Gentlemen, I have discovered WWWOFFLE is effectively equipped with a 'time bomb', that will put smaller devices (e.g., cellphones) out of business (once a year?), unless one knows how to reboot it into single user mode and disable /etc/init.d/wwwoffle... Quite a research feat as all one might see is a stuck splash screen on a smaller device.
By the way, that is if in fact one ever gets it installed in the first place on smaller devices, with little entropy. Luckily today I was using a larger device when it happened. Today booting stalled at Starting HTTP cache proxy server: wwwoffled After waiting a minute I started hitting control keys. Only ALT CRTL DEL worked: reboot. Then in single user mode, I removed wwwoffle from the boot sequence, and examined the logs. Mar 13 17:32:22 jidanni2 wwwoffled[2409]: The WWWOFFLE root CA certificate has expired; replacing it. Mar 13 17:32:22 jidanni2 wwwoffled[2409]: The WWWOFFLE root CA private key file 'certificates/root/root-key.pem' does not exist; creating it. Mar 13 17:32:22 jidanni2 wwwoffled[2409]: Creating private key, this may take a long time. Mar 13 17:33:25 jidanni2 shutdown[2410]: shutting down for system reboot Ah, so that is what it was doing. Wish I would have known. But still, I remember the last time: it took forever on a handheld... Not enough entropy. Especially just after boot. So, every time "the root CA certificate has expired; replacing it" wwwoffle causes a major outage not only for itself, but the whole system: on can only reboot. OK, now on my high powered system, it indeed only took a few minutes to generate the certificate. But on a lower powered system: well, it is exactly like "your licence to use wwwoffle has expired". One ends up copying the certificate from another machine, or if not networked, looking around for some file to stick in its place. Can one disable the expiring of the certificate, or be allowed to bang on the keyboard to give it the entropy it wants? I don't see in mentioned in wwwoffle.conf. Anyway, this is just a ticking time bomb. Can I set up anacron to fool it by touch(1)ing the certificate once a year? Maybe one should keep a few certificates handy and change a couple letters in them to fool wwwoffle? I admit I'd be happy using a pair of underware for the certificate. Can't there be some fallback mode? E.g., doomsday only if I attempt to browse a secure site. At least I could boot then... anyway, sounds straight out of RISKS digest.
