[rs] Remote Scheduling v1

[af123]

It needn't be related, but is this why I've just had to re-enter my user ID/password on the website for the first time in a long time?

Yes. It's a different site so any passwords that your browser has saved for the old one won't be used.
I'm also looking at making the 'remember me' tickbox keep you logged in for 30 days or so.. or maybe that should be an option.

 

[TooDeep]

FWIW my preference would be full (ID & password) automatic logging-in at each new session to save myself any retyping.

What is the security concern that has been addressed by the change: that without it it may be easier for someone to access a Hummy, or to prevent someone discovering embarrassing programme selections?

 

[af123]

That it was possible for your interactions with the web server (including credentials) to be seen by someone with the right access to the network. That would generally be someone with physical access to your local network (or access to the same wi-fi network as you're on), or anyone with access to the network access equipment between you and the site (Coffee shop owner or ISP for example).

No different to your interactions with this forum of course : )

Use a different password for everything and employ a tool to manage those passwords if necessary. I use 1Password as it integrates nicely with the things I use but others are available.

 

[TooDeep]

That it was possible for your interactions with the web server (including credentials) to be seen by someone with the right access to the network. That would generally be someone with physical access to your local network (or access to the same wi-fi network as you're on), or anyone with access to the network access equipment between you and the site (Coffee shop owner or ISP for example).

i.e. to prevent someone from maliciously filling a Hummy with undesired recordings or from deleting desired content.

Use a different password for everything and employ a tool to manage those passwords if necessary.

Already do, and don't want aftermarket password mangers.

 

[af123]

FWIW my preference would be full (ID & password) automatic logging-in at each new session to save myself any retyping.

I've put a new 'Stay logged in?' tick box on the login screen, replacing the previous option. That will keep you logged in for up to 30 days (by storing a cookie in your web browser).

 

[Owen Smith]

FWIW my preference would be full (ID & password) automatic logging-in at each new session to save myself any retyping.

What is the security concern that has been addressed by the change: that without it it may be easier for someone to access a Hummy, or to prevent someone discovering embarrassing programme selections?

People can snoop your traffic over the network and see your userid and password if it isn't https encyrpted. This can be your local wifi if you use no encryption or one of your neighbours has broken your crypto, it's easy with WEP and not impossible with WPA/WPA2. Or as af123 says in another post it can be someone malicious on the internet backbone somewhere. If the password is unique to the Humax then all they can do is delete all your recordings and fill your disk with other recordings, but that's still pretty disruptive.

EDIT: public wifi hotspots are a particular concern. No encryption on the wifi so snooping is easy, and you have no idea what is being logged on the wifi gateway back to the internet. But if all the traffice is end to end encrypted using https, this is much less of a risk as they'd have to break the https encryption.

 

[Owen Smith]

Is it working for you over IPv6? The IP addresses had to change to support the encryption but it's looking ok from here.

Seems to be. I can see with a DNS lookup that it has both an IPv4 and IPv6 address. My iPad can access the site and it is encrypted, however I can't tell on the iPad whether it has used IPv4 or IPv6. It should have used IPv6 but you never can tell. I'll have to try my Vista laptop to be certain.

 

[Owen Smith]

Another benefit of https for me is I can use remote scheduling from work and the IT department can't work out what I'm doing from the web proxy logs. Or indeed a malicious IT person can't steal my username and password, login and delete stuff etc. I don't control the network at work, therefore I don't trust it with my personal data.

 

[Trev]

Should you be doing this sort of stuff from work anyway?

 

[Owen Smith]

Should you be doing this sort of stuff from work anyway?

Our acceptable use of the internet policy doesn't forbid it, and during my lunch hour my time is my own to do what I want.

 

[TooDeep]

I've put a new 'Stay logged in?' tick box on the login screen, replacing the previous option. That will keep you logged in for up to 30 days (by storing a cookie in your web browser).

Thanks. I've newly stayed-logged-in this morning.

 

[hairy_mutley]

Hmmmm... if I select Stay logged in, it prompts me to log in after every navigation step
i.e. select EPG, login page, select grid style, login page, forward a day, login page... if you follow my meaning
Good job I have Roboform to fill the login form each time.

If I don't select Stay Logged in; it works normally.

 

[af123]

Hmmmm... if I select Stay logged in, it prompts me to log in after every navigation step
i.e. select EPG, login page, select grid style, login page, forward a day, login page... if you follow my meaning
Good job I have Roboform to fill the login form each time.

If I don't select Stay Logged in; it works normally.

Have you tried restarting your browser? It might need that to clear the old session cookie.

 

[hairy_mutley]

Yes, that fixed it. Thanks

 

[Andy Hurley]

Hmm, first time I tried accessing RS after this change and I can't connect. I have tried from various browsers on various machines and it doesn't let me in.

I tried the 'forgot password' link in case I am misremembering the password but that just says I haven't entered the right 'words', basically it is not recognising my email and it looks like I will have to re-register. This is odd because I am still getting emails from my auto searches...

Anyone else getting this?

EDIT: just realised the password reset should be presenting with a captcha to enter but I am not getting one. This is with firefox on windows and the browser on my WebOS phone.

 

[Andy Hurley]

Ok, having realised it is looking for a captcha I tried some more browsers and eventually got something to appear using IE but I can't get one where both words are readable - or at least I must be reading one wrong as I still get failures to authenticate. Should I be entering the words separated by a space or what?

 

[af123]

It looks like the password reset pages broke with the recent move to HTTPS. It should be fixed now.

 

[Andy Hurley]

Thanks. Turns out my login started working again anyway a few minutes after the last message so I was able to log in anyway - odd.
I suppose it is possible I had a prolonged attack of being unable to type my password but if so I suddenly became able to type it again

Oo, and I see the captcha is now visible on Firefox so that should be fixed.

Thanks again.

 

[renzz]

I've had a problem with RS over the past few days in that it isn't updating Disk Contents on the RS site:



I had a look at the RS log on the box and it was very large, so I cleared it and left it overnight. Now I just have this:



I have tried a telnet in and manually ran RS push disk and it worked ok. My package list shows I have V 1.1.0 of RS. How can I fix this?

 

[mihaid]

Am I using the correct rs website? If yes, what's with the crossed out https? This is Chrome browser.