Are updates really hosted at tumblr?

Options
t0rben
t0rben
Community Member
in Mac

Just wanted to update to 4.1.1 but noticed that the Updater was connecting to assets.tumblr.com to download it. Is that legit?

Thx

Comments

  • thightower
    thightower
    Community Member
    edited December 2013
    Options

    @t0rben

    The Updater application only checks these 3 places and its customizable to select which one you set.

    1. Amazon CloudFront
    2. CacheFly
    3. AgileBits

    I am not sure about the tumblr portion you mention. As I mentioned It is not an option for checking for the update inside the updater.

  • t0rben
    t0rben
    Community Member
    Options

    Well it was set to Amazon CloudFront, yet Little Snitch was telling me the download was coming from that tumblr domain. Find it a bit weird. Just downloading the 4.1.1 from the official website again for now.

  • thightower
    thightower
    Community Member
    Options

    Weird, I am not a little snitch user. So I cannot comment on that. I would guess and again a guess maybe the release notes are pulled from there and the actual app update is pulled from the specified server.

  • Jasper
    Jasper
    edited December 2013
    Options

    Hey @t0rben,

    Since the Amazon CloudFront servers are used by many companies, LittleSnitch could report one of the CNAME records that points to the same address.

    And Tumblr is likely one of the many websites using CloudFront. Another user reported that LittleSnitch said the update was coming from cdn.ca9.uscourts.gov (that site also uses CloudFront).

    Hope that helps! :)

  • MartyS
    MartyS
    Community Member
    Options

    Yes, this is one of those cases where using cloud services can appear to be accessing the wrong (or rogue) server from a DNS point of view through Little Snitch's eyes. AgileBits uses cloud servers for its upgrades for good reason: it can scale much better than any inhouse server might. This is a case where the 1Password updater is doing the right thing, and so is Little Snitch (in catching an outbound connection) but nothing is nefarious.

  • samdix
    samdix
    Community Member
    Options

    Still not installing the 4.1.1 update, says verification failed and I tried it on all three sources: Amazon, AgileBits, and Catch Fly. Don't know why its not installing or verifying account. Any clues? Thanks!

  • Jasper
    Jasper
    Options

    Hey @samdix,

    Check under System Preferences > Security & Privacy > General which option is set for Allow applications download from:. Be sure that either Mac App Store and identified developers or Anywhere is selected.

    If that's not the issue, and you're still not able to get the update, you can try downloading 4.1.1 from the AgileBits website and manually installing it. Here's the direct download link: https://d13itkw33a7sus.cloudfront.net/dist/1P/mac4/1Password-4.1.1.zip

    Hope that helps! :D

This discussion has been closed.