CAA is part of the demos according to the schedule, which I guess won't show up on these streams.
(this thing seems to have too many tracks)
warp plays with joins
CatBuss joined the channel
jesus2099 joined the channel
jesus2099
navap ianmcorvidae : please don’t put all logged in browsing MB into HTTPS m(_ _)m
nikki
why not?
jesus2099
no userjs would work any more (you can activate userjs in HTTPS but it’s not good and it will ask for permission at each page loading)
nikki
it's not each page load actually
jesus2099
and it’s when you are logged in that you want to use userjs (for editing)
nikki
although it is still really annoying in opera
it's whenever you reload opera or change a userscript
jesus2099
I don’t see any reason to HTTPS everything… only secutrity sensitive thing has to (password)
nikki: thanks for this detail but I don’t want to activate userjs on HTTPS in Opera… this will make things worse, even if it asks I fear to reply YES in my bank website by hitting keys too fast or something andf then malicious userjs could do wtf they want
it’s good that Opera asks you often if it’s OK for HTTP userjs, it’s no good that MB goes 100% HTTPS IMO
nikki just checks where user scripts will be included
Freso
jesus2099: If we want to prevent session hijacking, which I believe is one of the concerns, we will want to have all user session traffic encrypted.
nikki
and it's not good that opera asks all the time if the result is that people who would use https don't
jesus2099
Freso: is it a new problem ?
Freso
jesus2099: If not, someone browsing on an open WiFi will send their session cookie unecrypted for anyone nearby to pick up and use for themselves.
jesus2099: Nope.
jesus2099: But that Firefox extension made the problem all the more apparent.
jesus2099
nikki: It’s a good thing Opera asks because I wouldn’t want to have userjs on HTTPS websites (bank, etc.)
Freso
Which is why we're (finally!) seeing sites taking the issue seriously.
jesus2099
ah…
I don’t use Firefox though… is it a problem with Firefiox ?
nikki
jesus2099: they don't need to ask all the damn time to do that. they could ask once asking you to confirm that you know what you're doing, that you understand the risks and you still want to proceed and enable the option you found somewhere in the depths of opera:config
Freso
jesus2099: No, it's a problem with unencrypted data. :)
jesus2099
nikki: Or you would enable HTTPS-MB only, not whole HTTOPS…
Freso: because you said Firefiox
nikki
jesus2099: I'd be fine with that too if it were possible, but it doesn't seem to be
Freso
jesus2099: If you sit on an open WiFi with your laptop or whatever and browse MusicBrainz.org over HTTP, someone else with Firefox and that extension can sniff your session cookie easily and start doing stuff on mb.o as you.
jesus2099: Because the extension that made the problem realise how bad the situation was made for Firefox. I can't remember the name of it. I'll find it. Sec.
jesus2099
"that extension" ← mmhh… isn’t https VERY SLOW btw ?
ah ok some hackings tool
nikki
I haven't noticed any problems with the speed
jesus2099
nikki: we should ticket opera (if only opera tickets were transparent…)
Freso
jesus2099: Not a cracking tool, no. A network inspection tool. Very useful for network admins etc.
jesus2099
Freso: sorry I didn’t understand at firtst…
Freso
jesus2099: Also, HTTPS (or any other protocol over TLS/SSL) isn't necessarily slower than their non-encrypted counter-part. It all depends on the setup.
jesus2099
btw Freso said « Do you keep your userscripts in a repository somewhere? » as CatCat said in userscripts.org … is it why ? :)
but then I have to duplicate copy/paste to userscripts.org… is there a real positive reason ?
Freso
Well, depends on your workflow I guess.
jesus2099
I AM NOT WORKFLOX
Freso
I usually develop against my local Git repository, doing incremental changes.
Once I feel I'm doing changing stuff around and it's ready for publishing, I go to userscripts.org and upload the latest file.
And I just push my changes to GitHub.
jesus2099
I am just workflow EmEditor (it backups at each save but never use them backups anyway) and Opera
what was the fix you wanted Freso btw ? :)
if you remmeebr
Freso
GitHub thus has a much smaller change granularity than the version diffs on UserScripts, plus it allows other people to easily work and continue work on it.
Like... the two people did who forked gm-http2https.
