Here at work with an annoyingly up-to-date version of FF, I can’t see any imgur pix. Grab the url via quote and try loading it separately, I get some TLS something-or-other error, connection reset, whatever.
At home with my nicely out-of-date pre-quantum version of FF (ie, the last version of FF that worked like it’s supposed to), I ironically can see imgur pix. (More ironic is that I had all of imgur blocked, as 99% of anything from them used to be those ransom-notes that I got sick of seeing.)
The problem with local image-hosting is that it’s all-or-nothing. Anything that irritates the browser or anything else up/down the foodchain means that it’s systemwide whether/not you can see images.
Something like that happens, and the usual “fix” is something along the lines of, “Then don’t use browser X, and use browser Y instead”.
I chose bitwarden because people smarter than me have reviewed the crypto source code and determined that there’s no way the bitwarden service could access my passwords, even if they wanted to. And, I could run my own bitwarden server, on say a RPi, or run a compatible one for free on AWS Lambda.
I log in to BLF with a password like “rGWJi25” that I don’t use anywhere else. So sending that over the Interpipes cleartext (yeah, base64) is a big fat nothingburger.
Nighttime glare? I have a sheet of Rosco amber theatrical filter gel taped to my monitor that I can flip over to reduce the glare.
Plus, ya know, dialing down the brightness.
I tell you, I tried to open it with a recent version of Android Opera (reported user agent and version: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 OPR/56.1.2780.51589,gzip(gfe),gzip(gfe)") aand, for @#$%, this is what I saw:
Chances are the reason you cannot access Imgur at work might be something like VPN, proxy, DNS, antivirus, browser settings, etc. There are many factors that should be checked first.
I had an e-mail conversation with the Bitwarden creator back when it first launched (started in the BizSpark program in 2016) and they were forthright about their business model and intention to get the software audited. I had no concerns afterwards, but still waited to recommend it until after it was on every platform and had matured enough to pass an audit, which it did (as manithree said).
I now recommend it and though it’s free to use even for a 2-person account, I highly suggest paying for the $10/yr Premium or $12/yr Family subscriptions as it’s easily worth that and supports a company whose software is fully open source; it’s rare for a business to operate this way. It’s much cheaper than similar LastPass plans as well, which is still largely closed-source.
Though people are welcome to host their own Bitwarden server, I recommend using the official server as it’s managed by Microsoft Azure and thus has a lot more protection than your own server likely would. Bitwarden doesn’t manage any servers of its own, which means that they can focus on the software itself and the account system. Even then, the password data is client-side encrypted as manithree points out, so your master password can’t be guessed so long as it’s random and more than 14 characters.
I personally use KeePass, but I recommend Bitwarden as it’s fully open source, yet already integrated with the Cloud so that users don’t have to know anything or do anything . It doesn’t have all the technical bells and whistles of KeePass, but it’s much simpler and thus easier for “normal” people to use. I tested the Bitwarden Firefox extension recently and it worked well. All the clients offer a highly unified interface.
I really like BLF’s forum software… more than any other forum I’ve ever used.
It has been very effective at fostering a healthy and productive community. It works on pretty much any device, including low-end “Web 1.0” browsers which I use very frequently. It doesn’t use a ton of RAM or CPU, and doesn’t cause browsers to bloat if a page is left open for a long time. It has a clean layout and a very useful feature set. It responds quickly, and it allows sb to respond quickly when people find creative new ways to make trouble. In general, it “just works”, which is a rare and valuable trait.
And one more big thing, which I haven’t seen in any other forum software — it’s unusually expressive. It doesn’t restrict users to an overly simplistic markup language, so people have a great deal of freedom in how they format their messages. Instead, it allows the majority of HTML and CSS. Want an emoticon the site doesn’t have? No problem — just link it from another site. Want a fancy table in your post? No problem. Want specific fonts, colors, an image which changes on hover, or even animations? No problem. If you can express it in HTML, it’s probably possible… with no need to learn any weird site-specific languages.
For example, the thing I do with custom avatars on a per-post (or even per-paragraph) basis isn’t possible on any other forum software. (or a variety of other fancy formatting… the quoted post there is not a screenshot)
But there are some things I’d probably change:
Add HTTPS
Add a dark theme, since client-side overrides aren’t always possible
Those are the main things. Given enough time and enough boredom though, I’d probably get into some other enhancements too…
Add username notifications
Add an Approval Voting option to the polling system, or perhaps even a Condorcet system
Add a +1/-1 comment rating system, but not like Reddit. People could see and edit their own votes, but it wouldn’t be visible to others. It would instead track the affinity between people, and emphasize or de-emphasize posts based on whose posts the viewer liked or disliked in the past. If you usually like someone’s comments, it would make those stand out… and if you usually dislike someone’s comments, it would make those look partially faded out. So, kind of like an automatic “follow / ignore” system. Also, if a post/person/thread gets a lot of dislikes in a short time, it could let the admin know there might be trouble to resolve.
Those aren’t really important though; just ideas I think could be neat. As I said, I’m pretty happy with things already, with no changes. Usually when I’m on other forums, I find myself sad that it doesn’t have BLF’s features.
I am here to point out an issue which I often have to deal with. As most of you should he aware of, this forum has two editors: simple and advanced. The advanced is HTML, has all the bells and whistles, supports emoticons too but for some reason someone forgot to add an emoticon button to it (you can copy and paste their simple post editor :BLUSH: identifiers); the simple can most stuff a regular user may want. However, there is a problem whenever someone using the advanced editor wants to quote a message written with the simple post editor: it needs to be edited for it to look right because the advanced editor doesn't supports the encoding used by the simple post editor in most aspects (text format, images, links, etc.). And when someone mixes and advanced editor post into his simple post editor one, well, let's say I would prefer for the editor to be unified.
Also, please be aware that when you try to post a link which employs non-ASCII characters you must click/tap the link button in the editor. Failure to do so leads to broken links with the simple post editor, and/or formatting issues when super long links (full of tracking crap) are involved.
I don’t run my own server, mostly because it’s easier for my wife to share my bitwarden vault without having to configure clients and plugins. I switched from keepass recently, and I’ll probably pay for a bitwarden account after I’ve finished my evaluation.
But knowing I have the option to keep using bitwarden, even if they go out of business or are purchased by Oracle is very important to me.
I honestly don’t understand the mindset of people who can convince themselves to use a closed source password manager. I can kinda see how Linux is not for everybody (I guess), but blindly trusting one company with all your passwords, with no way to verify how they are transmitted or stored, is weird to me. I guess it explains why so many scams work, though.
^ This. I had forgotten about that in my initial post, but it is painful to deal with quoted text and links in the different editors. I mostly use the Simple editor myself, but I have to modify quoted text/links so that they’ll work correctly. Many people won’t know much about how to use the markup manually.
I agree with TK that it’s nice to use a forum in pretty much the same way as I did in 1999 :partying_face: . I do understand why it became taboo to allow HTML in user submissions, though :smiling_imp: . Separating post markup from page markup was probably the right move, though obviously some forum developers managed to keep it safe enough to last BLF into 2020 and beyond .
It still allows some extremely obnoxious things… which I’ll take the opportunity not to demonstrate here. But those things haven’t been an issue because, in general, people either don’t want to or don’t know how. In the rare cases that someone has both the ability and the willingness to attack the forum, sb has been vigilant at taking care of the mess.
If the site were scaled up to millions of users instead of thousands, it would probably be necessary to lock down all potential attack vectors. But we’re a relatively small crowd, so that hasn’t been necessary.
“_Separating post markup from page markup was probably the right move, though obviously some forum developers” and administrators “managed to keep it safe enough to last BLF into 2020 and beyond._”
The glaring lack of HTTPS is a major issue that will likely eventually sink the site if not addressed. There are other usability concerns and so forth that need looking at, but SSL is the big one that needs to be looked at first.
But then I work in IT security and have to worry about this stuff for a living.
This pops up from time to time. If members use a password unique to this site what is the concern? There is no financial information of any members on file and extremely limited personal information.
Because eventually Google et al will start adding big security warnings to sites that aren’t secure, and the only way people will be able to browse this site will be by clicking through these warnings.
Then you also have to consider the amount of personal information that does exist, like all the buys and sells where people have PM’d each other addresses. There really should be a warning message on the direct messaging system saying that it is not secure and any personal information should not be sent through the system.
Lastly, security is one of these areas where everything is fine or an accepted risk, until suddenly one day it becomes a huge problem.
. It doesn’t have all the technical bells and whistles of KeePass, but it’s much simpler and thus easier for “normal” people to use. I tested the Bitwarden Firefox extension recently and it worked well. All the clients offer a highly unified interface.
.