PlingStore
Pages: 1 2
Theo Markettos (89) 919 posts |
No, not that one |
David J. Ruck (33) 1636 posts |
I hope AndrewR has trademarked the RISC OS PlingStore name, or its only a matter of time before he’s on the receiving end of a legal nastygram. plingstore.org.uk was registered in 2012, pling.com in 1998, but I don’t know when they started using the name PlingStore without a trawl through the internet archive. |
Rick Murray (539) 13850 posts |
Looking in the history, the initial commit was on the 20th of August 2019 when they cloned OCS-Store. Doesn’t mean they mightn’t try to lob a sueball, but it’s much shakier ground if the use of the name they’re complaining about actually came first. But, like my CastAVote, size and resources and hassle determines who “wins”, not who happens to be right. For that you need to get legal, and that’s £$€ right there. |
Vince M Hudd (116) 534 posts |
Although plingstore.co.uk was registered in 2012, I suspect it was probably done to protect the name, given the registration information. We can see now that it’s registered through GeneSys/Orpheus – but back then (when registrant details were visible) it was registered to Richard. I see the .com is now for sale – probably expired at some point then picked up by someone hoping to make a quick buck (or 2,395 of them). |
andym (447) 473 posts |
On a separate note, is PlingStore down today? Tried it yesterday, and got a few hours of “Please wait…” whereas today, I’m getting “Error on server”? Also, the Plingstore website no longer works… |
Chris Hughes (2123) 336 posts |
yes Plingstore and website are down as confirmed just now by email from Andrew Rawnsley, seems Alan W who runs the site and servers is having major/serious ISP related issues at the moment. |
Steve Pampling (1551) 8172 posts |
ionos.co.uk hosting – their status page says everything is fine, various randomly chosen servers on adjacent addresses come up with the default host machine response (which is a Parallels Panel instance) Certificates mildly not correct (subtle sarcasm there) so what you get (if you’re strange enough to follow through) is: An error occurred during a connection to 82.165.16.152. Peer using unsupported version of security protocol. Error code: SSL_ERROR_UNSUPPORTED_VERSION step through that warning and get: The certificate is not trusted because it is self-signed. Issuer Name Validity So self-signed, not even vaguely up to date and broken for multiple users hence the fact you can see the underbelly. I think the hosting company need to do some maintenance on the host boxes, as well as update their status page to give the true state of things. I don’t envy Alan’s task of chasing that one up. |
Frederick Bambrough (1372) 837 posts |
The Plingstore’s back up. |
Steve Pampling (1551) 8172 posts |
Only if you access it using TCP port 80 (HTTP) Given the transfer of security sensitive data for purchased items I would not use the site at present. Like I said it will be a while before Alan chases up all the problems. |
Chris Hughes (2123) 336 posts |
The application does not actually use the website and uses a different secure connection as I understand it. The priority I think was getting the application connecting again. Your card details are not stored on the server etc. |
Steve Fryatt (216) 2105 posts |
Although the Ionos-hosted site I’m involved with still seems to be up, and serving valid-looking certs. |
Steve Fryatt (216) 2105 posts |
So the fact that reports here suggested that both broke together just indicates a coincidence, or Fake News? |
Chris Hughes (2123) 336 posts |
No Steve, not fake news as I understood it the application was not properly working yesterday then the website went down as well. Application is back up and working but website pages seem to still be down when I tried 30 mins ago. |
Rick Murray (539) 13850 posts |
Meanwhile, in the real world, it’s more like: we use a payment processor so your card details are nothing to do with us 1 2
Ah, but the question is, if it doesn’t use the website, does it use the same host? Could be a simple way of distinguishing what needs to be sent. If https, then human readable HTML. If {custom} then machine readable stuff. 1 Also useful for mechanisms like Verified by Visa. 2 Also also useful in that the processor may have a country-local presence, so geoblocked cards can be used. |
Steve Pampling (1551) 8172 posts |
Telnet 443 heyrick.eu :) shows you what happens. Note: Contrary to the MS default install in Win7 + Telnet client is not a security risk. Telnet server (which also just a tick box away is a security risk BTW. Pat on head, award yourself a chocolate – the server response comes out as “A” on the SSL Labs testing on both IPv4 and IPv6 access. “fi3-6.irrelevant.com” |
Rick Murray (539) 13850 posts |
Off topic, so I’ll keep it short(ish). There’s a shop over here called Action. It’s a sort of supermarket without much in the way of food (mostly sweets, no cans, no perishables). It’s claim to fame is that everything is dirt cheap. Not entirely off topic, however, as fraud and such mean that it’s often in the customer’s interest to restrict what their handy piece of plastic can actually do. Which is of relevance as the only payment method I have that would work in the UK is a virtual card that has a predefined limit and for many French purchases and all foreign ones requires me to enter a code that is sent to my phone by SMS. In other words, I’m not whinging about not being able to buy stuff for the lulz, nor am I not buying stuff because I have no money 3, it’s more of a fact that if your payment methodology is stuck in the early ‘90s then it just isn’t secure enough to work. Give me WorldPay or Ogone (Ingenico?) and we can talk. Give me a site or app that wants my card number to push through to somebody to enter manually into a terminal, then I might as well give you random numbers for all the good it’ll do you… 5439 9971 4709 7239 or something. 1 Some sort of tax dodge? 2 Whether or not Loire Atlantique is or isn’t Brittany depends upon who you ask and how far back you look (it also explains the “BZH” graffiti). Given the impressive chateau in Nantes is the ancestral home of the dukes of Brittany, one can help but to think that they have a point. But since Rennes is the administrative centre of Brittany and Nantes is the administrative centre of the Loire region, sorting that out would be a nightmare. 3 Though, that is the next excuse… 😉 |
Rick Murray (539) 13850 posts |
Pat Rob’s head. I just asked if it was possible to do encrypted. He’s the one who made it all happen.
Oh god no. Yesterday I opened a bag of Maltesers while settling down to watch stuff on Netflix. One movie and three episodes later I realised with horror that I was now holding an empty bag. Oops. [like a girl I used to know in junior school – severely lactose intolerant, pathologically unable to say no to raspberry ripple ice cream] |
John WILLIAMS (8368) 495 posts |
We here on the Wirral Peninsula have a similar problem. We are deemed to be in “Liverpool City Region” – but we are only connected by two tunnels; close them and we’re in the clear! As I’ve said on other fora, it’ll all end in tiers! |
Steve Pampling (1551) 8172 posts |
Doesn’t really work around Euroland – recall the fuss1 about electronic payments and ensuring all tax is paid to the tax system of the country the purchase was made in/from? i.e. where the customer is determines which taxman gets the dosh. Also lowers their employee fraud potential at a guess. 1 I think Chris Evans was complaining about his wife’s little pin money business and the problems. |
Frank de Bruijn (160) 228 posts |
Dutch, actually. |
Rick Murray (539) 13850 posts |
Ah, I probably read “dutch” and my brain fuzzed that into “deutsch”. Thanks for the correction. |
Rick Murray (539) 13850 posts |
Nothing. Just tried in Hearsay and it gives no reply and disconnects after two characters entered (presumably they’re not the expected characters). |
Steve Pampling (1551) 8172 posts |
Now that’s one of my illusions shattered. :) |
Chris Hall (132) 3558 posts |
Just tried in Firefox and plingstore seems to be working correctly. Can log in and update my apps. |
Steve Pampling (1551) 8172 posts |
Interesting. I noticed that previous tests were flicking through something to the page I checked – www.plingstore.co.uk https://www.plingstore.org.uk is up, using TLS 1.0 so Firefox should be complaining at you Chris. If it isn’t then you made an exception sometime back.
So what you see is an out of date, self-signed, certificate for a different organisation and machine which is only doing TLS 1.0 So, if Firefox is working with it, you made a conscious decision to allow TLS 1.0 and 1.1 as recent versions disable those during the upgrade – with a re-enable button currently. SSL Labs doing a remote test give the site an “F” rating. The site might function as a web page for viewing but I wouldn’t put any trust in the security or validity of the site. 1 As Rick points out the “certificate authority” status is an interesting discussion. However, putting any faith in the validity of a site operating with a self-signed certificate is foolish. |
Pages: 1 2