Introduction
Since some point between 2019 and spring 2020 (when SFOS 3.3.0 was released), the scripted download of https://jolla.zendesk.com/hc/en-us/articles/201836347 (e.g., per curl
) started to always fail (i.e., downloading something else than the real web page; see below for details).
It was working absolutely fine before that.
Side note: It seems that someone activated a last resort measure against DDOS attacks here in 2019 or early 2020. While it is hard to believe that jolla.zendesk.com
was ever DDOSed, this attack must be over now. More likely someone considered “switching on some extra protection cannot harm”; but it does, as described below.
Consequences
The aforementioned web-page contains the recent list of “stop releases”, which was downloaded and evaluated by sfos-upgrade
to prevent users from “jumping over” a stop release (which can be fatal for an SFOS installation, resulting in the need to recover by the help of the recovery console, a factory reset or re-flashing the device).
Thus disabling the scripted download of https://jolla.zendesk.com/hc/en-us/articles/201836347 resulted in an issue report for sfos-upgrade
, when the next SFOS version (3.3.0) was released.
Because curl
now downloads a more than 8 KBytes big page with piles of JavaScript code just to output a “No JavaScript”-warning, I had to disable this safety feature of automatically downloading, extracting and using Jolla’s current list of stop releases, which is really unfortunate!
Side note: Interestingly, all web browsers I tested do display the correct page, even if JavaScript is completely switched off (or filtered by NoScript). Obviously Zendesk or Cloudflare is using some server-side magic here, because I failed to emulate the web browser’s behaviour per curl
, no matter what I tried (but OTOH, it is the purpose of a DDOS protection not to be circumventable).
Proposed solution
Consequently, I kindly ask Jolla to resolve this situation by allowing for an automatic download of their current list of “stop releases”, again.
This can be achieved by
- Restoring the original behaviour of https://jolla.zendesk.com/hc/en-us/articles/201836347 : To be downloadable per
curl
.
This is by far the easiest solution and hence IMO the preferable one. - To offer the current list of “stop releases” for scripted download at a different place.
This may even ease extracting the “stop release” versions, but is error-prone, because the two lists have to be kept in sync by Jolla. I suggest to abstain from this solution, because Jolla has had issues keeping the single list up-to-date in a timely manner.