Hi,
what does OpenBSD community think about new trends in web development
HTML5, javascript (jquery), AJAX? Do you block javascript? If so, do
you mind to turn it on sometimes? What browser do you use (lynx,
firefox, chromium, ...)?
I am learning Django at the moment and I would like to know more
On Wed, Feb 23, 2011 at 6:04 PM, Tomas Vavrys wrote:
> Hi,
>
> what does OpenBSD community think about new trends in web development
> HTML5, javascript (jquery), AJAX? Do you block javascript? If so, do
lots of code. lots of untested code.
yes, i block javascript. my blood temp rises a bit when
> They're a fucking disaster security-wise.
+1
> In general, blocking javascript won't get you too far, because most of the
> issues are not in the client, but rather in the use that's made of javascript.
I basically block javascript to stop some adveritising and keep some sites from
crashing f
On Wed, 23 Feb 2011 11:04:58 +0100
Tomas Vavrys wrote:
> Hi,
>
> what does OpenBSD community think about new trends in web development
> HTML5, javascript (jquery), AJAX? Do you block javascript? If so, do
> you mind to turn it on sometimes? What browser do you use (lynx,
> firefox, chromium, ...
On 02/23/2011 08:59 AM, Ana Zgombic wrote:
>> > you mind to turn it on sometimes? What browser do you use (lynx,
>> > firefox, chromium, ...)?
> not much choice. firefox.
>
Regrettably, it is.
Firefox is now more about:
* "users are too stupid to read"
* "let's not have any buttons so user's
On 2/23/11 5:34 PM, Hugo Osvaldo Barrera wrote:
On 02/23/2011 08:59 AM, Ana Zgombic wrote:
you mind to turn it on sometimes? What browser do you use (lynx,
firefox, chromium, ...)?
not much choice. firefox.
Regrettably, it is.
Firefox is now more about:
* "users are too stupid to read"
On 23/02/11 20:56, Andres Perera wrote:
> On Wed, Feb 23, 2011 at 5:57 PM, Hugo Osvaldo Barrera
> wrote:
>> On 02/23/2011 10:35 AM, Chris Bennett wrote:
They're a fucking disaster security-wise.
>>>
>>> +1
>>>
In general, blocking javascript won't get you too far, because most of the
>>>
On Wed, Feb 23, 2011 at 9:20 PM, Hugo Osvaldo Barrera
wrote:
> On 23/02/11 20:56, Andres Perera wrote:
>> On Wed, Feb 23, 2011 at 5:57 PM, Hugo Osvaldo Barrera
>> wrote:
>>> On 02/23/2011 10:35 AM, Chris Bennett wrote:
> They're a fucking disaster security-wise.
+1
> In gen
Just some OT thoughts.
On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote:
> CA's cannot be trusted to even pay attention to carefully securing
> your certificate. Here in the US, the government can simply ask for
> your certificate and get it ( and possibly even use it to impersonate
On Thu, 24 Feb 2011 13:05:09 -0300
Hugo Osvaldo Barrera wrote:
> http://www.startssl.com/
> Why pay if you can have one for free trusted by every major browser?
> Sure, the "class 2" ones are pay-for, but the free one works as well as
I have it working on relayd with a clean firefox profile autom
On Wed, 1 Jun 2011 14:51:42 +
Kevin Chadwick wrote:
> Can someone confirm that they have a default Opera working with a
> startcom ssl certificate via relayd.
Does anyone know if Iphones should work too? Though i don't know if
they even have the root cert.
On Wed, Feb 23, 2011 at 9:21 AM, Olivier Mehani wrote:
> Just some OT thoughts.
>
> On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote:
>> CA's cannot be trusted to even pay attention to carefully securing
>> your certificate. B Here in the US, the government can simply ask for
>> your
I think your guys are into elaborate schemes and totally forgetting low-level
tech/social engineering attack.
Remember that most people out there don't understand https, they will just see
that little lock and think "I'm secure"... yeah, sure, from 3rd party. But
it's so easy to set up a fake site
On Thu, 24 Feb 2011 10:16:36 +0100
Marc Espie wrote:
> the fact that most people reuse the same password,
You hear about that now said to be non existent security firm that was
helping the fbi track down a support group of wkileaks called anonymous
and ended up with all their email on wikileaks b
I am going to point out another factor in my reasoning:
Basically, there is no reason to assume that my self-signed certificate is any
less secure than paying someone who is in a browsers root certificates.
As a contractor in construction, one article I wrote for my potential customers
is how to
On 02/24/2011 11:59 AM, Chris Bennett wrote:
> I am going to point out another factor in my reasoning:
> Basically, there is no reason to assume that my self-signed certificate is
> any less secure than paying someone who is in a browsers root certificates.
>
> As a contractor in construction, on
> http://www.startssl.com/
> Why pay if you can have one for free trusted by every major browser?
> Sure, the "class 2" ones are pay-for, but the free one works as well as
> a self-signed one (except for the "CA sells out like paypal" idea, which
> I admit is possible, though, in the US, the govern
On 02/24/11 17:50, Chris Bennett wrote:
>> http://www.startssl.com/
>> Why pay if you can have one for free trusted by every major browser?
>> Sure, the "class 2" ones are pay-for, but the free one works as well as
>> a self-signed one (except for the "CA sells out like paypal" idea, which
>> I adm
On 02/24/2011 01:50 PM, Chris Bennett wrote:
>> http://www.startssl.com/
>> Why pay if you can have one for free trusted by every major browser?
>> Sure, the "class 2" ones are pay-for, but the free one works as well as
>> a self-signed one (except for the "CA sells out like paypal" idea, which
>>
Am 24.02.2011 um 18:34 schrieb Hugo Osvaldo Barrera:
> I use their web interface to generate them. It gets stuck sometime, buy
> usually works. (Yeah, it's definitely not the best).
Letting them generate one is a stupid idea - then they got your private key.
Better is it to just send them a CSR.
On 26/02/11 19:21, Jonathan Schleifer wrote:
> Am 24.02.2011 um 18:34 schrieb Hugo Osvaldo Barrera:
>
>> I use their web interface to generate them. It gets stuck sometime, buy
>> usually works. (Yeah, it's definitely not the best).
>
> Letting them generate one is a stupid idea - then they got
Am 28.02.2011 um 03:10 schrieb Hugo Osvaldo Barrera:
> You CAN submit the CSR through the web interface.
Nobody doubted that.
--
Jonathan
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of PGP.sig]
On Wed, Feb 23, 2011 at 15:51, Olivier Mehani wrote:
> Just some OT thoughts.
>
> On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote:
>> CA's cannot be trusted to even pay attention to carefully securing
>> your certificate. B Here in the US, the government can simply ask for
>> your ce
On Tue, Mar 22, 2011 at 05:33:01PM +0200, Ciprian Dorin Craciun wrote:
> >> CA's cannot be trusted to even pay attention to carefully securing
> >> your certificate. B Here in the US, the government can simply ask
> >> for your certificate and get it ( and possibly even use it to
> >> impersonate y
24 matches
Mail list logo
