Re: [OSM-dev] SSL-Certificate for osm.org
On 21/03/16 08:06, Tom Hughes wrote: On 21/03/16 06:16, André Riedel wrote: We've got a bug report at the Chemnitzer Linux-Tage. osm.org should be added as alternative name in the openstreetmap.org certificate. This is important for the link shortener. https://osm.org/go/0MIaEuZzQ-?m= Do we actually generate that name anywhere? or have you just assumed that you can change it to https? Tom The same here, the SSL works correctly for www.openstreetmap.org , and it does not work for www.osm.org It is well known that SSL encrypts a web-page content, but it is less understood that the SSL also encrypts the URL itself (except the domain name). So with SSL (https://) people who monitor a LAN can see that openstreetmap.org (or osm.org) were visited, but it is not possible to see what part of the map was looked at, as anything after .org is encrypted. I read about it and probably tested it with network analyzer https://www.wireshark.org/ But SSL adds some additional load to web-servers. So if one just looks at the map in general there is no sense to use https://, but if planning a trip in a risky environment, for example for humanitarian workers, it would be safer to use SSL. brgds Oleksiy ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
On 21/03/16 06:16, André Riedel wrote: We've got a bug report at the Chemnitzer Linux-Tage. osm.org should be added as alternative name in the openstreetmap.org certificate. This is important for the link shortener. https://osm.org/go/0MIaEuZzQ-?m= Do we actually generate that name anywhere? or have you just assumed that you can change it to https? Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
2016-03-21 8:06 GMT+01:00 Tom Hughes: > Do we actually generate that name anywhere? or have you just assumed that > you can change it to https? OSM does not generate https links, but other tools will do it or change existing ones. The guy who told it to us probably assumed such a behaviour. But I would support his thoughts. ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
[OSM-dev] SSL-Certificate for osm.org
We've got a bug report at the Chemnitzer Linux-Tage. osm.org should be added as alternative name in the openstreetmap.org certificate. This is important for the link shortener. https://osm.org/go/0MIaEuZzQ-?m= Best greetings from Chemnitz André ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
On 21/03/16 07:50, André Riedel wrote: 2016-03-21 8:06 GMT+01:00 Tom Hughes: Do we actually generate that name anywhere? or have you just assumed that you can change it to https? OSM does not generate https links, but other tools will do it or change existing ones. Well that would be wrong of them ;-) The guy who told it to us probably assumed such a behaviour. But I would support his thoughts. I think we do have a certificate that has it, but we can't use it on the main site because it will break JOSM. The horribly backward Java certificate root authority list is the main obstacle to most of our attempts to improve https support in fact. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] [GSOC] Suggestion for a Crowd-sourcing Geo-Processing Project
Hello Saad, your project sounds really interesting and I hope you'll succeed with it. And I'd be very happy if you'd switch to OSM instead of Google Maps with your project and supply an OpenSource license file to your code. However, I'm afraid we can't accept you for this year's GSoC mainly for two reasons. First of, we don't see how your project would help OSM or how it would make you a contributor to OSM. And second, we wouldn't have a mentor for you on such short notice. So given those reasons I don't think it would make sense to make a proposal for this year's GSoC. But as I said, I still hope you consider switching to OSM. Thanks, Peda ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
On 21/03/16 09:26, Frederik Ramm wrote: Or perhaps there are alternative SSL stacks for Java that can be employed? No need for that, all it really needs is for the JOSM devs to be prepared to make it use a custom root certificate set until such time as Oracle get around to updating the default set... Basically doing the sort of thing talked about here: http://stackoverflow.com/questions/24555890/using-a-custom-truststore-in-java-as-well-as-the-default-one?lq=1 Which creates a custom trust manager that tries both the default trust manager and a second one that has other roots loaded. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
On 21.03.2016 10:26, Frederik Ramm wrote: Hi, On 03/21/2016 09:22 AM, Tom Hughes wrote: The horribly backward Java certificate root authority list is the main obstacle to most of our attempts to improve https support in fact. Perhaps we could just ignore that? I'm a JOSM user myself but I don't think that the rest of the world should suffer just because Java is unhappy with our SSL. I'm sure that JOSM users who desperately need SSL can find a workaround (could one not e.g. have JOSM connect insecurely to localhost and then reverse-proxy https://openstreetmap.org/ from there?) Or perhaps there are alternative SSL stacks for Java that can be employed? Bye Frederik I would suggest contact engineers at Oracle who work on Java and explain them the issue. Perhaps, it could be solved in two weeks via Java auto update. The most widespread form of communication is misunderstanding. Perhaps, they are just unaware of it. I remember couple of years ago I wrote a message to DJI Corporation asking to modify the gimbal of the camera on their drones, so that it would be possible to tilt it directly down, vertically, 90 degrees, for making images for mapping. Maybe it is a coincidence, or maybe there were numerous similar requests, but on the Phantom 3 and 4, the camera could be well tilted straight down (Controllable Range: pitch -90° to +30°). And this feature became popular not only for mapping, but among general aerial photographers and videographers. brgds Oleksiy ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
On 21.03.2016 10:26, Frederik Ramm wrote: Hi, On 03/21/2016 09:22 AM, Tom Hughes wrote: The horribly backward Java certificate root authority list is the main obstacle to most of our attempts to improve https support in fact. Perhaps we could just ignore that? I'm a JOSM user myself but I don't think that the rest of the world should suffer just because Java is unhappy with our SSL. Support for custom certificates has been added to JOSM in version 9995. So far, Let's encrypt and StartSSL is included. (see https://josm.openstreetmap.de/ticket/12264) I'm sure that JOSM users who desperately need SSL can find a workaround (could one not e.g. have JOSM connect insecurely to localhost and then reverse-proxy https://openstreetmap.org/ from there?) Default Server URL is https://api.openstreetmap.org/api. I.e. it would break for every (pre 9995) user. Best, Paul ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
On 21.03.2016 11:06, Tom Hughes wrote: On 21/03/16 09:49, Oleksiy Muzalyev wrote: I would suggest contact engineers at Oracle who work on Java and explain them the issue. Perhaps, it could be solved in two weeks via Java auto update. The most widespread form of communication is misunderstanding. Perhaps, they are just unaware of it. Excuse me while I try to stop laughing. As far as anybody can tell the Java Root Certificate Program is some sort of black hole that applications go into but then nothing happens. See for example https://forum.startcom.org/viewtopic.php?f=15=1815 where there are five year old messages from StartCom people to the effect that they are trying to get Oracle to add their root. More recently letsecnrypt have applied but there has been no evidence of anything happening. Tom I've met personally only one Oracle employee, Dave Stokes. Dave Stokes is a MySQL Community Manager for Oracle and previously was the MySQL Certification Manager for MySQL AB and Sun ( https://world2014.phparch.com/speakers/ ). He was a speaker at the conference. It was one the most helpful man I've ever met. He explained me and other participants SQL query optimization, common errors of DB installation and administration, etc., answered clearly all questions, asked to write asking other questions. He rides a motorbike as a hobby. brgds Oleksiy ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
Hi, On 03/21/2016 09:22 AM, Tom Hughes wrote: > The horribly backward Java certificate root authority list is the main > obstacle to most of our attempts to improve https support in fact. Perhaps we could just ignore that? I'm a JOSM user myself but I don't think that the rest of the world should suffer just because Java is unhappy with our SSL. I'm sure that JOSM users who desperately need SSL can find a workaround (could one not e.g. have JOSM connect insecurely to localhost and then reverse-proxy https://openstreetmap.org/ from there?) Or perhaps there are alternative SSL stacks for Java that can be employed? Bye Frederik -- Frederik Ramm ## eMail frede...@remote.org ## N49°00'09" E008°23'33" ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
Hi, Is the problem is that the OSM certificate, granted by GeoTrust Inc., is not trusted by the default Java installation? Adding more trusted certificates into the local Java keystore is not an impossible task, especially if there was a manual page about how to do it. -Jukka Rahkonen- Frederik Ramm kirjoitti 2016-03-21 11:26: Hi, On 03/21/2016 09:22 AM, Tom Hughes wrote: The horribly backward Java certificate root authority list is the main obstacle to most of our attempts to improve https support in fact. Perhaps we could just ignore that? I'm a JOSM user myself but I don't think that the rest of the world should suffer just because Java is unhappy with our SSL. I'm sure that JOSM users who desperately need SSL can find a workaround (could one not e.g. have JOSM connect insecurely to localhost and then reverse-proxy https://openstreetmap.org/ from there?) Or perhaps there are alternative SSL stacks for Java that can be employed? Bye Frederik ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
On 21/03/16 09:59, Tom Hughes wrote: On 21/03/16 09:26, Frederik Ramm wrote: Or perhaps there are alternative SSL stacks for Java that can be employed? No need for that, all it really needs is for the JOSM devs to be prepared to make it use a custom root certificate set until such time as Oracle get around to updating the default set... Basically doing the sort of thing talked about here: Apparently JOSM did exactly this a week ago: https://github.com/openstreetmap/operations/issues/55#issuecomment-199208093 https://josm.openstreetmap.de/changeset/9995/josm Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
On 21/03/16 09:49, Oleksiy Muzalyev wrote: I would suggest contact engineers at Oracle who work on Java and explain them the issue. Perhaps, it could be solved in two weeks via Java auto update. The most widespread form of communication is misunderstanding. Perhaps, they are just unaware of it. Excuse me while I try to stop laughing. As far as anybody can tell the Java Root Certificate Program is some sort of black hole that applications go into but then nothing happens. See for example https://forum.startcom.org/viewtopic.php?f=15=1815 where there are five year old messages from StartCom people to the effect that they are trying to get Oracle to add their root. More recently letsecnrypt have applied but there has been no evidence of anything happening. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] SSL-Certificate for osm.org
As I understand, it's possible to add root CA to java https://azure.microsoft.com/en-us/documentation/articles/java-add-certificate-ca-store/ Could it helps us to get https://osm.org works? 2016-03-21 14:49 GMT+05:00 Oleksiy Muzalyev: > On 21.03.2016 10:26, Frederik Ramm wrote: > >> Hi, >> >> On 03/21/2016 09:22 AM, Tom Hughes wrote: >> >>> The horribly backward Java certificate root authority list is the main >>> obstacle to most of our attempts to improve https support in fact. >>> >> Perhaps we could just ignore that? I'm a JOSM user myself but I don't >> think that the rest of the world should suffer just because Java is >> unhappy with our SSL. >> >> I'm sure that JOSM users who desperately need SSL can find a workaround >> (could one not e.g. have JOSM connect insecurely to localhost and then >> reverse-proxy https://openstreetmap.org/ from there?) >> >> Or perhaps there are alternative SSL stacks for Java that can be employed? >> >> Bye >> Frederik >> >> I would suggest contact engineers at Oracle who work on Java and explain > them the issue. Perhaps, it could be solved in two weeks via Java auto > update. The most widespread form of communication is misunderstanding. > Perhaps, they are just unaware of it. > > I remember couple of years ago I wrote a message to DJI Corporation asking > to modify the gimbal of the camera on their drones, so that it would be > possible to tilt it directly down, vertically, 90 degrees, for making > images for mapping. Maybe it is a coincidence, or maybe there were numerous > similar requests, but on the Phantom 3 and 4, the camera could be well > tilted straight down (Controllable Range: pitch -90° to +30°). And this > feature became popular not only for mapping, but among general aerial > photographers and videographers. > > brgds > Oleksiy > > > ___ > dev mailing list > dev@openstreetmap.org > https://lists.openstreetmap.org/listinfo/dev > -- Thank you for your time. Best regards. Dmitry. ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
[OSM-dev] [GSOC] Suggestion for a Crowd-sourcing Geo-Processing Project
Hi, My name is Saad Qureshi and I am currently a 3rd Year Electrical Engineering Student at NUST, Pakistan. I got a chance to read through all the projects that OpenStreetMap is working on and I would like to recommend an innovative project that me and my friends have been working on for a few months which, if implemented completely, might prove very useful for the OpenStreetMap community. The project is available on github and you can get a basic overview of the project on main README.md file: https://github.com/msaadq/aero2 Or Watch the intro Video: https://www.youtube.com/watch?v=RkyMHUqihVs The project works like this: Our volunteers or general athletes use our arm-band (BT enabled with MQ-5 sensor) to collect small samples (without them noticing) during their commute or walking/running sessions from different parts of a city. We collect that data from our database and relate it to certain properties of different nodes of a city to a specified resolution (50x50 metres in our case) and use the samples (of some nodes) and properties (of all nodes) to predict the samples for the rest of the nodes without physical sampling. I want to make a formal proposal for this project, but I wanted your feedback on it first. This Project has a hardware module, android application module and 2 backend modules. Hardware: - Interfaces the MQ-5 sensor and Bluetooth module with the ARM Cortex M4 processor for data acquisition over Bluetooth and sending it directly to the android app (Completed) Android Application: - Uses Mapbox API to visualize the data as heat maps overlay over google maps for both sampled and resultant data and allows the user to enable the sensor remotely for collecting samples. (Completed) Backend: - A Python-based backend for collecting the properties of a city using MapsAPI and saving them in a database for later (Partially Implemented) - A Python-based machine learning implementation for using the samples (of some nodes) and properties (of all nodes) to predict the samples for the rest of the nodes. (Not Implemented) This is one of those projects for which I wake up every morning and it would be really awesome if I get to work on this during GSOC. Your feedback regarding this project (and its implementation is highly appreciated). *Please let me know if this project resonates with the interests of * *OpenStreetMap**, so that I start making a formal proposal.* Saad Qureshi www.linkedin.com/in/msaadq ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] Custom tileset
On 19/03/2016 16:03, Mateusz Konieczny wrote: In that case one may just revert to old version (if old roads are considered to be significantly better) - but it would make more complicated to use any improvements that appeared later in this map style. Agreed - although to some extent it depends how far you want to go back. The files that make up the source of the "standard" style changed when project.yaml was introduced in September 2014. If you want to go back to a version on a certain date, have a look at http://stackoverflow.com/questions/6990484/git-checkout-by-date ; I've done "git checkout `git rev-list -n 1 --before="2014-04-12 00:00" master`" in the past to get an old standard style version. However, if you're starting from scratch with that be aware that some of the external files that that will use may not be where the user to be when that version of the style was new. For example, when I last used an old "standard" style the build failed at "sh get-shapefiles.sh" because some things had moved - I had to manually find what I was looking for and put them in the correct place. Cheers, Andy (SomeoneElse) ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
Re: [OSM-dev] FW: UnsatisfiedLinkError on execution
On 14.03.2016 10:54, Niko 7 wrote: I tried to run the .jar (it may not be used like this, so please, point me the correct way) but the execution answered with: "java.lang.UnsatisfiedLinkError: no gluegen-rt in java.library.path" Please try running the shell script delivered with the program instead of the jar and see if the error persists. Oh, and unrelated to the error, but I recommend using the latest version instead, especially for GSoC-related things. ___ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev