Discussion:
Windows XP Mystery
(too old to reply)
gareth evans
2022-11-24 19:20:13 UTC
Permalink
Ancient Asus laptop running Windows XP.

When I switched it on at the weekend got a warning that the CMOS
battery was low, so had to F2 to restore defaults.

Now, neither FireFox nor Internet Explorer will display any websites,
complaining that any and every web site has an erroneous certificate.

However, my other XP laptop runs Firefox with no difficulty.

The Asus is dual boot and even Linux will not start up.

Any clues anybody?

TIA

-----ooooo-----

Thanks for the suggestions.

Results of investigations ...

The CMOS battery in the Asus is a rechargeable type and so
leaving the computer recharging seems to have resolved that
difficulty. The computer had been unused for several weeks
leading to discharge of the battery.

The lack of display of websites was because the system time
had reverted back to the date of creation May 2005. Updating
the system time brought the Internet back again.

Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Peter Flass
2022-11-24 23:04:48 UTC
Permalink
Post by gareth evans
Ancient Asus laptop running Windows XP.
When I switched it on at the weekend got a warning that the CMOS
battery was low, so had to F2 to restore defaults.
Now, neither FireFox nor Internet Explorer will display any websites,
complaining that any and every web site has an erroneous certificate.
However, my other XP laptop runs Firefox with no difficulty.
The Asus is dual boot and even Linux will not start up.
Any clues anybody?
TIA
-----ooooo-----
Thanks for the suggestions.
Results of investigations ...
The CMOS battery in the Asus is a rechargeable type and so
leaving the computer recharging seems to have resolved that
difficulty. The computer had been unused for several weeks
leading to discharge of the battery.
The lack of display of websites was because the system time
had reverted back to the date of creation May 2005. Updating
the system time brought the Internet back again.
Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Are there browsers that don’t look at certificates? Sometimes they’re just
more trouble than they’re worth. Chrome, I think, used to let me override
and go to the site anyway, but I think that ended.
--
Pete
Parodper
2022-11-25 09:20:32 UTC
Permalink
Post by gareth evans
Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Are there browsers that don’t look at certificates? Sometimes they’re just
more trouble than they’re worth. Chrome, I think, used to let me override
and go to the site anyway, but I think that ended.
All browsers should look at certificates if using HTTPS. Unfortunately
some pages don't want to serve HTTP and automatically redirect to HTTPS.
AFAIK Firefox let's you ignore any certificate-related warnings, unless
that site has HSTS enabled.
Jan van den Broek
2022-11-28 20:37:37 UTC
Permalink
Fri, 25 Nov 2022 10:20:32 +0100
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
Why?
--------------mNTfi5DpMcxwjNbIEFSetjsz
Content-Type: multipart/mixed; boundary="------------R2uruAQiSWobq0TsbNjowKvw";
protected-headers="v1"
[Schnipp]
--
Jan van den Broek ***@xs4all.nl

Entertaining Quakers since 2005
Roland Perry
2022-11-27 13:39:00 UTC
Permalink
Post by gareth evans
Ancient Asus laptop running Windows XP.
When I switched it on at the weekend got a warning that the CMOS
battery was low, so had to F2 to restore defaults.
Now, neither FireFox nor Internet Explorer will display any websites,
complaining that any and every web site has an erroneous certificate.
However, my other XP laptop runs Firefox with no difficulty.
The Asus is dual boot and even Linux will not start up.
Any clues anybody?
TIA
-----ooooo-----
Thanks for the suggestions.
Results of investigations ...
The CMOS battery in the Asus is a rechargeable type and so
leaving the computer recharging seems to have resolved that
difficulty. The computer had been unused for several weeks
leading to discharge of the battery.
The lack of display of websites was because the system time
had reverted back to the date of creation May 2005. Updating
the system time brought the Internet back again.
Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Two issues there

- are certificates a good idea (answer: most people agree it is, because
it helps reduce certain kinds of fraud)

- should they include validity dates (answer: most people agree it is,
because that's just good housekeeping).
--
Roland Perry
Peter Flass
2022-11-27 20:54:51 UTC
Permalink
Post by Roland Perry
Post by gareth evans
Ancient Asus laptop running Windows XP.
When I switched it on at the weekend got a warning that the CMOS
battery was low, so had to F2 to restore defaults.
Now, neither FireFox nor Internet Explorer will display any websites,
complaining that any and every web site has an erroneous certificate.
However, my other XP laptop runs Firefox with no difficulty.
The Asus is dual boot and even Linux will not start up.
Any clues anybody?
TIA
-----ooooo-----
Thanks for the suggestions.
Results of investigations ...
The CMOS battery in the Asus is a rechargeable type and so
leaving the computer recharging seems to have resolved that
difficulty. The computer had been unused for several weeks
leading to discharge of the battery.
The lack of display of websites was because the system time
had reverted back to the date of creation May 2005. Updating
the system time brought the Internet back again.
Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Two issues there
- are certificates a good idea (answer: most people agree it is, because
it helps reduce certain kinds of fraud)
- should they include validity dates (answer: most people agree it is,
because that's just good housekeeping).
Third thing: Should it not ultimately be up to the user whether or not to
trust a web site, or is it up to the browser to be a nanny and override the
user’s wishes?
--
Pete
Scott Lurndal
2022-11-27 21:22:28 UTC
Permalink
Post by Peter Flass
Post by Roland Perry
Post by gareth evans
Ancient Asus laptop running Windows XP.
Two issues there
- are certificates a good idea (answer: most people agree it is, because
it helps reduce certain kinds of fraud)
It's not so much about fraud, is it is about 'trust'. The entire concept
of an X.509 certificate and the associated PKI is to establish trust. Note
that 'fraud' can be commited even by a 'trusted' website.

Trusted in the context of a X.509 certificate only means that the website
name (e.g. www.website.net) which produces the certificate when connected
to by a browser matches the the name encoded in the digitally signed[*] certificate.

It doesn't imply any trust in the website itself.

[*] Signed by a higher authority (i.e. another certificate). The root of
trust are the root certificates built-into the browser. Those have been
compromised in the past.
Post by Peter Flass
Post by Roland Perry
- should they include validity dates (answer: most people agree it is,
because that's just good housekeeping).
Third thing: Should it not ultimately be up to the user whether or not to
trust a web site, or is it up to the browser to be a nanny and override the
user’s wishes?
Fourth thing: The certificates must be revokable in real-time. That means
the browser must check for revocation (using OCSP) before trusting the
certificate each time it is used.

As for the third thing, I think it should be difficult for a user to override
a bad or missing certificate. For some class of users, it should likely
be made impossible to override a bad, out of date or revoked certificate.
D.J.
2022-11-28 00:20:37 UTC
Permalink
Post by Scott Lurndal
Post by Peter Flass
Post by Roland Perry
Post by gareth evans
Ancient Asus laptop running Windows XP.
Two issues there
- are certificates a good idea (answer: most people agree it is, because
it helps reduce certain kinds of fraud)
It's not so much about fraud, is it is about 'trust'. The entire concept
of an X.509 certificate and the associated PKI is to establish trust. Note
that 'fraud' can be commited even by a 'trusted' website.
Trusted in the context of a X.509 certificate only means that the website
name (e.g. www.website.net) which produces the certificate when connected
to by a browser matches the the name encoded in the digitally signed[*] certificate.
It doesn't imply any trust in the website itself.
[*] Signed by a higher authority (i.e. another certificate). The root of
trust are the root certificates built-into the browser. Those have been
compromised in the past.
Post by Peter Flass
Post by Roland Perry
- should they include validity dates (answer: most people agree it is,
because that's just good housekeeping).
Third thing: Should it not ultimately be up to the user whether or not to
trust a web site, or is it up to the browser to be a nanny and override the
user’s wishes?
Fourth thing: The certificates must be revokable in real-time. That means
the browser must check for revocation (using OCSP) before trusting the
certificate each time it is used.
As for the third thing, I think it should be difficult for a user to override
a bad or missing certificate. For some class of users, it should likely
be made impossible to override a bad, out of date or revoked certificate.
If my domain hasn't updated a site certificate on one of my websites,
I can log in and click on update, and the certificate updates.
--
Jim
Roland Perry
2022-11-28 13:43:12 UTC
Permalink
Post by Scott Lurndal
Post by Peter Flass
Post by Roland Perry
Post by gareth evans
Ancient Asus laptop running Windows XP.
Two issues there
- are certificates a good idea (answer: most people agree it is, because
it helps reduce certain kinds of fraud)
It's not so much about fraud, is it is about 'trust'. The entire concept
of an X.509 certificate and the associated PKI is to establish trust. Note
that 'fraud' can be commited even by a 'trusted' website.
That's a separate layer, and one which I have often raised with those
who issue guidance claiming that such as the padlock-symbol means a site
is run by good guys. But it's massive hill to climb when educating the
public.

Similarly, much the same people advocating fiercely for virus checkers
and updating software, but neither of those will help prevent the Rolex
you bought on eBay turning out to be a fake.
Post by Scott Lurndal
Trusted in the context of a X.509 certificate only means that the website
name (e.g. www.website.net) which produces the certificate when connected
to by a browser matches the the name encoded in the digitally signed[*] certificate.
It doesn't imply any trust in the website itself.
[*] Signed by a higher authority (i.e. another certificate). The root of
trust are the root certificates built-into the browser. Those have been
compromised in the past.
Post by Peter Flass
Post by Roland Perry
- should they include validity dates (answer: most people agree it is,
because that's just good housekeeping).
Third thing: Should it not ultimately be up to the user whether or not to
trust a web site, or is it up to the browser to be a nanny and override the
user’s wishes?
Fourth thing: The certificates must be revokable in real-time. That means
the browser must check for revocation (using OCSP) before trusting the
certificate each time it is used.
As for the third thing, I think it should be difficult for a user to override
a bad or missing certificate. For some class of users, it should likely
be made impossible to override a bad, out of date or revoked certificate.
--
Roland Perry
Charlie Gibbs
2022-11-28 16:24:23 UTC
Permalink
Post by Roland Perry
Similarly, much the same people advocating fiercely for virus checkers
and updating software, but neither of those will help prevent the Rolex
you bought on eBay turning out to be a fake.
Or that update containing malware. Or whatever that clickbait
you just clicked on did to you.

Perfect paranoia is perfect awareness. :-)
--
/~\ Charlie Gibbs | Microsoft is a dictatorship.
\ / <***@kltpzyxm.invalid> | Apple is a cult.
X I'm really at ac.dekanfrus | Linux is anarchy.
/ \ if you read it the right way. | Pick your poison.
Roland Perry
2022-11-28 13:39:00 UTC
Permalink
In message
<1646905382.691275093.996204.peter_flass-***@news.eternal-september
.org>, at 13:54:51 on Sun, 27 Nov 2022, Peter Flass
Post by Peter Flass
Post by Roland Perry
Post by gareth evans
Ancient Asus laptop running Windows XP.
When I switched it on at the weekend got a warning that the CMOS
battery was low, so had to F2 to restore defaults.
Now, neither FireFox nor Internet Explorer will display any websites,
complaining that any and every web site has an erroneous certificate.
However, my other XP laptop runs Firefox with no difficulty.
The Asus is dual boot and even Linux will not start up.
Any clues anybody?
TIA
-----ooooo-----
Thanks for the suggestions.
Results of investigations ...
The CMOS battery in the Asus is a rechargeable type and so
leaving the computer recharging seems to have resolved that
difficulty. The computer had been unused for several weeks
leading to discharge of the battery.
The lack of display of websites was because the system time
had reverted back to the date of creation May 2005. Updating
the system time brought the Internet back again.
Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Two issues there
- are certificates a good idea (answer: most people agree it is, because
it helps reduce certain kinds of fraud)
- should they include validity dates (answer: most people agree it is,
because that's just good housekeeping).
Third thing: Should it not ultimately be up to the user whether or not to
trust a web site, or is it up to the browser to be a nanny and override the
user’s wishes?
Most browsers allow the user to over-ride the advice.
--
Roland Perry
Carlos E.R.
2022-11-28 14:18:01 UTC
Permalink
Post by Peter Flass
Post by Roland Perry
Post by gareth evans
Ancient Asus laptop running Windows XP.
...
Post by Peter Flass
Post by Roland Perry
Post by gareth evans
Thanks for the suggestions.
Results of investigations ...
The CMOS battery in the Asus is a rechargeable type and so
leaving the computer recharging seems to have resolved that
difficulty. The computer had been unused for several weeks
leading to discharge of the battery.
Be warned that it is possible the battery can no longer retain charge,
specially if it is Ni-Cd type.
Post by Peter Flass
Post by Roland Perry
Post by gareth evans
The lack of display of websites was because the system time
had reverted back to the date of creation May 2005. Updating
the system time brought the Internet back again.
Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Two issues there
- are certificates a good idea (answer: most people agree it is, because
it helps reduce certain kinds of fraud)
- should they include validity dates (answer: most people agree it is,
because that's just good housekeeping).
It is not validity date only (after all, the certificate date is in the
future). It is that the computers clocks have be almost synced before it
even looks at the certificates.
Post by Peter Flass
Third thing: Should it not ultimately be up to the user whether or not to
trust a web site, or is it up to the browser to be a nanny and override the
user’s wishes?
Just use http, not https.

And yes, browsers must make it hard, even impossible, to override a
certificate. Depends on the error type.
--
Cheers, Carlos.
Louis Krupp
2022-11-27 21:01:57 UTC
Permalink
Post by gareth evans
Ancient Asus laptop running Windows XP.
When I switched it on at the weekend got a warning that the CMOS
battery was low, so had to F2 to restore defaults.
Now, neither FireFox nor Internet Explorer will display any websites,
complaining that any and every web site has an erroneous certificate.
However, my other XP laptop runs Firefox with no difficulty.
The Asus is dual boot and even Linux will not start up.
Any clues anybody?
TIA
-----ooooo-----
Thanks for the suggestions.
Results of investigations ...
The CMOS battery in the Asus is a rechargeable type and so
leaving the computer recharging seems to have resolved that
difficulty. The computer had been unused for several weeks
leading to discharge of the battery.
The lack of display of websites was because the system time
had reverted back to the date of creation May 2005. Updating
the system time brought the Internet back again.
Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Possibly stupid question: Could you set up an NTP client that would
retrieve the network time at boot, compare it to the hardware clock, and
either tell you something's wrong or go ahead and reset the hardware clock?

Then you wouldn't have to worry about certificates and time travel.

Louis
Roland Perry
2022-11-28 13:46:03 UTC
Permalink
Post by Louis Krupp
Post by gareth evans
Ancient Asus laptop running Windows XP.
When I switched it on at the weekend got a warning that the CMOS
battery was low, so had to F2 to restore defaults.
Now, neither FireFox nor Internet Explorer will display any websites,
complaining that any and every web site has an erroneous certificate.
However, my other XP laptop runs Firefox with no difficulty.
The Asus is dual boot and even Linux will not start up.
Any clues anybody?
TIA
-----ooooo-----
Thanks for the suggestions.
Results of investigations ...
The CMOS battery in the Asus is a rechargeable type and so
leaving the computer recharging seems to have resolved that
difficulty. The computer had been unused for several weeks
leading to discharge of the battery.
The lack of display of websites was because the system time
had reverted back to the date of creation May 2005. Updating
the system time brought the Internet back again.
Whoever thought it to be a good idea to attach a
date-dependant certificate to a web site, perhaps
one of those things that although it is possible to do
does not make it a good thing to do?
Possibly stupid question: Could you set up an NTP client that would
retrieve the network time at boot, compare it to the hardware clock,
and either tell you something's wrong or go ahead and reset the
hardware clock?
Then you wouldn't have to worry about certificates and time travel.
I'm sure there are schemes where the operating system does that.

My Usenet/Email client does it when booted, and then [I have chosen]
once every 12hrs (the interval is an easy-to-find setting).
--
Roland Perry
Ahem A Rivet's Shot
2022-11-28 14:18:05 UTC
Permalink
On Sun, 27 Nov 2022 14:01:57 -0700
Post by Louis Krupp
Possibly stupid question: Could you set up an NTP client that would
retrieve the network time at boot, compare it to the hardware clock, and
either tell you something's wrong or go ahead and reset the hardware clock?
This client is known as ntpdate (ntpd will also do this and then
keep the clock in sync) - I presume it or an equivalent is available for
Windows XP.
--
Steve O'Hara-Smith
Odds and Ends at http://www.sohara.org/
jtmpreno
2022-11-29 12:37:08 UTC
Permalink
Post by Ahem A Rivet's Shot
On Sun, 27 Nov 2022 14:01:57 -0700
Post by Louis Krupp
Possibly stupid question: Could you set up an NTP client that would
retrieve the network time at boot, compare it to the hardware clock, and
either tell you something's wrong or go ahead and reset the hardware clock?
This client is known as ntpdate (ntpd will also do this and then
keep the clock in sync) - I presume it or an equivalent is available for
Windows XP.
Or you can look up the time yourself at https://time.is/
and set the clock manually.
philo
2022-12-16 20:31:20 UTC
Permalink
Post by gareth evans
Ancient Asus laptop running Windows XP.
When I switched it on at the weekend got a warning that the CMOS
battery was low, so had to F2 to restore defaults.
Now, neither FireFox nor Internet Explorer will display any websites,
complaining that any and every web site has an erroneous certificate.
However, my other XP laptop runs Firefox with no difficulty.
The Asus is dual boot and even Linux will not start up.
Any clues anybody?
TX
You need to set the date

Loading...