Re: [OSM-dev] SSL-Certificate for osm.org

[Oleksiy Muzalyev]

On 21/03/16 08:06, Tom Hughes wrote:

On 21/03/16 06:16, André Riedel wrote:


We've got a bug report at the Chemnitzer Linux-Tage. osm.org should be
added as alternative name in the openstreetmap.org certificate. This
is important for the link shortener.

https://osm.org/go/0MIaEuZzQ-?m=


Do we actually generate that name anywhere? or have you just assumed 
that you can change it to https?


Tom

The same here, the SSL works correctly for www.openstreetmap.org , and 
it does not work for www.osm.org


It is well known that SSL encrypts a web-page content, but it is less 
understood that the SSL also encrypts the URL itself (except the domain 
name). So with SSL (https://) people who monitor a LAN can see that 
openstreetmap.org (or osm.org) were visited, but it is not possible to 
see what part of the map was looked at, as anything after .org is 
encrypted. I read about it and probably tested it with network analyzer 
https://www.wireshark.org/


But SSL adds some additional load to web-servers. So if one just looks 
at the map in general there is no sense to use https://, but if planning 
a trip in a risky environment, for example for humanitarian workers, it 
would be safer to use SSL.


brgds
Oleksiy

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Tom Hughes]

On 21/03/16 06:16, André Riedel wrote:


We've got a bug report at the Chemnitzer Linux-Tage. osm.org should be
added as alternative name in the openstreetmap.org certificate. This
is important for the link shortener.

https://osm.org/go/0MIaEuZzQ-?m=


Do we actually generate that name anywhere? or have you just assumed 
that you can change it to https?


Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[André Riedel]

2016-03-21 8:06 GMT+01:00 Tom Hughes :
> Do we actually generate that name anywhere? or have you just assumed that
> you can change it to https?

OSM does not generate https links, but other tools will do it or
change existing ones.

The guy who told it to us probably assumed such a behaviour. But I
would support his thoughts.

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

[OSM-dev] SSL-Certificate for osm.org

[André Riedel]

We've got a bug report at the Chemnitzer Linux-Tage. osm.org should be
added as alternative name in the openstreetmap.org certificate. This
is important for the link shortener.

https://osm.org/go/0MIaEuZzQ-?m=

Best greetings from Chemnitz
André

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Tom Hughes]

On 21/03/16 07:50, André Riedel wrote:

2016-03-21 8:06 GMT+01:00 Tom Hughes :

Do we actually generate that name anywhere? or have you just assumed that
you can change it to https?


OSM does not generate https links, but other tools will do it or
change existing ones.


Well that would be wrong of them ;-)


The guy who told it to us probably assumed such a behaviour. But I
would support his thoughts.


I think we do have a certificate that has it, but we can't use it on the 
main site because it will break JOSM.


The horribly backward Java certificate root authority list is the main 
obstacle to most of our attempts to improve https support in fact.


Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] [GSOC] Suggestion for a Crowd-sourcing Geo-Processing Project

[Peter Barth]

Hello Saad,

your project sounds really interesting and I hope you'll succeed with
it. And I'd be very happy if you'd switch to OSM instead of Google Maps
with your project and supply an OpenSource license file to your code.

However, I'm afraid we can't accept you for this year's GSoC mainly for
two reasons. First of, we don't see how your project would help OSM or
how it would make you a contributor to OSM. And second, we wouldn't have
a mentor for you on such short notice. So given those reasons I don't
think it would make sense to make a proposal for this year's GSoC.

But as I said, I still hope you consider switching to OSM.

Thanks,
Peda


___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Tom Hughes]

On 21/03/16 09:26, Frederik Ramm wrote:


Or perhaps there are alternative SSL stacks for Java that can be employed?


No need for that, all it really needs is for the JOSM devs to be 
prepared to make it use a custom root certificate set until such time as 
Oracle get around to updating the default set... Basically doing the 
sort of thing talked about here:


http://stackoverflow.com/questions/24555890/using-a-custom-truststore-in-java-as-well-as-the-default-one?lq=1

Which creates a custom trust manager that tries both the default trust 
manager and a second one that has other roots loaded.


Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Oleksiy Muzalyev]

On 21.03.2016 10:26, Frederik Ramm wrote:

Hi,

On 03/21/2016 09:22 AM, Tom Hughes wrote:

The horribly backward Java certificate root authority list is the main
obstacle to most of our attempts to improve https support in fact.

Perhaps we could just ignore that? I'm a JOSM user myself but I don't
think that the rest of the world should suffer just because Java is
unhappy with our SSL.

I'm sure that JOSM users who desperately need SSL can find a workaround
(could one not e.g. have JOSM connect insecurely to localhost and then
reverse-proxy https://openstreetmap.org/ from there?)

Or perhaps there are alternative SSL stacks for Java that can be employed?

Bye
Frederik

I would suggest contact engineers at Oracle who work on Java and explain 
them the issue. Perhaps, it could be solved in two weeks via Java auto 
update. The most widespread form of communication is misunderstanding. 
Perhaps, they are just unaware of it.


I remember couple of years ago I wrote a message to DJI Corporation 
asking to modify the gimbal of the camera on their drones, so that it 
would be possible to tilt it directly down, vertically, 90 degrees, for 
making images for mapping. Maybe it is a coincidence, or maybe there 
were numerous similar requests, but on the Phantom 3 and 4, the camera 
could be well tilted straight down (Controllable Range: pitch -90° to 
+30°). And this feature became popular not only for mapping, but among 
general aerial photographers and videographers.


brgds
Oleksiy

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Paul Hartmann]

On 21.03.2016 10:26, Frederik Ramm wrote:

Hi,

On 03/21/2016 09:22 AM, Tom Hughes wrote:

The horribly backward Java certificate root authority list is the main
obstacle to most of our attempts to improve https support in fact.


Perhaps we could just ignore that? I'm a JOSM user myself but I don't
think that the rest of the world should suffer just because Java is
unhappy with our SSL.


Support for custom certificates has been added to JOSM in version 9995. 
So far, Let's encrypt and StartSSL is included.


(see https://josm.openstreetmap.de/ticket/12264)


I'm sure that JOSM users who desperately need SSL can find a workaround
(could one not e.g. have JOSM connect insecurely to localhost and then
reverse-proxy https://openstreetmap.org/ from there?)


Default Server URL is https://api.openstreetmap.org/api. I.e. it would 
break for every (pre 9995) user.


Best, Paul





___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Oleksiy Muzalyev]

On 21.03.2016 11:06, Tom Hughes wrote:

On 21/03/16 09:49, Oleksiy Muzalyev wrote:


I would suggest contact engineers at Oracle who work on Java and explain
them the issue. Perhaps, it could be solved in two weeks via Java auto
update. The most widespread form of communication is misunderstanding.
Perhaps, they are just unaware of it.


Excuse me while I try to stop laughing.

As far as anybody can tell the Java Root Certificate Program is some 
sort of black hole that applications go into but then nothing happens.


See for example https://forum.startcom.org/viewtopic.php?f=15=1815 
where there are five year old messages from StartCom people to the 
effect that they are trying to get Oracle to add their root.


More recently letsecnrypt have applied but there has been no evidence 
of anything happening.


Tom

I've met personally only one Oracle employee, Dave Stokes. Dave Stokes 
is a MySQL Community Manager for Oracle and previously was the MySQL 
Certification Manager for MySQL AB and Sun ( 
https://world2014.phparch.com/speakers/ ). He was a speaker at the 
conference.


It was one the most helpful man I've ever met. He explained me and other 
participants SQL query optimization,  common errors of DB installation 
and administration, etc., answered clearly all questions, asked to write 
asking other questions. He rides a motorbike as a hobby.


brgds
Oleksiy

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Frederik Ramm]

Hi,

On 03/21/2016 09:22 AM, Tom Hughes wrote:
> The horribly backward Java certificate root authority list is the main 
> obstacle to most of our attempts to improve https support in fact.

Perhaps we could just ignore that? I'm a JOSM user myself but I don't
think that the rest of the world should suffer just because Java is
unhappy with our SSL.

I'm sure that JOSM users who desperately need SSL can find a workaround
(could one not e.g. have JOSM connect insecurely to localhost and then
reverse-proxy https://openstreetmap.org/ from there?)

Or perhaps there are alternative SSL stacks for Java that can be employed?

Bye
Frederik

-- 
Frederik Ramm  ##  eMail frede...@remote.org  ##  N49°00'09" E008°23'33"

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Jukka Rahkonen]

Hi,

Is the problem is that the OSM certificate, granted by GeoTrust Inc., is 
not trusted by the default Java installation? Adding more trusted 
certificates into the local Java keystore is not an impossible task, 
especially if there was a manual page about how to do it.


-Jukka Rahkonen-




Frederik Ramm kirjoitti 2016-03-21 11:26:

Hi,

On 03/21/2016 09:22 AM, Tom Hughes wrote:

The horribly backward Java certificate root authority list is the main
obstacle to most of our attempts to improve https support in fact.


Perhaps we could just ignore that? I'm a JOSM user myself but I don't
think that the rest of the world should suffer just because Java is
unhappy with our SSL.

I'm sure that JOSM users who desperately need SSL can find a workaround
(could one not e.g. have JOSM connect insecurely to localhost and then
reverse-proxy https://openstreetmap.org/ from there?)

Or perhaps there are alternative SSL stacks for Java that can be 
employed?


Bye
Frederik


___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Tom Hughes]

On 21/03/16 09:59, Tom Hughes wrote:

On 21/03/16 09:26, Frederik Ramm wrote:


Or perhaps there are alternative SSL stacks for Java that can be
employed?


No need for that, all it really needs is for the JOSM devs to be
prepared to make it use a custom root certificate set until such time as
Oracle get around to updating the default set... Basically doing the
sort of thing talked about here:


Apparently JOSM did exactly this a week ago:

https://github.com/openstreetmap/operations/issues/55#issuecomment-199208093
https://josm.openstreetmap.de/changeset/9995/josm

Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Tom Hughes]

On 21/03/16 09:49, Oleksiy Muzalyev wrote:


I would suggest contact engineers at Oracle who work on Java and explain
them the issue. Perhaps, it could be solved in two weeks via Java auto
update. The most widespread form of communication is misunderstanding.
Perhaps, they are just unaware of it.


Excuse me while I try to stop laughing.

As far as anybody can tell the Java Root Certificate Program is some 
sort of black hole that applications go into but then nothing happens.


See for example https://forum.startcom.org/viewtopic.php?f=15=1815 
where there are five year old messages from StartCom people to the 
effect that they are trying to get Oracle to add their root.


More recently letsecnrypt have applied but there has been no evidence of 
anything happening.


Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] SSL-Certificate for osm.org

[Дмитрий Киселев]

As I understand, it's possible to add root CA to java
https://azure.microsoft.com/en-us/documentation/articles/java-add-certificate-ca-store/

Could it helps us to get https://osm.org works?

2016-03-21 14:49 GMT+05:00 Oleksiy Muzalyev :

> On 21.03.2016 10:26, Frederik Ramm wrote:
>
>> Hi,
>>
>> On 03/21/2016 09:22 AM, Tom Hughes wrote:
>>
>>> The horribly backward Java certificate root authority list is the main
>>> obstacle to most of our attempts to improve https support in fact.
>>>
>> Perhaps we could just ignore that? I'm a JOSM user myself but I don't
>> think that the rest of the world should suffer just because Java is
>> unhappy with our SSL.
>>
>> I'm sure that JOSM users who desperately need SSL can find a workaround
>> (could one not e.g. have JOSM connect insecurely to localhost and then
>> reverse-proxy https://openstreetmap.org/ from there?)
>>
>> Or perhaps there are alternative SSL stacks for Java that can be employed?
>>
>> Bye
>> Frederik
>>
>> I would suggest contact engineers at Oracle who work on Java and explain
> them the issue. Perhaps, it could be solved in two weeks via Java auto
> update. The most widespread form of communication is misunderstanding.
> Perhaps, they are just unaware of it.
>
> I remember couple of years ago I wrote a message to DJI Corporation asking
> to modify the gimbal of the camera on their drones, so that it would be
> possible to tilt it directly down, vertically, 90 degrees, for making
> images for mapping. Maybe it is a coincidence, or maybe there were numerous
> similar requests, but on the Phantom 3 and 4, the camera could be well
> tilted straight down (Controllable Range: pitch -90° to +30°). And this
> feature became popular not only for mapping, but among general aerial
> photographers and videographers.
>
> brgds
> Oleksiy
>
>
> ___
> dev mailing list
> dev@openstreetmap.org
> https://lists.openstreetmap.org/listinfo/dev
>



-- 
Thank you for your time. Best regards.
Dmitry.
___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

[OSM-dev] [GSOC] Suggestion for a Crowd-sourcing Geo-Processing Project

[Saad Qureshi]

Hi,

My name is Saad Qureshi and I am currently a 3rd Year Electrical
Engineering Student at NUST, Pakistan.

I got a chance to read through all the projects that OpenStreetMap is
working on and I would like to recommend an innovative project that me and
my friends have been working on for a few months which, if implemented
completely, might prove very useful for the OpenStreetMap community. The
project is available on github and you can get a basic overview of the
project on main README.md file:

https://github.com/msaadq/aero2

Or Watch the intro Video: https://www.youtube.com/watch?v=RkyMHUqihVs

The project works like this:

Our volunteers or general athletes use our arm-band (BT enabled with MQ-5
sensor) to collect small samples (without them noticing) during their
commute or walking/running sessions from different parts of a city.

We collect that data from our database and relate it to certain properties
of different nodes of a city to a specified resolution (50x50 metres in our
case) and use the samples (of some nodes) and properties (of all nodes) to
predict the samples for the rest of the nodes without physical sampling.

I want to make a formal proposal for this project, but I wanted your
feedback on it first.

This Project has a hardware module, android application module and 2
backend modules.

Hardware:
- Interfaces the MQ-5 sensor and Bluetooth module with the ARM Cortex
M4 processor for data acquisition over Bluetooth and sending it directly to
the android app (Completed)

Android Application:
- Uses Mapbox API to visualize the data as heat maps overlay over
google maps for both sampled and resultant data and allows the user to
enable the sensor remotely for collecting samples. (Completed)

Backend:
- A Python-based backend for collecting the properties of a city using
MapsAPI and saving them in a database for later (Partially Implemented)
- A Python-based machine learning implementation for using the samples
(of some nodes) and properties (of all nodes) to predict the samples for
the rest of the nodes. (Not Implemented)

This is one of those projects for which I wake up every morning and it
would be really awesome if I get to work on this during GSOC. Your feedback
regarding this project (and its implementation is highly appreciated).

*Please let me know if this project resonates with the interests of *
*OpenStreetMap**, so that I start making a formal proposal.*

Saad Qureshi
www.linkedin.com/in/msaadq
___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] Custom tileset

[Andy Townsend]

On 19/03/2016 16:03, Mateusz Konieczny wrote:
In that case one may just revert to old version (if old roads are 
considered to be significantly better) - but it would make more 
complicated to use any improvements that appeared later in this map 
style. 


Agreed - although to some extent it depends how far you want to go 
back.  The files that make up the source of the "standard" style changed 
when project.yaml was introduced in September 2014.  If you want to go 
back to a version on a certain date, have a look at 
http://stackoverflow.com/questions/6990484/git-checkout-by-date ; I've 
done "git checkout `git rev-list -n 1 --before="2014-04-12 00:00" 
master`" in the past to get an old standard style version.


However, if you're starting from scratch with that be aware that some of 
the external files that that will use may not be where the user to be 
when that version of the style was new.  For example, when I last used 
an old "standard" style the build failed at "sh get-shapefiles.sh" 
because some things had moved - I had to manually find what I was 
looking for and put them in the correct place.


Cheers,

Andy (SomeoneElse)





___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] FW: UnsatisfiedLinkError on execution

[Tobias Knerr]

On 14.03.2016 10:54, Niko 7 wrote:

I tried to run the .jar (it may not be used like this, so please, point
me the correct way) but the execution answered with:

"java.lang.UnsatisfiedLinkError: no gluegen-rt in java.library.path"


Please try running the shell script delivered with the program instead 
of the jar and see if the error persists.


Oh, and unrelated to the error, but I recommend using the latest version 
instead, especially for GSoC-related things.


___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev