Post AC0Q1Hl8ruzuSnpIsi by jameskupke@fosstodon.org
(DIR) More posts by jameskupke@fosstodon.org
(DIR) Post #AC0BruPgtt5q5oQZkW by adam@hax0rbana.social
2021-10-03T23:00:56Z
1 likes, 0 repeats
I can no longer stream my music subscription service (di.fm) on the iPhone 4S that we use for streaming music while we cook. This old device basically made an old stereo (free from Craigslist) into a smart one.Why doesn't it work? Well, since Apple doesn't have any good debugging tools readily available, we can't be 100% certain, but we do know the browser has an error when going to Wikipedia. Let's Encrypt had an intermediary change recently, it that it? Appears so (see pics).
(DIR) Post #AC0Cbx0vZ0fxTlnc1Y by argumento@hispagatos.space
2021-10-03T23:09:15Z
0 likes, 0 repeats
@adam Apple will really go the extra mile to f up their old products.
(DIR) Post #AC0DF7WmPKpVNfNKlM by adam@hax0rbana.social
2021-10-03T23:16:22Z
0 likes, 0 repeats
After pressing Trust on the screen in the second screenshot, Wikipedia does in fact load. I try to load di.fm in Safari: the browser crashes. I close all other apps (just settings and di.fm) and try again. It loads and then reloads the page with a message that "a problem occurred with this webpage so it was reloaded". Clicking to open in the di.fm app launches the app, which crashes before attempting to load anything. Closing Safari and relaunching di.fm app yields a loading page.
(DIR) Post #AC0EEaXFAmd90hu15M by adam@hax0rbana.social
2021-10-03T23:27:28Z
0 likes, 0 repeats
OK, maybe the di.fm app just needs updated? Negative. All apps are updated (so no fixing those Safari crashes either). Maybe I can play it from the browser? That is a feature of the website, and the website does load, so it should work, right? The first time it crashed Safari. The second time it played one second of audio and then crashed Safari. The third time crashed the tab, and the 4th time played some music for less than 1 minute before crashing Safari. After that I gave up.
(DIR) Post #AC0FEd103JesejP5QO by adam@hax0rbana.social
2021-10-03T23:38:41Z
0 likes, 0 repeats
So, a $850 device (source: https://smile.amazon.com/Apple-iPhone-4S-64-Black/dp/B005SSBCDI/#) is now incapable of running a single app that just streams music. It also can not stream music from a webpage. Would it be possible to update the browser? No, Apple won't allow it. The di.fm app? Maybe, but the popular frameworks aren't backward compatible, so I'm frozen at the latest one that will work on this version of iOS.This is the future, and it makes me want to build a better one.
(DIR) Post #AC0Fm4E7tutmbkULBo by adam@hax0rbana.social
2021-10-03T23:44:43Z
0 likes, 0 repeats
Could I create an iOS app which would work on this version of iOS and stream music? Actually, yes, I could. However, I'd have to pay $100/year to be an official Apple developer. I might be able to get around this by registering this phone as a test device, but even if I could, that brings me to the next barrier: I'd basically have to buy a Mac so I could run XCode to build the app.Ultimately, given the circumstances, I just don't want to support Apple. So I won't. RIP little 4S.
(DIR) Post #AC0G9hyYHXVoXyTbRg by mdhughes@appdot.net
2021-10-03T23:48:58Z
0 likes, 0 repeats
@adam It's the past, not the future: An 8 year old phone, and the last supported OS is 2 years EOL. No shock things have broken.If you feel like jailbreaking it, you can write your own software or install a new cert, but there's a whole new world of supported devices, too.
(DIR) Post #AC0GSWKrmeB7wpst6m by adam@hax0rbana.social
2021-10-03T23:52:24Z
0 likes, 0 repeats
On another device, I checked di.fm's cert and it is signed by Cloudflare, not Let's Encrypt, so it is unlikely an issue with TLS vests after all. It's possible that the app talks to a subdomain that was signed by a different CA, but I can't debug app I'm running and it's not worth the effort to analyze it at the network layer since it's unlikely I'd be able to fix it easily anyway.Root cause: remains unknown
(DIR) Post #AC0Gg5kTQjMxXnKiHY by adam@hax0rbana.social
2021-10-03T23:54:51Z
0 likes, 0 repeats
@mdhughes Why should it stop working? The components haven't worn out. It hasn't been damaged. Why should the browser start crashing when trying to load webpages?
(DIR) Post #AC0GmIQxBDW0ckA3o8 by Jetengineweasel@hackers.town
2021-10-03T23:55:57Z
0 likes, 0 repeats
@adam how frustrating
(DIR) Post #AC0H9Au3LRLJvcgK24 by jameskupke@fosstodon.org
2021-10-04T00:00:06Z
0 likes, 0 repeats
@adam If it all of a sudden stopped working in October, it's most likely the new root certificate from Let's Encrypt.https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
(DIR) Post #AC0HIUQG8owr4bBgq8 by mdhughes@appdot.net
2021-10-04T00:01:46Z
0 likes, 0 repeats
@adam Because nobody's obligated to maintain software a decade after you paid for it, and the Internet is a constantly-breaking thing that has to be maintained. By people who want to get paid for their work.If you want to fix it yourself, you can.
(DIR) Post #AC0HK4ksXjfi2vaXaK by adam@hax0rbana.social
2021-10-04T00:02:05Z
0 likes, 0 repeats
@argumento I have some old Android phones lying around and I'm probably going to repeat this experiment to see if a non-Apple device has fared any better in its old age.I'm not sure how much better it'll do, if any, but I'm willing to find out.
(DIR) Post #AC0HdgRmd4vIRq0Se0 by adam@hax0rbana.social
2021-10-04T00:05:37Z
0 likes, 0 repeats
@Jetengineweasel Yeah. I feel like things that worked should remain functional.New features not working, fine. I mean, I think many of them could work just fine, but some really do require new hardware. And I understand the cost of back porting new features to operating systems that don't provide system calls or libc functions. I also understand the cost of back porting said kernels/syscalls and libs. Maybe I'll retire and take on the challenge.
(DIR) Post #AC0HrCZuThLfriFmee by adam@hax0rbana.social
2021-10-04T00:08:04Z
0 likes, 0 repeats
@jameskupke Plausible, but that doesn't explain the browser crashes. I've since found out that di.fm uses Cloudflare for their certificate issuer
(DIR) Post #AC0I5YoCcdbUrlmlUm by argumento@hispagatos.space
2021-10-04T00:10:39Z
0 likes, 0 repeats
@adam Good luck, I hope it'll go better.
(DIR) Post #AC0IjlOXFNMxU5wy6S by adam@hax0rbana.social
2021-10-04T00:17:55Z
0 likes, 0 repeats
@mdhughes I'm not expecting any new features. I just want the features that worked before to continue to function.The site hasn't changed from a few weeks ago. They aren't using any new technologies. It shouldn't need fixed.I don't understand why you would expect random browser crashes when using very basic functionality. The technology is demonstrably brittle and unsustainable. And the proposed solution is to throw it in the landfill and buy a new one?
(DIR) Post #AC0J46EtSPv9vM8Ze4 by mdhughes@appdot.net
2021-10-04T00:21:35Z
0 likes, 0 repeats
@adam https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/Every site that ever relied on LE is having the same problem, and old browsers have to be updated or they just won't work. If you're using an obsolete device, you're gonna have to do that yourself or move on.Did you not realize the Internet is built on sand? Nothing lasts more than a couple years unmaintained.
(DIR) Post #AC0LI5c4mWhDwdmO0m by jameskupke@fosstodon.org
2021-10-04T00:46:32Z
0 likes, 0 repeats
@adam Hm, good point. Not for sure... Do you have a premium Di.FM membership? I think they offer PLS links for premium accounts that you can listen through VLC or whatever the equivalent is on an iPhone.
(DIR) Post #AC0O1RiVeAl5RDXmnw by adam@hax0rbana.social
2021-10-04T01:17:08Z
0 likes, 0 repeats
@mdhughes The Let's Encrypt cert does not cause browsers to crash and in suggesting so I no longer believe you are engaging in a good faith discussion. Their certificate wasn't signed by Let's Encrypt anyway though.
(DIR) Post #AC0OrMG7BVidZK13xI by adam@hax0rbana.social
2021-10-04T01:26:31Z
0 likes, 0 repeats
@jameskupke I do have a premium subscription. ❤ And they *do* have the ability to download .pls files! Excellent suggestion. It's under My Account -> Player settings, in case anyone is playing along at home.I'll have to see if I can get an app that will play this on the iPhone. You've given me another chance at breathing some more life into this device before I have to finally switch to a new one. Thank you.
(DIR) Post #AC0Q1Hl8ruzuSnpIsi by jameskupke@fosstodon.org
2021-10-04T01:39:26Z
0 likes, 0 repeats
@adam Hope it works out! I too like to squeeze out as much life out of my stuff as I can.
(DIR) Post #AC0T5Ow0QuJhjoYulE by darrenpmeyer@infosec.exchange
2021-10-04T02:13:49Z
0 likes, 0 repeats
@adam other than Apple not allowing updating to a newer Safari, the root of this problem seems to be that services are valuing using new shinies over testing for older stuff.Strikes me as a "disposable computing" culture problem rather than an Apple problem specifically. Things like legal prohibitions against jailbreaking older hardware, etc…
(DIR) Post #AC0VJJPjxEMUZyEO92 by adam@hax0rbana.social
2021-10-04T02:38:48Z
0 likes, 0 repeats
@darrenpmeyer I see a number of problems here and I think they would all fall under the category of disposable computing. It's not an Apple-specific problem, though I feel they are plenty guilty.- Safari shouldn't crash under normal operation.- Old features should continue to functionThere aren't any shiny new features here, but I feel frameworks should handle backwards compatibility to help [app] developers to help with bringing new features to old devices.
(DIR) Post #AC0Vexnuyr5vvZre9A by adam@hax0rbana.social
2021-10-04T02:42:43Z
0 likes, 0 repeats
@jameskupke this is super sad... Apparently, .pls files are not supported on iOS, at least in VLC.
(DIR) Post #AC8PfEG0lNSsUnQYpU by asparagi@hax0rbana.social
2021-10-07T22:13:11Z
0 likes, 0 repeats
@adam I dimly recall using 2 long past methods to add a CA to an iOS phone.One method was a configuration profile; I don't know whether there are non-OS X tools to create these, or adequate documentation for the format, but I do have one that loads a private CA.The other was getting the cert onto the phone somehow and then opening it. I recall it was very picky about format & location.Possibly there was only 1 method and it was picky about cert format & profile location.
(DIR) Post #AC8SisFAqnC1F7Suwa by asparagi@hax0rbana.social
2021-10-07T22:19:12Z
0 likes, 0 repeats
@adam The evidence for & against it being a CA cert problem sounds inconclusive. To figure out which CA certs are being used given no debug access to the phone, I'd probably spin up an HTTP proxy VM, configure the phone to use it, do only di.fm, then look in the logs.Sorry I didn't think of this when we were talking about it before.
(DIR) Post #AC8SisroX86LAxXmAi by adam@hax0rbana.social
2021-10-07T22:47:28Z
0 likes, 0 repeats
@asparagi I'm not sure all apps respect the system proxy settings, but that seems like a much easier test than hijacking the traffic. There also may be cert pinning or a private list of CAs that are acceptable (rather than using the system ones).I think private CA + proxy settings + proxy MitM box has a pretty good shot at working, if TLS certs are, if fact, the problem.
(DIR) Post #AC8SitWw4EzjEUmcGe by asparagi@hax0rbana.social
2021-10-07T22:22:56Z
0 likes, 0 repeats
@adam I might have some notes about creating the configuration profiles (with Apple tools unfortunately) somewhere that would include the cert format that eventually worked.If this turns out to be the problem, you could publish a quick HOWTO and potentially the configuration profile that installs the CA.Obviously afterwards the user cannot trust their phone, but I'd argue that they already shouldn't trust something past it's security patch EOL.