Jump to content

Wikipedia:Reference desk/Archives/Computing/2019 November 21

From Wikipedia, the free encyclopedia
Computing desk
< November 20 << Oct | November | Dec >> Current desk >
Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.


November 21

[edit]

Font search - The Hunt for Red October intro (and more general)

[edit]

What may be the font used for the intro text of The Hunt for Red October (film)? I have put screenshots into https://www.myfonts.com/WhatTheFont/ , and as a matter of certainty the correct result was not included. Are there other ways to research it? What are even the chances that a font used in a film of a specific period is still in use? --KnightMove (talk) 11:31, 21 November 2019 (UTC)[reply]

The screenshots are far too small. It takes a high resolution image for the font identifiers to work. 135.84.167.41 (talk) 13:16, 21 November 2019 (UTC)[reply]
KnightMove, the first font is something I don't recognise intended to look like an LCD display. The second ("Polijarni Inlet" and onwards), looks to be Eurostile. The serif font is Bookman. The red lettering for the title in Cyrillic and then Latin is surely custom. In general, a lot of fonts from this period (the late phototypesetting era were digitized around this time, as the computer era was beginning, but often fonts like these are fads with a short lifetime, so if they weren't digitised early on they probably never would have been. If you're planning to look hard for them, try catalogues of ITC, the biggest name in display typography at the time, or Berthold or maybe Letraset. Blythwood (talk) 19:16, 24 November 2019 (UTC)[reply]

Unable to access Wikipedia on Google Chrome

[edit]

I wrote about this before at the Help Desk and at the Village Pump, but got no response.

As of 13 November, I can not access Wikipedia from Google Chrome. I get an error message that reads

www.wikipedia.org normally uses encryption to protect your information. When Google Chrome tried to connect to www.wikipedia.org this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.wikipedia.org, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged. You cannot visit www.wikipedia.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

If there is anything I can do on my side that will address this issue, please let me know. I am using Microsoft Edge right now, but I really would prefer to use Chrome. --PuzzledvegetableIs it teatime already? 17:56, 21 November 2019 (UTC)[reply]

Puzzledvegetable, Check your chrome settings, and make sure it's up to date. MoonyTheDwarf (Braden N.) (talk) 18:34, 21 November 2019 (UTC)[reply]
I would imagine this has something to do with a corrupted root CA store. Are you on Windows 10? Have you tried uninstalling and reinstalling Chrome? Does Firefox work? What happens when you inspect the certificate, if possible? I don't know how Windows handles CA stores, or I would help more. Elizium23 (talk) 18:44, 21 November 2019 (UTC)[reply]
It is just as possible that the error message is completely correct. Someone is posing as Wikipedia with an invalid certificate or a Wi-Fi sign-in page is being delivered in place of the actual Wikipedia page. 135.84.167.41 (talk) 19:35, 21 November 2019 (UTC)[reply]
Good idea, but why would it work fine in Edge? Elizium23 (talk) 19:55, 21 November 2019 (UTC)[reply]
Elizium23, because Edge may be vulnerable to a interception attack MoonyTheDwarf (Braden N.) (talk) 20:05, 21 November 2019 (UTC)[reply]
That would depend on what PV means by "works in Edge" - if Edge is telling him that the certificate is valid, unrevoked, unexpired, then I would find it extremely shocking that it is "vulnerable to an interception attack". It would be a catastrophic and nearly impossible breakdown in the trust model of TLS cryptography and the PKI that implements it. Of course, he doesn't say whether Edge claims the certificate is valid, just that it "works" and lets him through to Wikipedia's website, although those are typically one in the same nowadays. Elizium23 (talk) 01:35, 22 November 2019 (UTC)[reply]
1. I am using Windows 10 with a Dell Inspiron. 2. I am not the only one that starting experiencing this around that time in November, see here. 3. On Edge it simply says "Your connection to the server is encrypted." Chrome displays the lengthy message I posted above. 4. For a few hours today, it worked even on Chrome, but it stopped working again. 5. I do not know what a " corrupted root CA store" is, but if you feel explaining more may help, please do so. 5. I have not yet reinstalled Chrome, but I have reset my settings. --PuzzledvegetableIs it teatime already? 02:04, 22 November 2019 (UTC)[reply]
So browsers, and operating systems, come with a "certificate store" which includes, most importantly, root Certificate Authorities that can certify things such as Wikipedia's TLS website certificates. According to this discussion, Chrome relies on the one built in to Windows now. If the root CA store becomes corrupted somehow, mayhem ensues. I believe that Windows' system of signing software packages and drivers also relies on these root CAs. One thing I am curious about is, is it only Wikipedia where you are having this problem? Have you tried an exhaustive list of other websites you regularly visit? I am wondering if a single root CA is affected, only Wikipedia itself, or if this is a larger problem. What about other Wikimedia projects? Meta? Commons? Wiktionary? Other languages? Elizium23 (talk) 02:20, 22 November 2019 (UTC)[reply]
Other Wikimedia projects are giving me the exact same error, although those are the only websites that I have encountered this issue by. --PuzzledvegetableIs it teatime already? 02:45, 22 November 2019 (UTC)[reply]
Are you willing to share if you are the one who posted a few hours ago in that thread? Because if you are, I see a bunch of people complaining about the problem on the 13th and one who even said it's now fine for them, but only you who's still having the problem. BTW, you mentioned you reset your settings but did you actually restart Chrome or your computer since the problem begun? Also did resetting your settings entail disabling all your extensions? Nil Einne (talk) 05:56, 22 November 2019 (UTC)[reply]
I have restarted Chrome and my computer, and my only browser extension is AdBlock, which I don't think is responsible for this. I tried without it enabled, but I still couldn't get on. --PuzzledvegetableIs it teatime already? 17:38, 22 November 2019 (UTC)[reply]
Looking into this more is difficult since there are a lot of false positives from some GlobalSign changes in 2016 and/or 2017. I did notice the certificate was only issued on the 8/11/2019 so I wonder if it could be a related problem but I don't understand why it would work on Edge or sometimes on Chrome then considering I believe Elizium23 is correct and the based root certificate store for Chrome is the Windows one. I'd also not that a bunch of the others were having problems on Android, including [1] which notes that the cert problem began around the time it was rolled out (~4 days after it was issued). You haven't disabled Windows updates I hope? Also I assume Chrome is auto updating? Nil Einne (talk) 06:22, 22 November 2019 (UTC)[reply]
I found Phabricator:T237650 which suggests the WMF made some changes with the deployment to fix issues with outdated OSes or browsers. This explains why there were so few reports, basically it was only those with very outdated software that didn't have the new root certificate, but not so old that it didn't support ECDSA. Anyway the WMF changed things so even those with such systems won't have problems hence why it was quickly resolved and there have been no reports since 13 November other than, I expect, yours. None of this should affect a Windows 10 computer (which has trusted the R5 root since 2015 [2] or probably before) or modern Chrome, especially not now. Since it's fine on Microsoft Edge, it's even more perplexing. One possibility would be somehow your GlobalSign R5 root is missing or damaged, but this isn't happening on Edge and in any case, it should fall back to the R3 AFAIK. I also don't understand why it would start working for a while and stop. It's possible there is something wrong with ECDSA in your config, it should fall back to RSA but if there's something weird it might not know what to do. It's also possible there is some weird caching or routing issue going on. One of the reasons I suggest you restart your computer and your browser if you haven't already. Maybe even your router if you can. As said, you should also disable all extensions in Chrome. If none of that helps, it's probably worth uninstalling and reinstalling Chrome. P.S. As I said before, I really hope you haven't disabled either Windows updates or Chrome updates. Nil Einne (talk) 07:02, 22 November 2019 (UTC)[reply]
I haven't disabled either of those. --PuzzledvegetableIs it teatime already? 17:38, 22 November 2019 (UTC)[reply]
One final comment. It seems like the WMF actually has 2 different certs, one from DigiCert, the one mentioned above from GlobalSign, Phabricator:T209515, [3]. It seems that DigiCert is on Wikitech:Esams cluster in Amsterdam and GlobalSign is on the rest. Since it sounds like you live in the US, you are unlikely to be served from this cluster unless you use a proxy or are on holiday. But if for some reason Edge or Chrome sometimes is served by Esams or with the Digicert certification, this would probably explain why it works okay as maybe the latest Digicert certificate, which has been in deployment for a while is fine for you, unlike GlobalSign. Could you check who issued the certificate when it works in Edge and, if you ever get the chance, Chrome? Also who issued it when it doesn't work in Chrome. Also, it just occurred to me if you have working IPv6 then this could explain differences in routing and so differences in results. Chrome and Edge may decide different whether to use IPv6 or IPv4, and it could also be different between sessions. It may help if you report if it's using IPv4 of IPv6 when it works. If you don't know how, log out of Wikipedia and try going to Special:Mytalk and tell us if you see a string of 4 numbers with dots in between (e.g. 192.168.0.6), or a string of most likely more than 4 hexadecimal numbers with a column : between e.g. 2001:6034::2abd:1405::59f1:fead. Don't report the actual numbers here unless you want to give away your IP, just tell us what type it is. (I can't see any easy safe way for when it doesn't work, so probably don't bother.) Nil Einne (talk) 07:27, 22 November 2019 (UTC)[reply]
My IP is the first type (e.g. 192.168.0.6). The certificate issued when it works in Edge is GlobalSign from San Francisco. I still can't get on using Chrome, but when I try, its says the certificate was issued by "ContentWatch Certificate Authority". --PuzzledvegetableIs it teatime already? 17:38, 22 November 2019 (UTC) + tweak[reply]
Well that's an interesting find. ContentWatch seems to be a root certificate installed by Net Nanny likely so they can run an interception proxy. If you installed Net Nanny, or your parents did then this isn't a problem. If you didn't and no one should be installing stuff on your computer without your permission, you probably want to look in to what is going on, not something we can help you with. Anyway if you want or need to keep Net Nanny, something seems to have broken. You could try reinstalling it or asking for it to be reinstalled. If you did install Net Nanny but no longer need it the uninstall it. If you thought you did uninstall it, well it may get complicated. Nil Einne (talk) 16:14, 23 November 2019 (UTC)[reply]

One of the most problematic and disturbing facts of PKI is how root CAs can easily be injected into an OS installation. As we've seen here, NetNanny has the distasteful behavior of acting as a MITM attacker against otherwise pretty secure cryptography. And that's by design and consent of computer users. Sigh. Elizium23 (talk) 16:19, 23 November 2019 (UTC)[reply]

I do have Net Nanny installed on my computer, so at least that mystery is solved, however I do have a few questions. 1. Wikipedia is not one of the websites that is supposed to be blocked, and I have never had this issue with it before. 2. Usually when Net Nanny blocks something, it gives me a special warning from Net Nanny that says why the website is blocked, it never just takes me to Chrome's unsecure connection page. 3. Why would it work on Edge? Net Nanny is installed on my computer and works no matter which browser I'm using. --PuzzledvegetableIs it teatime already? 22:58, 23 November 2019 (UTC)[reply]

I find it unlikely NetNanny is intentionally blocking the site in this fashion and I don't think anyone is suggesting that. But something has gone wrong. Assuming your comment above can be taken to mean you've verified NetNanny is still mostly working correctly (i.e. blocking sites it should block) on both Edge and Chrome, it's possible that the root certificate that Net Nanny uses has somehow gotten uninstalled. This would seem unlikely if you are visiting other secure websites but then again I don't really know how NetNanny works. Maybe it only MITM's certain websites and you haven't tried to access another website it MITM's yet. (I mean I guess it probably does MITM for blocked websites, so it can show a blocked site message but I don't know for sure and my earlier assumption could be wrong.)

Another possibility is NetNanny uses multiple root certificates for some reason. Another, perhaps most likely possibility, is that NetNanny is somehow doing something wrong in signing the certificate. Perhaps NetNanny is confused or broken because of the change over in Wikipedia's certificate (if it's not totally crap, it should be itself verifying the certificate).

As to why it works in Edge, I don't know but there are many possibilities. Perhaps NetNanny doesn't rely on root certificates to hook into Edge put some other method. (Maybe Edge has parental control APIs it uses for example.) Perhaps somehow the root certificate is working in Edge but not in Chrome. This seems unlikely because Chrome uses OS ones but in this scenario I wouldn't discount it especially since each browser may choose what to do different with a certificate. For example, if Net Nanny is still dumb enough to use the same root certificate for every single installation [4] rather than generating a new one each time which is only locally stored, I wouldn't be surprised if some browsers choose to block them although would expect more reports if this were a recent development. Perhaps there's some interaction between Net Nanny and Edge that is different from Chrome that causes Net Nanny to incorrectly sign the certificate for Chrome. (Actually there is a very small possibility this doesn't directly come about from your use of Net Nanny but because someone is trying to misuse Net Nanny's root certificate to monitor your connection assuming they do still do something as stupid as that or did so recently.)

It's quite difficult to say without a lot further investigation and knowledge of Net Nanny which I suspect no one here has, and probably no one really cares to find out. As I suggested, really it makes sense to just reinstall Net Nanny or ask for it to be reinstalled and see if that fixes it. If it doesn't I would suggest Net Nanny support I assume you or someone has paid for the product so are probably entitled to some level of support. If that isn't an option, perhaps try a Net Nanny specialised forum.

Nil Einne (talk) 13:15, 24 November 2019 (UTC)[reply]

It occurs to me that one possibility is that Net Nanny keeps the certificates it generates for a long time. And for some reason the root certificate it is using has changed, so when it signed a new certificate for Wikipedia, perhaps because of the WMF certificate changeover it used this new certificate. And for some reason this certificate isn't being accepted by Chrome. Perhaps it is using a new root certificate but somehow it never got installed. Perhaps Chrome doesn't like this new root for some reason. Also if Net Nanny is particularly flawed, it's possible they only added either the GlobalSign R5 root or ECDSA support recently and this has somehow caused problems. (I'm assuming the version of Net Nanny you're using is nore more than 1-2 years old since it sounds dangerous to use a fairly old version of such software.) Also, if Net Nanny is dumb enough to carry out the interception outside your network i.e. on a server they control, I can imagine a whole host of horrors and pitfalls. Nil Einne (talk) 13:41, 24 November 2019 (UTC)[reply]

Emails dated 2038: the sequel

[edit]

Referring to this question, I got this reply:

The email you have forwarded to us is a spam, which we can also see that it was detected as spam by our system filters.

Please ignore the email and if you see another email you send with a wrong date, please forward it to us. — Vchimpanzee • talk • contributions • 19:41, 21 November 2019 (UTC)[reply]