LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   LQ Suggestions & Feedback (http://www.linuxquestions.org/questions/lq-suggestions-and-feedback-7/)
-   -   netdna-ssl ? Security qn about authorised sources (http://www.linuxquestions.org/questions/lq-suggestions-and-feedback-7/netdna-ssl-security-qn-about-authorised-sources-4175423509/)

chrism01 08-22-2012 08:10 PM

netdna-ssl ? Security qn about authorised sources
 
Hi Guys,

I like to keep my browser locked down to minimise security issue.
For LQ I've previously had to enable scripts & images from linuxquestions.org, thequestionsnetwork.org, thequestionsnetwork.net & now all of a sudden this morning, there's a new one netdna-ssl.com...
Is this legit and can I have the legit list confirmed please?
I would ideally have liked an email a few days in advance to warn me, but I guess there are too many users for that.
Maybe some kind of login/cxn warning/advice?

Cheers
Chris

unSpawn 08-22-2012 08:35 PM

Quote:

Originally Posted by chrism01 (Post 4761575)
now all of a sudden this morning, there's a new one netdna-ssl.com...
Is this legit

It appears Jeremy's testing a CDN.


Quote:

Originally Posted by chrism01 (Post 4761575)
can I have the legit list confirmed please?

Looks OK to me.

chrism01 08-22-2012 10:14 PM

Thanks, I appreciate it.
I'll check back again at some pt to see if there's anything else I need to know.

wildwizard 08-23-2012 05:15 AM

I've just noticed this one too, seems to be required for the drop down menus at the top to work.

I too run a very locked down setup and don't like adding random hosts without knowing why.

unSpawn 08-23-2012 07:20 AM

Quote:

Originally Posted by wildwizard (Post 4761891)
don't like adding random hosts without knowing why.

Well, you figured that out yourself already: it currently only loads some vBB-related scripts from lqo-thequestionsnetw.netdna-ssl.com/questions/clientscript/. Other than that anyone should feel free to do connection and traffic auditing and 'net recon to find out if things are legit and using dig, WHOIS, openssl (certificate check), Robtex, DNStree, Wikipedia, WOT, Google Safe Browsing and your favorite search engine(s) you should find we're in the company of CDN users like Disqus, Garmin, Mashable and Facebook and that usage of the netdna-ssl domain means we get served CDN content over HTTPS through what they call "Shared SSL".

jeremy 08-23-2012 12:22 PM

Quote:

Originally Posted by chrism01 (Post 4761575)
I like to keep my browser locked down to minimise security issue.
For LQ I've previously had to enable scripts & images from linuxquestions.org, thequestionsnetwork.org, thequestionsnetwork.net & now all of a sudden this morning, there's a new one netdna-ssl.com...
Is this legit and can I have the legit list confirmed please?
I would ideally have liked an email a few days in advance to warn me, but I guess there are too many users for that.
Maybe some kind of login/cxn warning/advice?

I can confirm that it's a valid place for LQ content to be coming from. It's actually not a new CDN, but the domain did change as we're testing moving most static content to SSL. Unfortunately, at our size there is really no way for us to warn all members (and realistically, I can't imagine more than a handful have things quite as locked down as above). If you ever need confirmation of the legitimacy of a source, however, feel free to post as you've done here or contact me directly.

--jeremy

jeremy 08-23-2012 12:34 PM

On this note, most static content is now being served by the CDN over SSL. If any members notice anything not working as expected, or have any comments on performance improvements/regressions, please let me know.

--jeremy

chrism01 08-23-2012 06:42 PM

Quote:

If you ever need confirmation of the legitimacy of a source, however, feel free to post as you've done here or contact me directly.
Thanks Jeremy; a class act as always :)

allend 08-24-2012 11:35 AM

I also noticed this. It affects the use of buttons in the reply windows and the display of reputation points on mouse rollover.
Thanks for the reassurance!

Ser Olmy 08-25-2012 06:16 PM

Quote:

Originally Posted by jeremy (Post 4762291)
On this note, most static content is now being served by the CDN over SSL. If any members notice anything not working as expected, or have any comments on performance improvements/regressions, please let me know.

--jeremy

As of right now, the NetDNA servers in Amsterdam seem to be having trouble. Again. The servers are reachable and respond to ping and TLS negotiations, but then... nothing.

All the pages at linuxquestions.org take ages to load, and appear as black text on a white background with no images. I suspect most if not all European users have the same problem.

As I said, it is not the first time this has happened, but previously the outages have lasted only minutes.

Edit: Correction, the images are actually there, such as the penguin in the top left corner, the message icons and the smileys. Strike that, the images were cached locally. I flushed the browser cache, and now most images are gone. Smileys are still there. The pages take forever to load and end up all white. I'm seeing duplicate TLSv1 "Encryption Alert" packages from NetDNS resulting in (duplicate) ACKs from my host, and finally RST from NetDNS.

vulcan59 08-26-2012 05:28 AM

Quote:

Originally Posted by Ser Olmy (Post 4764265)
As of right now, the NetDNA servers in Amsterdam seem to be having trouble. Again. The servers are reachable and respond to ping and TLS negotiations, but then... nothing.

All the pages at linuxquestions.org take ages to load, and appear as black text on a white background with no images. I suspect most if not all European users have the same problem.

As I said, it is not the first time this has happened, but previously the outages have lasted only minutes.

Edit: Correction, the images are actually there, such as the penguin in the top left corner, the message icons and the smileys. Strike that, the images were cached locally. I flushed the browser cache, and now most images are gone. Smileys are still there. The pages take forever to load and end up all white. I'm seeing duplicate TLSv1 "Encryption Alert" packages from NetDNS resulting in (duplicate) ACKs from my host, and finally RST from NetDNS.

Yes, I have been seeing exactly the same problem for the last few hours in the UK. Firefox sits waiting for lqo-thequestionsnetw.netdna-ssl.com for a couple of minutes every time I click on a link. So far it has taken me 4 minutes to get to the point where I can post this message.

druuna 08-26-2012 05:38 AM

Same here (Netherlands). LQ is unworkable slow.

273 08-26-2012 06:27 AM

I'm glad it's not just me. I've had slowness and lack of images and css (I'm guessing) for about the past 18 hours. I'm in the UK.

unSpawn 08-26-2012 06:49 AM

Should be OK right now.

GazL 08-26-2012 07:19 AM

Still having the problem here.


All times are GMT -5. The time now is 11:10 AM.