[Act] concern about http://act.perlconference.org/tpc-2018-glasgow/

Roman Baumer roman at baumer.org
Fri Jul 6 13:19:19 CEST 2018 

Dear Act maintainers,

I would (again) offer for volunteering to get letsencrypt working together with Act.
Let me know how I can help.

Regards,
Roman

> On 6 Jul 2018, at 11:38, Mark Keating <m.keating at shadowcat.co.uk> wrote:
> 
> Hi Sebastian,
> 
> You're right this is an issue. The correct people to contact are the ACT maintainers (ACT is the underlying system that powers the conference site) and they are available via the ACT mailing list:
> 
> act at mongueurs.net <mailto:act at mongueurs.net>
> 
> I have cc'd them into this email so that they are aware of it. I am fairly certain that they know there is an issue but it is always good to open the dialogue as there may be a way for others to help.
> 
> Kind regards
> 
> Mark
> 
> On 05/07/2018 19:41, Sebastian Strajan wrote:
>> Hi Mark,
>> 
>> I'm contacting you because I couldn't find a contact form for the http://act.perlconference.org/tpc-2018-glasgow/ <http://act.perlconference.org/tpc-2018-glasgow/> website.
>> I found out that you published some feeds in http://act.perlconference.org/tpc-2018-glasgow/atom/en.xml <http://act.perlconference.org/tpc-2018-glasgow/atom/en.xml> and I tough that you may be able to help me or at least recommend somebody else for this.
>> 
>> It seems that the website doesn't provide an HTTPS version.
>> My concern is because the website provides a login page which sends the credentials in clear text, which can be captured with ease by somebody else and after that they can track everything in my account.
>> Also for users that reuse passwords this is a hazard, because all their/multiple accounts can be compromised because of logging on the conference website from an unsecure network (almost any public WIFI can be categorized as unsecure).
>> 
>> Moving from HTTP to HTTPS shouldn't be that hard, and now it can be done freely via https://letsencrypt.org <https://letsencrypt.org/>
>> If you are unfamiliar with the https://letsencrypt.org <https://letsencrypt.org/> here are more details:
>> - can generate for free a HTTPS certificate that you can use for your website(s)
>> - you can use the https://certbot.eff.org <https://certbot.eff.org/> to generate the certificate via CLI in a Linux box (you just need a webserver that can host temporarily a file - in order for letsencrypt to be able to validate that you are the owner of the domain for which the certificate is generated)
>> - certificate is valid for 90 days (this should be enough for manual generation - until the conference ends this will be valid, and after that the certificate will ensure encryption for the traffic, but the browser will tell you that the certificate has expired - it can be renewed if it is needed with the same process)
>> 
>> If you need more info or help please let me know and I'll do my best in helping you.
>> 
>> In case I need to contact somebody else please let me know.
>> 
>> Thanks,
>> Sebastian Strajan
> 
> -- 
> Mark Keating             |   Writer, Photographer, Cat-Herder
> 
> Director                 |   Shadowcat Systems Limited
>                              Enlightened Perl Organisation
>                              Lancaster and Morecambe Makers
>                              FLOSSUK (UKUUG Limited)
> 
> Community Contributor    |   The Perl Foundation
>                              Enlightened Perl Organisation
>                              Lancaster and Morecambe Makers
>                              FLOSSUK
>                              Digital Lancaster
>                              Independent Lancaster
>                              Lancaster Hour
>                              Ethical Small Trader's Association
> 
> Social Links             |   http://shadow.cat/blog/mark-keating/ <http://shadow.cat/blog/mark-keating/> 
>                              http://linkedin.com/in/markkeating <http://linkedin.com/in/markkeating>
>                              @shadowcat_mdk       
> 
> 
> Shadowcat Systems Limited
> Is a Company registered in England and Wales.
> Company address: The Barracks, White Cross, South Road, Lancaster, LA1 4XQ. 
> Company Registration Number: 05420396. 
> Company VAT Number: 868 9313 71 
> 
> Disclaimer
> This email and any attachments to it may be confidential and are intended solely for the use 
> of the individual to whom it is addressed. Any views or opinions expressed are solely those of 
> the author and do not necessarily represent those of Shadowcat Systems Limited.
> 
> If you are not the intended recipient of this email, you must neither take any action based 
> upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you 
> have received this email in error immediately and do not disclose the contents to anyone or 
> make copies thereof.
> _______________________________________________
> Act mailing list
> Act at mongueurs.net <mailto:Act at mongueurs.net>
> http://listes.mongueurs.net/mailman/listinfo/act <http://listes.mongueurs.net/mailman/listinfo/act>

--
Roman Baumer, Rebbergstrasse 5, 8452 Adlikon, Tel. +41 52 508 54 34‬ 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listes.mongueurs.net/archives/act/attachments/20180706/14fb169f/attachment-0001.html>

More information about the Act mailing list