frank posted Prepare Yourselves: Facebook To Be Profoundly Changed.
frank posted Is Facebook Trying to Kill Privacy? [OPINION].
frank published Learning from my mistakes about TLS, certificates and browsers.
frank liked Rudi Zygadlo – Catharine.
frank published Schotse electro oorwurm: Catharine van Rudi Zygadlo.
frank posted Firefox 7 is lean and fast.
Ik ben een ouwe lul, ik ben niet meer ècht mee en iedereen mag dat weten. Weet ik veel wat 2-step is. Of dubstep. Of post-dubstep. Maar nieuwe goeie muziek, dat lukt wel nog, soms. Zo hoorde ik in de aflevering van Gilles Peterson Worldwide die StuBru op 18 september uitzond, zo rond eerste half uur, vlak voor PJ Harvey, een ietwat bevreemdend nummer waarvan flarden bijzonder hard in m’n hoofd bleven hangen.
Het was wat zoeken naar de playlist, maar de Duisters van Radio X hadden die -in tegenstelling tot StuBru en Gilles Peterson zelf- wel online staan en m’n oorwurm bleek van ene Rudi Zygadlo te zijn. Die jonge Schot fabriceert dansbare electro in één of ander genre waarvan ik de naam al lang niet meer probeer te onthouden, maar die op z’n recente EP “Achtung!” met “Catharine” wel een héél sterke song neerzet. Grillig, dat ook, en met prachtige blazers-arrangementen (populair blijkbaar, zie ook “The Daily Mail” van Radiohead)!
Soit, “Catharine”, die klinkt zo:
Meer info over Rudi Zygadlo:
Well, I guess that, for those who read my previous post about SSL/TLS error messages on Mac OS X browsers, it’s abundantly clear that I don’t really know SSL/ TLS and the way browsers handle the certificates. But hey, I blog to learn from my mistakes and Philip and Peter helped me understand a bit about TLS with their useful comments.
The summary for TLS-dummies like me:
- According to the TLS spec the server should not only provide it’s own certificate, but also any intermediate certificate between it’s own & the CA’s root
- Browsers (or the OS’es key stores that some browsers depend upon) don’t ship with any intermediate certificate, but can and in some cases will store (cache) them when they come across them. In Firefox, cached intermediate certificates are listed as being part of the “software security device”, whereas root certificates are in the “builtin object token”.
All in all, this means that whenever you’re implementing TLS (or SSL, if you’re old-fashioned) you have to configure your webserver to provide all intermediate certificates in a “chainfile” as (for example) per Apache’s SSLCertificateChainFile directive.
frank published Out with Google Plus, in with Yammer.
frank liked Florence + The Machine – What The Water Gave Me.
frank liked DJ CAM – Swim.
frank published Mooie muziek (opgelet, septemberigheid).
frank posted Acid3 2011 Update.
frank shared Railtime kostte ruim 1 miljoen euro in lanceringsjaar.
frank liked Modeselektor – Art & Cash (Phon.o Remix).
frank published How to fix SSL errors in Mac OS X browsers.
So you know about SSL (or rather TLS) and you prefer things secure, so you request and pay for an officially signed certificate and configure your Apache to use it. The next days you’re feeling very Kevin Mitnicky, until some nitwit on Twitter trashes you for the ugly error-message he sees when trying to visit your supposedly “secure” site that is. What’s up with that?
Well, chances are that your disgruntled visitor was using a browser you didn’t test on, like Chrome on Mac for example? Because there is a small issue you have to take into account when “doing https”; both Chrome and Safari (but not Firefox) on Mac use OS X’s keychain, which does not have some of the intermediate certificates needed to establish the trust relationship between your signed certificate and the certificate authority’s root certificate.
As you can’t expect Apple to add intermediate certificates to their keychain by default (which Firefox does a pretty good job though) and you can’t ask all your OS X users to add the intermediate certificate by hand either, you’ll have to solve this yourself. A good thing Apache can help you in that department with it’s SSLCertificateChainFile directive, which
sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of the server certificate and can range up to the root CA certificate.
If there’s only one intermediate certificate missing between your’s and the CA’s, you can export it in good old Firefox (as a pem-file), place it in the same directory as the actual certificate and use SSLCertificateChainFile to tell Apache where to find it and that should solve the nasty errors those Twittering Mac-heads get.
I’m not a social network expert by any measure, but it seems to become clear that although the initial enthusiasm among the geek-crowd was big, Google Plus isn’t cutting it in the real world. I don’t have a Plus-tab open in my browser any more and when I do go Plus, there isn’t a lot going on in my circles which I want to participate in.
Compare that to the way Yammer took off at the company I work for; in less than a months time 800+ colleagues (out of approx. 1500 employees) joined and we’re getting to know new colleagues, discussing more or less work-related topics (1500+ messages) in the open or in multiple interest-specific groups (15 at this moment). Good times!
I don’t know how Yammer is doing in other companies in Belgium (and Europe by extension), but to me is seems that Yammer succeeds where Google Plus is failing; bringing together a group of people (in a more or less “private” environment) that share a common context but who didn’t share a social network before and allowing them to engage and to create engagement.
Google Plus might be neat from a technology & privacy point of view, but it essentially was (and still is, I guess) a “me too” exercise, trying to occupy a market that has already very successfully been taken by Facebook & Twitter. And yes, Yammer does have an API.