[Debconf-team] concerns about storm.debian.net (was Re: Meeting this week: A general sprint on stuff)

To: debconf-team@lists.debconf.org
Subject: [Debconf-team] concerns about storm.debian.net (was Re: Meeting this week: A general sprint on stuff)
From: Laura Arjona Reina <larjona@debian.org>
Date: Thu, 22 Oct 2015 22:20:01 +0200
Message-id: <[🔎] 562944F1.9060905@debian.org>
Reply-to: larjona@debian.org
In-reply-to: <[🔎] 87k2qessph.fsf@delenn.ganneff.de>
References: <8c398896-6b38-439d-a6dc-a1230b165c3c@email.android.com> <[🔎] 0a049a4b-e278-492c-be08-e27ac75181cd@email.android.com> <[🔎] 87k2qessph.fsf@delenn.ganneff.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Joerg

El 22/10/15 a las 19:45, Joerg Jaspert escribió:
> On 14102 March 1977, Laura Arjona Reina wrote:
>>> * sandstorm: larjona, there was some grumbles about sandstorm
>>> (around 20:00 UTC), I asked Ganneff et al to let you know the
>>> issues but what they said in IRC may be sufficient for
>>> feedback?
>> Yes, it's probably enough. I have no logs, can anybody send them
>> to me, please?
> 
> The main point that makes it entirely unusable is its usage of a
> new subdomain for serving the javascript FOR EVERY NEW REQUEST.
> This is beyond stupid and disallows any kind of javascript blocker
> in your browser, unless you allow it to trust the whole debian.net
> domain, which is way too far fetched.
> 
I understand. Would adding storm.debian.net to the white list do the
trick?
I've done it in my Iceweasel with NoScript and it seems to work but
I'm not totally sure.

> I can't imagine any sane reason for that setup, but if someone
> really wants to be crazy that way, make it one domain per user -
> and detect users based on one of ip, cookies, or combinations of
> that. That still will make it near unusable, as everytime your ip
> changes (or the cookie expires if its set to expire) you have to
> re-allow the javascript from another domain, so the IMO only good
> thing is just serving it like anyone else - from one domain.
> 
> Besides that the UI is way more ugly than titanpad, but thats
> personal taste and I may just be used more to titanpad (which, btw,
> is also run by debian people, afaik).
> 

Thanks for the feedback, I will forward to the sandstorm.io people.

Best

- -- 
Laura Arjona Reina
https://wiki.debian.org/LauraArjona
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBAgAGBQJWKUTnAAoJEEw4Yb3McGt0emgMAJCm3t7wwjOPztRJp+93LVq9
BEJ7X495eFTbA50clWfRiMXg1bzh5HS0toI2Tv/JsoeFq5kNGHTdibs/Sof6cWuQ
V5VYVK2l4/wNh3jcjWpixGVjrfmnw09FdaXb+OWNvBpFMYeajJjywUEcFscU6Yi7
QgShttSaap5p1c4ImfqEvPRblndEtdVgsmZDxzZ7+/OsFLs6K1xh91m9/9T7c0AG
+Iy3oZxipgQUYDjvbFATkplqE62YsQ4a3Ma6umBy2WLIUpwkz7kCH0rw4PyC7U9N
vRgcH4tis6Ptd2diibfxtoY38paWIqTfp66QAAzj9Xeva+aWDtT/gXUwcCfpkpY/
L0ox/yFtndSilbxAcgVPQ/QciZey1SodMk6XcIMvMlpUX7asELS6/YSND/WPHebE
UddBMY/fl0JXkeZSjGSd8p8q2EOa4/OlD4p5Zk4dpxi5ThKBbpCjtBg5wprY2YXT
Ao24ddqS6obcu7Koi6nbw7kW7dtVxI1+NPoJppadKQ==
=ohCF
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: [Debconf-team] concerns about storm.debian.net (was Re: Meeting this week: A general sprint on stuff)
  - From: Joerg Jaspert <joerg@debconf.org>

References:
- Re: [Debconf-team] Meeting this week: A general sprint on stuff
  - From: Laura Arjona Reina <larjona@debian.org>
- Re: [Debconf-team] Meeting this week: A general sprint on stuff
  - From: Joerg Jaspert <joerg@debconf.org>

Prev by Date: Re: [Debconf-team] Meeting this week: A general sprint on stuff
Next by Date: Re: [Debconf-team] Protecting Debian from DebConf issues? (was: Collaboratively drafting the next DebConf) delegation
Previous by thread: Re: [Debconf-team] Meeting this week: A general sprint on stuff
Next by thread: Re: [Debconf-team] concerns about storm.debian.net (was Re: Meeting this week: A general sprint on stuff)
Index(es):
- Date
- Thread