Dec 23, 16 / Cap 22, 00 00:53 UTC
Re: Forum Feedback/Suggestions List ¶
Reason: "This user no longer wishes to be associated with a tin pot banana republic"
Dec 23, 16 / Cap 22, 00 00:53 UTC
Dec 23, 16 / Cap 22, 00 00:57 UTC
Can we have an option to turn off foreign language threads?
@Clive: Could you elaborate on that, please?
Dec 23, 16 / Cap 22, 00 02:58 UTC
@MaskedChimp: Would be nice if do add the recommendations and suggestions from my general feedback topic: https://asgardia.space/en/forum/forum/feedback-11/topic/general-feedback-549/ ( https://asgardia.space/en/forum/forum/feedback-11/topic/general-feedback-549/ )
CSS Improvements ( see stylebot screenshots and live sheets )
Markdown ( maybe with markdown-extra ) as the formatting standard ( see markdown links at the other topic )
Thank you :)
Dec 23, 16 / Cap 22, 00 03:12 UTC
Dec 23, 16 / Cap 22, 00 03:19 UTC
@nihylum: Added! Thank you!
@Clive: As far as I know the forum should be used only in English. The only places a foreign language can be used are their respective regional sub-forums, everything else should be reported to a moderator.
Dec 23, 16 / Cap 22, 00 04:53 UTC
Instead of PM - consider a full comms protocol.
I'd suggest XMPP.
It's open source, well tested and throughly reliable. It's pretty much bulletproof, as far as protocols go. It's what whatsapp was based on, but still retains all the funcitonality and security of XMPP, as it's not been neutered. Embedding a client into a page shouldn't be too difficult, or users could use their own clients.
It supports text, video, voice, file transfers - anything you can wedge into an XML stanza, basically. It can cope 1:1, 1:many and many:many comms. Optionally, it can connect to other XMPP servers, meaning you could connect to the Asgardian run server, and still message me connected to mine. This, again, is optional. Google when running gtalk isolated their XMPP server from others, as an example.
OOTB it should be SSL/TLS complient, and readily support additional layers of OTR and GPG for ensured authenticity and privacy.
There's really not many reasons to not use it.
Dec 23, 16 / Cap 22, 00 12:03 UTC
Dec 23, 16 / Cap 22, 00 13:36 UTC
@Clive: Oh! That makes total sense now! :D Yeah, I think that would be an interesting addition.
Dec 23, 16 / Cap 22, 00 13:51 UTC
Dec 23, 16 / Cap 22, 00 14:45 UTC
I would like to add this:
The forums should be moved to a subdomain ( forums.asgardia.space ) for performance purposes ( we could later easier cluster the forum, instead of cluster everything )
The login should be receive a 2FA-Upgrade ( with the option to chose between different Authenticators ).
The login of asgardia.space should be an OpenID-Hub ( http://openid.net ) for asgardia authentication purposes for external projects.
The login of asgardia.space should be an OAuth Provider ( https://oauth.io ) for asgardia authentication purposes for external projects.
Dec 23, 16 / Cap 22, 00 16:14 UTC
Я думаю, каждые сутки должен быть краткий (по важности) отчёт о поступлениях в тему. Далее, синтез по родственной группе тем. Далее, по всему форуму. Это для того чтобы не утонуть в море мнений и сообщений. Раз в неделю промежуточный отчёт и раз в месяц итоги месяца.
Dec 23, 16 / Cap 22, 00 16:35 UTC
Judging by your content, Nihylum, I'm to take it you're completely alien to concepts like "load balancers"?
2FA is actually remarkably insecure, because once you compromise one service this naturally opens up many others. There's many examples of this happening available. The flaw is actually in the human element of the model, and as that's not possible to correct, the entire system is rendered futile.
What can either Open-ID or OAuth offer that cannot be achieved simply by employing X.509? a long established, throughly tested security mechanism.
Dec 24, 16 / Cap 23, 00 18:26 UTC
I'm not seeing a way to flag posts as inappropriate/abusive/etc. Am I missing something?
Dec 24, 16 / Cap 23, 00 20:39 UTC
Authenticator-based TOTP/HOTP-2FA is not insecure, because you do not have any power to control how the authentication will be done, it's impossible to compromise such services. OpenID and OAuth's duty is authentication, X.509's duty is authorization. Why not combining both ?