forum.excito.com

I've modified the DNS configuration of easyfind.excito.org to a CNAME to easyfind.mybubba.org. . Let's hope it will work.

Gordon wrote:If you set up your own CA, you can also push it to the bubbae through an update while at the same time removing the dependencies towards the excito.org domain.

The issue with this method is that apparently nobody knows where the Excito repository signing keys are. I cannot verify it (I still don't have my bubbas yet grrrr) but trying to push an unsigned (or signed with a different key) update to the bubbas will probably fail.

That being said I also think it would be better to remove the excito.org dependencies on community images, but you will need to someting manually on the systems.

seems like the update site is down too. can't find anywhere to get a much needed install image.

I made a full copy of the repo-server. My guess would be that the keys are there. But as I do very little debian, I wouldnt know how to test for this.

I didn't think about it before but I have a few usb sticks at home with backups of secret keys. If you let me know what to look for, I can if I can find it?

MouettE wrote:

Gordon wrote:If you set up your own CA, you can also push it to the bubbae through an update while at the same time removing the dependencies towards the excito.org domain.

The issue with this method is that apparently nobody knows where the Excito repository signing keys are. I cannot verify it (I still don't have my bubbas yet grrrr) but trying to push an unsigned (or signed with a different key) update to the bubbas will probably fail.

That wasn't what I meant. The point is that with https the browser is supposed to verify that the key belongs to the server you are accessing. Meaning that the name being published in the key must match the url and that the key is signed by someone you can trust.

The thing however is that this `someone you can trust` is somewhat arbitrary. They are companies that pay operating system manufacturers to be accepted as signing authorities and then lease their signature to other companies (e.g. banks) that require random visitors to their website to be able to verify that they are on the correct site.

But this is a non-existing requirement for the bubbae, because the visitors are not random and we can do the exact same thing as those `trustworthy` signing companies: add our own root certificate to the store on the bubbae so that they can verify the server certificate as being genuine.

But does easyfind work now?

Nope. Not for me.
Just checked the progress in the discussions here and tested both from my home IP (where the B3 also is) and via 4G on my mobile.

I assume the changes being made now do not require to make adjustments in the ntp.conf as discussed in other threads previously?

ntp has absolutely *nothing* to do here.

But please, as I asked before, do not simply state "it doesnt work". Such messages are really not helpful. State what you did, what error response you received, what made you draw conclusions that "it doesnt work". Define "it". Define "work".

We're all doing this in our spare time, and nobody is psychic. Don't treat us as your employee or your slave. Thanks for your understanding.

kruemelprinz wrote:Nope. Not for me.
Just checked the progress in the discussions here and tested both from my home IP (where the B3 also is) and via 4G on my mobile.

I assume the changes being made now do not require to make adjustments in the ntp.conf as discussed in other threads previously?

Did you do a forced update of your easyfind record? As an alternative you could try to disable easyfind and then register again.

Ubi wrote:We're all doing this in our spare time, and nobody is psychic. Don't treat us as your employee or your slave.

That was absolutely not my intention! I am really grateful that there are people with the required knowledge out here that are willing to spend their time te help the community.

Unfortunately, my IT knowledge does not go further than typing my easyfind-adress in a browser window and see what happens. If my B3-webpage is loading - it works. If not, it does not. This is what I tested both from my home IP and on my mobile.

If there is any other way to test easyfind functionality, I am happy to contribute with more information, but I am afraid I will need detailed instructions.

@ Gordon: I will test and see tomorrow when I come home from work. I will post the result.

Gordon wrote:That wasn't what I meant. The point is that with https the browser is supposed to verify that the key[...] certificate as being genuine.

I agree with all that but this is not what I was talking about. Excito repositories are signed with a gpg key and you need that key to distribute an update (which would include modifications to use *.mybubba.org and authorize self-signed certificates for easyfind). From what I know no one knows where the key is.

Hi,

Easyfind isn't working for me either, so as requested, I'll try to give as much detail as possible.
Running /usr/lib/web-admin/easyfind.pl gives the following output:
and my IP has not been updated, as running host -s ###.myownb2.com ns1.mybubba.org gives the following output:
which is not my IP address now, but was between 28/07/2013 & 04/08/2013 (I log every IP address change!)

Hope this means more to you guys than it does to me.

Ok, thats an internal error generated by the server, but it seems the client side is working.

MouettE wrote:

Gordon wrote:That wasn't what I meant. The point is that with https the browser is supposed to verify that the key[...] certificate as being genuine.

I agree with all that but this is not what I was talking about. Excito repositories are signed with a gpg key and you need that key to distribute an update (which would include modifications to use *.mybubba.org and authorize self-signed certificates for easyfind). From what I know no one knows where the key is.

Ah. My bad Too much focussed on the domain question...

I think you should ask Tor. He's the one that got the last update out to fix the php-cgi issue and must therefore know where the key is located. Although I guess this one should be on Johannes' USB stick as well.

ok we seem to have easyfind back. There was a permissions problem checking the MAC-table which is now fixed. The SSL signing does not seem to be an issue.

I'm seeing a lot of hosts checking in, so I'm assuming easyfind now also works for others. Please report if you still have problems. Again, please be detailed in what you did, what response you got, what made you think the problem is on the server side. Riddles cost too much time.