Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to login "Uncaught node.js Error " #324

Open
intothemoat opened this issue Feb 24, 2021 · 56 comments
Open

Unable to login "Uncaught node.js Error " #324

intothemoat opened this issue Feb 24, 2021 · 56 comments

Comments

@intothemoat
Copy link

Hey dudes, dudettes. I'm trying to login this am and everytime I attempt to hit unlock I get this error "Uncaught node.js Error "

Any suggestions?

@Vertimyst
Copy link

Vertimyst commented Feb 25, 2021

Getting the same issue here, happening on both of our systems (one running Fedora, the other Mac OS High Sierra).

Update: Just tried it again and it seems to be working now.

@megasser
Copy link

megasser commented Mar 4, 2021

Happening to me too.
Encryptr 2.0.0. Mac OS 10.15.7.
A real pain since I'm stuck unable to log in to many things.

@vauhochzett
Copy link

vauhochzett commented Mar 4, 2021

Same here...
Encryptr 2.1.0
Ubuntu 20.04.2 LTS

Uncaught node.js Error 

TypeError: Cannot read property 'success' of null
    at file:///tmp/.org.chromium.Chromium.dMOW3V/js/crypton.js:59:17
    at Request.callback (file:///tmp/.org.chromium.Chromium.dMOW3V/js/crypton.js:9458:3)
    at Request.<anonymous> (file:///tmp/.org.chromium.Chromium.dMOW3V/js/crypton.js:9183:10)
    at Request.Emitter.emit (file:///tmp/.org.chromium.Chromium.dMOW3V/js/crypton.js:8669:20)
    at XMLHttpRequest.xhr.onreadystatechange (file:///tmp/.org.chromium.Chromium.dMOW3V/js/crypton.js:9528:10)

@oleng
Copy link

oleng commented Mar 4, 2021

Since encryptr is already sunsetting but we can't even log in, this needs to be resolved ASAP

paging encryptr @devgeeks & co

PS: I didn't receive any notice about sunsetting or its timeline, I would only like be able to login & export my user passwords list

@megasser
Copy link

megasser commented Mar 4, 2021

Nobody received a notice about this. Just discovered the sunsetting on their website, and the instructions for switching over to other services don't work, at least not for Mac OS. So I'm stuck with no access to 100 passwords until the weekend when they say they'll be turning on their services again briefly for folks like us.

@oleng
Copy link

oleng commented Mar 4, 2021

Damn, that's a lot more worrying than I thought, need to make sure to get data out from their other product as well

@vauhochzett
Copy link

@megasser where did you read about them giving access to our data this weekend?

@Greyswindire
Copy link

I can't believe this is happening. What time will they be giving us access to our data this weekend? All of my important passwords are on Encryptr. I never got any sort of notification at all.

@megasser
Copy link

megasser commented Mar 4, 2021

All I know is what's here: https://spideroak.support/hc/en-us/articles/360056547132-Encryptr-end-of-life
They don't say what time on the weekend we'll be able to access our data. Yeah, this is a disaster!

@devgeeks
Copy link
Collaborator

devgeeks commented Mar 4, 2021

I really glad SpiderOak is granting some kind of stay of execution this weekend for the users that didn't know about the March 4th EOL. I am sorry you have been affected by this.

I haven't worked on Encryptr for about 4 years now... but... For any one not able to take advantage of that (or for some reason you are reading this after the weekend amnesty)... not all hope is lost... the app does cache the encrypted entries locally in localStorage. It might be possible to concoct a tool or script to decrypt that local cache.

I might be able to help out with such a tool/script, though I hope it's not needed.

@oleng
Copy link

oleng commented Mar 4, 2021

I hope so too, man, I kind of suspect that the decryption key to unlock local storage is acquired from Spider oak's server and that's why node complains about unknown error when it can't reach the given address.

@Greyswindire
Copy link

I was always worried about this happening, I just didn't expect it to happen so soon. Thanks Megasser, I appreciate the link. I downloaded and installed the version that should help me migrate my data this weekend. Hopefully we'll have a full 48 hours to work with.

@Greyswindire
Copy link

Devgeeks,

Yeah, hopefully we won't need your help, but if we do, I appreciate the offer.

@vauhochzett
Copy link

Cheers, @megasser and @devgeeks! That's very helpful.

@devgeeks
Copy link
Collaborator

devgeeks commented Mar 4, 2021

I hope so too, man, I kind of suspect that the decryption key to unlock local storage is acquired from Spider oak's server and that's why node complains about unknown error when it can't reach the given address.

No no... it's all encrypted locally. SpiderOak have no access to any keys, etc. The error is just because the app doesn't recover gracefully from a login failure :(

@Greyswindire
Copy link

I hope so too, man, I kind of suspect that the decryption key to unlock local storage is acquired from Spider oak's server and that's why node complains about unknown error when it can't reach the given address.

No no... it's all encrypted locally. SpiderOak have no access to any keys, etc. The error is just because the app doesn't recover gracefully from a login failure :(

What would the file look like in the Encryptr folder on my hard drive? I'm a little sketched out after installing the new version of the program (so I can retrieve my passwords this weekend) , but I guess it didn't change anything that was in the original install, right? I didn't uninstall the first version because the directions made no mention to do so. I figured uninstalling the old version manually would have erased something that I need for the weekend, is that right?

Thanks.

@oleng
Copy link

oleng commented Mar 4, 2021

I worded it badly I suppose, but what I meant by decryption is mechanism to verify that the user requesting login is indeed the right identity/Encryptr user who has right to use decyption key to unlock the vault/local storage. Well, all that matters is that the data can be recovered, so fingers crossed.

@devgeeks
Copy link
Collaborator

devgeeks commented Mar 4, 2021

I hope so too, man, I kind of suspect that the decryption key to unlock local storage is acquired from Spider oak's server and that's why node complains about unknown error when it can't reach the given address.

No no... it's all encrypted locally. SpiderOak have no access to any keys, etc. The error is just because the app doesn't recover gracefully from a login failure :(

What would the file look like in the Encryptr folder on my hard drive? I'm a little sketched out after installing the new version of the program (so I can retrieve my passwords this weekend) , but I guess it didn't change anything that was in the original install, right? I didn't uninstall the first version because the directions made no mention to do so. I figured uninstalling the old version manually would have erased something that I need for the weekend, is that right?

Thanks.

Well, for example... on a Mac, the file is in ~/Library/Application Support/Encryptr/Local Storage/file__0.localstorage

You can read the file in sqlite3, etc... but the entries are one big encrypted string. The script/tool would have to accept a username/password combination, read that cache, then decrypt the entries and spit them out using the export logic in Encryptr (to make it easier to then move it to another app).

@IronRunes
Copy link

IronRunes commented Mar 6, 2021

All I know is what's here: https://spideroak.support/hc/en-us/articles/360056547132-Encryptr-end-of-life
They don't say what time on the weekend we'll be able to access our data. Yeah, this is a disaster!

It is currently possible to login into Encryptr, though I'm having issues getting all the data synced up and activating the download button.
I'll be doing this manually, I guess. Pretty painful.

EDIT ok managed to download the CSV!

@Greyswindire
Copy link

Greyswindire commented Mar 6, 2021

I just wanted to remind everyone today is the day. Encryptr is up and running.

I clicked on the download icon and right now the program is syncing my data. How long is this process supposed to take? It's been a few minutes so far and nothing is really happening?

Right now it says it's fetching my data. It's been like this for about five minutes. The program crashed and I got the node error message again. I was able to open it once to see if I could open individual entries. It worked, then it stopped working. I'm trying to get back in right now.

Update:

I just got the "Uncaught node.js Error"

Maybe they're restarting the servers or something? This is a little frustrating. It shouldn't be so difficult.

@dpenders
Copy link

dpenders commented Mar 6, 2021

Also just installed new version and waiting for sync but at the end i still get the "Uncaught node.js error"

Really hope to get it working this weekend, really need the saved data........

@Vertimyst
Copy link

Vertimyst commented Mar 6, 2021 via email

@oleng
Copy link

oleng commented Mar 6, 2021

I got one uncaught error also, quit & retry to login, now i'm logged in but WTF why is it keep on Fetching data...?

@Vertimyst
Copy link

Vertimyst commented Mar 6, 2021 via email

@oleng
Copy link

oleng commented Mar 6, 2021

There's supposed to be nothing to fetch on

@mdvthu
Copy link

mdvthu commented Mar 6, 2021

Logs on sometimes. Fails with "uncaught error" message other times. No pattern to when it logs in or when it fails. Assume server overload.

If you view the console output as it fetches data, you will see that your passwords are being downloaded, just very slowly. If you have many, it will probably fail (with an uncaught error) before it completes.

This essentially makes the download feature unusable for anyone with lots of passwords stored. It's not great as the more passwords you have, the more you want the batch download feature to work for you.

I can recommend keepass2 for those that want to keep full control of their passwords in the future.

@Greyswindire
Copy link

I got one uncaught error also, quit & retry to login, now i'm logged in but WTF why is it keep on Fetching data...?

I get the same thing. I tried a few entries on their own, so I could take s snapshot of the data and manually add it into my new password manager, but it stopped working after for or five entries and now it's back to displaying the same error again. I'm going to try the download button again, hopefully it works, because taking 100 snapshots of each individual entry is seriously time consuming, and the program is behaving erratically anyway.

@megasser
Copy link

megasser commented Mar 6, 2021

Crap. After 15 minutes waiting for the fetching to finish, I got the uncaught error. Will try again later.

@Greyswindire
Copy link

Crap. After 15 minutes waiting for the fetching to finish, I got the uncaught error. Will try again later.

The server must be getting swamped by so many people trying to access their data. Looks like this is a job best done at 3:00am in the morning when everyone is asleep.

@oleng
Copy link

oleng commented Mar 6, 2021

I would bet Dave Pearah's left nut that there are at least 3x more users than us that don't even aware how screwed up they are right now, and the "turning back on their services for the last time" this weekend is spinning up a single server instead of full capacity.

@Greyswindire
Copy link

I would bet Dave Pearah's left nut that there are at least 3x more users than us that don't even aware how screwed up they are right now, and the "turning back on their services for the last time" this weekend is spinning up a single server instead of full capacity.

Sadly, you're most definitely correct. After not letting us know they would be discontinuing Encryptr, and after we missed the end date, they'll act like they're doing us a favor by giving us these last two days. What good will these two days be if we can't access our data due to the servers being swamped? Any why not just put the service back online fully, so everyone can get what they need hassle free? It's not the best way to advertise one's products for future buyers.

@Greyswindire
Copy link

Greyswindire commented Mar 6, 2021

Finally!

The server is up and it seems to be working properly! As soon as you get your csv file, just import it to Bitwarden and all of your passwords and accompanying information will be exactly as it was in Encryptr. Even better, Bitwarden has more features then Encryptr. It will launch the website for you and you have a lot more freedom to organize your information the way you like it. It seems like a pretty good service so far (It's free!).

@megasser
Copy link

megasser commented Mar 7, 2021

Succeeded on my 5th attempt. Whew.

@oleng
Copy link

oleng commented Mar 8, 2021

Now the cleanup & moving out of other SpiderOak products.
I second bitwarden, one of the good thing about it is that you can compile the server yourself & host it anywhere, in Rust if you're not in Windows or don't have the prerequisites for compiling .NET.

Best of luck everyone.

@ajspandigital
Copy link

Well, I only found out about this today - and now I have a lot of things I will soon have serious problems logging into.

If there is no way to log in anymore, how can I decrypt local storage ? @devgeeks perhaps you can help ?

@juancirino
Copy link

same here I just found out. Iam surprised that they are basically shutting something down with no notice and basically screwing people out of there information with out any warning.
Just a great bunch of people.

@Vertimyst
Copy link

Vertimyst commented Mar 12, 2021 via email

@agrigorcea
Copy link

Yeah, a banner with notification would have been useful. I hope they will turn on the server from time to time.

@Greyswindire
Copy link

Greyswindire commented Mar 12, 2021

Technically it wasn't without notice - they posted the news they were shutting down on the front page of the Encryptr website back in November, which is plenty of notice, and they've explained they had no way to reach out directly to users because not everyone has their email registered with them. I do think they could have pushed an update out to Encryptr that could have had a banner or pop-up message or something, though.

On Thu., Mar. 11, 2021, 7:33 p.m. juancirino, @.***> wrote: same here I just found out. Iam surprised that they are basically shutting something down with no notice and basically screwing people out of there information with out any warning. Just a great bunch of people. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#324 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAK5A5PQVO5LPQWX7QIGR2TTDFONFANCNFSM4YEXHU2Q .

That's not a proper notice. How many people visit the product page on program they've been using for years out of the blue? A proper notice would have been an email from the company (or an update of the program to notify users) explaining they'd be retiring all support for the program in question, stating that users had a limited time frame to migrate all of their passwords and private information to a new service before the program was shut down permanently.

Do you know how I found out? When I logged into Encryptr I received an error message and I was unable to access any of my passwords. That error message lead me to Googling the SpiderOak website. I had already missed the end date of March 4th by a few hours. Luckily the company added on two more days the following weekend where they would be turning on their servers because a large number of users had no knowledge the program was being discontinued.

So yeah, technically it was without notice. Notice means someone actually contacts the customer so they're not left hanging in the dark with no way to retrieve their most important passwords. You sound like a shady two-bit lawyer.

@VictorieeMan
Copy link

Seems like they reopened the servers for a last chance now!
https://spideroak.support/hc/en-us/articles/360057026291-Encryptr-Disconnected

The Spideroak people told me this after contact with support: "We are currently planning to re-enable the Encryptr servers temporarily for users to retrieve passwords this weekend (3/13-3/15)."

I have tried, and it works at the moment for writing this. So hurry up!

PS; This was poorly handled by SpiderOak. In my opinion you don't really do this without adding a notice within the app itself. They could have pushed an app update with a push notice and specific info about "End of Life". This is an important lesson for devs. to reach out to users via the same means the users interact with the given software. We and especially Normies using services are often focused on other things than following the devs Twitter account - and will just get angry and lose trust when things we rely on disappear out of nowhere.

Think of all those none programmers who use the app, they would never even reach a GitHub thread or know that there's a second chance on this now. Sad, that they also lost important stuff stored in Encryptr...

@Greyswindire
Copy link

Seems like they reopened the servers for a last chance now!
https://spideroak.support/hc/en-us/articles/360057026291-Encryptr-Disconnected

The Spideroak people told me this after contact with support: "We are currently planning to re-enable the Encryptr servers temporarily for users to retrieve passwords this weekend (3/13-3/15)."

I have tried, and it works at the moment for writing this. So hurry up!

PS; This was poorly handled by SpiderOak. In my opinion you don't really do this without adding a notice within the app itself. They could have pushed an app update with a push notice and specific info about "End of Life". This is an important lesson for devs. to reach out to users via the same means the users interact with the given software. We and especially Normies using services are often focused on other things than following the devs Twitter account - and will just get angry and lose trust when things we rely on disappear out of nowhere.

Think of all those none programmers who use the app, they would never even reach a GitHub thread or know that there's a second chance on this now. Sad, that they also lost important stuff stored in Encryptr...

I'm glad they decided to add another weekend for users to migrate their information to a new platform, but I really don't understand why it was so difficult for them to contact everyone (via a program update) and then keep the servers online for an extra few weeks? I'm not familiar with the costs involved, maybe it's cost prohibitive. The whole thing could have been handled a lot better, considering the critical nature of the program.

@AndJLan8404
Copy link

Well this sucks, hahah! I cannot access it any longer since I missed all of the time windows to access my passwords or download the csv file. I had no idea about either of the weekends explained above. Looks like I'm screwed.

@Greyswindire
Copy link

Sorry to hear it. I was lucky, but I could easily be in your exact situation right now. How did you learn the program was going offline?

@dounia-hub
Copy link

Hello,
Is there a possibility to have another temporary access any time soon?

@Greyswindire
Copy link

Hello,
Is there a possibility to have another temporary access any time soon?

I suspect there might be, but I have zero control over it. I'm an end user like you. Email SpiderOak and explain to them you got no prior notice that they were dropping the program. I'm sure there are still a decent amount of people out there who are in the same boat as you are, and need their passwords. So far SpiderOak have been pretty good about trying to help everyone get their information before the program goes offline forever. They've opened their servers on three different occasions since March 4th, so it wouldn't surprise me if they decided to do it one more time.

Good luck.

@dounia-hub
Copy link

I seriously Hope so...Thank you so much for your reply

@VictorieeMan
Copy link

Hello,
Is there a possibility to have another temporary access any time soon?

The Best option for you and people in the future who get this problem is to send their support an email --> [email protected]

This will also let them know the demand for reopening the servers each time as well.

@purplecheddar
Copy link

they're still turning the servers back on at Saturdays & Sundays for as long as needed, according to encryptr's twitter, so you can pull all your credentials out

@Greyswindire
Copy link

Greyswindire commented Apr 15, 2021

I seriously Hope so...Thank you so much for your reply

👍

Smart move by SpiderOak, and the right thing to do.

@VictorieeMan
Copy link

they're still turning the servers back on at Saturdays & Sundays for as long as needed, according to encryptr's twitter, so you can pull all your credentials out

Good news!
The previous solution was lawsuit territory. At least according to Common law.

@AndJLan8404
Copy link

AndJLan8404 commented Apr 18, 2021

they're still turning the servers back on at Saturdays & Sundays for as long as needed, according to encryptr's twitter, so you can pull all your credentials out

Very thankful that they're doing this. Just got my .csv file downloaded and Encryptr removed from my PC.

@absalomedia
Copy link

It still is lawsuit territory as they seem to have removed the support path for those that didn't get the notification or were unable to migrate on the 25th

@jaidmin
Copy link

jaidmin commented May 13, 2021

Same issue here. My mom just tried to access encryptr and it doesnt work anymore, she was not aware at all of the service shutting down (I also heard about it way too late).

Are the passwords stored locally as well? If they are can anybody give me some pointers on how to manually decrypt these files? I have no issue messing with the source code for a while to do this

Many thanks

@jaidmin
Copy link

jaidmin commented May 13, 2021

I really glad SpiderOak is granting some kind of stay of execution this weekend for the users that didn't know about the March 4th EOL. I am sorry you have been affected by this.

I haven't worked on Encryptr for about 4 years now... but... For any one not able to take advantage of that (or for some reason you are reading this after the weekend amnesty)... not all hope is lost... the app does cache the encrypted entries locally in localStorage. It might be possible to concoct a tool or script to decrypt that local cache.

I might be able to help out with such a tool/script, though I hope it's not needed.

I have managed to extract the list of entries and decrypt it from localstorage, but the passwords are not among them. I strongly suspect that the actual passwords cannot be recovered without access to the crypton server.

There are a lot of cache files which might contain the passwords but decrypting probably needs some kind of session key provided by crypton servers after login.

@creolis
Copy link

creolis commented May 13, 2021

Good news!
The previous solution was lawsuit territory. At least according to Common law.

@VictorieeMan:
As I'm not familiar with jurisdiction in sweden (or whatever countries "common" law you're referring to) - I am wondering: where exactly do we see this being "lawsuit territory" when a company that provided a FREE service and that intentionally does not gather or keep record of their users contact information choses to abandon their service.

This is no attack by any means, I am genuinely curious why they could be held liable for stopping providing a free service if they chose to. If SpiderOak - hypothetically - would file for bankruptcy, resulting in a shutdown of all their infrastructure, this would have the same effect and nobody would talk about lawsuits, or do I miss an important step along my train of thoughts?

@VictorieeMan
Copy link

Good news!
The previous solution was lawsuit territory. At least according to Common law.

@VictorieeMan:
As I'm not familiar with jurisdiction in sweden (or whatever countries "common" law you're referring to) - I am wondering: where exactly do we see this being "lawsuit territory" when a company that provided a FREE service and that intentionally does not gather or keep record of their users contact information choses to abandon their service.

This is no attack by any means, I am genuinely curious why they could be held liable for stopping providing a free service if they chose to. If SpiderOak - hypothetically - would file for bankruptcy, resulting in a shutdown of all their infrastructure, this would have the same effect and nobody would talk about lawsuits, or do I miss an important step along my train of thoughts?

It's okay, I was a bit blunt there anyways :)
A better formulation would have been "possible lawsuit territory". Let me share the little I understand about Common Law, just for the case of your interest @creolis - since I don't think it's actually relevant to this issue anymore, since they did a fix.

Sweden doesn't practice common law, but it's the legal tradition of the Anglosphere (AU, CA, NZ, UK, US). Something that's possible within Common Law is to sue for damages due to Negligence of duty. Here Negligence is defined as "A failure to behave with the level of care that someone of ordinary prudence would have exercised under the same circumstances. The behavior usually consists of actions, but can also consist of omissions when there is some duty to act (e.g., a duty to help victims of one's previous conduct)." Read more about Negligence here.

For instance, in this Encyptr case, one might argue that a programmer of ordinary prudence would have notified its user about "End Of Life" by pushing an update with a notice. But instead it was just tweeted and published on their website. The ordinary user can't be expected to have noticed this until suddenly the service stopped working - by which point they would have had all their Encryptr stored data lost without the reasonable chance to back it up or migrated to another service.

And since Spider Oak marketed the Encryptr service as a safe place to store their passwords (and similar data) they Voluntarily undertook to protect their users' passwords. Under those circumstances within Common Law, there's a case to be made that Spider Oak had a Duty to act upon to properly and of "ordinary" prudence inform their users about "End Of Life" in a way that:

  1. Reaches them in the manner they are in contact with the service.
  2. Reaches them in time.
    To give every user a reasonable chance to migrate their passwords.

The existence of this GitHub thread kind of proves that wasn't the case at all.

That's why I think there was a legal case for a lawsuit until they addressed the problem by reopening the service. And by now probably all affected has solved their problems or at least ignored it being a problem. To have a full lawsuit case the plaintiff must also prove the result of harm to body or property. The possibility of a lawsuit actually increases the more users are using the service, because it increases the likelihood of someone somewhere storing something within Encryptr that when lost results in some kind of harm somewhere.

As for the bankruptcy case; For American companies U. S. bankruptcy law applies (called Title 11). What I think happens according to this, is that a bankruptcy court creates an estate of the company assets in order to liquify assets and pay of debtors. If the estate closed of the service without reasonable warning to the users, the users could most likely bring a similar lawsuit as described above, against the estate for "damages due to negligence of duty to reasonably inform of EOL." If loosing this the estate must pay and the debtors get less money in return of the liquidation of the company.

I'm not a legal scholar however, just a bit interested. I happen to like and follow what Spider Oak is doing, in terms of privacy and things. That's not enough to qualify for a legal pass though or a brand hit pass for that matter. I'll certainly think twice before recommending "Friends and Family" Spider Oak products again, because it wasn't fun this time around having to help many of them to recover their passwords and stuff - just because one day it wasn't there anymore.

Even if no one brings forward a lawsuit here (which I don't recommend anyone doing), I think there's a valuable lesson to be learned from this. Anglo-Saxon Common Law acknowledges Negligence as a reason to convict for a reason, because our actions (or inactions) have ripple effects on those associated with us. And acknowledges that this comes with the duty to behave reasonably to mitigate damages. I think there's something good in that, and would encourage programmers and people in general to try a live by the duty of: "What's the best service I can offer within the area I'm dealing with."

I can promise that companies that try to live by that rule of duty will get happier customers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests