What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

https://diversion-adblocking-ip.address is exactly what one enters into a browser.
And is it supposed to be blank?
valid cert.jpg
 
Christmas brought an 86U, so I've been moving things over to it from my 87U.

I had no whitelist and no blacklist, and going to the edit lists diaglog took me to a loop:
Code:
1. Edit whitelist
 2. Edit blacklist
 3. Edit wildcard-blacklist
 4. Process all lists
 5. List Settings: Colors on, Pagination 20
    Auto-add www/non-www domain off
 6. Delete backup files (0)
 Enter your selection [1-6 e=Exit] 1
 Notice: Empty or no whitelist found
 restoring from backup...
  !  Press Enter to continue 
 Notice: Empty or no whitelist found
 restoring from backup...(and so on)

Since my 87U had emailed me backup files, I downloaded blacklist.txt and whitelist.txt to /opt/share/diversion/lists, and got the same thing.

I changed the names of those to delete the .txt, and then they worked fine. So two small things: one the lists that get sent via backup shouldn't have the .txt, and two some escape when no list is found.
 
Why can't I pass(get a secure padlock) with this site using Chromium Edge/IE 11 from latest Win 10? I've checked the pixelserv cert and verified 2048 bit. What am I missing?
I have found it necessary sometimes to delete old certs; that often means going in on an admin account where they have been saved to "local machine", as they should.
 
Christmas brought an 86U, so I've been moving things over to it from my 87U.

I had no whitelist and no blacklist, and going to the edit lists diaglog took me to a loop:
Code:
1. Edit whitelist
 2. Edit blacklist
 3. Edit wildcard-blacklist
 4. Process all lists
 5. List Settings: Colors on, Pagination 20
    Auto-add www/non-www domain off
 6. Delete backup files (0)
 Enter your selection [1-6 e=Exit] 1
 Notice: Empty or no whitelist found
 restoring from backup...
  !  Press Enter to continue
 Notice: Empty or no whitelist found
 restoring from backup...(and so on)

Since my 87U had emailed me backup files, I downloaded blacklist.txt and whitelist.txt to /opt/share/diversion/lists, and got the same thing.

I changed the names of those to delete the .txt, and then they worked fine. So two small things: one the lists that get sent via backup shouldn't have the .txt, and two some escape when no list is found.
Noted and fix built into local files, thanks for reporting.
 
I have found it necessary sometimes to delete old certs; that often means going in on an admin account where they have been saved to "local machine", as they should.
One should never have duplicate certificate files in browsers and devices. How should the browser or device know which of the identical file names to pick?
 
Should I do (update) something or not? I have pixelserv-tls v.2.2.1 and ep, 3, shows Key length: 1024 bit. I don't use iOS products.
 
Should I do (update) something or not? I have pixelserv-tls v.2.2.1 and ep, 3, shows Key length: 1024 bit. I don't use iOS products.
No. If all works well I'd stay on v2.2.1 until the Entware team releases the v2.3.1 update.
 
One should never have duplicate certificate files in browsers and devices. How should the browser or device know which of the identical file names to pick?
Yes, that makes sense. But when one imports a cert, it doesn't necessarily delete an old cert, does it? Or at least, I can see three or more pixelerv certs sometimes. In all the instructions, though, do we describe first deleting obsolete certificates before importing a new certificate?
 
Does Division offer more protection than apps like AdBlock Pro? I installed Division hoping it might have reduced the YouTube ads on my smartTV, but to no avail. But in all fairness the docs do say it doesn't stop YouTube ads. I guess I was just hoping Division might reduce them. What advantages is there by keeping Division on my router if AdBlock Pro is doing its job on my build?
 
Yes, that makes sense. But when one imports a cert, it doesn't necessarily delete an old cert, does it? Or at least, I can see three or more pixelerv certs sometimes. In all the instructions, though, do we describe first deleting obsolete certificates before importing a new certificate?
I usually word it "replace the certs in browser / devices" for a reason.
 
Does Division offer more protection than apps like AdBlock Pro? I installed Division hoping it might have reduced the YouTube ads on my smartTV, but to no avail. But in all fairness the docs do say it doesn't stop YouTube ads. I guess I was just hoping Division might reduce them. What advantages is there by keeping Division on my router if AdBlock Pro is doing its job on my build?
An app or in browser ad-blocker only blocks ads for these. Diversion blocks them for all devices behind the router.
 
I usually word it "replace the certs in browser / devices" for a reason.
I think it might be helpful to edit #4535 more expressly. When 2.3.1 drops I think a bunch of people will regenerate the certs and go through the reimporting process. None of the guides we link to describes the replacement idea; in fact the Chromebook guide expressly recommends importing multiple certs.

If I follow (I don't pretend to), it is possible to have more than one cert imported (as for example a renewed cert), and in response to a request either (1) the most recent is served up, or (2) a round-robin choice is made, or (3) something else. Where both are valid it won't matter, but if a 10 year cert or a 1024 cert is served up instead of the shorter longer cert, I guess IOS will choke. One of the nice things about pixelserv is that this fails gracefully.
 
I think it might be helpful to edit #4535 more expressly. When 2.3.1 drops I think a bunch of people will regenerate the certs and go through the reimporting process. None of the guides we link to describes the replacement idea; in fact the Chromebook guide expressly recommends importing multiple certs.

If I follow (I don't pretend to), it is possible to have more than one cert imported (as for example a renewed cert), and in response to a request either (1) the most recent is served up, or (2) a round-robin choice is made, or (3) something else. Where both are valid it won't matter, but if a 10 year cert or a 1024 cert is served up instead of the shorter longer cert, I guess IOS will choke. One of the nice things about pixelserv is that this fails gracefully.
Documentation is key in such cases. And I wanted to prepare an illustrated guide on the Diversion website for a while.
I think now is the time, if I had the time...
 
Does Division offer more protection than apps like AdBlock Pro? I installed Division hoping it might have reduced the YouTube ads on my smartTV, but to no avail. But in all fairness the docs do say it doesn't stop YouTube ads. I guess I was just hoping Division might reduce them. What advantages is there by keeping Division on my router if AdBlock Pro is doing its job on my build?
Well, one (of several) advantages to keeping Diversion on your router (I’d uninstall Division, though, ;) ), is that the blocking action takes place at your router, and not further downstream on the device with AdBlock Pro on it. And do all your current (and future) devices run AdBlock Pro?
 
Documentation is key in such cases. And I wanted to prepare an illustrated guide on the Diversion website for a while.
I think now is the time, if I had the time...
Now that we have the certs topic, I think now is the time to ask what's been in my confused mind, if you may?
a. Why is there a need to import pixelserv's certificate(my impression) to all devices?

I will have a follow up question after a.'s answered.
 
Now that we have the certs topic, I think now is the time to ask what's been in my confused mind, if you may?
a. Why is there a need to import pixelserv's certificate(my impression) to all devices?

I will have a follow up question after a.'s answered.
In order for your browser to accept the https response from Pixelserv-tls, it must trust the certificate that signed the “phony” site certificate that Pixelserv generates for the blocked ad domain. Otherwise, you would see browser warnings every time an https ad request was answered by Pixelserv.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top