robkelk Wrote:If you use the recommended "certbot" tool (an ACME implementation developed by the EFF) in automatic mode, the "certbot renew" command checks which if any of your certificates are coming up on expiration, and renews all those and only those which need it. So you can schedule the cron job to run weekly or even daily without harm, and if one run gets missed because of server downtime or whatever, a subsequent one should catch it before expiry. I'm pretty sure the default behavior is to renew a good long time before expiry, for just this reason.jonathanlennox Wrote:Let's Encrypt is designed to work with the new ACME protocol, which gets and validates certificates for you automatically. So you don't have to manually renew the certificate every 90 days -- you just have to set up a cron job or something to do it periodically.
cron jobs are known to fail - I've seen it happen a non-trivial number of times.
|
Pending Move
|
  Manytales00 Wrote:I finaly got the notice of registration for Itsune9tl for drunkards walk Administration must be backlogged.... Sorry, Manytales, I somehow let your registration sit for several days -- unintentionally, believe me; I saw it over the weekend (along with another registration) and took care of it right then.-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak. robkelk Wrote:Actually, your talk about how they're a big deal is sending up another red flag in my mind. Security is not some place where we want to experiment. I have no idea why that phrase would have that connotation to you. It's not like LE is something somebody cooked up in their garage last weekend. As of last October LE had issued 12 million certificates, 6 million of which remained active, which already made them one of the largest CAs out there - and they've issued 88 million more certificates since. They're not an experiment anymore, they're a tested and proven system with essentially universal acceptance. And I just don't understand why you're so determined that they must be bad. -Morgan. 
I'm not determined that they must be bad. What I've been saying all along is that I don't know what they are.
Their track record is short - less than three years. They're using new technology. Why be an early adopter? Why not let somebody else - for example, rpg.net - take the risks?-- Rob Kelk "Governments have no right to question the loyalty of those who oppose them. Adversaries remain citizens of the same state, common subjects of the same sovereign, servants of the same law." - Michael Ignatieff, addressing Stanford University in 2012
Ok. I have slowly, laboriously inserted one single thread of 9 messages into the Marketplace forum on the new boards. In the process I believe I have finally debugged the script written by my script, as well as discovered a third table I need to update as part of the process. So... rewrite of the top-level script so that it correctly outputs the lower-level script and try again on the next thread.
ETA: Gonna have to clear out a lot of HTML, though. Looks like that isn't getting processed when the messages display. ETA2: Okay, did some simple cleanup on the uploaded thread. Gives me an idea what I need to do to the entire post database. Note to self: Save what you do, you'll need it for the final incremental update of the boards.-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak. robkelk Wrote:I'm not determined that they must be bad. What I've been saying all along is that I don't know what they are. Well, it sure feels like it sometimes. Like, the information on why you don't need to add their CA to anything, it's not that hard to find. There's something kind of funny about suggesting that a site with thousands more users than us be our mine canary. But how long does their track record need to be? The only new technology here as I understand it is the automated certificate renewal process, which has a relatively benign failure mode... but from here, it isn't looking like they have that problem very often. Especially considering just how many certificates they're responsible for. -Morgan.
I guess we were looking in different places, then. (I was only looking in the security community.)--
Rob Kelk "Governments have no right to question the loyalty of those who oppose them. Adversaries remain citizens of the same state, common subjects of the same sovereign, servants of the same law." - Michael Ignatieff, addressing Stanford University in 2012
Oh, update: I've contacted my host's tech support, and inquired about getting https support for the website. Surprisingly, the tech didn't have that information immediately to hand, and I'm waiting for a callback.-- Bob
--------- Then the horns kicked in... ...and my shoes began to squeak.
And no sooner do I post that than they call me back and tell me "no", they can't do https. For some reason having to do with not having the ability to support the certification (?).
I'm not too surprised, honestly. Five+ years ago when I changed my account from dialup user to commercial hosting, site hosting was a big part of their business, and their website was at least half about site hosting options. These days, their website is all about their telecomm services. It's hard not to get the feeling that their hosting is a fossil product that they're kind of half-heartedly supporting these days, without really going out of their way. Let me get the forums up and running, and then I'll look into other hosts. I don't want to end my account there, though -- I'm kind of fond of my current email address, having had it for 20-some years now, and terminating my Netcarrier account entirely would also screw up Peggy's emails.-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak. 
Hey everyone, I'm back from Amsterdam. New forums are ready by now, for sure? Nope.
On your hosting, it's probably that they don't want to insert the certificate into the apache config, or something. Just a reminder: RamNode has 256CVZ instances for only $8/quarter. I'm guessing spinning rust would be fast enough for our needs. VPS is pretty cheap, really. http://ramnode.com/vps.php Also I'm kinda surprised by the LetsEncrypt truthers in this thread. For those of us in the tech indutry who were waiting and watching as the service was developed, most of us were very happy indeed when LE's service finally came out. They're way better than StartCom, which got bought by WoSign in China, and issued quite a few fraudulent certificates. The process for revoking certificates is a fucking mess -- the 90 day issue pattern is a vast improvement on that, if only because the damage is more limited.-- ?×V Quote:New forums are ready by now, for sure? Nope.Yeah, I feel dumb and slow about it. But at least there is some progress. And the delay now is cleaning up the data because the HTML in the scraped content isn't processed on the new board, and I have to clean it up as much as possible. -- Bob --------- Then the horns kicked in... ...and my shoes began to squeak.
A bit of an update -- as some folks may have noticed, the Yuku-to-Crapatalk migration appears to have mangled some signatures. I'm can't promise that the transferred content will reach the new boards with exactly the same sigs they had at Yuku. Fortunately, this won't affect whatever signature you define for yourself over at the new site.
Special notice to Last Free Human: The embedded Javascript and data which you used to obfuscate your email address was in such a shape that a) I wasn't sure that it had been scraped properly, and b) I wasn't sure any queries to clean it up wouldn't break it. Also, Tapatalk's version of your sig has your email address in plaintext. Let me know what you want me to do with the sig(s) (you had at least a dozen variations) on the transferred posts, and you may want to address the sig here if the plaintext concerns you. ETA: Correction. Apparently it's not Last Free Human who's obfuscating email addresses, but something Tapatalk did. It's just that his was the only sig that had an email in it. In going through the last few thousand messages with HTML markup in them to see what I can clean up, I've found a bunch of obfuscated emails. Haven't decided what to do about the embedded script and cypher key yet. In other news, Aleh and Vialeh (who just might be an earlier instance of Aleh) are the only accounts with confirmed mangled sigs.-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak. vorticity Wrote:... Why does everyone insist on misinterpreting my plainly-written text? I'm in the tech industry, sort of (civil service IT, 0); I have contacts in the tech security industry; we'd never heard of LetsEncrypt; I said as much. Just how does that make any of us "truthers"? (which term, BTW, I find personally insulting) I'm starting to think that people here - not Bob - are reading what they want to read instead of what's actually written.-- Rob Kelk "Governments have no right to question the loyalty of those who oppose them. Adversaries remain citizens of the same state, common subjects of the same sovereign, servants of the same law." - Michael Ignatieff, addressing Stanford University in 2012
Grrr. The email obfuscation even applies to the fake email addresses in the various Fenspace "net chatter" posts. This is pissing me off bigtime, because each instance is different from the others and even if I can just take the code out and drop it into a browser to get the plaintext email, it still means having to manually edit something like 4000 remaining posts. Everything else has been reasonable, with a little thought -- I know what I'm going to do to convert YouTube embeds, I've managed to preserve quote attributions, and I've got an idea of how to approach tables (and thank you so much, Jeanne, for putting a table in your sig...). This, however, has me growling and wanting to punch something.-- Bob
--------- Then the horns kicked in... ...and my shoes began to squeak.
Got an example of where that's happening? Someone might be able to come up with a way to streamline it, but I can't even find anyplace it's happening.
I did notice in some old fiction posts the blank lines are completely missing, and other times in the same thread each has turned into 5 or 6 blank lines. o.O -Morgan.
I don't understand. There should only be like 100 posts with HTML left in them, from the entire data set. That's what I had at the end of my conversions. I already fixed all of the emails.
The email obfuscation algorithm is pretty stupid, all it does is xor the first hex pair with all of the remaining pairs. For Rob, I was trying to be funny, not insulting. Nor did I imply that you weren't in tech. I just said that there was a subset of us eagerly watching this project for years, so it's surprising to talk to people outside the bubble who do have technical skills.-- ?×V
Okay, I see the humour now. Sorry for snapping at you.
(I'm a bit worried about BlackAeronaut not checking in - IIRC, he lives in the path of Harvey - and it's throwing off my judgment.)-- Rob Kelk "Governments have no right to question the loyalty of those who oppose them. Adversaries remain citizens of the same state, common subjects of the same sovereign, servants of the same law." - Michael Ignatieff, addressing Stanford University in 2012
When I get home tonight I'll try to remember to put up some samples. And Brent, I had tens of thousands of messages with html in them. I eventually just gave up on trying to work up a query to clean up the <br> markup intelligently. Fortunately, most everything else I've dealt with so far has been easier to convert.-- Bob
--------- Then the horns kicked in... ...and my shoes began to squeak.
sqlite> select count(*) from posts where content like '%<br>%';
33 sqlite> select count(*) from posts where content like '%<%'; 361 Did I give you the wrong data set? Even if you do have the wrong data set, you can just run my converter script from here: http://github.com/labster/taparip/tree/master/convert If you already have it in a different db, this will work if you change the connection string to use that DB. Though, uh, it's pretty easy to make mistakes parsing HTML if you've been doing it with regexes. The correct data set was here, I just checked: http://www.dropbox.com/s/mhhcgbu5mujzb ... .gzip?dl=0-- ?×V
I have that and another archive in my work directory.... I am getting the sinking suspicion that I've been working with the wrong one all this time, and wasted weeks of effort.-- Bob
--------- Then the horns kicked in... ...and my shoes began to squeak. robkelk Wrote:(I'm a bit worried about BlackAeronaut not checking in - IIRC, he lives in the path of Harvey - and it's throwing off my judgment.)Sorry, work has been absolutely horrid lately. We haven't gotten much other than a few showers so far, but with the storm track predicted as coming in along Interstate 37 halfway between San Antonio and Corpus Christi before backing out again, we're gonna a lot more rain. Please keep in mind that the forecasts for "2 to 4 feet of rain" applies mainly to Corpus Christi. I'm sure we won't get any more than 12 inches, and San Antonio can tank that much. It'll be messy, but as long as people are smart, we'll be fine for the most part. EDIT: Also, I live in a 2nd floor apartment on relatively high ground. We also got plenty of food and water here, plus a propane camp stove, a few emergency kits, and plenty of candles and flashlights. We should be alright.  robkelk Wrote:vorticity Wrote:... I read your statement and it confused me as LE has been around for ages. I work with the EFF and we were so glad to see something like this come out.--------------------------------Je ne suis pas une Intelligence Artificielle Turing. Je suis Charlie.
Stay safe, BA. "As long as people are smart" sounds like asking for a bit much out of people, though.
Around these parts, 12 inches of rain would be the annual total in a wet year. I hope y'all can handle it in just a few days.-- ?×V batzulger Wrote:I read your statement and it confused me as LE has been around for ages. I work with the EFF and we were so glad to see something like this come out. There are still people who have no idea what this is, so many decades after its introduction. Please don't assume that everyone has heard of what you've heard of.-- Rob Kelk "Governments have no right to question the loyalty of those who oppose them. Adversaries remain citizens of the same state, common subjects of the same sovereign, servants of the same law." - Michael Ignatieff, addressing Stanford University in 2012 |
|
« Next Oldest | Next Newest »
|
Users browsing this thread: 12 Guest(s)