[OSM-talk-be] JOSM Remote control

Glenn Plas glenn at byte-consult.be
Sat Feb 28 19:25:35 UTC 2015 

Hey Andre,

localhost or 127.0.0.1 is ipv4 , why is your netstat only showing ipv6
ports ?

Glenn

On 28-02-15 19:41, André Pirard wrote:
> On 2015-02-28 17:58, Jo wrote :
>> It makes a connection to the website of openstreetmap and sends your
>> password over it. If you do that over http, all the routers in the
>> middle can simply see your password. Is that a big deal? Not in
>> itself, until somebody starts to 'impersonate' you. Making uploads
>> that weren't yours in your name.
>>
>> Jo
>>
> I suppose you reply to me (1).
> The "HTTPS support in the Remote Control preferences" controls Remote
> Control which, usually, happens only inside the local computer, which is
> obvious if you use  local ports https://localhost:8112 (or
> http://localhost:8111) as in Glen's or Ruben's messages.
> I showed 8111 in a previous message and I show it again in more detail,
> just after a control:
> $ netstat -an | more
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address        
> State     
> tcp6       0      0 127.0.0.1:8111          :::*                   
> LISTEN    
> tcp6       0      0 127.0.0.1:8111          127.0.0.1:56769        
> TIME_WAIT 
> You see JOSM LISTENing for control connections and the TCP connection
> between JOSM 8111 and Firefox 56769 ports that has just been closed.
> Convinced now?
> 
> Remote control could be to another computer as in wget
> http://anotherhost:8111/... but it's not what we are talking about here
> and I don't think Firefox can be configured for that anyway.
> 
> The "connection to the website of openstreetmap" you speak of is
> controlled by Edit>Preferences>Connection...>OSM Server URL:
> If you use https://... there, you get SSL encryption between JOSM and
> OSM.org,
> if you use http://... you don't.
> 
> Cheers
> 
> André.
> 
> 
> (1) and not to Glen or Ruben like in other messages.  If we replied
> inline on this mailing list we would know to whom and about what we're
> writing.
> 
>> 2015-02-28 17:51 GMT+01:00 André Pirard <A.Pirard.Papou at gmail.com
>> <mailto:A.Pirard.Papou at gmail.com>>:
>>
>>     On 2015-02-28 16:57, Ruben Maes wrote :
>>>     Maybe you can circumvent the issue by doing this:
>>>
>>>     Open JOSM and make sure you have Remote Control enabled. In Firefox,
>>>     go to this address: https://127.0.0.1:8112/
>>>     You should get a warning screen saying "This Connection is Untrusted".
>>>     Click "I Understand the Risks" and press the "Add Exception..."
>>>     button.
>>>     A window pops up. (You can press "View" and inspect the certificate if
>>>     you like. Close the details window if you have done so.) Make sure
>>>     "Permanently store this exception" is checked and click "Confirm
>>>     Security Exception".
>>>     Now you should see a Bad Request error page because you haven't asked
>>>     JOSM to do anything ;)
>>>
>>>     This worked for me. The website still emits an alert that editing
>>>     failed, but JOSM loads the data.
>>>
>>>     Ruben
>>     That's only if HTTPS support is enabled in the Remote Control
>>     preferences.
>>     If it's not, my config, 8112 port -> unable to connect.
>>     And I conclude that the alert I receive too may be because of
>>     trying to use
>>     closed port 8112 before using port 8111.
>>
>>     And my question is: why enable HTTPS if it causes problems?
>>     It encrypts information that's stays in your computer, doesn't it?
>>     Fearing that NSA would learn the locations you load via remote
>>     control?
>>
>>     Cheers
>>
>>     André.
>>
>>
>>>     2015-02-27 9:20 GMT+01:00 Glenn Plas <glenn at byte-consult.be> <mailto:glenn at byte-consult.be>:
>>>>     StartSSL is a free certificate provider, and most probably firefox
>>>>     doesn't have the intermediate certificate chain on board which means it
>>>>     cannot verify.
>>>>
>>>>     That is probably the reason, although I do not see startSSL as the
>>>>     certificate writer,  I see rapidSSL instead.  startSSL is not really a
>>>>     great one to use actually for a site like this.
>>>>
>>>>     Apple products have the same problem with the latest GoDaddy certificates.
>>>>
>>>>     https://www.sslshopper.com/cheapest-ssl-certificates.html
>>>>
>>>>     You might want to try this in firefox:https://127.0.0.1:8112/
>>>>
>>>>     https://www.sslshopper.com/ssl-checker.html#hostname=https://www.openstreetmap.org
>>>>
>>>>     And see if it gives you a chain error or not.  It will work in chrome,
>>>>     but it depends on the browser.
>>>>
>>>>     If you don't get the all-green in firefox, you just need to assemble a
>>>>     chain file with the missing intermediate certificates so the browser can
>>>>     validate.
>>>>
>>>>     Note, this heavily depends on firefox (/browser) version, I see in my FF
>>>>     that it loads the intermediates fine:
>>>>
>>>>             Common name: RapidSSL CA
>>>>     Organization: GeoTrust, Inc.
>>>>     Location: US
>>>>     Valid from February 19, 2010 to February 18, 2020
>>>>     Serial Number: 145105 (0x236d1)
>>>>     Signature Algorithm: sha1WithRSAEncryption
>>>>     Issuer: GeoTrust Global CA
>>>>
>>>>             Common name: GeoTrust Global CA
>>>>     Organization: GeoTrust Inc.
>>>>     Location: US
>>>>     Valid from May 20, 2002 to August 20, 2018
>>>>     Serial Number: 1227750 (0x12bbe6)
>>>>     Signature Algorithm: sha1WithRSAEncryption
>>>>     Issuer: Equifax
>>>>
>>>>     Glenn
>>>>
> 
> 
> 
> _______________________________________________
> Talk-be mailing list
> Talk-be at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/talk-be
> 


-- 
"Everything is going to be 200 OK."

More information about the Talk-be mailing list