Ok. From Mark's link, it seems like the problem may be my old computer etc:

"Devices that received security updates after mid 2015 should have the modern USERTrust RSA Certification Authority root certificate (valid until Jan 2038) in their operating system or browser truststores and should be largely unaffected.

Legacy devices that have not received updates to support newer roots will also likely to be missing other essential security updates and support for standards required by the modern Internet. We strongly encourage decommissioning these devices if their software cannot be upgraded. Non-upgraded, legacy devices should never be exposed to the Internet and special mitigations should be applied to isolate them from neighbor systems."

Any advice? Feel free to message me offlist if this is not relevant to most people here.

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

On 2020-05-30 at 3:01:17 PM, Mark Fletcher <markf@corp.groups.io> wrote:

I'm unable to duplicate this, and the .groups.io certificate
doesn't expire until September 9th. Is anyone else seeing this?

It looks like the Groups.io cert is cross-signed with the AddTrust
root that expired at 2020-05-30 10:48Z. [1]

Modern TLS clients don't have trouble with this cert because the
USERTRUST root hasn't expired yet.

Time for a newer cert without this root?

openssl s_client -connect groups.io:443

CONNECTED(00000004)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.groups.io
verify return:1
---
Certificate chain
0 s:OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.groups.io
i:C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
1 s:C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
3 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
---
<SNIP>

[1]: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

--
Christopher Warrington <lists@cw.codes>

No problems on my Mac running safari.

Duane, could you get the info from the person on GMF about what they're running, etc?
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

On Sat, May 30, 2020 at 04:47 PM, Larry Finch wrote:

Your Safari is very old. The current version is 13.1.1, so try updating it.

It seems no updates are available. Maybe because my Mac is very old as well? (Macbook Pro, Retina, 13 inch, early 2015) Or because I'm still running El Capitan (10.18.6)? I was warned not to install Catalina. Maybe that was bad advice?
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

On Sat, May 30, 2020 at 05:01 PM, Mark Fletcher wrote:

Is anyone else seeing this?

Someone reported it on GMF, but didn't specify the browser, https://groups.io/g/GroupManagersForum/message/32051

Duane

This is my safari: Version 11.1.2 (11605.3.8.1)
Should I worry? It has a little lock symbol and then it says:

This Connection is Not Private. This website may be impersonating "groups.io" to steal your personal or financial information. You should go back to the previous page.

Then you can click on "Go Back" or "Show Details." When I click on Show Details, it says

Safari warns you when a website has an expired certificate. This website's certificate expired 1 day ago. This may happen if the website is misconfigured, an attacker has compromised your connection, or your system clock is incorrect. Your system clock is set to Saturday, May 30, 2020. If this is not right, fixing the clock may address this warning.

To learn more, you can view the certificate. If you understand the risks involved, you can visit this website.

Oddly, I was unable to copy the text to paste it here. I had to type it in verbatim. I didn't click on either link above.
Should I worry???
Thanks.

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

I'm unable to duplicate this, and the .groups.io certificate doesn't expire until September 9th. Is anyone else seeing this?

Thanks, Mark

I cannot repro.

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15

Best,

Glenn
"Yes, but does Gecko like KHTML?" -me, at work. I have a colleague whose nickname is Gecko (after the animal).

I'm unable to duplicate this, and the .groups.io certificate doesn't expire until September 9th. Is anyone else seeing this?

Thanks, Mark

“Log on” was the wrong term. I meant “visit the site,” whether I log on or not.

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

I can log into groups.io on firefox today but not safari, which warns me that the site "may be impersonating" groups.io and has certificate that "expired 1 day ago." Just a heads up.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

If a user is NOT logged in but is at a group page, such as https://beta.groups.io/g/main, the "Groups.io" logo at the upper left is not clickable. It always seems clickable for logged-in users (at least on the pages I tried), and there are some pages where not-logged-in users can click it, but not all of them. It should link to https://groups.io on every page.

JohnF

On Sat, May 30, 2020 at 11:30 AM, CoProS Moderator wrote:

Just curious if a phone field and format (###-###-####) could be added to the multiple-choice "type" of the database?

Such a format does not allow for a country code and would generally fail to support international use. 

Ref: https://en.wikipedia.org/wiki/National_conventions_for_writing_telephone_numbers

Regards,
Bruce

I agree that this would be really useful. I've hacked around the lack by creating a "group xyz owner" email address and account, but in order to use it to post I have to log out of my regular account, log into the other one, post from it, log out again, and log back into my regular account.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

It should be possible (actually, I would say it is necessary to be able) to post a message - either as a New Topic or Reply - as and from the Group Owner (Owner e-mail address) (clearly identifiable as such), i.e.  for the message to arrive from 'Group Owner <Group+Owner@groups.io>' .

For any such message - given its likely object - I would want it to be very clear that it is from the Group Owner as such, and not me (who happens to be owner).

At present, while it is possible to post a New Topic using the owner e-mail (but it arrives with my display name), it is not possible to reply 'from' the owner e-mail.

Jeremy

Hello,

Just curious if a phone field and format (###-###-####) could be added to the multiple-choice "type" of the database?

Thanks,

CoProS Daily Moderator

Changes to the site this week:

• INTERNAL: Work towards supporting notifications.
• BUGFIX: The timezone listed when viewing an event or in the calendar popup sometimes did not match the text when creating the event (the UTC offset was the same, just the city names could be different, but correct).
• SYSADMIN: Prep work for adding a second email server.
• INTERNAL: Sped up deletion of photos and files when deleting a group.
• CHANGE: Formatting changes in the subgroup listing page.
• NEW: You can now toggle between the existing gallery view and a new list view in the Hashtags page.
• INTERNAL: Re-wrote several web templates to address some technical debt issues.

Take care everyone.

Mark