Hi,
Jeremy (Biolizard89) said to send people here for tech support, and he and I (and people who've solved their own FreeSpeechMe beta issues) can chime in.
Let me know if anyone has any thoughts.
Thanks!
Michael W. Dean, FreeSpeechMe cat herder.
FreeSpeechMe Tech Help
FreeSpeechMe Tech Help
Last edited by MWD on Wed Feb 19, 2014 9:59 am, edited 1 time in total.
Namecoin, Dot-Bit and MeowBit are a complete new Internet ecosystem, building the roads to Web 4.0. http://www.meowbit.com
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit
Re: FreeSpeechMe Tech Help
Not sure if this is the right thread, but I'll ask anyway. I really love your work on FreeSpeechMe, but I have to admit that while I have installed Convergence for Namecoin (in a version prior to FSM), it is usually disabled. The reason is that I have set a master password on Iceweasel to protect my TLS client certificates, and with Convergence enabled, I'm prompted for the password every single time I open the browser. This is not acceptable for me since I frequently close and re-open the browser, have a strong passphrase, and only really need it (my client certificates) in rare situations.
My guess is that this is the case because Convergence inserts its own root certificate on each browser start and thus the secure module must be unlocked. Is it possible to "fix" this behaviour, for instance by only inserting the certificate once on extension installation and not on each browser start? This would really improve the usability for me significantly. I understand that a strong master password on the browser is probably (unfortunately!) a rare situation with average end-users, but still I believe this is a major usability issue.
My guess is that this is the case because Convergence inserts its own root certificate on each browser start and thus the secure module must be unlocked. Is it possible to "fix" this behaviour, for instance by only inserting the certificate once on extension installation and not on each browser start? This would really improve the usability for me significantly. I understand that a strong master password on the browser is probably (unfortunately!) a rare situation with average end-users, but still I believe this is a major usability issue.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: FreeSpeechMe Tech Help
Hmm, that's an interesting question. I'm honestly not sure how easy it would be to insert the certificate on installation rather than on browser start. It sounds like that might lead to some interesting security issues, e.g. an attacker poisoning the system with a malicious cert named Convergence, so that the extension thinks it doesn't need to replace it. What do you think about the security ramfications? Would this be a problem?domob wrote:Not sure if this is the right thread, but I'll ask anyway. I really love your work on FreeSpeechMe, but I have to admit that while I have installed Convergence for Namecoin (in a version prior to FSM), it is usually disabled. The reason is that I have set a master password on Iceweasel to protect my TLS client certificates, and with Convergence enabled, I'm prompted for the password every single time I open the browser. This is not acceptable for me since I frequently close and re-open the browser, have a strong passphrase, and only really need it (my client certificates) in rare situations.
My guess is that this is the case because Convergence inserts its own root certificate on each browser start and thus the secure module must be unlocked. Is it possible to "fix" this behaviour, for instance by only inserting the certificate once on extension installation and not on each browser start? This would really improve the usability for me significantly. I understand that a strong master password on the browser is probably (unfortunately!) a rare situation with average end-users, but still I believe this is a major usability issue.
Re: FreeSpeechMe Tech Help
Not sure about that myself. In principle, if an attacker is able to insert a malicious certificate into your system, then all bets are already lost. However, of course it should be as hard to manipulate as possible in practice. What is needed is a way to store persistent information for your extension that can ideally not be read by other extensions (like preferences presumably can?). Then you could create the Convergence root cert on installation and store its private key there, so that you can use it every time you run the browser to sign ad-hoc website certificates. Of course, that storage could still be read by user-level system access - but if someone has that, they can also manipulate the Convergence sources. (Except if the extension is installed system-wide and only root has write-access. But then, someone can still manipulate a user's profile folder to insert their own rogue certificate with just user privileges.)biolizard89 wrote:Hmm, that's an interesting question. I'm honestly not sure how easy it would be to insert the certificate on installation rather than on browser start. It sounds like that might lead to some interesting security issues, e.g. an attacker poisoning the system with a malicious cert named Convergence, so that the extension thinks it doesn't need to replace it. What do you think about the security ramfications? Would this be a problem?
So in total I don't really see security problems, but I also haven't (yet) thought about it thoroughly.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: FreeSpeechMe Tech Help
Makes sense. Can you make an issue on GitHub namecoin/Convergence for this request?domob wrote:Not sure about that myself. In principle, if an attacker is able to insert a malicious certificate into your system, then all bets are already lost. However, of course it should be as hard to manipulate as possible in practice. What is needed is a way to store persistent information for your extension that can ideally not be read by other extensions (like preferences presumably can?). Then you could create the Convergence root cert on installation and store its private key there, so that you can use it every time you run the browser to sign ad-hoc website certificates. Of course, that storage could still be read by user-level system access - but if someone has that, they can also manipulate the Convergence sources. (Except if the extension is installed system-wide and only root has write-access. But then, someone can still manipulate a user's profile folder to insert their own rogue certificate with just user privileges.)biolizard89 wrote:Hmm, that's an interesting question. I'm honestly not sure how easy it would be to insert the certificate on installation rather than on browser start. It sounds like that might lead to some interesting security issues, e.g. an attacker poisoning the system with a malicious cert named Convergence, so that the extension thinks it doesn't need to replace it. What do you think about the security ramfications? Would this be a problem?
So in total I don't really see security problems, but I also haven't (yet) thought about it thoroughly.
Re: FreeSpeechMe Tech Help
Can't we have a separate sub-forum for freespeechme, and not only a single thread?
I have a lot of bugs and screenshots I want to talk about... this will mess up the communication if we have to post everything here in one thread.
I'd rather open a new thread for every problem. Is that possible?
Or am I supposed to put a [FreeSpeechMe] tag in the threads name?
I would prefer a separate sub-forum.
I have a lot of bugs and screenshots I want to talk about... this will mess up the communication if we have to post everything here in one thread.
I'd rather open a new thread for every problem. Is that possible?
Or am I supposed to put a [FreeSpeechMe] tag in the threads name?
I would prefer a separate sub-forum.
Re: FreeSpeechMe Tech Help
I've just noticed a strange thing. I get "Namecoin: Verification success" in the browser even though the fingerprint on the web server does not match the one inside the blockchain.
Is it just accepting any fingerprint if the hostname in the cert is correct?
Is it just accepting any fingerprint if the hostname in the cert is correct?
Re: FreeSpeechMe Tech Help
georgem wrote:Can't we have a separate sub-forum for freespeechme, and not only a single thread?
I think it's ok to start more FreeSpeechMe questions on this Tech Help forum. Just make sure you put
FreeSpeechMe
in the subject line of the new thread.
MWD
Namecoin, Dot-Bit and MeowBit are a complete new Internet ecosystem, building the roads to Web 4.0. http://www.meowbit.com
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit
Re: FreeSpeechMe Tech Help
Hi folks. First post to the forum. I'm running an ubuntu desktop (12.04 LTS) with firefox 27.0. I didn't have namecoind or nmcontrol or a wallet installed on this box, so I installed freespeechme with the bundle. The install seemed to complete. That is, freespeechme shows up in my firefox extensions, and on the toolbar. I assumed the blockchain was downloading. Next morning, I try browsing a .bit site (such as https://dot-bit.bit/), I get a connection was reset page. When I open freespeechme's option dialog, I see the message...
namecoind not responding, try again in a couple minutes.
This has been this was since the exension was installed. Port 80 is working fine. No evidence of this being a firewall issue. I fear I'm missing something obvious. Any suggtions?
thanks!
namecoind not responding, try again in a couple minutes.
This has been this was since the exension was installed. Port 80 is working fine. No evidence of this being a firewall issue. I fear I'm missing something obvious. Any suggtions?
thanks!
Re: FreeSpeechMe Tech Help
fwb3 wrote: namecoind not responding, try again in a couple minutes.
thanks!
I know on Windows when I get that, if I go to the Options/Stauts tab, hit "OK", I see the CMD windows open again (I know they're hidden on GNU/Linux), and somehow, that "restarts" the functions of the program.
Kind of reminds me of Fonzie hitting the Jukebox, but it works.
MWD
Namecoin, Dot-Bit and MeowBit are a complete new Internet ecosystem, building the roads to Web 4.0. http://www.meowbit.com
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit