Sargasso RSS feed Reader

Trying to convert !Sargasso to ARM-7 – patching the !RunImage
Have got so far as it running in the Desktop – but it gives an error in the log file of not being able to connect.
*******
Trying 173.194.34.87… * Failed to connect to 173.194.34.87: Can’t assign requested address
*******
Also noticed original behaves differently with the Iyonix/516 compared with RPC/402 – such as:-
RPC in the main window gives the http etc plus the msg.
but with the Iyonix just the Http.
Any ideas?
Thanks

My copy of Sargasso which I use to follow the RISC OS Open forum posts has failed today with the error:

I have updated to the latest beta harddisc image to ensure that the certificates held in Resources: are as up-to-date as possible, but this has made no difference.

Does anyone have any further useful advice on this?

Raspberry Pi running latest beta ROM dated yesterday, Sargasso 2.03 (31 Aug 2013).

Peer certificate cannot be authenticated with given CA certificates

Pinch the latest from !NetSurf.Resources.ca-bundle renaming it to cabundle for Sargasso. Works here.

I use this armv7 !Sargasso…
https://www.riscosports.co.uk/downloads.html.
The certificates from !Internet.files.CertData copy to !Sargasso works for me ;-)

Pinch the latest from !NetSurf.Resources.ca-bundle renaming it to cabundle for Sargasso. Works here.

Logical too, as James Bursa is a NetSurf developer. I think I feel an automagic updating script coming on!

Works here now too! So I was mistaken in thinking that Resources:!CaCertificates was relevant – both NetSurf and Sargasso use their own. Out of interest, what does use this shared resource?

Thanks Raik also – but David’s solution seems good, so I’ll use that one!

Out of interest, what does use this shared resource?

I would suggest that the answer is “anything written to use the system SSL/TLS”, which NetSurf (and clearly Sargasso) do not.
The historic situation of having no univerally available SSL support led NetSurf developers to incorporate something in their own code which is probably nolonger needed if the system has a reliable and regularly updated version. Ditto Sargasso and any other application with SSL/TLS support.

which is probably nolonger needed if the system has a reliable and regularly updated version

Depends upon what the client actually needs. AcornSSL is a “here’s encrypted sockets” solution. You open a connection, transfer data, close the connection. It works, end of.
But the sort of stuff that browsers can tell you (like actual specifics of the connection, who signed the cert, what type it is (verified or not)), AcornSSL doesn’t report that sort of information. Indeed, there’s apparently a warning confirmation that can pop up (I’ve never seen it myself) if there’s a problem with the certificate. I don’t think the client is even aware that this happens…

So it may not be suitable for something like NetSurf, however combined with the URL fetcher it makes for a fairly simple built in solution for fetching content, and by using the URL fetcher, one doesn’t need to fart around with socket stuff either.

Indeed, there’s apparently a warning confirmation that can pop up (I’ve never seen it myself) if there’s a problem with the certificate

Oh? examples of broken certificates are easy to find, especially when you deal with people who ask you to “whitelist all these” because the proxy is throwing a fit at the broken certificates. I could name names, oh look I did. It’s all the same company BTW.

Error code: SEC_ERROR_UNKNOWN_ISSUER – because they used a self-signed certificate on a public resource.

Error code: SSL_ERROR_BAD_CERT_DOMAIN – certificate doesn’t match the domain name, because they stuffed a company certificate on a pretty made up URL they registered.

If I whitelisted them my colleague would have me committed since I would quite obviously be insane.
Apparently I’m also supposed to whitelist “http://localhost” too but I suspect the proxy isn’t actually seeing that one.

If Netsurf, Sargasso & AcornSSL all use the same certificate format (I suspect they do, but I am unable to check), just in different locations and with different names, then I would have thought it would be a simple job to compare their release dates and copy the newest over the older ones.

What I’ve done here is to make sure both NetSurf and Sargasso are “seen”, then put a copy obeyfile in Tasks which does:

Copy <NetSurf$Dir>.Resources.ca-bundle <Sargasso$Dir>.cabundle ~c ~v n

- my paths after ensuring only one copy of Sargasso!
Although I think it might be better to add it to Sargasso’s Boot file which is referenced from the Run file.

Altho’ if James made Sargasso look to see if there was a newer version in NetSurf and auto-upgraded that would be even better!

How do we get him aware of this thread?

Post it on the NS forum?

How do we get him aware of this thread?

Post it on the NS forum?

Done!

If Netsurf, Sargasso & AcornSSL all use the same certificate format (I suspect they do, but I am unable to check)

They do.

if James made Sargasso look to see if there was a newer version in NetSurf and auto-upgraded that would be even better!

In my opinion it’d be better to read the copy in <Inet$Path>.files.CertData if it exists, and fall back if not.

What version of Sargasso !RunImage is required for the Iyonix? Using the Arm7 version 2.03 (Aug 2013).

Not sure if this helps, but the source code for Sargasso appears to be available from http://zamez.org/source

certificate doesn’t match the domain name, because they stuffed a company certificate on a pretty made up URL they registered.

I looked at that and thought it myself that there’s no way in hell I’d trust an important medical function to an outfit too stupid to run their own server correctly.

Turns out to be good thinking . . . https://www.theregister.co.uk/2019/06/28/medtronic_insulin_pump_recall/

The only problem I have with that article is the headline “Scumbags can program vulnerable MedTronic insulin pumps over the air to murder diabetics”. I’d have gone more in the direction of “Scumbags create insecure sh!t, pass it off as a medical product, could lead to remote murdering if diabetics”.
Time, perhaps, to start examining their other products. My small exposure to IoT tells me one thing – this is never an “oops we screwed up” anomaly. This is shonky by design, budget, and laziness.

I looked at that and thought it myself that there’s no way in hell I’d trust an important medical function to an outfit too stupid to run their own server correctly

I examine and continue to block regularly.
Company(many): “We don’t get blocked at xyz hospital”
My director: “We’re better than that”

MedTronic insulin pumps

CareLink, also used by their pacemaker implants. “Press any key to discontinue living”?
Of course if were a long standing thing the Register would have picked up on it previously

This is shonky by design, budget, and laziness.

I’m sure the list is longer.

I shall cease, we’re well off topic, although the embedded devices may have ARM cores.

An updated version of Sargasso is available here. It now uses the RISC OS CA certificate bundle file.

An updated version of Sargasso is available

thanks Chris! already downloaded, a welcome update to this app.

There’s an updated version of Sargasso (v2.06pre1) available here. It now has ‘atom’ feed support. An example feed is https://gitlab.riscosopen.org/RiscOS.atom.
It’s not been tested too much, hence the ‘pre1’ version.

I have given this latest version a try several times, but it seems to have a habit of totally disappearing when Hermes fires up to do a mail fetch. Similar hiccups have also happened with the 5 Dec 2019 version.

I am now back on a version from Aug 2013 (RunImage time stamp, which I was using before) and that seems fine.

Has anyone else seen this?

Has anyone else seen this?

Yes, the latest build randomly closes, I’ve not seen any link with Hermes doing a mail fetch, just seems totally random here.

OK – not just me then.

The Hermes connection could be a red herring. However, on probably three occasions I have been viewing a Sargasso listing when the Hermes fetch window appeared on screen (autofetch). Sargasso died at the same time.

?
Do you guys not have a file !Sargasso.Sargasso/log ? That might shed some light on what is happening.

Is the intention that Sargasso remembers when items have been read between launches? When I quit and launch the app, everything is marked as new again.