LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices

Reply
 
Search this Thread
Old 08-22-2012, 07:10 PM   #1
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
netdna-ssl ? Security qn about authorised sources


Hi Guys,

I like to keep my browser locked down to minimise security issue.
For LQ I've previously had to enable scripts & images from linuxquestions.org, thequestionsnetwork.org, thequestionsnetwork.net & now all of a sudden this morning, there's a new one netdna-ssl.com...
Is this legit and can I have the legit list confirmed please?
I would ideally have liked an email a few days in advance to warn me, but I guess there are too many users for that.
Maybe some kind of login/cxn warning/advice?

Cheers
Chris
 
Old 08-22-2012, 07:35 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,134
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Quote:
Originally Posted by chrism01 View Post
now all of a sudden this morning, there's a new one netdna-ssl.com...
Is this legit
It appears Jeremy's testing a CDN.


Quote:
Originally Posted by chrism01 View Post
can I have the legit list confirmed please?
Looks OK to me.
 
Old 08-22-2012, 09:14 PM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Original Poster
Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Thanks, I appreciate it.
I'll check back again at some pt to see if there's anything else I need to know.
 
Old 08-23-2012, 04:15 AM   #4
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 755

Rep: Reputation: 226Reputation: 226Reputation: 226
I've just noticed this one too, seems to be required for the drop down menus at the top to work.

I too run a very locked down setup and don't like adding random hosts without knowing why.
 
Old 08-23-2012, 06:20 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,134
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Quote:
Originally Posted by wildwizard View Post
don't like adding random hosts without knowing why.
Well, you figured that out yourself already: it currently only loads some vBB-related scripts from lqo-thequestionsnetw.netdna-ssl.com/questions/clientscript/. Other than that anyone should feel free to do connection and traffic auditing and 'net recon to find out if things are legit and using dig, WHOIS, openssl (certificate check), Robtex, DNStree, Wikipedia, WOT, Google Safe Browsing and your favorite search engine(s) you should find we're in the company of CDN users like Disqus, Garmin, Mashable and Facebook and that usage of the netdna-ssl domain means we get served CDN content over HTTPS through what they call "Shared SSL".
 
Old 08-23-2012, 11:22 AM   #6
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,353

Rep: Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616
Quote:
Originally Posted by chrism01 View Post
I like to keep my browser locked down to minimise security issue.
For LQ I've previously had to enable scripts & images from linuxquestions.org, thequestionsnetwork.org, thequestionsnetwork.net & now all of a sudden this morning, there's a new one netdna-ssl.com...
Is this legit and can I have the legit list confirmed please?
I would ideally have liked an email a few days in advance to warn me, but I guess there are too many users for that.
Maybe some kind of login/cxn warning/advice?
I can confirm that it's a valid place for LQ content to be coming from. It's actually not a new CDN, but the domain did change as we're testing moving most static content to SSL. Unfortunately, at our size there is really no way for us to warn all members (and realistically, I can't imagine more than a handful have things quite as locked down as above). If you ever need confirmation of the legitimacy of a source, however, feel free to post as you've done here or contact me directly.

--jeremy
 
1 members found this post helpful.
Old 08-23-2012, 11:34 AM   #7
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,353

Rep: Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616
On this note, most static content is now being served by the CDN over SSL. If any members notice anything not working as expected, or have any comments on performance improvements/regressions, please let me know.

--jeremy
 
Old 08-23-2012, 05:42 PM   #8
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Original Poster
Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Quote:
If you ever need confirmation of the legitimacy of a source, however, feel free to post as you've done here or contact me directly.
Thanks Jeremy; a class act as always
 
Old 08-24-2012, 10:35 AM   #9
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,408

Rep: Reputation: 834Reputation: 834Reputation: 834Reputation: 834Reputation: 834Reputation: 834Reputation: 834
I also noticed this. It affects the use of buttons in the reply windows and the display of reputation points on mouse rollover.
Thanks for the reassurance!
 
Old 08-25-2012, 05:16 PM   #10
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,955

Rep: Reputation: Disabled
Quote:
Originally Posted by jeremy View Post
On this note, most static content is now being served by the CDN over SSL. If any members notice anything not working as expected, or have any comments on performance improvements/regressions, please let me know.

--jeremy
As of right now, the NetDNA servers in Amsterdam seem to be having trouble. Again. The servers are reachable and respond to ping and TLS negotiations, but then... nothing.

All the pages at linuxquestions.org take ages to load, and appear as black text on a white background with no images. I suspect most if not all European users have the same problem.

As I said, it is not the first time this has happened, but previously the outages have lasted only minutes.

Edit: Correction, the images are actually there, such as the penguin in the top left corner, the message icons and the smileys. Strike that, the images were cached locally. I flushed the browser cache, and now most images are gone. Smileys are still there. The pages take forever to load and end up all white. I'm seeing duplicate TLSv1 "Encryption Alert" packages from NetDNS resulting in (duplicate) ACKs from my host, and finally RST from NetDNS.

Last edited by Ser Olmy; 08-25-2012 at 06:46 PM.
 
Old 08-26-2012, 04:28 AM   #11
vulcan59
Member
 
Registered: Sep 2007
Location: UK
Distribution: Slackware 13.37 & 14.0
Posts: 71

Rep: Reputation: 24
Quote:
Originally Posted by Ser Olmy View Post
As of right now, the NetDNA servers in Amsterdam seem to be having trouble. Again. The servers are reachable and respond to ping and TLS negotiations, but then... nothing.

All the pages at linuxquestions.org take ages to load, and appear as black text on a white background with no images. I suspect most if not all European users have the same problem.

As I said, it is not the first time this has happened, but previously the outages have lasted only minutes.

Edit: Correction, the images are actually there, such as the penguin in the top left corner, the message icons and the smileys. Strike that, the images were cached locally. I flushed the browser cache, and now most images are gone. Smileys are still there. The pages take forever to load and end up all white. I'm seeing duplicate TLSv1 "Encryption Alert" packages from NetDNS resulting in (duplicate) ACKs from my host, and finally RST from NetDNS.
Yes, I have been seeing exactly the same problem for the last few hours in the UK. Firefox sits waiting for lqo-thequestionsnetw.netdna-ssl.com for a couple of minutes every time I click on a link. So far it has taken me 4 minutes to get to the point where I can post this message.
 
Old 08-26-2012, 04:38 AM   #12
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Same here (Netherlands). LQ is unworkable slow.
 
Old 08-26-2012, 05:27 AM   #13
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,345

Rep: Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773
I'm glad it's not just me. I've had slowness and lack of images and css (I'm guessing) for about the past 18 hours. I'm in the UK.
 
Old 08-26-2012, 05:49 AM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,134
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Should be OK right now.
 
Old 08-26-2012, 06:19 AM   #15
GazL
Senior Member
 
Registered: May 2008
Posts: 3,380

Rep: Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912
Still having the problem here.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
modify sources.list to improve security? sneakyimp Linux - Server 2 05-30-2011 05:02 PM
LXer: Attack on SSL Users Discovered, Tool Sources Released LXer Syndicated Linux News 0 02-25-2009 05:30 AM
Whats the security updates now for the sources.list for etch/Debian? steelheat Linux - Newbie 7 12-15-2007 06:45 PM
user not authorised to run x server alagenchev Ubuntu 8 07-26-2005 03:35 PM


All times are GMT -5. The time now is 08:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration