• HTTPS with forum & antergos.com


    As Antergos.com contains the master keys, I think it’s security issue that https isn’t enforced there. With https it’s also broken, possibly loading CSS using http which browsers block.

    HSTS could also help with it and as you appear to be using CloudFlare it’s just clicking a few boxes there. Redirecting from http to https with antergos.com and *.antergos.com again is possible with the site rules.

    With Antergos forum I am worried about thye usernames and passwords being transmitted in plain text over the internet so https should be enforced and HSTS should also be enabled.

    Free SSL certificates would be available at least from:

  • who would want to steal our antergos usernames? :smile:

  • @megaman Because it’s possible that the same username/password combination is used elsewhere.

    https://blog.codinghorror.com/welcome-to-the-internet-of-compromised-things/ also gives many reasons for https.

  • It looks like https://antergos.com/ has been somewhat fixed, only the blog posts appear to be broken or just white space.

    I also learned that Upgrade Insecure Requests can be used with similar cases like Antergos.com was, it will just inform the (supported) browser that it should replace http:// with https:// everywhere to avoid mixed content warnings/page not loading properly.

    The forum still seems to be missing https though :(

  • It appears that both issues have been fixed stealthily at some point, so it’s time to move to the next complaint! :D

    Antergos blog needs a comment box Disqus if you cannot get anything else and it would be a lot more friendly to refer to times as UTC instead of making users calculate their GMT offset and calculate offset with GMT and random timezone that random developer is using.


    I should probably also make on-topic forum compant: there is never area to complain about issues I have, where is the “website discussion” area, I can only see “forum discussion”.

  • @Mikaela said:

    Antergos blog needs a comment box

    The blog has comments functionality. You can comment on the posts. Its also enabled on the Wiki.

    Best Regards,
    Dustin

  • @lots.0.logs How do I login?

    Antergos login

  • @lots.0.logs as a idea. can you make the blog post generate a forum post? then people will just be directed to the forum post from the blog. hopefully that made sense. i see this done with vbulletin a lot and seems very effective.

  • ya im not sure where you currently login for the comment section either. hopefully we can just move the blog comments to the forum.

ssl4 hsts1 keys7 security11 Posts 9Views 1886
Log in to reply