Security Issues

[Sharlikran]

 Oh - that's not 3.0.31? If that's the only link to it then I'm afraid I'll pass - I won't go anywhere near google.

 

I can respect that however, that just seems silly, but to each his own.  Are you willing to go near Microsoft, specifically a SkyDrive?  If so it's the file named "TES5Edit_r1491.7z"

[Screwball]

As soon as they bought doubleclick.net (   scumbag click tracking ) I pulled the plug. Fortunately there are sites which perform anonymous searches using google (but don't pass on any info)

 

Thanks for trying - but typically "you need to upgrade your browser" (with no fallback option, of course).

[Sharlikran]

So aside from who acquired who and your personal views on the subject, were you able to get the file from my Skydrive?

[Arthmoor]

adblock + ghostery = no more doubleclick.net problems.

[Screwball]

 No. It simply told me to upgrade (which I will not do - took me a long time to lock it down satisfactorily) and provided links to do so. There was no "continue anyway" type option, so I couldn't. Even youtube allows you to just carry on...

[Screwball]

adblock + ghostery = no more doubleclick.net problems.

NoScript = no need for AdBlock (or ghostery, probably). And anyway, it's more a matter of principle than anything else.

[Arthmoor]

We're getting off topic obviously, but I find NoScript to be highly annoying in that it blocks too much functionally useful stuff pretty much everywhere.

[Screwball]

It does, but in the process it blocks all the hidden, insidious crap infecting most websites as well. This is not just about adverts.

Yes, we're well OT now - sorry about that. The only reason I asked for the script in the first place was to help identify the problem items causing so many log errors. You guys can use the script - I'll have to be satisfied with simply reporting the problems as they arise.

[DayDreamer]

While off topic, is about getting useful stuff such as this code. We can help Screwball.

 

I'm a Firefox NoScript + HTTPS_Everywhere kinda guy, but also keep a copy of Chrome, access the site as a private connection, and quit with clear browsing data. The Chrome folks are pretty good on privacy and security, too.

 

OTOH I like NoScript because I can turn on exactly and only those scripts I want to allow temporarily, and they go away as soon as I quit. For AFK, I have everything allowed except Facebook and Google-analytics.

 

And remember that Doubleclick was truly evil -- Google bought and cleaned it up a lot! I'm grateful to them for it. And for a place to host open source.

[Screwball]

 Unfortunately Chrome IS google and therefore on the blacklist, though the idea of a "private connection" is one worthy of consideration - if I can find another browser which supports it. I too simply block all scripts by default and only open up those which are absolutely necessary on a per-site basis and temporarily for odd sites I rarely visit.

[DayDreamer]

Unfortunately Chrome IS google and therefore on the blacklist,

As far as privacy and security goes, I trust Google more than any other company. It helps that one of the principal security engineers was my protege, and I know many others. And that the father of one of the founders was one of my professors, etc. And as much as I've criticized Hal Varian about his economics of the internet papers, he's not won all the internal battles for monetarization of personal information -- nor been the worst on the issue.

As I said, the Chrome folks are good on privacy and security. As long as the founders still control the company, we'll be OK.

"Google is your friend" -- the NSA is not!

 

though the idea of a "private connection" is one worthy of consideration - if I can find another browser which supports it.

Firefox pulldown "new private window". Also "clear history when Firefox closes" setting essentially makes your entire session private.

 

I too simply block all scripts by default and only open up those which are absolutely necessary on a per-site basis and temporarily for odd sites I rarely visit.

Glad to hear there's another among us who follows decent security practices. If we only could get this AFK guy to install TLS, especially 2.0....

[Arthmoor]

Except that Google and the NSA are working together. So I can see why Screwball's unwillingness to trust them exists. I don't trust them either so I don't USE Chrome. I test web related stuff with it on either my blog or this site. Nowhere else.

 

Also, I'm not a security guru nor am I a linux guru or anything else of the sort. If there's something you feel the site needs as far as added security, then please ask. Don't make snide innuendo about it on the side because that never ends well. Ya'll are probably lucky I was able to remember enough about this crap to get the site up at all, let alone worry about security protocols that aren't even fully supported by every browser.

[Screwball]

As far as privacy and security goes, I trust Google more than any other company. It helps that one of the principal security engineers was my protege, and I know many others. And that the father of one of the founders was one of my professors, etc. And as much as I've criticized Hal Varian about his economics of the internet papers, he's not won all the internal battles for monetarization of personal information -- nor been the worst on the issue.

As I said, the Chrome folks are good on privacy and security. As long as the founders still control the company, we'll be OK.

"Google is your friend" -- the NSA is not!

 

Firefox pulldown "new private window". Also "clear history when Firefox closes" setting essentially makes your entire session private.

 

Glad to hear there's another among us who follows decent security practices. If we only could get this AFK guy to install TLS, especially 2.0....

 

 It's not just security, or monetisation (god I hate that word), more an attitude - an ethos. Look at everything google have done.

They indexed the entire internet. Did they ask anyone if that was ok? No they did not.

They bought DejaNews (no data there of course - yeah, right...).

Gmail - what a con that is - more data than ever.

Streetview... Chrome... Android... Analytics.... Googleapis... mountains of free data.

See where this is all heading? Do they give a flying f*ck about the users? Sure they do - we're a source of free information. Not if I can help it though.

They're as bad, maybe even worse, than Apple (in a different way) - and that's saying something.

 

New Private Window? Doesn't seem to exist on here. Probably have to upgrade - only to find that Mozilla kindly took out features they shouldn't have

[DayDreamer]

New Private Window? Doesn't seem to exist on here. Probably have to upgrade - only to find that Mozilla kindly took out features they shouldn't have

Firefox 26.0 right under New Tab in the orange box upper left corner on Windows, been there a very long time. I had to look for it, though, as I'm primarily a Mac user.

 

I've been a Mac developer since 1984, and an early Firefox developer (as in before it was called Firefox). I've always viewed Google indexing the Internet and rescuing Deja News (IIRC their first acquisition in 2001) as a good thing! We were losing a lot of old netnews posts as the archives overflowed and universities shut down caching servers.

 

And was investigated by the FBI for treason for publishing cryptography articles. And been a strong advocate for privacy and security in the big-I Internet for decades, having written some of the earliest IP security drafts.... We'll have to agree to disagree.

[DayDreamer]

Except that Google and the NSA are working together.

No, they aren't! In private conversations, security engineers there have been pretty upset that NSA was tapping their private fiber. I'm sure that will be fixed now -- although I'm kinda proud that I raised the issue with them some years ago. Nobody believed me that we needed to protect against domestic fiber taps. Or even dialup taps.

 

If there's something you feel the site needs as far as added security, then please ask.

Get a SSL/TLS certificate for this site, so our login traffic isn't sent in the clear.

Your linode provider has a fair amount of documentation in the library. Your dynadot provider recommends DigiCert, which is over priced. Really, any cheap certificate will do fine.

[Hana]

Hey guys, if you want to whine about Google and browers, please take it to another thread. Some of us watch this thread for important news about TES5Edit.

 

Better yet, maybe the admins can split off all this ranting.

[Arthmoor]

No, they aren't! In private conversations, security engineers there have been pretty upset that NSA was tapping their private fiber. I'm sure that will be fixed now -- although I'm kinda proud that I raised the issue with them some years ago. Nobody believed me that we needed to protect against domestic fiber taps. Or even dialup taps.

That's just something we're not going to agree on given the evidence that's mounting out there.

 

Get a SSL/TLS certificate for this site, so our login traffic isn't sent in the clear.

Your linode provider has a fair amount of documentation in the library. Your dynadot provider recommends DigiCert, which is over priced. Really, any cheap certificate will do fine.

As much as I'd love to do that, I don't have the money. Unless someone wanted to donate to the cause of getting us an SSL cert, the best I could do would be to generate a self signed cert.

 

Better yet, maybe the admins can split off all this ranting.

So it was written, and so it was done

[DayDreamer]

Better yet, maybe the admins can split off all this ranting.

Great idea!

 

That's just something we're not going to agree on given the evidence that's mounting out there.

What evidence?

 

As much as I'd love to do that, I don't have the money. Unless someone wanted to donate to the cause of getting us an SSL cert, the best I could do would be to generate a self signed cert.

While I'm a fan of self-signed for personal websites, most folks don't know how to make them work, and you're trying to run a public site.

But you're not (yet) trying to make money off the site, so a free one would probably be best for you. IMnsHO, the guarantees by the expensive ones aren't worth the paper they are printed on....

http://webdesign.about.com/od/ssl/tp/cheapest-ssl-certificates.htm

 

http://arstechnica.com/security/2009/12/how-to-get-set-with-a-secure-sertificate-for-free/ is a bit dated, but still good.

 

So it was written, and so it was done

Thanks!

[Leonardo]

I find NoScript to be highly annoying in that it blocks too much functionally useful stuff pretty much everywhere.

You don't say...  and I agree NoScript has begun to be a real pain in the ass lately, because right now I'm seriously thinking about to uninstall NoScript once and for all or find an older NoScript version if such version exist.

 

What I find the most annoying about NoScript is that I cannot make NoScript to understand that I do want ALL *harmless* script to be enable with the first "Allow all script" command when it's executed and definitely not XXX attempts later before NoScript finally accept that from its user.

 

[rant] God dammit...    Why in earth should it be so difficult for NoScript to accept my command at the first time and not within 1-3 minutes later.  WHY???   [/rant]

[KNakamura]

I've actually had to disable NoScript entirely, as it blocks my health care exchange site from working. Considering I *pay* for my healthcare through it that's a problem.