> little snitch noted that there was a recent signature change at the server end. whats going on?
that's fine. the ssl certificates protecting jamovi.org are updated once every two months i think. if you want to check, you can simply visit
www.jamovi.org with your web-browser. if there's an issue with the certificates, your web-browser will make a big fuss, and refuse to open the website.
the most likely explanation is a malfunctioning updater because:
- connections only to
www.jamovi.org
- a *very big* disparity between the upload and download data (i'd suggest no other sort of network activity would create such a big disparity).
if you have any concerns about a security issue or exploit, i'd suggest there's no meaningful nefarious activity (crypto mining, etc.) that would generate this pattern.
here's a few things you can try.
1. first of all, try downloading some modules from the jamovi library, and see if little snitch picks up on this. these requests are sent to library.jamovi.org ... and i'd like to check that little snitch is attributing traffic to domains correctly.
2. you can try blocking access to
www.jamovi.org and see if little snitch continues to record traffic. if it does, again this would suggest an issue with little snitch.
3. there's three processes in jamovi responsible for downloading, you'll find these in the macOS activity monitor. they are:
- jamovi
- python
- Electron Helper
if you select the network tab, you'll be able to find them in the list:
- Screen Shot 2021-04-11 at 19.45.14.png (68.49 KiB) Viewed 3406 times
- Screen Shot 2021-04-11 at 19.45.34.png (72.91 KiB) Viewed 3406 times
software updates are performed through the jamovi process, so if that goes awry, that's where i'm expecting it to show up (under "Rcvd Bytes"). the 'Electron Helper' will have sizeable 'Rcvd Bytes', but if you cross reference with the 'Sent Bytes' of python, these should be pretty similar -- that just represents the communication between the front and backend of jamovi. if there's a wide disparity, then that will be interesting ... but python is also responsible for downloading modules, so if you download modules that will lead to a disparity too.
the software update process checks when jamovi first starts up, and then every hour after that (while jamovi is still running).
anyhow, thanks for looking into this, and i appreciate you taking the time to report it. at this stage i don't think the problem is very widespread (our servers would collapse under the load if all our users were downloading ~20Gig a week), but it would still be worth getting to the bottom of.
with thanks