• 🇬🇧󠁿 🇸🇪 🇿🇦 🇮🇪 🇬🇭 🇩🇪 🇪🇺
    European & African
    Drug Discussion

    Welcome Guest!
    Posting Rules Bluelight Rules
  • EADD Moderators: axe battler | Pissed_and_messed

Recruitment EADD Needs YOU....!!! Another mod to join the ranks

Status
Not open for further replies.
felix said:
How much money would it cost to activate this SSL anyway?
Click to expand...
next to nothing. we already have the certificate. so it will take some time (of the site engineer) and there is also a concern about the performance hit or our server which is, even after a recent upgrade, back at capacity.

there's some related reading here: No https + inbox quota unacceptable

alasdair
 
SSL means The Authorities have a slightly harder time of it reading what is going into and out of your computer, because everything is encrypted in transit (although still vulnerable to a person-in-the-middle attack).

But if they can't be bothered with that minor obstacle, they can always just wait till you've posted it on a publically-accessible forum before they read it .....
 
exactly. it's as much of a mistake to overstate the importance of this as it is to understate it.

alasdair
 
You have over 300,000 registered users, you cannot overstate the importance of due diligence and best practice particularly over a security measure that delivers excellent safeguards for a relatively trivial cost and time to implement.

Rather than any paranoid ideas that BL is 'up to something', I think it's just an irresponsible way to operate a site of this size, dealing with this subject matter. I end up feeling BL takes its users for granted and isn't particularly concerned about them.
 
alasdairm said:
indeed. people are quite able - and need - to take responsibility for their own choice.

alasdair
Click to expand...
What nonsense. I didnt know this until ceres pointed it out here. To say that people are 'quite able' is nonsense. lots of people, wrongly assume that their security needs are covered when visiting a website. They wrongly assume PMs are private, because theyre labelled 'private' by whatever site theyre posting or communicating on. It may be their own fault due to their lack of insight or knowledge on the matter, but any site with any integrity would point out the potential for misuse to its userbase, by anyone who chooses to exploit the loopholes.

And if BL already does this, then I missed it, so please accept my apologies.

and just to clarify my point, I wholeheartedly agree that its a users responsibility to understand the risks of posting their information, private or public, but theres a dual accountability on both parties - website and user .... and any responsible website should be obligated to outline the vulnerabilities in security to members posting on its platform/forum etc. Even if its just in the faq etc

its just basic manners, responsiblility, concern for the userbase imo
 
Last edited:
^ my point is that people can inform themselves and, if they feel the security is not adequate, they can choose to not use the site at all or until it's served over https. it's not nonsense. at all.

ceres and drgreenthumb are both making a big stink about this and even those guys continue to use the site. they're both informed on the subject and they have demonstrably decided the risk is low enough to continue using the site. they're saying one thing but doing another. actions speak louder than words.

if somebody wrongly assumes something, that's their incorrect assumption. we're quite open about the lack of https on the site. it's in the FAQ: http://wiki.bluelight.org/index.php/Greenlighters_Guide#A_Brief_Guide_to_Personal_Security

it's always, always somebody else's fault, eh?

alasdair
 
Yes, I am very well informed on the subject, and I'm able to make decisions for myself. The fact I've used the site for x years and continue to do so doesn't in any way mean that I've decided the level of risk is low, only that I can manage my risks where I have agency. I'm just one individual and I'm not acting purely out of self interest. I suspect the majority of registered users are not as informed and therefore unable to manage the risks which will be unique for each of them and therefore deserve some basic protection.

I'm not making a big stink about it atall, I'm just stating the facts without being hysterical.

"saying one thing but doing another; actions speak louder than words." - C'mon, your ssl cert was issued way back on 04/02/2014 and you've acknowledged that it is something you need to implement. I'd say BL's actions say a lot more than mine do.

I don't really like the argument 'if you don't like it go elsewhere', when I have kept coming back to the site because of the good things about it, because it's one of the better forums and does help people, can't you take pride in that and BL's image rather than have this condescending and dismissive attitude towards the people that make BL what it is by posting here?

alasdair said:
it's always, always somebody else's fault, eh?
Click to expand...

you're placing all responsibility onto the individual users, so 'it's not my fault' certainly appears to be BL's attitude considering you are the only ones who can implement TLS for your site!

Anyway, I don't like being made out to be beligerent, you've said you intend to implement this so I will wait and see, I'm not demanding you do it THIS SECOND. Actions speak louder than words as you say...
 
Last edited:
While I've jus got my lappy workin again (I can make music finally!), I tried gettin online and instant bluescreen :|
No modding for me
 
Ceres said:
I suspect the majority of registered users are not as informed...
Click to expand...
my suggestion is that they inform themselves. apparently i'm a monster for suggesting it :)

i think there's a parallel with discussion of ignorance of the law. from Ignorantia juris non excusat:
The rationale of the doctrine is that if ignorance were an excuse, a person charged with criminal offenses or a subject of a civil lawsuit would merely claim that he or she is unaware of the law in question to avoid liability, even if that person really does know what the law in question is. Thus, the law imputes knowledge of all laws to all persons within the jurisdiction no matter how transiently. Even though it would be impossible, even for someone with substantial legal training, to be aware of every law in operation in every aspect of a state's activities, this is the price paid to ensure that willful blindness cannot become the basis of exculpation.
Click to expand...
(my emphasis).

sounds like we'll not agree on this. so, perhaps time to agree to disagree? thank you for your considered responses.

alasdair
 
Mermaid and Ceres: do you insist on this on every other website you visit on the www?

Or are you just making a drama out of fuck all because there happens to be an admin responding to you?
 
Ceres said:
"saying one thing but doing another; actions speak louder than words." - C'mon, your ssl cert was issued way back on 04/02/2014 and you've acknowledged that it is something you need to implement. I'd say BL's actions say a lot more than mine do.
Click to expand...

The only thing it says... is that nothing's changed with Bluelight when it comes to technical implementation, maintenance or modification.

The power to make remarkably simple site/domain changes lie in the hands of people (Owner/Engineers) who, honestly, aren't regular users of the site. Thus, they don't experience the same urgency as day-to-day users (until something becomes untenable and causes a huge stink) and there isn't really a "service level agreement" to get shit done in anything less than geological timescales.

Things that would take you, as a site owner, a matter of hours to identify and implement (upgrades, tweaks, subscriptions, merchandise, etc)... take absolutely AGES on Bluelight. This is thanks largely to its obscure permission set, legacy software, ownership structure and financial set-up. It needs a bit of a rethink, TBH.

SSL probably isn't a technical feature that people especially clamour for but, nonetheless, the same set of "limitations" will have contributed its lack of public progress.

Ali's just relaying the message/party line. Cut the guy some slack... even if he is being as slippery as a soapy tit.
 
Is it the closing date today? If so good luck to all who have applied - with all the shite on here over the last month im in complete admiration to all of you brave enough to put yourself forward for what seems like a most vital but thankless task. I think that we have an excellent team of mods, Julie, Shambles and Scotch are such a good select due to their excellent but very individual approaches to their responsibilities. Hopefully our new mod can complement the existing team by deepening the pool of life experience. Be nice to see a girl get it as it evens out the demographics.... sort of
 
Finally got round to applying.
Do I get a scepter if successful?

I will settle for a cape... ;)
 
SproutOnSmack said:
Finally got round to applying.
Do I get a scepter if successful?

I will settle for a cape... ;)
Click to expand...

Grief with a dollop of being called a Fascist occasionally is what you get. :D

If this threads taught us anything it's, that not many of you a dumb enough to want to mod and a bit about https://.. ;)

Thanks

/closed
 
Status
Not open for further replies.
Top