The KinGuard Project

Any progress on this? When are we going to get updated ownCloud server?

<t>While you are switching certificates, it would be nice to have instructions how we can replace the OPI-generated certificates with your own certificates. It does not need to be gui based, it can also be just instructions to ssh into the box, and replace /etc/opi/opi.cert with whatever certificate...

<t>Installing new root CAs is always dangerous things, as after this the owner of this CA can sign a web site claiming to be your bank, and act as man in the middle between your device and the bank. Even worse the certificates signed by that root are all marked as being CAs, meaning they can sign ne...

<r>For me the problem with finding the unit id was that the email I got from the <EMAIL email="webshop@openproducts.com">webshop@openproducts.com</EMAIL> had two parts. The text only and html versions. The text only version DID NOT have the uint id anywhere. It had link to the order (and <EMAIL emai...

<r>Does the opi support DNSSEC, i.e. does it verify the dnssec records when resolving host names? I.e. if I configure my mail server smtp.example.com does it verify it using DNSSEC?<br/> <br/> Does opi run standalone dns resolver, something like bind or unbound or what?<br/> <br/> Also it would be n...

Yes, it would be nice to know when I can be sure that the server has fetched updates, and when I can enable backups (if I understood correctly I should wait for the updates before enabling the backups, as otherwise the backups can be broken).

<r>Sounds like clueless hosting-company... <br/> <br/> The web server seems to be apache 2.2.27 running on FreeBSD, and Apache do support SNI (<URL url="http://en.wikipedia.org/wiki/Server_Name_Indication">http://en.wikipedia.org/wiki/Server_Name_Indication</URL>), i.e. you can have virtual hosts wi...

<r>It is related to the public key pinning, but this is not specific to the browser or the site. I.e. public key pinning means that the information which CA has signed which site is stored in the browser. In this case the same information is available but it is stored in the DNS (hopefully protected...

<r>Actually when thinking this more today, I realized that as the op-i.me uses very short TTL and all the requests to it come to the ns{1,2}.openproducts.com, it would be possible to do the requests so that it will reply differently depending on the IP-address where the request is coming. <br/> <br/...

<t>When I first registered to the community.openproducts.com I noticed it sent me an email in clear text, so of course I wanted to change the password. I logged in and to my great surprise the site was NOT protected by TLS. I would have expected that product that is really for privacy would protect ...