CAA is part of the demos according to the schedule, which I guess won't show up on these streams.
2012-10-09 28352, 2012
warp
(this thing seems to have too many tracks)
2012-10-09 28346, 2012
warp plays with joins
2012-10-09 28305, 2012
CatBuss joined the channel
2012-10-09 28311, 2012
jesus2099 joined the channel
2012-10-09 28345, 2012
jesus2099
navap ianmcorvidae : please don’t put all logged in browsing MB into HTTPS m(_ _)m
2012-10-09 28303, 2012
nikki
why not?
2012-10-09 28314, 2012
jesus2099
no userjs would work any more (you can activate userjs in HTTPS but it’s not good and it will ask for permission at each page loading)
2012-10-09 28331, 2012
nikki
it's not each page load actually
2012-10-09 28336, 2012
jesus2099
and it’s when you are logged in that you want to use userjs (for editing)
2012-10-09 28339, 2012
nikki
although it is still really annoying in opera
2012-10-09 28300, 2012
nikki
it's whenever you reload opera or change a userscript
2012-10-09 28314, 2012
jesus2099
I don’t see any reason to HTTPS everything… only secutrity sensitive thing has to (password)
2012-10-09 28316, 2012
jesus2099
nikki: thanks for this detail but I don’t want to activate userjs on HTTPS in Opera… this will make things worse, even if it asks I fear to reply YES in my bank website by hitting keys too fast or something andf then malicious userjs could do wtf they want
2012-10-09 28354, 2012
jesus2099
it’s good that Opera asks you often if it’s OK for HTTP userjs, it’s no good that MB goes 100% HTTPS IMO
2012-10-09 28302, 2012
nikki just checks where user scripts will be included
2012-10-09 28346, 2012
Freso
jesus2099: If we want to prevent session hijacking, which I believe is one of the concerns, we will want to have all user session traffic encrypted.
2012-10-09 28356, 2012
nikki
and it's not good that opera asks all the time if the result is that people who would use https don't
2012-10-09 28316, 2012
jesus2099
Freso: is it a new problem ?
2012-10-09 28320, 2012
Freso
jesus2099: If not, someone browsing on an open WiFi will send their session cookie unecrypted for anyone nearby to pick up and use for themselves.
2012-10-09 28323, 2012
Freso
jesus2099: Nope.
2012-10-09 28342, 2012
Freso
jesus2099: But that Firefox extension made the problem all the more apparent.
2012-10-09 28344, 2012
jesus2099
nikki: It’s a good thing Opera asks because I wouldn’t want to have userjs on HTTPS websites (bank, etc.)
2012-10-09 28355, 2012
Freso
Which is why we're (finally!) seeing sites taking the issue seriously.
2012-10-09 28325, 2012
jesus2099
ah…
2012-10-09 28336, 2012
jesus2099
I don’t use Firefox though… is it a problem with Firefiox ?
2012-10-09 28340, 2012
nikki
jesus2099: they don't need to ask all the damn time to do that. they could ask once asking you to confirm that you know what you're doing, that you understand the risks and you still want to proceed and enable the option you found somewhere in the depths of opera:config
2012-10-09 28314, 2012
Freso
jesus2099: No, it's a problem with unencrypted data. :)
2012-10-09 28317, 2012
jesus2099
nikki: Or you would enable HTTPS-MB only, not whole HTTOPS…
2012-10-09 28332, 2012
jesus2099
Freso: because you said Firefiox
2012-10-09 28337, 2012
nikki
jesus2099: I'd be fine with that too if it were possible, but it doesn't seem to be
2012-10-09 28310, 2012
Freso
jesus2099: If you sit on an open WiFi with your laptop or whatever and browse MusicBrainz.org over HTTP, someone else with Firefox and that extension can sniff your session cookie easily and start doing stuff on mb.o as you.
2012-10-09 28319, 2012
Freso
jesus2099: Because the extension that made the problem realise how bad the situation was made for Firefox. I can't remember the name of it. I'll find it. Sec.
2012-10-09 28322, 2012
jesus2099
"that extension" ← mmhh… isn’t https VERY SLOW btw ?
2012-10-09 28338, 2012
jesus2099
ah ok some hackings tool
2012-10-09 28355, 2012
nikki
I haven't noticed any problems with the speed
2012-10-09 28358, 2012
jesus2099
nikki: we should ticket opera (if only opera tickets were transparent…)
2012-10-09 28359, 2012
Freso
jesus2099: Not a cracking tool, no. A network inspection tool. Very useful for network admins etc.
2012-10-09 28352, 2012
jesus2099
Freso: sorry I didn’t understand at firtst…
2012-10-09 28308, 2012
Freso
jesus2099: Also, HTTPS (or any other protocol over TLS/SSL) isn't necessarily slower than their non-encrypted counter-part. It all depends on the setup.
2012-10-09 28317, 2012
jesus2099
btw Freso said « Do you keep your userscripts in a repository somewhere? » as CatCat said in userscripts.org … is it why ? :)
but then I have to duplicate copy/paste to userscripts.org… is there a real positive reason ?
2012-10-09 28343, 2012
Freso
Well, depends on your workflow I guess.
2012-10-09 28352, 2012
jesus2099
I AM NOT WORKFLOX
2012-10-09 28312, 2012
Freso
I usually develop against my local Git repository, doing incremental changes.
2012-10-09 28336, 2012
Freso
Once I feel I'm doing changing stuff around and it's ready for publishing, I go to userscripts.org and upload the latest file.
2012-10-09 28344, 2012
Freso
And I just push my changes to GitHub.
2012-10-09 28348, 2012
jesus2099
I am just workflow EmEditor (it backups at each save but never use them backups anyway) and Opera
2012-10-09 28312, 2012
jesus2099
what was the fix you wanted Freso btw ? :)
2012-10-09 28318, 2012
jesus2099
if you remmeebr
2012-10-09 28328, 2012
Freso
GitHub thus has a much smaller change granularity than the version diffs on UserScripts, plus it allows other people to easily work and continue work on it.
2012-10-09 28352, 2012
Freso
Like... the two people did who forked gm-http2https.
