Monthly Archives: November 2011

Follow on Google+ Too…

Nearly two weeks ago, Google+ launched Pages, a version of a person profile for non-people. (Google does know the Supreme Court deemed corporations people too, right? So corporations should have a person profile.)

Companies desiring a social media presence have created a page in addition to their Facebook pages, Tumblr, and Twitter accounts. Over the past couple weeks, I have seen a number of posts on Facebook and Twitter alerting me to the new G+ page. They invariably ask me something like “Make sure to follow <corporate name> on Google+, too.”

Wait.

I am already following you on one of these which is how I saw the message. Following you on two, three, or more social media sites gets me what exactly? The same post multiple times. Maybe I notice something important faster. That might be one in two hundred posts? More likely I will shift the important followings to where I tend to spend most of my time.

This is the same strategy I use for following friends. At least some of them tend to post different things in different places.

from Rants, Raves, and Rhetoric v4

Quarter the 2006 Price in 5 Years

I love it when I run across a prediction about the time of the deadline. Jakob Nielsen made one on November 20, 2006 that computers will be 1/4th their current price of $379 in five years. Five years later is November 20, 2011. That is today!

In areas like North America, Europe, Australia, and Asia’s advanced countries, computer cost is no longer an issue. Dell’s cheapest computer costs $379 (with a monitor) and is about 500 times as powerful as the Macintosh Plus I used to write my Ph.D. thesis. While it’s true that a few people can’t even afford $379, in another five years, computers will be one-fourth their current price. Would that all social problems would go away if we simply waited five years.

So $379 / 4 = approximately $95.

Dell, the company Nielsen picked on, the cheapest I found was in Dell Outlet a Latitude laptop for $239.

Walmart’s cheapest non-refurbished I found was $212 laptop. (There was a Pentium 4 refurbished desktop for $115 which is old even for 2006 but adding the cheapest $89 monitor is still $109 too expensive. You would be better off going to a garage sale and picking up the same computer for $25 and getting a kid in the neighborhood to refurbish it.)

Best Buy has a $205 laptop.

I guess after five years they are getting close to half? Maybe this is why the FCC started a $4 billion program to help close the digital divide at $150 a refurbished computer + training + $10 a month broadband. Even this is not Nielsen’s a quarter of 2006 prices. (FCC and “Connect to Compete” Broadband Fact Sheet)

from Rants, Raves, and Rhetoric v4

Open Letter to UX Designers

Do not move things right before I click on them.

Windows this means you. Opening up a new window steals focus from my mouse to the new one. Opening a new window when I did not explicitly request it and while I am typing or navigating something in order to do something critical infuriates me.

Facebook this means you too. Adding new comments to the Newsfeed a tenth of a second before I click on a comment box means I click on the wrong one. It is the kinds of thing that will drive people like me to Google+.

My coworkers will thank you too for me not discovering creative new obscenities to describe your products.

Sincerely,
Ezra

 

from Rants, Raves, and Rhetoric v4

OpenSSL Handshake

Chain

One of the questions we ask our clients initiating an engagement to help them setup external authentication from our LMS to their server is, “What is the certificate authority for your SSL certificate?” We have been burned by people purchasing certificates from authorities Java does not support. (And the support is indeed limited compared to say, Mozilla.)

We were given the name of an intermediate certificate which set off warning klaxons. There are none of these in the cacerts file, the list of root CAs Java uses.

So the clients setup to test. Failures. The error:

javax.naming.CommunicationException: hostname.domain.tld:port [Root exception is javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

From what I was able to find, the error meant the certificate was not understood. Framed into thinking the intermediate CA was the cause I started looking at how to make it work. The two potential routes were get the client to add the intermediate CA to their server or test ways to complete the chain by adding the intermediate to my client.

More failures.

Amy suggested looking at the certificate on the foreign server by connecting with openssl to get a better idea where it said there was a problem. The command looks like:

openssl s_client -connect hostname:port

The return was pretty clear that it could not understand or trust a self-signed certificate. The “i:” in the last line below is the Issuer. This made it clear the certificate was not signed by the intermediate CA we were told. It was a self-signed certificate. Doh!

depth=0 /CN=hostname.domain.tld
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /CN=hostname.domain.tld
verify error:num=27:certificate not trusted
verify return:1
depth=0 /CN=hostname.domain.tld
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=hostname.domain.tld
   i:/DC=tld/DC=domain/CN=domain-NAME-CA

It is clear I need to make checking the certificate on the foreign host part of the standard practice. Did some spot checking of previous setups to test against LDAP and every one has a good certificate chain.

from Rants, Raves, and Rhetoric v4