• Starless River- Coming to a caving hut near you!

    Any questions or comments please email us at info@starlessriver.com or contact Tony directly. Thanks!

    Click here for the thread

  • Descent QI Competition

    Our October/November issue will be Descent 300 - a major landmark, which we plan to celebrate in style!

    ...we're running a competition with great prizes!

    Click here for more info and how to enter

Site issues

royfellows

Well-known member
Anyone else having problems with accessing the site using Chrome?

I keep getting the Chrome warning "Connection is not private" etc and have to click the "Advanced" option to proceed (Unsafe).
Total load of tosh but a damned nuisance.

I am also getting a very slow response time. Issues started about Friday last.

I could always dump Chrome I suppose.
:(
 

mikem

Well-known member
Probably to do with chrome not recognising the updates to UKcaving that were done the other day. It happens on lots of smaller websites, when chrome change their requirements.
 

royfellows

Well-known member
Attempting to refresh my screen to read replies I got a time out error, then the "Your connection is not private" rubbish.

Trying others, straight into aditnow (although read only), straight into Welsh Mines Society, ditto royfellows.uk, the last being an ordinary html site. But Northern Mine same as UKC, and this site uses wordpress. Straight into CCC.
Suspect that the issue is with latest update on Chrome
 

andrewmcleod

Well-known member
This may be completely unrelated, but...

A lot of sites use LetsEncrypt to get free SSL certificates (which you need to make a website secure i.e. HTTPS) which includes ukcaving (assuming I am reading the certificate stuff correctly).

Your computer or (in the case of Firefox only) your browser has a list of 'root' certificates which they implicitly trust; these have been produced by various companies that sell or otherwise are trusted to produce SSL certificates for websites. Modern operating systems will update this list, but older ones do not.

Let's Encrypt are unusual because they will give you certificates for free. However, they are still trusted because they still use a set of tests to ensure that you really do control the domain (e.g. ukcaving.com) that you want to identify yourself as. They have a 'root' certificate that they can use to sign your certificate for (for example) ukcaving.com. Then, when a visitor comes onto your website, they get your certificate saying 'this is ukcaving.com'. But your browser doesn't implicitly trust this certificate; instead it looks to see who has signed it using their certificate and (in the case of most modern operating systems) they see 'ah, Let'sEncrypt have used their root certificate, which we hold a copy of the public part of in our root certificate store, to sign that certificate to indicate that this person really does control ukcaving.com' and so your browser indicates 'this really is ukcaving.com according to someone we trust'. This is an oversimplification, and there are actually more layers of certificates, but that doesn't really matter.

This is all to stop someone redirecting your internet traffic and then pretending to be ukcaving, sucking up your login details and posting inflammatory comments about access or something.

The issue is that when LetsEncrypt started, not that many years ago, nobody trusted their 'root' certificate - which is to say that the public part of it was not included in root certificate stores in your operating system (because it was new). Nowadays it is included (in things since Android 7ish, Mac OS 10.2ish, Windows Vista onwards etc) so computers trust it implicitly, but in order for it to be accepted back then it was signed by another companies root certificate which was widely trusted, and so the Let's Encrypt certificate became trusted in turn.

The problem is that the other company's root certificate expired on the 30th September 2021, which means any older device (not running Firefox) which doesn't have Let's Encrypt's root certificate in its root certificate store no longer trusts a lot of websites. This includes Mac OS <10.2ish, Windows XP SP3 or before (without root certificate updates) and things like smart TVs and Playstations. Android has a weirdness where it trusts the root certificate even though it has expired, so shouldn't have a problem.

Basically, if you are on an old, old operating system and can't access UKCaving without dodging various security warnings, that might be why - but you'll probably see the same thing on other sites.
 

royfellows

Well-known member
Makes sense.

Years ago a customer had similar issue, a visit confirmed that his CMOS battery had gone down so his machine went back to its BIOS date on startup. But he hadn't noticed this.
 

Paul Marvin

Member
royfellows said:
Anyone else having problems with accessing the site using Chrome?

I keep getting the Chrome warning "Connection is not private" etc and have to click the "Advanced" option to proceed (Unsafe).
Total load of tosh but a damned nuisance.

I am also getting a very slow response time. Issues started about Friday last.

I could always dump Chrome I suppose. 
:(

Re do the download Roy your running on an old version, just load it over the top no need to take chrome off  ;)
 

Paul Marvin

Member
Here you are Roy

https://www.google.co.uk/chrome/?brand=CHBD&gclid=CjwKCAjwzOqKBhAWEiwArQGwaDBq4m8ZKiFgmVVmdkoJhpCYv5KyO9fd0-LzN2bLQSeucOcXJDQwhBoCahQQAvD_BwE&gclsrc=aw.ds
 

royfellows

Well-known member
Paul Marvin said:
royfellows said:
Anyone else having problems with accessing the site using Chrome?

I keep getting the Chrome warning "Connection is not private" etc and have to click the "Advanced" option to proceed (Unsafe).
Total load of tosh but a damned nuisance.

I am also getting a very slow response time. Issues started about Friday last.

I could always dump Chrome I suppose. 
:(

Re do the download Roy your running on an old version, just load it over the top no need to take chrome off  ;)
 

Attachments

  • chrome.jpg
    chrome.jpg
    200.1 KB · Views: 192

Paul Marvin

Member
then put something like firefox or yahoo on and see if the problem is still there that will say if its Chrome or not
 

mikem

Well-known member
Although don't try Facebook / WhatsApp as they are down worldwide! (Along with their shares)
 

royfellows

Well-known member
:LOL: About time

and while I am on, the problem has gone now. Dumped anew privacy feature in the Duck Duck Go search engine, maybe something to do with it.
 

royfellows

Well-known member
Reopening an old thread

I have lived with slow opening of UKC and more messages about "Privacy Error", "Unsafe" (It'll blow up?), and all the rubbish under the sun, and not only UKC, many other sites as well. Final straw was tryingg to get into aditnow to look something up and being blocked because the site had been taken over by Inter Stella Space Zombies or other such rubbish.

Well I have just installed Firefox, and an now goint to get a nice cup of coffee and watch Windows uninstall Crome.

One of my troubles is loyalty, I tend to sticj with something and give it a second chance. Well I suppose that every pundit on the web doesn't recommend Firefox for nothing.
By way, its running on Win 7. Oh yes, it even let me inport all my passwords from Chrome, rather expect that most new users are there from Chrome.
I wonder why
:LOL:
 

pwhole

Well-known member
I don't have any issues at all running this forum (or any others) in Chrome but I am on Windows 10 which is the only other thing I can think of that might affect it. I run Malwarebytes as my main security app, but that's only working on delivering, not sending, so don't think that would have any effect. I can get onto AditNow OK too. I haven't a clue if I'm honest - hope Firefox solves it anyway.
 

Cantclimbtom

Well-known member
Come on Roy, you're an IT literate person.
Chrome is far more militant about deprecated crypto than the other browsers (and related cert/CRL/trust issues) so you tend to get this with Chrome and in those cases it merits a proper examination of *why* do you get the errors/warnings.

Now I don't think the sun shines out of the rear end of Chrome (and alternatives can have advantages) but it's not a bad browser, blink is a good rendering engine and Chrome's implementation of it isn't bad, although yes agree it's memory hungry especially multiple tabs and not perfect for privacy.

So I'm not saying Chrome is necessarily the best option for you, but I am saying don't get drawn into any knee jerk reactions. The slightly trigger happy sensitive crypto warning are a good thing IMHO

EDIT: Win7  :chair: :mad: ok you are using an antique and mostly unsupported OS that doesn't support modern cryptographic protocols. Chrome is grumbling because it can't negotiate secure TLS between the browser and websites because your OS doesn't support them

Uninstalling Chrome fixes the problem the same way that putting black paint over a warning light is solving the problem. Come on... Chrome is not the problem you have
 

ChrisJC

Well-known member
Cantclimbtom said:
EDIT: Win7  :chair: :mad: ok you are using an antique and mostly unsupported OS that doesn't support modern cryptographic protocols. Chrome is grumbling because it can't negotiate secure TLS between the browser and websites because your OS doesn't support them

It doesn't seem so long ago that HTTP was unencrypted. And for non sensitive web browsing, it was absolutely fine!!

Requiring TLS version 94 to view UKC is perhaps over the top.

Chris.
 

Cantclimbtom

Well-known member
True.. the content of ukcaving isn't highly confidential, but the fact that Roy's browser can't protect traffic if it was confidential is the bigger worry. To continue my obnoxious rant, if I asked him to post on here his address, a photo of his front door and a high Res close up of his front door key side on he'd hopefully decline. But in this thread he's saying he has Win7, office 2007, moving to Firefox  and missing some kind of patches/updates for crypto. I don't know which AV he has but since it doesn't show in the add/remove programs quite probably Windows Defender? All this info in the post above left lying about on the public internet

In addition his email address (for his *excellent* lamps) is freely available. How much effort would it be to fire up my Kali, poke about in metasploit framework for 5 or 10 mins and craft some word doc vulnerability to email to him (asking about lamps) and install a backdoor on his PC, poke about as I wanted, copying whatever, ransomware him etc etc  Now I'm trustworthy but what if someone less savoury read the thread above my post?

Maybe this sounds tinfoil hat, but I've watched large organisations have their trousers completely taken down by people and unfortunately there are plenty of deeply unpleasant people out there who'd think nothing of doing it, especially easy pickings as described here. Maybe I'm paranoid but I think Win7 shouldn't be connected to outside networks, especially not the public internet
 
Top