Dec 23, 16 / Cap 22, 00 02:58 UTC

Re: Forum Feedback/Suggestions List  

@MaskedChimp: Would be nice if do add the recommendations and suggestions from my general feedback topic: https://asgardia.space/en/forum/forum/feedback-11/topic/general-feedback-549/ ( https://asgardia.space/en/forum/forum/feedback-11/topic/general-feedback-549/ )

Specifically:

  • CSS Improvements ( see stylebot screenshots and live sheets )

  • Markdown ( maybe with markdown-extra ) as the formatting standard ( see markdown links at the other topic )

Thank you :)

Dec 23, 16 / Cap 22, 00 03:12 UTC

Comment deleted

  Updated  on Jun 15, 17 / Can 26, 01 16:53 UTC, Total number of edits: 4 times
Reason: "This user no longer wishes to be associated with a tin pot banana republic"

Dec 23, 16 / Cap 22, 00 03:19 UTC

@nihylum: Added! Thank you!

@Clive: As far as I know the forum should be used only in English. The only places a foreign language can be used are their respective regional sub-forums, everything else should be reported to a moderator.

Dec 23, 16 / Cap 22, 00 04:53 UTC

Instead of PM - consider a full comms protocol.

I'd suggest XMPP.

It's open source, well tested and throughly reliable. It's pretty much bulletproof, as far as protocols go. It's what whatsapp was based on, but still retains all the funcitonality and security of XMPP, as it's not been neutered. Embedding a client into a page shouldn't be too difficult, or users could use their own clients.

It supports text, video, voice, file transfers - anything you can wedge into an XML stanza, basically. It can cope 1:1, 1:many and many:many comms. Optionally, it can connect to other XMPP servers, meaning you could connect to the Asgardian run server, and still message me connected to mine. This, again, is optional. Google when running gtalk isolated their XMPP server from others, as an example.

OOTB it should be SSL/TLS complient, and readily support additional layers of OTR and GPG for ensured authenticity and privacy.

There's really not many reasons to not use it.

Dec 23, 16 / Cap 22, 00 12:03 UTC

Comment deleted

  Updated  on Jun 15, 17 / Can 26, 01 16:53 UTC, Total number of edits: 2 times
Reason: "This user no longer wishes to be associated with a tin pot banana republic"

Dec 23, 16 / Cap 22, 00 13:36 UTC

@Clive: Oh! That makes total sense now! :D Yeah, I think that would be an interesting addition.

Dec 23, 16 / Cap 22, 00 13:51 UTC

https://asgardia.space/en/forum/forum/feedback-11/topic/some-ideas-386/?post=689#689

  Last edited by:  Tordt Schmidt (Translator, Asgardian)  on Jan 15, 17 / Aqu 15, 01 00:15 UTC, Total number of edits: 1 time
Reason: Link correction

Dec 23, 16 / Cap 22, 00 14:45 UTC

I would like to add this:

The forums should be moved to a subdomain ( forums.asgardia.space ) for performance purposes ( we could later easier cluster the forum, instead of cluster everything )

The login should be receive a 2FA-Upgrade ( with the option to chose between different Authenticators ).

The login of asgardia.space should be an OpenID-Hub ( http://openid.net ) for asgardia authentication purposes for external projects.

The login of asgardia.space should be an OAuth Provider ( https://oauth.io ) for asgardia authentication purposes for external projects.

  Updated  on Dec 23, 16 / Cap 22, 00 14:46 UTC, Total number of edits: 2 times

Dec 23, 16 / Cap 22, 00 16:14 UTC

Я думаю, каждые сутки должен быть краткий (по важности) отчёт о поступлениях в тему. Далее, синтез по родственной группе тем. Далее, по всему форуму. Это для того чтобы не утонуть в море мнений и сообщений. Раз в неделю промежуточный отчёт и раз в месяц итоги месяца.

Dec 23, 16 / Cap 22, 00 16:35 UTC

Judging by your content, Nihylum, I'm to take it you're completely alien to concepts like "load balancers"?

2FA is actually remarkably insecure, because once you compromise one service this naturally opens up many others. There's many examples of this happening available. The flaw is actually in the human element of the model, and as that's not possible to correct, the entire system is rendered futile.

What can either Open-ID or OAuth offer that cannot be achieved simply by employing X.509? a long established, throughly tested security mechanism.

Dec 24, 16 / Cap 23, 00 18:26 UTC

I'm not seeing a way to flag posts as inappropriate/abusive/etc. Am I missing something?

Dec 24, 16 / Cap 23, 00 20:39 UTC

Authenticator-based TOTP/HOTP-2FA is not insecure, because you do not have any power to control how the authentication will be done, it's impossible to compromise such services. OpenID and OAuth's duty is authentication, X.509's duty is authorization. Why not combining both ?

Dec 24, 16 / Cap 23, 00 21:11 UTC

Hi guys,

Could we allow access on forums posts like we can grant access on google docs, that way users who come together and want to build on ideas can build proposals on the forums in one place and official can keep an eye on whats being suggested.

If we can suggest ideas I have one or two i'd like to share, a ministry of Innovation (posted on Asgardia main page as per request), A SBE (forum post) and partnership with Asgardian citizens personal projects that coincide with Asgardia's primaries goals. Will leave it there for now.

Also we should have our own web browser like google, We could build one and have an app section like google, we could have the main websites AIRC, ROOM, main Asgardia site, forums, then any other projects associated with Asgardia VOA etc. The more users the more income, the more projects associated with, the more users the more funds.

Have a happy holiday season everyone.

Best wishes, Lloyd

  Last edited by:  Lloyd Cox (Asgardian)  on Dec 26, 16 / Cap 25, 00 10:25 UTC, Total number of edits: 3 times

Dec 25, 16 / Cap 24, 00 00:27 UTC

I'm currently using X.509 as an authentication method, as only I can use my certificates, I'm also currently using it as authorisation.

2FA is insecure, becuase it ties it's security to the security of another system - and will instantly assume that any malevolent user that breaches the tertiery system is legitimate - of which there is plenty examples of having happened - then all authentication mechinisms then grant access to hostile entities, making it a lot easier to get into more accounts for a specific target. Breach one account, breach all connected accounts. That sounds secure, honest.

I'm also of the opinion that not all parts of this forum should be publicly acessible - however, I think no parts should be witheld from any Asgardians view. Interpersonal interactions should take place via another medium - possibly the PM mechanism I'm to understand is being worked on, or via a slightly more advanced communications system that's able to do more that will be happening eventually. Innovation should possibly not be a ministry within itself, but be a subsection of the ministry of science and technology. IMHO.

Dec 25, 16 / Cap 24, 00 02:04 UTC

I hope you have ever heard of U2F. Applications can be protected inside the same application domain with 2FA device mechanisms ( Apps, Keys,... ). The intention for Asgardia Oauth Providers is not to grant access by roles, it's to identify citizen identities, that may authorize citizens to register elsewhere without binding an account to another. Nevermind, your judgement is done.

My "Security Vision" is turning Asgardia.space into a Authorization Endpoint but not turning it into another Account-Hub (like Google, Facebook, Twitter or Github). Oauth could help here to commit data back to the authorization endpoint to be verified by a authority and stored later. It's all about the concept, not the common use of a specific technology.

  Updated  on Dec 25, 16 / Cap 24, 00 02:05 UTC, Total number of edits: 1 time