Subscribe: Vision for Hire
http://www.thenorth.com/apblog4.nsf/rss20.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
certificate  domino servers  domino  ibm  make  new  patch  people  poodle  series  server  servers  sha  ssl  time  tls  tool 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Vision for Hire

Vision for Hire



A collection of information and ideas by Andrew Pollack



Published: Thu, 05 May 2016 09:30:10 EDT

Last Build Date: Thu, 05 May 2016 09:30:10 EDT

Copyright: Copyright 2003, 2004, 2005, 2006, 2007, 2008; Andrew Pollack. All rights reserved.
 



Is the growing social-sourced economy the modern back door into socialism?

Thu, 05 May 2016 09:30:10 EDT

Is the growing social-sourced economy the modern back door into socialism? I read a really insightful post a couple of days ago that suggested the use of social network funding sites like “Go Fund Me” and “Kickstarter” have come about and gained popularity in part because the existing economy in no longer serving its purpose for anyone who isn’t already wealthy. Have the traditional ways to get new ventures funded become closed to all but a few who aren’t already connected to them and so onerous as to make .....



Want to be whitelisted? Here are some sensible rules for web site advertising

Wed, 20 Apr 2016 12:40:54 EDT

An increasing number of websites are now detecting when users have ad-blocking enabled, and refuse to show content unless you "whitelist" their site (disable your ad-blocking for them). I think that is a fair decision on their part, it's how they pay for the site. However, if you want me (and many others) to white list your site, there are some rules you should follow. If you violate these rules, I won't whitelist your site, I'll just find content elsewhere. 1. The total space taken up by advertisements can.....



Fantastic new series on Syfy called “The Expanse” – for people who love traditional science fiction

Wed, 30 Dec 2015 10:15:36 EDT

[] “The Expanse” is a new science fiction series being broadcast onthe Syfy channelthis winter. It’s closely based on a series of books by author James S. A. Corey beginning with “Leviathan Wakes”. There are 5 books in the “Expanse” series so far. If you’re a fan of the novels you’ll appreciate how closely the books are followed.TIP: The first five episodes are already available on Syfy.com. If you’re having trouble getting into the characters and plot, use those to get up to speed.The worlds created for Th.....



My suggestion is to stay away from PayAnywhere(dot)com

Tue, 20 Oct 2015 16:01:14 EDT

Here’s a cautionary story, with my personal suggestion that you stay away from any service offered by “PayAnywhere.com” or “North American Bankcard” or “PhoneSwipe.com”. I’m documenting this, as I told them I would, so that when other people search for information about them, they can be a bit more informed. This is my story of interacting them. I’m sure other people have had other experiences. Over the summer, I decided to drop my previous credit card processing service and try a company called “PayAnywher.....



Here is one for you VMWARE gurus - particularly if you run ESXi without fancy drive arrays

Fri, 07 Aug 2015 14:56:35 EDT

I think I may have just found the source of some real bottlenecks in my virtual environment. VMWARE is this incredibly powerful platform, and the ESXi version lets even a SOHO environment run multiple virtual machines, housing a whole environment in a single big box. I absolutely love it, and support several virtual environments using it in a few places. There are, however, some confusing settings that aren't easily understood or documented. When you're dealing with inexpensive gear, the issues are even les.....



The Killer of Orphans (Orphan Documents)

Thu, 06 Aug 2015 10:40:41 EDT

Those damn orphans are harder to kill than you think. Maybe you'll spot the error faster than I did -- or maybe this will help you. I have a customer with a help desk application created in the mid 1990s. It started causing major issues so I looked into it and found it had grown to over 20gb in size. A check of the database properties showed a whopping 453,355 documents, and of course, many of those have screen shots. When I spoke to the client, she swore she'd deleted everything older than 1/1/2015 and cou.....



Homeopathic Marketing: Traveler on my Android is now calling itself VERSE. Allow me to translate that for the IBM Notes c

Tue, 02 Jun 2015 14:23:56 EDT

I noticed today that my Traveler applications on Android have started calling themselves "IBM Verse" (e.g. "IBM VERSE - 2 New Messages"). I was confused at first, because I hadn't connected my test account on the IBM Verse cloud offering to my primary email at all. It turns out that no such connection exists. It's just a name change. Allow me to translate: Someone, or some group, fairly highly placed within the IBM adminisphere has finally come to the realization that the IBM Verse cloud offering (what we p.....



A review of British Airways Premium Economy Service – How to destroy customer goodwill all at once

Tue, 17 Mar 2015 11:28:49 EDT

Updated 3/24/2015 : Update in this color at the endMaybe an airline marketing person will read this and finally realize why business travelers increasingly hate them all. I'm sure both of my regular readers will be sympathic, though I'm also quite certain my little story will have no effect on British Airways whatsoever. It is sufficient to me that I can vent into the vast internet and allow this to live forever in the annals of the search engines. In the past I have recommended to my friends traveling to c.....



There's a bug in how @TextToTime() and @ToTime() process date strings related to international standards and browser settings

Thu, 26 Feb 2015 14:52:20 EDT

That's a long title, but it's the most simple way I could come up with in one sentence to explain the issue. Here's what happens, why I ran into it, how to reproduce it, and a work-around. Background I am responsible for a web application in Domino, in which I use a non-Domino "Date - Picker" control. The result of that control is a text string representing the date, which I need to turn into an actual date-time value at save time. Complicating this, is that different standards exist for representing dates......



Delivering two new presentations at Developer Camp (EntwicklerCamp) 2015 in Germany

Wed, 21 Jan 2015 12:45:17 EDT

So the mini-sized, final year, run out the contract version of Lotusphere (aka Connect, aka ConnectED) is next week -- but I won't be speaking there. To see these brand new presentations you'll have to come see me in Germany at the beginning of March. [Developer Camp 2015 (EntwicklerCamp'15)] Interfacing Domino with Amazon Web Services and other external services If you're serious about Domino as a web platform, you're going to have to get used to interfacing with other services and systems whether they are.....



A brilliant concept -- Compulsive Narrative Syndrome

Sun, 18 Jan 2015 11:18:24 EDT

I first came across this brilliant concept in Joel Shepherd’s "23 Years on Fire", the fourth novel in his Cassandra Kresnov series. The series started out a little juvenile but has gotten steadily more serious as the depth and age of the characters has increased. Here is Shepherd's characters explaining CNS -- tell me this doesn't ring a bell in modern politics. “The human brain is trained to look for and identify patterns, but in abstract concepts, fixed and unarguable facts are hard to find. So the brain .....



Come talk to me at Connect in Orlando - I'll be there part of the time.

Fri, 16 Jan 2015 08:50:13 EDT

It looks like unless things go pear shaped in the next few days, I'll be able to get down to Orlando for the beginning of the Connect conference. I'm currently planning to be there from Friday evening until Tuesday morning or early afternoon. I don't plan on buying a ticket and going sessions but I will likely lurk around the usual places (e.g. the Dolphin rotunda area, or if it's nice out the various sunshine spots) a good part of that time. If you want to make a specific effort to meet (or if you need spe.....



Looking for a few people who want to beta test my new SSL Certificate Request tool.

Thu, 04 Dec 2014 13:26:28 EDT

I plan to open source this tool once I've done just a little more testing with other people. Drop me an email if you're interested. I'm looking for around 5 people who have the time, know how to deal with SSL stuff already, and already have the Notes 9.x admin client on their machines. The idea behind open sourcing for me, is that I've created the functional tool, and there's a lot of room for making it nicer looking and adding other kinds of functionality. For example, this tool allows you to create and sa.....



Well, it's official. IBM ConnectedED does not feel my contribution is worth the session time.

Mon, 01 Dec 2014 17:34:08 EDT

I know I'm in good company, and I don't deserve a session slot any more than anyone else -- but I'd be lying if I didn't admit to being a bit frustrated and disappointed. For now, I'll hold my tongue about the decision process,wish the best of luck to those who will be speaking,hope the people attending find the content helpful,and say that if you want the content I've been deliveringyou'll have to come to some of the user groups or to Rudi's"Admin / Developer Camp" conferences......



First look at a new free Domino SSL certificate tool

Mon, 01 Dec 2014 17:19:57 EDT

I've coded something that I plan to release to the community if there is enough interest. It's designed to make the process of getting SHA2 certificates a little easier. I've had to request a fair number of these recently and the command line stuff is tedious and it's easy to make mistakes or misplace the various files. This tool uses the same steps as the process IBM documents and the same tools. You still have to install openSSL and the kyrtool update on your 9.x Admin client machine. The tool checks to m.....



Simplified explanation and steps for upgrading to SHA-2 encrypted SSL certificates for Domino

Mon, 10 Nov 2014 15:48:35 EDT

I went through the process to understand what IBM is saying in their patch information -- and while it's valid, it's also harder than it needs to be (IMCO) for people already used to doing things the Domino way. If you're already familiar with using the server certification database to create the keyring and make the certificate request certificate (CSR) you can keep using it. This is also helpful if you already have a SHA1 based certificate and you just want to re-issue. Note: This resolves the browser war.....



Warning: IBMs Interim Fix adding TLS 1.0 to Domino can break connections from Python and some other scripting clients

Tue, 04 Nov 2014 19:00:26 EDT

Here's a bit of joy to add to your day. Once your server can speak TLS 1.0 to help secure you from POODLE attacks, any code making connections to your server over HTTPS that use the utilities wget, curl and most importanly Python (and others, apparently) may break. The issue is that these tools are built using a version of openSSL that will try to connect using TLS 1.2 first -- and when that fails, the connection gets dropped. I've seen reports of this in Ruby as well, but I've verified that it is an issue .....



Patch for the SSL v3 POODLE exploit has escaped IBM and can now be downloaded. You REALLY need this patch

Tue, 04 Nov 2014 06:47:40 EDT

If you do not apply this patch, you are going to start having users unable to connect using SSL to your Domino servers. Vendors and customer sites are starting to release operating system and browser patch that block access to sites using only SSLv3 without TLS. Until this morning, that meant all Domino servers not using a reverse proxy front end of some kind. This patch adds TLS 1.0 to Domino versions 8.51, 8.52, 8.53, 9.0, and 9.01 in all the various platforms. TLS 1.0 is a fairly old version of TLS but i.....



Automatic Spam Report to Provider Agent

Wed, 29 Oct 2014 09:24:29 EDT

This morning Andy Donaldson was asking on FB for code that turned a spam email into an EML attachment for reporting to anti-spam providers. I wrote this a while back for exactly that purpose. Rather than an attachment, this just creates an email to the anti-spam provider that contains the original spam message including all of it's header information and encoded mime. Essentially, if you took the body of what I'm sending and saved it as a text document with a .EML extension it would be the same thing. It's .....



Quick update on the Domino SSL v3 "POODLE" , TLS, and SHA-2 issues -- Good news

Tue, 21 Oct 2014 11:16:58 EDT

I've been more than a little sidetracked on some family things for the last week, but my good friend Gab Davis forwarded me these two links today that should address these critical issues. They're long overdue already, and will be another couple of weeks, but let's be glad to be getting them. TLS Support in a fixpack for 8.5.1, 8.5.2, 8.5.3, 9.0, and 9.0.1 within a "couple of weeks"http://www-01.ibm.com/support/docview.wss?uid=swg21687167 And http://www-01.ibm.com/support/docview.wss?uid=swg21418982basicall.....



Summary Recommendation for dealing with the POODLE SSLv3 Vulnerability on Domino servers

Thu, 16 Oct 2014 11:20:29 EDT

Rather than repeat what everyone else is writing about POODLE today, I want to give Domino server administrators a few quick items as it relates to them. In Brief -- and based on what I've been able to quickly learn: IS Domino affected? Yes. All Domino servers that are accepting direct HTTPS connections are impacted. THIS MEANS ALL TRAVELER SERVERS AS WELL. What is the risk to my server or data? The most immediate risk is access to user data and user impersonation. POODLE is the type of attack we call "Man .....



Speaking tonight ath the ICU One (aka NE Notes Users Group)

Tue, 14 Oct 2014 08:07:53 EDT

For my Boston area friends in the Notes and Domino community, I'm speaking tonight at the ICU One (aka NE Notes Users Group) meeting in Cambridge. Come say hi. https://www.socialbizug.org/communities/service/html/communityview?communityUuid=784f8e78-2f09-4ae8-b2f5-324faed6413f#fullpageWidgetId=W2ffed7cac839_4390_981d_b7491ef25438&eventInstUuid=c8a488ce-e4b2-410a-b192-36254d01d6b2.....



Presentations from AdminCamp 2014

Thu, 09 Oct 2014 20:54:33 EDT

These are the presentations I gave at AdminCamp 2014 Extreme Domino HTTP Configuration The HTTP task is more powerful and complex than it looks. We`ll go through the configuration and show you how to make your server respond just the way you want. We`ll talk about virtual web sites, multi-homing, URL redirection, headers, and path substitution. Learn how you can use more than one SSL certificate on the same server. Domino Server & Application Performance in the Real World When it comes to performance, there.....



IBM Domino Servers STILL don't support SSL SHA-2 Certificates - and it is about to be a PROBLEM

Wed, 17 Sep 2014 11:10:36 EDT

I haven't blogged about anything, much less an IBM Domino issue in quite some time, but as Mooney pointed out today, this one is moving quickly toward being critical. Read the article, then call your IBM sales rep and start demanding they update to include SHA-2 SSL support immediately. The only people who can get this done are big IBM Domino customers. Since this doesn't have a direct net positive effect on EPS (Earnings Per Share) for 2016, nothing is going to get done on it as long as they keep having th.....



Changing what I do at the Fire Department

Sun, 09 Feb 2014 11:33:41 EDT

So, here’s a bit of a change. A couple of weeks ago I let the chief know that it was time for me to step down as the Lieutenant of our Engine 1. Once a replacement is chosen, I’ll still be a firefighter but won’t be an officer any longer. There are a number of reasons for this, but the best explanation I can give is that it is time to let someone else grow into that role and make their own contribution, while at the same time I’ve got plenty of other things going on that keep me from putting as much time in.....