Permissions

[chalsall]

Quote:

Originally Posted by chris2be8

The obvious security hole on mersenneforum is that is does not use https to encrypt your password. So the NSA almost certainly know everyone's password (I don't know if Edward Snowden took copies). And anyone else able to sniff traffic will as well.

An important point, which leads to a related issue I'd like to raise...

From my understanding, the hosting environment the forum is currently running on cannot do HTTPS serving. (Please correct me if I'm wrong on that point Mike.)

But in addition to this, because Mike's environment does not include "root access", he (and thus we) are severely constrained -- there are many additional tools which could be brought to bear if Mike had "root". (E.g. real-time responses to "attacks" via log monitoring etc; denyhosts, fail2ban, et al.)

I know Mike is a very modest fellow, and probably (like me) doesn't really enjoy talking about money. But...

I imagine that if additional funds were in Mike's "Donation Box" (which we all know he manages very well and very publicly (read: monthly summary of in, out and balance, etc)) that the forum might be able to be migrated to a better, more sophisticated, and safer hosting environment.

Just putting this out there for public thought -- this point has been raised in the "Admin area" in the past (usually when we're dealing with yet the latest spidering / hacking annoyances associated with running any public forum...).

It wouldn't cost that much more than what is being paid now. But it would be more...

[Xyzzy]

WRT the previous post:

We are comfortable, despite all of the limitations, with the current setup.

It is frustrating, but it works. We are very afraid to break it. We have changed so much code that we are surprised it works at all. None of the changes are documented very well. (Oops!)

If this forum (and wiki) migrated to a real platform we would not have the technical ability or skills to take care of it. We know what we know and we are open to learning new stuff but after hundreds of hours learning all of this we are just happy it works.

That said, if the general consensus was that the forum should fall under a group of individuals who take care of things and make it better then we would acquiesce immediately.

So, to simplify: Nothing much is going to change, unless a highly-trusted group, decides to take charge.



PS - There is an option, somewhere in the control panel, to do HTTPS stuff. But, it costs to get a certificate (?) and it looks real complicated.

[chalsall]

Quote:

Originally Posted by Xyzzy

So, to simplify: Nothing much is going to change, unless a highly-trusted group, decides to take charge.

Mike et al...

From my perspective, you are now, and always will be, ultimately in charge around here.

You own the domain, after all. Everything under that is simply implementation.

[WraithX]

So, why is guest reading turned off again?

If you require membership to post AND read, then you break casual browsing. Heck, (in my limited understanding of the situation) Google won't be able to index this site any more. And I use that quite a bit to search for things on the forum. Also, I just checked, the links provided by Google to this site bring you to a log-in page. This definitely limits how you can share information with the world. And also, it will be harder for legitimate people to know if they want to join this forum if they can't tell what type of discussions go on around here before joining.

I know this isn't a democracy, but I'd vote for members only can post, and guests can read. This way there is no forum/sub-forum/thread that needs moderation from guest posts. This would restore casual browsing by members, guests, and search engines doing indexing.

I know the above won't fix the "how to protect the new member sign-up" process, but you still have that problem in the current members-only scenario as well as the proposed members-post/guest-view scenario.

I'm sure this was discussed before being implemented, but I don't know the pros and cons that lead to the current decision. Can we discuss that here? I personally feel like a members-only forum is going too far. I would like to discuss switching to a members-post/guest-view scenario. Would the forum moderators be willing to talk about that here?

[chalsall]

Quote:

Originally Posted by WraithX

Would the forum moderators be willing to talk about that here?

Our commanding officer (that's meant to be funny, and serious, at the same time) insists that open discussion occurs as much as possible.

[philmoore]

Would it be possible to host a duplicate read-only version of the forum?

[axn]

Quote:

Originally Posted by philmoore

Would it be possible to host a duplicate read-only version of the forum?

Why? It used to be that Information & Answers was the only forum where you could post without registering. All other forums needed you to register before posting, but could be browsed without registering. Just change the settings of I&A also to be the same, and then you have achieved exactly what you wanted with the original. What am I missing?

[Xyzzy]

We are working to find a happy solution. Please be patient.



PS - A read-only search engine archive is one of the items we are investigating.

[NBtarheel_33]

Seems quite simple to me (and I believe was suggested above): Allow open access to www.mersenneforum.org itself, but then require registration (and perhaps initial post moderation/approval) in order to post new messages.

I have been to many forums where this is standard policy. It is quite useful to be able to just lurk long enough to get the information one needs, without having to jump through the hoops of creating and maintaining yet another username/password combination.

I do believe that as long as George has this forum indicated as an official source of help in Prime95, we are potentially shooting GIMPS in the foot by requiring registration just to read posts on this forum. Right or wrong, sensible or not, some folks are *really* bothered by requirements to register and may even go as far as to feel that GIMPS/mersenneforum.org is needlessly invading their privacy with said requirements. This could potentially lead to a loss of new participants in the project.

[LaurV]

Quote:

Originally Posted by NBtarheel_33

some folks are *really* bothered by requirements to register

Agree with that. Nothing bothers me more than a web page asking me to give an user name, password, and other data (as an email address, I had to create fake addresses in the past specially for this purpose) to access its content. Usually I never return back to those sites, and I do maintain a "black list" to avoid wasting time in the future. Edit: facebook is on that list after they were keeping asking me for a telephone number, which I gave them (the right one) but they said that can't reach me. Never went back, for more than 2 years, and made fun of Mrs LaurV when facebook blocked her account few months ago because "it seems to us that you are not a real person", I went like "am I not keeping telling you that for 30 years?" She also never went back since, after few unsuccessful attempts to communicate with them.

[Batalov]

Quote:

Originally Posted by LaurV

...Never went back, for more than 2 years, and made fun of ...
She also never went back since...

When I hear that FB has a billion users, I always think of Nikolai Gogol's "Dead Souls". (This novel is > 170 years old, but people's nature doesn't change really.)

Quote:

Originally Posted by wiki

The story follows the exploits of Chichikov, a gentleman of middling social class and position. Chichikov arrives in a small town and quickly tries to make a good name for himself by impressing the many petty officials of the town. Despite his limited funds, he spends extravagantly on the premise that a great show of wealth and power at the start will gain him the connections he needs to live easily in the future. He also hopes to befriend the town so that he can more easily carry out his bizarre and mysterious plan to acquire "dead souls."