On Wednesday, 10 October, 2018 14:08, Warren Young wrote: >On Oct 10, 2018, at 1:26 PM, Keith Medcalf <kmedc...@dessus.com> >wrote:
>> there is also absolutely no way to perform "positive identity >checks" on a web page post that cannot be equally trivially >falsified. >You’re conflating physical identity with forum identity. >I don’t care whether you have state-approved documentation proving >that your name is Keith Medcalf. What I care to prevent is some >spammer sending messages to the forum or to members of the forum >directly, in your name, just because he happens to know your email >address, which is trivially obtained. But they cannot do that anyway. That is because e-mail coming from me must be contained within an envelope which properly authenticates. If the "inside contents" of the envelope purport to come from me but those contents are contained in an envelope which did not come from me, then your assumption of the validity of the contents of the envelope is your own assinine stupid assumption. Again, you should learn how to authenticate mail (whether the old fashioned paper in an envelope variety or the new electronic body in an electronic envelope variety). That you do not know how to do this is not really my problem. >> And if you think that I am going to create YET ANOTHER LOGIN and >YET ANOTHER PASSWORD just to use some crappy forum software, you have >another think coming. >Once again, Fossil forums don’t require that you create a login and >password: > https://fossil-scm.org/forum/subscribe >You fill out that form, hit Submit, and click the link in the >validation email. No password anywhere. >The “security code” is just a CAPTCHA, and proves that you can read >the ASCII hex code below the form, which so far is a pretty good test >for being a human, rather than a bot. I hate captcha's and will not use them. They require permitting unrestricted third-party code to execute on MY computer. This I do not permit. Granted in this case it is not a third-party captcha that requires permitting third-party code to execute, but that is likely just a happenstance of the moment. >Contrast this mailing list, which *does* require that you create YET >ANOTHER PASSWORD: > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options. Doesn't sound like a password I have to (a) use or (b) remember. I have very few passwords. There are many cryptographically generated ones that I do not care about. On the other hand, if one wants to post to your "forum" other than anonymously, one must create a userid and password, remember that password, and it is probably subject to all sorts of stupidity which prevents the use of cryptographically generated passwords (such as requirements to change the password, restrictions on password length and content, etc). I am not interested in doing that. There are very VERY few instances in which I am interested in doing that. >I think I can summarize the real objection to this plan quite simply: >nobody likes to have their cheese moved. But cheese moves >nevertheless. --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume. >_______________________________________________ >sqlite-users mailing list >sqlite-users@mailinglists.sqlite.org >http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
