[meta] Why is this not on the frontpage? I see links with less than 10 points from an hour ago there, but not this link with more than 10 points from less than half an hour ago. Not that I care that much for this particular link, but it seems strange.
Edit: seems to be there now (approx. 20 minutes later). Maybe there was some change in the ranking algorithm recently? I don't believe I saw it acting like this before.
I like the idea. Some feedback: I started filling out the form but once I realised there was ~10 input fields and not ~2 I just quit. Also, something tells me that you're more likely to actually deliver good matches if you make everything simpler. Not only will you be able to handle the data in a good way but you'll probably have more people join.
Very cool. A similar idea had been buzzing around in my head for the last couple of months - you enter some attributes about yourself and on the other end get 1 match per week with whom you should connect with. Great way to meet new people. You guys beat me to it! Would love to see how this evolves.
EDIT:
After filling out the form, I think some things can be combined/simplified to make it easier to parse:
- Many twitter users I follow tend to be the authors of the blogs I read as well. Maybe just connect with Twitter and get a listing of all the people I follow?
- Also what format should the songs be listed in? or maybe just keep that limited to artists & bands.
- Utilize Facebook Graph to pre-populate interests, music, movies.
Well it definitely provided some mental projections into how wonderful would it be to have more people around me that are interested in achieving the same things. Filling out those forms felt nice and regardless of the results, I feel strangely satisfied.
It says "Anonymous and secure", but I don't see HTTPS in the URL. When I prefix https:// Firefox complains about untrusted certificate. Am I missing something?
Sorry about that! I think the "Secure" copy is a bit misleading. We'll take that down.
What we meant to communicate with "Anonymous and Secure" is, "Feel free to be completely honest because we won't show this information to anyone else, and we won't even ask for your name or identity!"
It was a weekend project finished on little sleep. Sorry abou the "secure" bit.
The certificate being "untrusted" doesn't mean anything about security. It just mean that they have signed it themselves and that no central authorities that you are supposed to trust for whatever reasons has signed it for them. All you want here is an encrypted communication, and you get that with the self-signed certificate as well.
Yes, you get encrypted communication all the way to the person intercepting your internet traffic, and they have an encrypted channel to the server they are relaying your traffic to.
Encrypted communication is not very useful if you aren't sure who you are communicating with. Using a self-signed cert greatly increases this uncertainty.
I would agree with you entirely if I had more reasons to transitively trust the root certificates authorities than to trust the people I believe are building the website, because in reality I don't know any of them. Certificate authority getting hacked and issuing trusted certificates to not trust worthy people have happened already. You may say that you still put more confidence in a certificate that is transitively trusted by those your browser and / or OS vendor chose for you, but why? The SSL certificate system as it is now is highly unsatisfactory to me. I would prefer something decentralized like the GPG trust network.
No. Without a trusted authority or some other means to verify that the self-signed certificate is indeed coming from the site, there is effectively no security because it is trivial to launch a MITM attack.
For some definition of trivial. But you're right, it's not that simple (see below¹, I need to rant first). It's just that it upset me so much each time Firefox (or whatever browser, they all do it) load a webpage with a self-signed certificate and it acts like if I was attacked and my security is compromised or something… It's not worse than HTTP without SSL so why make me click two times like if I don't know what I'm doing? Nowadays it's more easy to do phishing in plain HTTP than in HTTPS: it's stupid.
¹ Actually it depends on your threat-model. If you assume that the first time you connect to the site there is no MITM (like we all do with SSH connections, don't tell me you always double check the fingerprint of the box you are SSHing to for the first time ;-)), then it is okay to trust the certificate as long as it doesn't change.
Sorry, but I think Firefox is doing exactly the right thing (by default) here. If you want it to do something else, I'd imagine there's a setting you can override somewhere.
In practice it is worse than no SSL because it provides a false sense of security to users who have been trained that HTTPS = secure.
I'd love to have some way to add more interests after the fact, because I immediately realized I wanted to add one more thing after I hit submit. Maybe just even resubmit the form with the same email. Or enter your email and it'll bring up a profile. Something like that.
Didn't look at the website yet, but just from the link: Try Google+. I don't know most people that I circled there. Not that I have Facebook, but when I look at Facebook with others it's more like talking to people you already know. With Google+' trending topics (I don't think Facebook has that, nor is Facebook as content-oriented as Google+) it's easy to see others posting about a popular subject, see their profile and posts, and circle them. And of course exploring topics you like with the Google+ search.
Edit: seems to be there now (approx. 20 minutes later). Maybe there was some change in the ranking algorithm recently? I don't believe I saw it acting like this before.