Re: [Dorset] Problem with security certificate
Hi Ralph > What modem-only hardware do you like? DrayTek Vigor 130. I would no longer recommend DrayTek routers, but their modems seem solid. > And did you consider a router that can run OpenWRT or similar? I have one running Tomato, which seems pretty good. My attitude to these things has changed over the years. I now want stuff that Just Works. In the past I've gone for the simpler, and sometimes short term cheaper, solutions, and I've learnt a lot getting them to work. But I don't want to do that any more. I want stuff just to work. So I use: - Andrews & Arnold as my ISP. The best, by an order of magnitude, I've ever used. They are not, contrary to rumour, expensive, although they may cost a little more than what's described on the latest flyer to drop through my letterbox. - ppp + modem for the reasons discussed earlier. - Unbundled services. I don't want something that provides broadband, home phone, television, water and two poached eggs every morning. I want the businesses I buy those things from (well, apart from the eggs) to specialise in those things. - Claws mail, because I'm utterly fed up (bit more than that, actually) of Thunderbird thinking it knows more about what I want to do than I do ("autoconfiguring" mail accounts, downloading everything to a local cache, indexing, having a competition with itself to see how much system load it can generate and how much memory it can use). Maybe it's better these days - I don't use it so I don't know - but I doubt it. - Unifi wifi access points. The best, by far, I've ever used. - Debian, because it is built by people who utterly understand how to produce a secure and maintainable Linux distribution. There is way more to Debian than many realise, but after years of supporting Debian, Red Hat, CentOS and Ubuntu, the depth of thought behind Debian will surface. Red Hat is built by people who know how to make money out of selling Linux; CentOS is built for people who think they want Red Hat but don't want to pay for it; Ubuntu is built for people who are prepared to sacrifice reliability and uptime for the latest shiny thing. Nothing wrong with Red Hat, CentOS, Ubuntu or many of the others if they float your boat and scratch your itch, but they leave my boats itchy and sunk. I am, of course, a grumpy old man. -- "Why does God hate me so much? Is it because I don't believe in him?" - Sidney Morgenbesser -- Next meeting: Bournemouth, Tuesday, 2016-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Problem with security certificate
Hi Keith, > I've given up using such routers, and now run modem only and manage > ppp from the server. What modem-only hardware do you like? And did you consider a router that can run OpenWRT or similar? https://en.wikipedia.org/wiki/OpenWrt My tale of woe... I unpacked an Asus DSL-N55U wifi AP/ADSL modem recently; as a spare its time had come. It had excellent reviews for signal quality, both wifi and ADSL. In practice, I find it has brain-damaged software sitting atop its Linux. It intercepts outgoing DNS requests, not that I want it to. When the ADSL link goes down, it replies 10.0.0.0 for A-record queries. If it's Firefox, it attempts to connect to that, and the modem, on a 192/24 network, intercepts the 10/8 and returns a redirect to a script on the modem's 192 address that displays a very annoying "check your cable is plugged in" page. All "200 OK" in HTTP response terms so Firefox replaces the URL in its Location bar with the modem's crappy 192 one and I've lost the original destination, i.e. it's not "Back". Oh, and for bonus points, Firefox caches DNS answers, about:networking, so even when ADSL returns external servers previously tried are still inaccessible. Marketing must have held the programmer's first born hostage to have him implement such stupidity. fetchmail, ssh, rss2email, etc., aren't too keen on 10.0.0.0 either. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy -- Next meeting: Bournemouth, Tuesday, 2016-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Problem with security certificate
On 02/10/16 17:06, Graeme Gemmill wrote: I'm having a strange problem with a security certificate. I'm not asking every member of this forum to do this, but I would appreciate one or two responses. Enter http://share.gemmill.name/owncloud (i've used Firefox and Konqueror) I used Vivaldi and Chrome and in each case got no response whatever. This is at 8:17 Monday morning. On Vivaldi and on Chrome. This site can’t be reached * * *ggemmill.ddns.net*took too long to respond. Peter M. -- Next meeting: Bournemouth, Tuesday, 2016-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Problem with security certificate
On Sunday, 2 October 2016 17:06:11 BST Graeme Gemmill wrote: > Enter http://share.gemmill.name/owncloud (i've used Firefox and Konqueror) Hmmm. I get timeout messages from that address in both Firefox and Chromium. If I modify the protocol to https:// I get this in Firefox: 'The connection to share.gemmill.name was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.' In Chromium I get: 'This site can’t be reached *share.gemmill.name* unexpectedly closed the connection. Try: * Checking the connection * Checking the proxy and the firewall[1] ERR_CONNECTION_CLOSED ' I saw no Advanced option, just a link to a boilerplate page about security in either browser. -- Terry Coles [1] data:text/html,chromewebdata#buttons -- Next meeting: Bournemouth, Tuesday, 2016-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Problem with security certificate
On Sun, 2 Oct 2016 17:06:11 +0100, gra...@gemmill.name said: > I cannot understand why a router should start imposing security > certificates A lot of domestic routers intercept web browsing, so it wouldn't surprise me to see security certificates. A quick Google showed up this screenshot where you can see that "Web browsing interception" is "automatic". Personally, I've given up using such routers, and now run modem only and manage ppp from the server. http://screenshots.portforward.com/routers/Technicolor/TG582n/System_Configuration.htm -- "Why does God hate me so much? Is it because I don't believe in him?" - Sidney Morgenbesser -- Next meeting: Bournemouth, Tuesday, 2016-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
[Dorset] Problem with security certificate
I'm having a strange problem with a security certificate. I'm not asking every member of this forum to do this, but I would appreciate one or two responses. Enter http://share.gemmill.name/owncloud (i've used Firefox and Konqueror) It links through ggemmill.ddns.net to get round a dynamic IP address problem You will get a "connection is not secure" message. Please examine the reason ( "advanced" if you use Firefox) and examine the certificate details. From my machine, the certificate originates from Technicolor, Edegem, BE. Please confirm your result. The problem is that I created a self-signed certificate in my Apache virtual host stanza for owncloud, which is not the one that is reported. Some weeks ago I had a fibre broadband (hooray!) router installed made by Technicolor. One or two strange things happened after that (e.g. SMTP servers not recognised), but I cannot understand why a router should start imposing security certificates. The Technicolor router is the only Technicolor device on my network. The ISP (Fleur) denies any responsibility, and the manufacturer suggests "we suspect that the "certificate issue" is linked to firefox settings and/or the way firefox handles the certificate negotiations", although as I said it also happens with Konqueror. I can find no certificate on any PC on this network that contains "Technicolorl" Has anyone an idea how to progress? Regards to all Graeme -- Next meeting: Bournemouth, Tuesday, 2016-10-04 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR