Latest update


#21

Yeah, but if it continues for more than 4 hours I need to talk to my doctor.


#22

You should have talked to your doctor first, before ordering from some fly-by-night online pharmacy. Aren’t you on medication for high blood pressure?


#23

If you thought this broke stuff, wait until you see what I do next!

(hint: trying to redirect all traffic to HTTPS and enable HSTS - that’s not actually a hint I guess but more of a full-on spoiler.)


#24

…aaaaaaand boom. We are now all HTTPS, all the time.

Probably.

Unless I really screwed something up.

The bigdino/cog web stack, for anyone curious, now looks like haproxy -> varnish -> nginx, with haproxy doing the SSL/TLS termination for everything. This lets me use varnish caching for ssl/tls.

To REALLY go down the rabbit hole, Discourse adds like 2 more layers. haproxy -> varnish -> nginx -> discourse nginx -> discourse unicorn. /inception noise


#25

Seems to be working so far… :wink:


#26

Sometimes I can computer good!

But sometimes I can not.


#27

I’m just happy it’s fixed. I was going crazy having to manually scroll to the indicated number of new posts in a thread. Oh, the horror! :smiley:


#28

If you hit the green button on the side it gave you the option of hitting “bottom” to go to the bottom.


#29

Yeah, I knew that but I had forgotten about it until a couple of days ago.


#30

I did get an error from my tablet last night, however, saying that a secure connection couldn’t be established. I will have to try playing with some other browsers.


#31

The site is working fine using Chrome on my PC and Android phone.


#32

I’m trying to be a responsible webmaster, so I pulled support for SSLv3 and TLS 1.0 in order to to be POODLE-proof, and that means shutting the door on older browser/OS combos that don’t support TLS 1.1 or 1.2. Here’s the SSL Labs report showing what’s failing:

In other words, upgrade your android tablet to 4.4 or later if it isn’t!


#33

Nice to know that before I try to access the site on my phone. (vers. 3.4.5 - no, not kidding)
Interesting that is is failing the operating system and not the browser.


#34

I thought Android 3.x was for tablets only. As I recall, they didn’t merge the phone & tablet versions until v4. Maybe CWX is master haxor :wink: :smiley:


#35

This is what I’ve got.


#36

Kernel version isn’t what matters, it’s the Firmware version (in your case; on other phones, it’s Android version and that’s a more correct way to refer to it).


#37

Okay, that’s odd. I would expect the opposite.


#38

Oh, yeah, it does look misleading. And, since you’re at 4.2.2, you’re probably still going to get blocked. I do wonder, though, if you use Chrome or Firefox instead of the OS browser, will it still block you? Hmmm My primary phone is running 4.4.2, so I can’t test the theory.


#39

Right—firmware is what matters, because “firmware” == the actual Android operating system packages. The dependency that matters here is the version of OpenSSL that’s baked into the firmware, since OpenSSL is the component that the browsers lean on to do SSL/TLS. Typically switching to a different browser doesn’t matter because the browsers use the operating system’s libraries to provide SSL/TLS.

Versions of OpenSSL with support for TLS 1.1 and 1.2 have been around for literally years, but they have dependencies and I suppose until Android 4.4 it wasn’t possible (or easy or otherwise practical) to pull a new OpenSSL version into the AOSP core.

Bottom line, if you’re using a version of Android that allows TLS 1.0 ciphers (or, God help you, SSLv3 or lower), you’re vulnerable to being Man-In-The-Middle’d and having your personal information lifted directly off your phone by unskilled skript kiddies literally any time you use wifi. Upgrade now because your house isn’t just unlocked—you’ve put your valuables out on your lawn with a “Take what you want!” sign on them.

tl;dr - everything is terrible, throw your electronics away and live in caves.


#40

If my carrier actually allowed upgrades, I would. And I don’t know enough to trust myself in “rooting” my phone.