, but I thought I was doing other users a service and
> maybe a push for the pcb-rnd server maintainer to add a https portal.
> Now that includes gEDA too. I hope the gEDA server maintainers create a
> https portal on the web server(s) asap. We all must be serious about
> computer security because there are a lot of bad guys out there.
>
> HTH.
>
> Girvin
>
>
>

--000000000000f1045c05bb6aa62a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">When I see stuff like what is in this thread I am embarras=
sed. This thread is TOTAL GARBAGE.<div>The things that made this project gr=
eat are gone. I am opting out of this disaster.</div><div><br></div><div>Ma=
rvin Dickens</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" cla=
ss=3D"gmail_attr">On Sun, Jan 10, 2021 at 6:19 PM Girvin Herr (<a href=3D"m=
ailto:gherrl AT fastmail DOT com">gherrl AT fastmail DOT com</a>) [via <a href=3D"mailto:=
geda-user AT delorie DOT com">geda-user AT delorie DOT com</a>] &lt;<a href=3D"mailto:ged=
a-user AT delorie DOT com">geda-user AT delorie DOT com</a>&gt; wrote:<br></div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-widt=
h:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-le=
ft:1ex"><br>
On 1/9/21 10:55 PM, <a href=3D"mailto:karl AT aspodata DOT se" target=3D"_blank">k=
arl AT aspodata DOT se</a> [via <a href=3D"mailto:geda-user AT delorie DOT com" target=3D=
"_blank">geda-user AT delorie DOT com</a>] wrote:<br>
&gt; Girvin Herr:<br>
&gt;&gt; In the name of computer security, I am going through all of my bro=
wser<br>
&gt;&gt; bookmarks and rejecting all websites that do not support the https=
<br>
&gt;&gt; protocol.<br>
&gt; ...<br>
&gt;<br>
&gt; So would a self signed certificate suffice -- since then you are using=
<br>
&gt; &quot;https&quot;.<br>
&gt;<br>
&gt; And next, what kind of security do you want ?<br>
&gt; a, the middleman cannot see what you transfer<br>
&gt; b, the middleman cannot change what you transfer<br>
&gt; c, the middleman cannot cannot see that you have contact or are<br>
&gt;=C2=A0 =C2=A0 =C2=A0transferring (https doesn&#39;t solve that)<br>
&gt; d, to be sure that the site is indeed authentic (use dns-sec for that)=
<br>
&gt; e, something else I haven&#39;t thought about<br>
&gt;<br>
&gt; If you don&#39;t trust a self signed certificate, why would you trust<=
br>
&gt; some random certificate authority and not some person writing<br>
&gt; useful code that serves us well. See e.g.<br>
&gt;=C2=A0 =C2=A0<a href=3D"https://www.theregister.com/2013/12/10/french_g=
ov_dodgy_ssl_cert_reprimand/" rel=3D"noreferrer" target=3D"_blank">https://=
www.theregister.com/2013/12/10/french_gov_dodgy_ssl_cert_reprimand/</a><br>
&gt;<br>
&gt; You know, https isn&#39;t the final answer to computer security.<br>
&gt;<br>
&gt; And lastly, why don&#39;t you do a simple request on the pcb-rnd maili=
ng<br>
&gt; list, what has geda-user have to do with this.<br>
&gt;<br>
&gt; Regards,<br>
&gt; /Karl Hammar<br>
&gt;<br>
Karl,<br>
<br>
I don&#39;t know why you are so resistant to computer security. The majorit=
y <br>
of websites I visit and I have bookmarks for are already https <br>
compliant, including many, if not most, open source websites like gEDA. <br=
>
I finally got to my gEDA bookmarks and the gEDA websites are not https <br>
compliant either! It is about time the gEDA websites get on the <br>
bandwagon and improve their website security. Not having a web server, I <b=
r>
cannot attest to what is needed to add a https port, but IMHO not doing <br=
>
so is risky. https is not the end-all of security. It takes constant <br>
vigilance to keep up with the bad guys and the tools, such as https, <br>
help and it should be a minimum.<br>
<br>
Why did I post my concern about pcb-rnd on this forum? Good question. I <br=
>
thought about it a while and decided that since pcb-rnd was on this <br>
forum in the past, and that it may be polled by the pcb-rnd devs, and <br>
that some pcb-rnd users who read the postings on this forum should know <br=
>
that the pcb-rnd website may not be as secure as they think, I decided <br>
to post here. That may be a political mistake and I apologize if it <br>
offends anyone, but I thought I was doing other users a service and <br>
maybe a push for the pcb-rnd server maintainer to add a https portal. <br>
Now that includes gEDA too. I hope the gEDA server maintainers create a <br=
>
https portal on the web server(s) asap. We all must be serious about <br>
computer security because there are a lot of bad guys out there.<br>
<br>
HTH.<br>
<br>
Girvin<br>
<br>
<br>
</blockquote></div>

--000000000000f1045c05bb6aa62a--