Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Wheres mixmin?

13 views
Skip to first unread message

telsar

unread,
May 18, 2013, 3:25:55 PM5/18/13
to
My mixmin stopped working...whats up with that?

Do it work for you or do I need to rebuild my connection to it.
--
Steal a little and go to jail, steal a lot and become King.

http://twovoyagers.com/improve-usenet.org/

telsar

unread,
May 18, 2013, 4:07:52 PM5/18/13
to
On 5/18/2013 2:25 PM, telsar wrote:
> My mixmin stopped working...whats up with that?
>
> Do it work for you or do I need to rebuild my connection to it.
>
Never mind looks like either the certificate changed or my TB lost its
except, which I added back and all is well again.

telsar

unread,
May 18, 2013, 4:44:55 PM5/18/13
to
On 5/18/2013 3:07 PM, telsar wrote:
> On 5/18/2013 2:25 PM, telsar wrote:
>> My mixmin stopped working...whats up with that?
>>
>> Do it work for you or do I need to rebuild my connection to it.
>>
> Never mind looks like either the certificate changed or my TB lost its
> except, which I added back and all is well again.
>
Oh, their fake certificate expired on 5/15/2013, yes thats when it
stopped for me.

Steve Crook, I love Mixmin, when you get a chance please generate a new
certificate for your wonderful site... I added a override for my TB to
work, but many others will need it to be done.

Stephen Wolstenholme

unread,
May 19, 2013, 4:07:00 AM5/19/13
to
On Sat, 18 May 2013 14:25:55 -0500, telsar <no...@nowhere.com> wrote:

>My mixmin stopped working...whats up with that?
>
>Do it work for you or do I need to rebuild my connection to it.

It's never worked for me. I gave up trying to get it to work.

Steve

--
EasyNN-plus. Neural Networks plus. http://www.easynn.com
SwingNN. Forecast with Neural Networks. http://www.swingnn.com
JustNN. Just Neural Networks. http://www.justnn.com

Steve Crook

unread,
May 19, 2013, 7:17:16 AM5/19/13
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sat, 18 May 2013 15:44:55 -0500, telsar wrote in
Message-Id: <kn8p0s$so8$1...@dont-email.me>:

> Oh, their fake certificate expired on 5/15/2013, yes thats when it
> stopped for me.

It's sorted now. Sorry about that, the certs are only valid for 6
months and I have a tendency to forget until they expire. Time for a
cron reminder!

The certificates aren't fake btw, just that the issuer isn't listed in
Thunderbird's default list of Certificate Authorities. If you add the
CA, you won't need to make exceptions each time I issue a new
certificate.

If you want to do this, there are instructions at:
http://kb.wisc.edu/page.php?id=11151

The CA certificate itself can be obtained from:
https://www.cacert.org/certs/root.crt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIcBAEBCAAGBQJRmLS8AAoJEIBmv8lxNqHoF74QAIrZ2wSmHSiil/7NCNYWDR4q
xcUI3nlx8u54Lk+2ZZK9IsMu0GV2ipKNPzrGjImUOM+kHGIqoW/EOYdGM0wPZGtd
PmC1Oq7y9vDGYhhtPZU/dKQAO/RGP1R2dYz1W/Lu5ePlCFDiOO1o9IAhKiEZru/z
/sJyKnx9xrKqQGoXJYXz4saLXRncJkDtjSTEadXM0WPksW0z78hqfyi/a2oXtLB+
7XlXCl6vEQeZtkOR5TLUhry4L3qHLEjDNwrkSKSm5ts+tM+YM2JYenGVp7m8HjAp
HWKUDOgihzvD2WOJSamP+UNfqAzXaTgP5Yeyz1jBUejTeM4LUOtJSpJFbekRB/aF
U+x6uQlUd/+FIOdhWE+z23p+eHhLprAnmGME2JPHHd+spDcf3+LOZc50Fs/nehxm
G1Jhg3c91CPzovtcPAnl1eponX7e0+C3oIW43Cd9GPnAurDYXw0HAh4SRlTDC2jX
CnyvmYODEQEqD92Et+8Zvrb5geJI+Hc3waQRYUZGXzAMsgw0nbEfXjcpQwltUVde
ltjim6Da3ftQAfiPsmr5XvPWYqw3u+CVTmToVJ2Ian9tgXleb4xyKhL2w1SrQX0t
ky1UBxYNJNCOCvu3XtKHDUI9cFR0LAhDUPFdQT9yzx9dl/yQSBxjZF9K4G5wlgbg
ULlgojkoua+rwSpjSfxK
=8I/+
-----END PGP SIGNATURE-----

--
And with glasses high we raised a cry for freedom had arrived

telsar

unread,
May 19, 2013, 12:22:03 PM5/19/13
to
On 5/19/2013 6:17 AM, Steve Crook wrote:
> On Sat, 18 May 2013 15:44:55 -0500, telsar wrote in Message-Id:
> <kn8p0s$so8$1...@dont-email.me>:
>
>> Oh, their fake certificate expired on 5/15/2013, yes thats when
>> it stopped for me.
>
> It's sorted now. Sorry about that, the certs are only valid for 6
> months and I have a tendency to forget until they expire. Time for
> a cron reminder!
>
> The certificates aren't fake btw, just that the issuer isn't listed
> in Thunderbird's default list of Certificate Authorities. If you
> add the CA, you won't need to make exceptions each time I issue a
> new certificate.
>
> If you want to do this, there are instructions at:
> http://kb.wisc.edu/page.php?id=11151
>
> The CA certificate itself can be obtained from:
> https://www.cacert.org/certs/root.crt
>
>

Thanks...

Fran Jones

unread,
May 22, 2013, 2:33:06 PM5/22/13
to
On Sun, 19 May 2013 09:07:00 +0100, Stephen Wolstenholme wrote:

> It's never worked for me. I gave up trying to get it to work.

It was hard to get to work for me, but that's because I needed
to get Stunnel working, and there are no good Centos-based
stunnel installation directions (other than what we posted here).

You *can* test your mixmin setup using telnet, which is explained
already in this ng.

First try this:
$ telnet news.mixmin.net 119
Trying 188.40.76.149...
Connected to news.mixmin.net.
Escape character is '^]'.
200 news.mixmin.net InterNetNews NNRP server INN 2.6.0 (20120622 prerelease)
ready (posting ok)
quit
205 Bye!
Connection closed by foreign host.

If that works, then if you use an SSL enabled nntp client, it should
work with the 563 port setting. If you don't have an ssl enabled nntp
newsreader, then it's time to set up stunnel (which is problematic
on Centos, but should be much easier on Windows or other Linux variants
which have tutorials on the web).

Fran Jones

unread,
May 22, 2013, 2:34:35 PM5/22/13
to
On Sun, 19 May 2013 11:17:16 +0000, Steve Crook wrote:

> The certificates aren't fake btw, just that the issuer isn't listed in
> Thunderbird's default list of Certificate Authorities. If you add the
> CA, you won't need to make exceptions each time I issue a new
> certificate.

Hmmm... why does *my* mixmin account work just fine without
me having to do *anything* overt regarding certificates?

I'm on Centos, with Pan 0.135, using Stunnel 4.29.

Steve Crook

unread,
May 22, 2013, 4:29:40 PM5/22/13
to
On Wed, 22 May 2013 18:34:35 +0000 (UTC), Fran Jones wrote in
Message-Id: <knj33q$j2c$3...@news.mixmin.net>:
Hi Fran,

CentOS comes with the root CA for cacert.org already installed. Most
free OS's do.

Fran Jones

unread,
May 23, 2013, 5:07:38 AM5/23/13
to
On Wed, 22 May 2013 20:29:40 +0000, Steve Crook wrote:

> CentOS comes with the root CA for cacert.org already installed. Most
> free OS's do.

Ah, Thanks for taking the time to explain.
So it's just the Windows/Mac users that have this problem I guess.

Steve Crook

unread,
May 23, 2013, 7:04:04 AM5/23/13
to
On Thu, 23 May 2013 09:07:38 +0000 (UTC), Fran Jones wrote in
Message-Id: <knkm8q$le5$3...@news.mixmin.net>:
Yes. Microsoft and Apple seem to only include Certificate Authorities that
you have to pay for a signed certificate. Whether they think this is
more secure or simply because it fits their business model, I don't
know.

telsar

unread,
May 23, 2013, 12:00:25 PM5/23/13
to
In tb, I had already added the certificate and all was welll till it
expired. TB just silently failed everytime it accessed mixmin. I added
an exception and it worked again. Then it silently failed again after
the certificate was renewed, so I added a new exception for it.

Its interesting that a certificate can expire and renew and pan and
stunnel work seamlessly. I wonder what wizardry is used to get around
certificates being invalid? Whats the point of even using them anyway?

Steve Crook

unread,
May 24, 2013, 5:15:44 AM5/24/13
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 23 May 2013 11:00:25 -0500, telsar wrote in
Message-Id: <knle72$faj$1...@dont-email.me>:

> Its interesting that a certificate can expire and renew and pan and
> stunnel work seamlessly. I wonder what wizardry is used to get around
> certificates being invalid? Whats the point of even using them anyway?

The certificate provides encryption and authentication. The
authentication comes by getting the certificate signed by a CA
(Certificate Authority) that asserts you are who you claim you are.

In the configuration you're using STunnel, it probably doesn't perform
the CA authentication and just gets on with the encryption.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIcBAEBCAAGBQJRny/AAAoJEIBmv8lxNqHo4S0P/3JNzBfnp/5Sb1k51YeOh68S
QSgIS5JG7p6V4LjJ1B0tAa0Nw3ogZsaUmWU5QYfusS7dB5qCG4Iw9KygOP1R6LV6
Hw94tove6gp/A1SSqBUhO31vaeTt9u9kh5j/sX1G1J0AFzOEhpQh89/MbzMiIWK3
5kgqzU9ZEcl7jC1wZmDY1j7k7xe71ZW7dMNuENDRLV2HucITlGuDgATpazqGc0KX
MYr6EJ6oqAz6UBHM95twqA46oUZRUR5QCyo+5oERRvAbUdyOjLzNI/lq+WgKXK1q
ybyRKKh0zvycv61QcyVR2QvJQsbqr8OBku4+t8lqkynqNXIkj+6xycDFtqc9u6kE
kDr8Z/1DISrg5Nep0nuurH8BEsZq5XdjaRIy7D3WL0keAXqY/ukxkEf6hrsvsBRT
fYBsTfopbUN09ARc7TLIpa+giq2juNAmlfQaKOWXzgvbkZZywpSoe7IjLIunAi2U
xnWo1r31uoxmoJ+g1TRGIoe/PJQ4B7vurDsBuYqYZpMBQahIBX+zMZhTx5jYpvEZ
lwU0YqzSugLneMkjgnn49rVAQOKMLeJR49oy5UUG5xwHb+pjS9qdTzvdkPXFfYy8
KQHLJc+EvN8seA4UFNhxOqsCvVpQKz2dBYH2mKPguRtnN/I8VIbDJJgH7qFDlYPr
Dv6RtP2oFTi+pG4/y68Z
=YwwB
-----END PGP SIGNATURE-----
0 new messages