|
Grex > Helpers > #137: Grex System Announcements - Winter 2004/2005 |  |
|
| Author |
Message |
| 25 new of 219 responses total. |
aruba
|
|
response 99 of 219:
| 
Jan 4 16:40 UTC 2005 |
I'll be sending out paper receipts to people who donated to Grex last year
and would like a receipt for tax purposes. So if you'd like a receipt for
your donations, let me know.
|
tsty
|
|
response 100 of 219:
|
Jan 5 00:02 UTC 2005 |
thank janc and the others who made this new system and made the transition
so smooth. stunning! applause!! applause!!
|
jep
|
|
response 101 of 219:
|
Jan 5 03:30 UTC 2005 |
re resp:98: I notice I get a constant stream of pop-ups:
Security Information
This page contains both secure and nonsecure
items.
Do you want to display the nonsecure items?
Is this because the Backtalk buttons are accessible only via "http"?
I'd really like a fix if possible.
Thanks!
|
janc
|
|
response 102 of 219:
|
Jan 5 04:18 UTC 2005 |
Hmmm...interesting. I haven't looked at the code, but yes, very likely the
buttons are being fetched from a plain http URL. However, the buttons are
not in a directory where authentication is required either, so your password
is not being sent in the http requests for the buttons. So why in the world
would we want to encrypt those requests? There's nothing secret about
backtalk buttons. Encrypting them just adds extra overhead on Grex and on
your browser. So I can't think of any sensible reason to encrypt button
requests except to make your silly browser happy. (By the way, what silly
browser is that anyway?) I should probably do it to make silly browser's
happy. Sigh.
|
mooncat
|
|
response 103 of 219:
|
Jan 5 15:39 UTC 2005 |
It's happened to me a couple times, I'm using Internet Exploder... er,
Explorer. ;) Not my fault, it's the only thing work offers and
downloads are not allowed.
|
twenex
|
|
response 104 of 219:
|
Jan 5 15:43 UTC 2005 |
I prefer the term "Exploiter", though the way things are going we might get
a bit less exploitation soon.
|
blaise
|
|
response 105 of 219:
|
Jan 5 17:13 UTC 2005 |
Personally, I prefer "Insecure Explorer".
|
albaugh
|
|
response 106 of 219:
|
Jan 5 17:50 UTC 2005 |
> the way things are going we might get a bit less exploitation soon
Something developing on the MS front?
|
twenex
|
|
response 107 of 219:
|
Jan 5 17:55 UTC 2005 |
No, but Firefox is picking up momentum. A US university (for example) (was
it Princeton?) - just sent an email to all its staff and students urging them
to drop IE for Firefox, because IE is so insecure.
|
jep
|
|
response 108 of 219:
|
Jan 5 18:21 UTC 2005 |
I was using IE from home. Sorry to ask for a fix to such a stupid
problem (and yes, it *is* a stupid problem). Does Firefox handle it
better?
I won't be using https as long as I have to keep clicking on pop-ups in
order to use it.
|
twenex
|
|
response 109 of 219:
|
Jan 5 18:25 UTC 2005 |
Firefox can block popups, but that might disable the secure login itself in
this case. The only other fix I can think of is to email the webmaster and
ask him politely to write better code!
|
blaise
|
|
response 110 of 219:
|
Jan 5 18:32 UTC 2005 |
That's not a popup in the usual sense of the word; it's a browser dialog
window. IIRC, Firefox does not complain about mixed secure and insecure
items on a page; if I am wrong then it has a "never complain about this"
checkbox on the dialog.
|
twenex
|
|
response 111 of 219:
|
Jan 5 18:33 UTC 2005 |
Oh, those. duh. Jim's solution sounds like a winner, though.
|
tod
|
|
response 112 of 219:
|
Jan 5 18:50 UTC 2005 |
ANy of you ever delete the certificate authority roots out of your browsers
and start from scratch?
|
gull
|
|
response 113 of 219:
|
Jan 5 19:53 UTC 2005 |
Nope. Why, you don't trust Versign? ;)
|
cross
|
|
response 114 of 219:
|
Jan 5 20:36 UTC 2005 |
This response has been erased.
|
other
|
|
response 115 of 219:
|
Jan 5 20:43 UTC 2005 |
MSIE has pretty configurable security settings. I'd try looking for
ones that might be applicable here. Depending on how much you rely on
your brain and how much on your browser for secure surfing (you're far
better off with the latter), you might just want to switch the
applicable setting off.
|
jep
|
|
response 116 of 219:
|
Jan 5 21:14 UTC 2005 |
re resp:115: that possibility had not occurred to me. I did this:
Tools > Internet Options > Security > Internet > Custom Level
Under "Miscellaneous" there is a setting "Display Mixed Content" which
is set by default to "Prompt"
I set it to "Enable" and that removed the problem.
Thanks!
|
nharmon
|
|
response 117 of 219:
|
Jan 5 21:14 UTC 2005 |
Re #114
Is a cert from a company really necessary? And the cheapest I've found from
a source I trust (which is either verisign, geotrust, or thawte) is $149/year
(thawte.com).
IMHO, Grex's own certs are plenty fine for what it uses them for.
|
gull
|
|
response 118 of 219:
|
Jan 5 21:24 UTC 2005 |
I agree. I told Firefox to accept Grex's certificate permanently, so I
wouldn't be nagged about it every time. I don't see what benefit a
trust path to an entity that's trusted by default (which is what you're
paying for) would have, here.
|
petercon
|
|
response 119 of 219:
|
Jan 6 15:38 UTC 2005 |
This response has been erased.
|
petercon
|
|
response 120 of 219:
|
Jan 6 15:41 UTC 2005 |
Some people may have more problems in their scripts now that we've
moved away from a SysV UNIX to a BSD UNIX - the "usr/ucb" directory in
a SunOS sytem is where BSD UNIX commands were put in Suns SysV OS.
Something like the move from Korn shell scripts to bash. Shell scripts
using Sun's SysV commands may not work the same in BSD (or be missing
entirely) so be aware.
Also, there are more differences in the directory structure and the
whole environment and deamon setup that may affect scripts written in a
SysV system. Better test your scripts before trusting them.
|
twenex
|
|
response 121 of 219:
|
Jan 6 15:41 UTC 2005 |
Ksh is now under an open source license. Failing that, pdksh might be
available, but it's a klone of ksh88, not 93.
|
twenex
|
|
response 122 of 219:
|
Jan 6 15:41 UTC 2005 |
Er, clone.
|
mfp
|
|
response 123 of 219:
|
Jan 6 15:56 UTC 2005 |
http://www.clonesforjesus.org/
|