Hacker News new | ask | show | jobs
by philtaylor 3726 days ago
We will have HTTPS for all services when the beta goes live. Currently, we are just adding people to the waiting list via the website so we didn't feel it was a high priority compared to working on features. However, you have given us something to think about. Thanks for the feedback!
1 comments
SwimAway 3726 days ago
'josh_carterPDX' claimed beta was open now in a comment earlier. Yet you're just adding people to the waiting list? That seems inconsistent.

Security is always a high priority and a fundamental feature for any stage of business. That is especially true when credentials and authorizations are intertwined.

It is SSL*.

link
josh_carterPDX 3726 days ago
The beta is open to some folks that have already signed up. The waitlist is for new beta users. Sorry for the confusion.
link
SwimAway 3726 days ago
You said, "Our beta is open now if you're interested.", to another intrigued commenter 1 hour ago. It's changed since then?
link
josh_carterPDX 3726 days ago
Feel free to sign up. We can add you to the list of interested users. We're hoping to onboard more and more each week.
link
SwimAway 3726 days ago
It is interesting however I feel it is best to wait for your platform to mature. I lack environments to test your product and refuse to use this with anything sensitive. Configuring SSL/TLS is a minuscule process taking only a few minutes, vital for security, that has been neglected. I'll keep your product in mind until these rudimentary basics have been addressed.

Thanks, Josh.

link
nixgeek 3726 days ago
I'd like to disagree with the statement that this can "only take a few minutes" by pointing out, done correctly, essentially everything takes 15+ minutes to accomplish.

As far as SSL/TLS you've got to generate a CSR, get it signed, go poke around in your load balancer and/or application server to reconfigure appropriately, and very probably iterate on your cipher list until SSL Labs (or equivalent) looks good.

If that isn't a contentious view, then I'll go further, building a product has hundreds of these "miniscule" tasks (your words) and added together that's significant time. Whilst you might not agree with the prioritisation, the response that they'd prioritised feature work over ticking off this box was at least honest.

Hat tip to the team for communicating so well in this thread.

link
josh_carterPDX 3726 days ago
Appreciate the candor. The beta is really meant to "test drive" the platform. Hopefully you keep tabs on what we're doing. Thanks!
link