Re: Broken widgets work fine on

You can't really strip the https from the URL and expect it to work - you need something to fetch the resource using https using the appropriate protocols and certificates, then provide the data in a form that the chumby can accept - this is what chumby's proxy server does, although it also provides a certain amount of caching. 

The chumby itself has a small server, and I've seen some folks hack that to do something on behalf of widgets that aren't capable of doing whatever it is on their own - however, anything trying to do SSL from there would have the same problem as the rest of the chumby since it would be using the same protocols and certs that the Flash Player is using, since that's what's on the device.

It would be possible to set up another server that does stuff similar to what the chumby system does for use by third parties - however it would have to be crafted carefully in order to better handle busted or slow servers than the chumby proxy currently does.  The chumby system was designed specifically and exclusively for use by chumby's internal developers who would understand and work within the rules imposed by that service.

As to whether I could do this under chumby's umbrella is really a cost question - I don't think, even with the subscription income, that I could cover the costs of proxying all of the data traffic to all of the widgets using https on all of the chumbys.

Re: Broken widgets work fine on

Here's a silly joke version...

Imagine the following scenario:


BUT THINGS GOT BETTER and we learned how to use Capital and lower case letters.  We COULD TALK both ways.

But then someone realised THAT SHOUTING ALL THE TIME caused headaches and ear problems.  So modern servers refuse to talk to people who only shout.

Now the Chumby is getting old.  IT ONLY KNOWS HOW TO SHOUT.  So Chumby talks to a server and the server says "go away, I won't talk to you, you noisy shouty person".  And the Chumby is sad.

Teaching the Chumby how to use mixed case is a lot of work; it has to catch up on many many years of school work.

Re: Broken widgets work fine on

Well, it's more like -

In the old days computers just talked - the Chumby said, "Hello, what have you got for me?"  "Oh, hi Chumby, here's some kitten photos - enjoy!"

Sometimes, the Chumby wanted to hear about some secrets, so it used a special code to get that information "Hi, what have you got for me? The sparrow flies at midnight!".  "Oh hi Chumby, that code phrase checks out, here's the secret info".

Now it's like "Hi what have you got for me?  How about some kitten photos?"  "Sorry kitten photos are secrets now".  "WTF? Oh, ok then, the sparrow flies at midnight".  "Sorry that's an old code, and it's in English anyway, can't give you the secret kitten photos - in fact I can't give you anything anymore.  Everything's secret now."

There are actually a lot of embedded devices that have the same issue as the chumby - not many, however, are required to try to talk to as many varied and random sites.

We have been experimenting with replacing the certs with the latest ones (it's easy to do that on C1, C8, I3 and I8), but so far that doesn't seem to be enough.  It does appear that a full replacement of the SSL libraries is going to be required.

Re: Broken widgets work fine on

So, here's some good news.

It looks like we have a workable plan to be able to update the chumby and Insignia devices to support modern SSL, and thus compatibility with the various HTTPS-based sites.

The solution for the chumby Classic is easy - just do a USB firmware update to 1.7.3.

For the rest, we're putting together a USB dongle image that will attempt to patch the existing firmware.

I will create a new thread when this is ready.

Re: Broken widgets work fine on

Great News!

Tar, feathers, congress. Some assembly required.

81 (edited by Plank Yesterday 08:36:13)

Re: Broken widgets work fine on

Wonderful!  Does that mean that many of the orphan or broken widgets will come back to life or will they have to be modified?

Re: Broken widgets work fine on

Plank wrote:

Wonderful!  Does that mean that many of the orphan or broken widgets will come back to life or will they have to be modified?

In the general case, they should not need to be modified.  There may be feeds that have not made redirects or otherwise changed the URL when they switched to HTTPS that would still need to be modified, but I suspect that would be rare.

If the widget still works in the browser, it should work on the patched chumby.