Discussion:
wget, lynx-like html-fetcher for <Aug2009slackware> ?
(too old to reply)
q***@outlook.com
2020-05-15 11:26:10 UTC
Permalink
Running USBstik-based old-linux from a Win10 laptop, gives mostly
"TLS & SSL" errors; and eg. for:
wget -o xSSLlinksDL.html --no-check-certificate\
http://www.aboutlinux.info/2007/02/links2-cross-platform-console-based-web.html
gets:-
--2020-05-02 15:08:22-- https://pkgs.org/download/links2
Resolving pkgs.org (pkgs.org)... 46.4.72.43
Connecting to pkgs.org (pkgs.org)|46.4.72.43|:443... connected.
WARNING: The certificate of `pkgs.org' is not trusted.
WARNING: The certificate of `pkgs.org' hasn't got a known issuer.
The certificate's owner does not match hostname `pkgs.org'
HTTP request sent, awaiting response... 403 Forbidden
2020-05-02 15:08:24 ERROR 403: Forbidden.
----------------------------------------------
How can older linux USBstik-installs get "Text-only-html" like in
years-ago?

==TIA.
Henrik Carlqvist
2020-05-15 16:48:22 UTC
Permalink
Running USBstik-based old-linux from a Win10 laptop, gives mostly "TLS &
wget -o xSSLlinksDL.html --no-check-certificate\
http://www.aboutlinux.info/2007/02/links2-cross-platform-console-
based-web.html
gets:-
--2020-05-02 15:08:22-- https://pkgs.org/download/links2 Resolving
pkgs.org (pkgs.org)... 46.4.72.43 Connecting to pkgs.org
(pkgs.org)|46.4.72.43|:443... connected. WARNING: The certificate of
`pkgs.org' is not trusted.
WARNING: The certificate of `pkgs.org' hasn't got a known issuer.
The certificate's owner does not match hostname `pkgs.org'
HTTP request sent, awaiting response... 403 Forbidden 2020-05-02
15:08:24 ERROR 403: Forbidden.
----------------------------------------------
How can older linux USBstik-installs get "Text-only-html" like in
years-ago?
The problem is not lack of "text-only-html" but if the web server is
running a standard unencrypted web server (http, usually on port 80) or
an encrypted SSL server (https, usually on port 443). Some servers have
both.

https is great for things like logging in with username or password which
you don't want to send in clear text or doing stuff on your bank account
when you don't want anyone to do a man-in-the-middle attack. But in my
opintion https only has drawbacks for a simple thing like a search on
google or reading a news papers web site.

The problem with https is as you have noted that your installed SSL
certificates will expire, and unless you update those certificates you
will no longer be able to surt to web sites only providing https.
Updating those certificates on your USB stick is probably easier than
trying to update the certificates on my old Android phone from 2009.

regards Henrik
Rich
2020-05-15 17:13:43 UTC
Permalink
Post by Henrik Carlqvist
https is great for things like logging in with username or password
which you don't want to send in clear text or doing stuff on your
bank account when you don't want anyone to do a man-in-the-middle
attack. But in my opintion https only has drawbacks for a simple
thing like a search on google or reading a news papers web site.
The standard excuse for https even for things like a google search or
reading a news site is that https prevents a middleman from modifying
the page as it is in transit to your browser.

I.e., Comcast in the US was called out for this some years back when
they were both injecting their own advertisements into other sites
random pages as well as injecting warnings for "approaching unstated,
unspecified, maximum data transfer amount for the month" into pages you
browse.

I.e., your ISP, if they were so inclined, could substitute the news
articles from your selected news site with news articles they felt were
"more appropriate" for you to be viewing. Viewing the news site over
https prevents those shenanigans.

As to whether you personally feel the protection against a slim chance
of a middleman trying to substitute the content is worth the hassle of
keeping one's ssl certs/library up to date is a question only you can
answer for yourself. I'll agree that there are many examples where the
pain seems not worth the effort.
Eric Pozharski
2020-05-16 12:49:03 UTC
Permalink
Post by Rich
Post by Henrik Carlqvist
https is great for things like logging in with username or password
which you don't want to send in clear text or doing stuff on your
bank account when you don't want anyone to do a man-in-the-middle
attack. But in my opintion https only has drawbacks for a simple
thing like a search on google or reading a news papers web site.
*SKIP*
Post by Rich
I.e., your ISP, if they were so inclined, could substitute the news
articles from your selected news site with news articles they felt
were "more appropriate" for you to be viewing. Viewing the news site
over https prevents those shenanigans.
Also, ISP can capitalize on users' behaviour. What cuts on google's
profits. Hence DOH.
Post by Rich
As to whether you personally feel the protection against a slim chance
of a middleman trying to substitute the content is worth the hassle of
keeping one's ssl certs/library up to date is a question only you can
answer for yourself. I'll agree that there are many examples where
the pain seems not worth the effort.
My understanding this spirals pretty much from the start. If remote
(being it site's admin or package maintainer) decides to disable
anything below TLS1.3 then local can't just drop in replacement
libraries -- those aren't backward compatible; local can't just drop in
replacement libraries and the recompile userspace -- libraries aren't
backward compatible; and if local goes spot-upgrade then something
might manifest as not forward compatible (with Modern Technologies(TM)).
Just in case, talking from experience here (my beloved elinks has been
built seven years ago; I assure you, it's shitty/minefield experience).
--
Torvalds' goal for Linux is very simple: World Domination
Stallman's goal for GNU is even simpler: Freedom
Mike Spencer
2020-05-16 19:22:07 UTC
Permalink
Post by Eric Pozharski
Post by Rich
As to whether you personally feel the protection against a slim
chance of a middleman trying to substitute the content is worth the
hassle of keeping one's ssl certs/library up to date is a question
only you can answer for yourself. I'll agree that there are many
examples where the pain seems not worth the effort.
My understanding this spirals pretty much from the start. If remote
(being it site's admin or package maintainer) decides to disable
anything below TLS1.3 then local can't just drop in replacement
libraries -- those aren't backward compatible; local can't just drop
in replacement libraries and the recompile userspace -- libraries
aren't backward compatible; and if local goes spot-upgrade then
something might manifest as not forward compatible (with Modern
Technologies(TM)). Just in case, talking from experience here (my
beloved elinks has been built seven years ago; I assure you, it's
shitty/minefield experience).
Not sure I understand all of that but I *think* it reflects my
experience. Unable to connect to my local library with Firefox v.??
and Seamonkey (2.21) versions distributed with Slack 14.1.
Investigation reveals no overlap between the 37 cipher suites
supported by Seamonkey 2.21 and the 4 cipher suites supported by the
local library. NYTimes and a [name redacted] financial site, yes;
South Shore Regional Library, no, not secure enough. Email with the
library admins resulted in:

I've had techs look into this, and there is nothing on our side that
is configured in a way that should prevent use of the site. They have
identified two factors that might be impacting your use of the site:

1) your browser, via two contributing factors:

a) Seamonkey is an uncommonly used browser, and thus one not supported
by our network provider (they support the more well-known browsers
such as IE, Chrome, Safari, Firefox, etc.);

b) that the version of Seamonkey that you are using (Seamonkey 2.21)
is in the 'Old and Unofficial Releases' section of the
seamonkey-project.org website, so even if it was a supported browser
then that particular version would still not be on their supported list.

2) Based on the information you provided, it is also possible that
your network and computer configuration may be set up in an uncommon
manner that is impacting your use of the site.

At this time their recommendation is to install one of the more common
and supported web browsers.

Just an example of how HTTPS locks you in to endless upgrade on
someone else's schedule. Trying to figure out how to locally update
crypto libs, cert archives, possible patches etc. is a can of worms
I'm uninterested in.

Presently using Slack 14.2 and Seamonkey 2.40 that works fine.

Except I've given up on the library anyway. Their website author(s)
have striven to include as much graphic eye candy as possible (in a
rural region where many potential visitors are stuck with no broadband
of very pricey bits) and (what I take to be) a combo of js and
stylesheets aimed at kewl interactive features. Result is a dog's
breakfast.

Yeah, yeah, should word leak out that I've looked up _The 120 Days of
Sodom_, papers on surviving multiple venereal diseases or successful
uxorial poisonings.... well, I wasn't looking for a job anyhow. ;-)

Summary: "HTTPS everywhere" is a nice concept but the burden of
implementation at the bleeding edge isn't justified by the benefits.

Cranky ol' geezer,
--
Mike Spencer Nova Scotia, Canada
Eric Pozharski
2020-05-17 15:25:41 UTC
Permalink
Post by Mike Spencer
Post by Eric Pozharski
Post by Rich
As to whether you personally feel the protection against a slim
chance of a middleman trying to substitute the content is worth the
hassle of keeping one's ssl certs/library up to date is a question
only you can answer for yourself. I'll agree that there are many
examples where the pain seems not worth the effort.
My understanding this spirals pretty much from the start.
*SKIP*
Post by Mike Spencer
Just an example of how HTTPS locks you in to endless upgrade on
someone else's schedule. Trying to figure out how to locally update
crypto libs, cert archives, possible patches etc. is a can of worms
I'm uninterested in.
However, even if success is moot, even if resistance is futile, it
should be noted: Stick it to The Man? Totally worith it :>

*CUT*
--
Torvalds' goal for Linux is very simple: World Domination
Stallman's goal for GNU is even simpler: Freedom
Loading...