On Jun 14, 2018, at 1:51 PM, John Long <codeb...@inbox.lv> wrote: > > having to have browser tabs open for dozens of web forums
I bookmark all of the sites I need to go to regularly and place them in a folder in my browser’s bookmark bar so that I can open them all at once with a Cmd- or Ctrl-Click on the folder. As I read each forum, I close that tab. I actually keep two such folders, “Daily” and “Weekly,” suggesting my visiting frequency, which is set by how often I expect interesting content to appear. > having to come up with and manage > passwords for each of those I’m not aware of any mailing list that doesn’t require a password, if only via some outer SSO provider. Such a thing would be a spammer’s paradise, if it existed. I don’t see this web forum depending on someone else’s SSO solution. (OAuth, OpenID, etc.) That would be very un-Fossil. > and have to actively monitor each one to > see if anything of interest happens to appear Yes, just like Usenet. :) Opening a folder of bookmarks in a browser isn’t much different than opening a Usenet client that’s subscribed to an equivalent number of groups. Both aggregate access to many fora, opened with a single user action. > Most mailing lists assign you a password I subscribe to a whole lot of mailing lists, and I can’t come up with one where I was given the password instead of having to generate it with my password manager. “A small minority,” I believe, but not “most.” Certainly not GNU Mailman as configured at fossil-scm.org or at sqlite.org, at any rate. > and you don't even have to keep track of it; many > email you password reminders on a regular basis If the mailing list is able to email you your password, it’s ripe for attack: they cannot possibly be hashing and salting their passwords, as is industry best practice: https://security.stackexchange.com/q/51959 (Pro tip: if a web site has a maximum password length limit under 32 characters or so, chances are good that they’re storing your password in plaintext, since hashing the password inherently converts it to a fixed length. Higher limits are more likely input sanity limits rather than risk indicators.) The closest to your usability ideal that I’ve seen is automatic password resets via email, which is itself a vulnerability, since it means anyone who can access your email account is able to take over any such service associated with that email account. This is what happened in the famous Mat Honan identity theft: https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/ People say, “Oh, it’s just my Google account, who cares if a bad guy takes that over?” This being the account that is associated with their Android phone, which is associated with their mobile phone company account, which is associated with their credit card account, which is associated with a large chunk of their financial life, so now they’re pwned. Whatever drh decides to build, using a significant slice of his limited time on this planet, which time I have no call on, I expect he will take password security seriously, evidenced by Fossil’s users table: https://www.fossil-scm.org/xfer/doc/trunk/www/tech_overview.wiki (Section 2.2.4.) > Web forums are right out. Would you rather see drh spending time fighting spam or writing useful software? At least if he spends his time building a forum system atop Fossil, we can all use it on our own projects as well. His time spent fighting email spam has much more ephemeral benefits. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users