Monthly Archive for July, 2008

Your account has been disabled by an administrator. If you have any questions or concerns, you can visit our FAQ page here.

I’ve decided there are too many fan pages for people I think it’s silly to declare yourself a fan of. The catalyst for me has been Christian leaders and teachers. These are good people we assume, maybe I would be even be a supporter of them. But I’m not a FAN of anyone of them anymore than I am a fan of my wife, or many of my friends. In fact, there are many who I agree with theologically but am NOT a fan of at all!

So I did the only thing I could do under the circumstance and created fan pages for a number of my friends. Normal people. I am truly fans of them. I encourage you to do the same.

Just don’t do it as fast as I did, cause Facebook will shut down your operation (see above).

I should have posted this a couple of weeks ago, but I didn’t get round to it. My good friend Mike Livingston is in Angola at present interning at a bush hospital. He’s been blogging about his adventures (and is a good writer). I recommend.

I came across this story today on The Register, by way of Slashdot. (Yes I know I’ve been reposting a lot of /. news lately. It’s just been good news).

I absolutely believe the truth of this tale. Ingram Micro is terrible for excessive packaging, but HP really takes the cake on this one. The box below was used to ship 32 sheets of A4 paper.

Read HP Shatters Excessive Packaging Record

I installed Firefox 3 the other week, and have to say I’m quite impressed. The memory leak issues are not fully resolved, but big steps have been made. (With certain programs like Flash and Adobe Acrobat Reader it’s still churning the memory for me. I compared with Opera 9.5, and that’s still more conservative.) Like this image… no browser should do this:

Anyway, the topic it hand is Firefox’s freaky warnings when reaching a site with an untrusted certificate. Internet Explorer 7 has a similar screen, which requires you to click on the non-default option to proceed to the secure page. Many people are used to seeing https in their browser address bar, and possibly a lock symbol somewhere, to indicate their connection is secure (when you’re logging in somewhere, paying for something online, etc.) To secure the connection, a certificate is used. This certificate must be provided by a certification authority (a “CA”, for short). Companies such as Verisign have made a big business out of doing this, but you can also create certificates yourself (with the appropriate tools), and self made certificates are JUST as secure as those from a major company. The difference is that the end user who receives your certificate cannot trust that your certificate is legit. This warning message is thrown because Firefox doesn’t recognize the authority that has authorized the certificate. It’s a bit like your bank saying the cash you’re trying to deposit is forged. Except that the cash is not forged, it’s just been made by a mint that your bank hasn’t been told to recognize. That mint could be valid, or invalid… but the bank doesn’t know either way.

Slashdot has an article up on the problem highlighted in Firefox 3. The thing is, it’s fundamentally better to use an encrypted connection than a non-encrypted one. If we were all securing our websites will self-signed certificates, the web would be a much safer place. The problem arises when phishers and other scammers use secure certificates with the names of major banks and other companies on them, tricking you into thinking you are at your bank’s website, when really you are providing your details to a thief.

Mozilla have decided it is better to warn someone of the possibility of this, by a nasty warning, than by embracing a more secure web overall. I especially liked this comment, from the article:

The principle espoused by most web browser makers seems to be “Trust anybody if your connection is unencrypted, but if you wish to encrypt your traffic, trust no-one unless they’ve given a wad of cash to a CA.”

It seems to me that a user using an unencrypted connection to an unidentifiable web site (that is to say, all http web sites) should receive even more warnings than a user using an encrypted connection to an unidentifiable web site. But somehow, that’s not the case.

This Firefox scaremongering isn’t just driving people into the arms of Verisign, it’s also driving webmasters away from using encryption, even where web forms might be involved. Too bad – encryption is a good thing.

That’s exactly right. Encryption is a good thing. But Verisign, McAfee, Network Solutions and others hold website security ransom from the rest of us. Remember, their certificates are no more secure than those made yourself, the issue is pure marketing, as Firefox and Internet Explorer and other browsers have been paid by the major corps to trust their certificate authorities. And don’t forget, these companies have been authenticating spammers and phishers certificates for a long time.

By these tactics, if a company cannot afford to pay the high fees for secure certificates from a major CA, it is in their best interest to NOT secure their sites at all, so that customers aren’t alarmed by the warnings that will appear when using a self-signed certificate.

Slashdot is reporting the news of an agreement signed between major American ISPs to block newgroups containing child pornography.

It would be better if the agreement wasn’t bull. Maybe they’ll help a little, but the reality is they could do things a lot smarter if they actually cared about child pornography. It seems they care more about controlling what their users are accessing. What a surprise. From Techdirt, via Slashdot.

Taking a stand against child porn wouldn’t be overly aggressively blocking access to internet destinations that may or may not have porn (and there’s no review over the list to make sure that they’re actually objectionable). Taking a stand against child porn would be hunting down those responsible for the child porn and making sure that they’re dealt with appropriately… Also, this sets an awful precedent in that the ISPs can point out that it’s ok for them to block “objectionable” content where they get to define what’s objectionable without any review.

I came across an odd quirk in IIS today. It uses a feature called Socket Pooling to bind to all IP addresses on a machine, regardless of if any websites are running on those IPs. This effectively stops you from running Apache and IIS on the same machine, if you want them both to run on port 80 (even if using different IPs). Websites in IIS will appear stopped, and will display the following if you try and start them:

The process cannot access the file because it is in use by another process.

Thankfully there’s a quick fix. Respect to agrikk on devarticles.com for posting the fix. The Microsoft document describing it is here.

I’m happy to say that we at TACF have our one iPhone updated with version 2.0, and have got it syncing with Exchange 2003.

Apple provide a document that offers a trivial level of assistance in setting things up. If you’re already using ActiveSync for other devices, then you’ll be working already. If you’re not using ActiveSync (or aren’t sure if you are), but you are using Outlook Web Access already, then you’re just a couple of steps away. There are a few guides out there for enabling ActiveSync, which is really a simple matter of enabling in Exchange System Manager, and ensuring it’s enabled for the user that needs it (enabled by default for all users).

In our case, we had a small spanner thrown into the mix, because we use forms authentication on Outlook Web Access. I suppose this would affect anyone setting up Exchange ActiveSync, if they also used HTTPS and Form Authentication for their OWA. You can test ActiveSync/OMA (Outlook Mobile Access) by browsing to “http://servername/oma”. If it’s working, you should receive a login prompt, and then posssibly a warning about an unsupported device, followed by being able to get into some sort of email account display.

We received the following, from OMA:

Outlook(R) Mobile Access is supported only on Microsoft(R) Exchange Server 2003. Currently your mailbox is stored on an older version of Exchange server. Please contact your system administrator for additional assistance.

This is the error manifested by using Forms Authentication with HTTPS, specifically on the “servername/exchange” directory. Microsoft describes the fix in this article. We went with resolution method 2, that requires you to copy the Exchange virtual directory (in IIS), and then adjust registry settings to point to the new copied folder (which doesn’t use forms auth or ssl).

After a few IIS restarts and a couple of tests, we had our iPhone syncing like a champ!