End the War on Freedom

I've had a little trouble with the SSL certificate for this site and for some sites for which I do technical maintenance. I wrote up a little about that in Intermediate SSL Certificates. Well, I asked my web hosting provider to install the intermediate certificates for another web site that is also using a GoDaddy certificate. They said that they had done it, but I was still getting warnings in Safari, on both my Mac and my iPhone. So I did some Googling, and found some simple Java code that I could modify, and enable debugging while running, to show the SSL handshake during a connection to a web site.

I have uploaded that code as billstclair.com/blog/images/ssltest.zip. The zip file decompresses into the "ssltest" directory, containing the following files:

You're certainly welcome to look at the Java source, and change it to your liking, but to use the program, you just need to cd to the ssltest directory in your shell, and type the following:

Or change "billstclair.com" to your favorite SSL-enabled web site. It prints quite a bit of stuff, but the most interesting to me were the lines beginning with "chain [", which show the certificate and the intermediate certificates, if any.

I didn't include an ssltest.bat file for Windows, because I have no way to test it, but it should be pretty obvious how to convert the bash script into a Windows batch file.

Enjoy!

At the end of January, I installed an SSL certificate on this web site. I initially got a free certificate from cacert.org. That worked, but I had to tell my browsers to import their root certificate in order to stop security warnings. So I switched to a GoDaddy certificate, thinking that it would work. Same problem. Well, yesterday I installed a GoDaddy certificate at another site, and this time I read GoDaddy's instructions (may require an account). Turns out that they, and many other SSL vendors, don't sign their certificates with their root certificate authority (CA). They use an intermediate certificate, which establishes a chain of trust to the root CA. That intermediate certificate needs to be installed on the web server. Today, I asked the Site5 folks to install that intermediate certificate, and, voila, no more browser complaints. Unfortunately, my iPhone still complains. Guess it's missing the root of the chain, the "Go Daddy Secure Certification Authority", or Apple left out the intermediate certificate part of the validation process. Sigh...

Well, I finally paid the $15 that site5.com charges to install an SSL certificate, so you can now get get encrypted access to this site.

https://billstclair.com/blog/

You will likely get a warning that the Certificate Authority (CA), CAcert.org, is unknown to your browser. That's the drawback of using a free CA. There will likely be an option to add their certificate. Do it if you want to get rid of the warning (and warnings for similar certificates from other web sites).

If you say www.billstclair.com, you'll get a warning, every time you visit here after relaunching your browser, that the domain doesn't match the certificate. So don't do that unless you like the warning.

I decided to add --delete-after to an rsync command last night to keep one of my directories exactly matching the version on my local disk. Problem is, I was doing the rsync from that directory's parent, which had nothing else in it. So rsync started deleting files and directories at the top-level. Fortunately, I had -v in the command, so I saw this, and was able to stop it before everything was gone. Also, fortunately, most of the changes since I switched from my nearlyfreespeech.net hosting were either in the Drupal database, that this blog uses, or in one of two directories on my local disk. And I never shut down the old hosting location. So between those three places, and about an hour of my time, I believe I've restored everything. All the top-level links at billstclair.com work. And this blog. rsync'ed everything back to the backup location afterwards, to make it easier should I do something incredibly stupid like this again. Whew!

I've been very happy with NearlyFreeSpeech.net (NFS). They've been serving billstclair.com for quite a few years now. But my bandwidth has risen to a gigabyte a day, which means a dollar a day for NFS' hosting. That's $30/month. I was clued into a new hosting service by one of the guys on the Linkinus IRC channel (Linkinus is a nice Mac OS X IRC client). I can get more bandwidth for $10/month there than I'm getting for $30/month at NFS. They don't have the free speech philosophy of NFS, and I don't know yet how their reliability and speed will compare, but so far they look faster, and money is tight. I can go back pretty easily, should that become necessary.

Anyway. I hope you enjoy my new home. Same domain, same politics, different web service provider: Site5.com.

Liberty!

I'm spending a lot of my blogging time at my iMac Pr0n Blog these days. Don't know how long it will last, but at least until configuration of my new machine slows down.

Drupal, the blogging engine I use for this site, is very nice, but I must admit that I like the simplicity of BlogMax, which I'm using again at the iMac Pr0n Blog.

fbomb at drupal.org - this blog was showing "You are not authorized..." messages today, on every page. I discovered the cause. I must have twice posted a delete request for a disapproving a spam user, and this had the side-effect of deleting user 0, the anonymous user, from my database. This caused the "not authorized" message and also a duplicate key database error on attempting to log in. ejk posted the fix:

I've installed Drupal's Captcha module (completely automated public Turing test to tell computers and humans apart). This forces you to transcribe some random text, designed to be hard for computer programs to grok, to post an anonymous comment or to register. If you register, you will be able to post comments without the Captcha nonsense.

This should stop automated comment spam. It won't, however, stop rooms full of low-paid workers posting spam. We'll discover soon which is my problem.

I hate Captcha strings, since I often have a hard time decoding them. These don't appear to be too bad. Please let me know how they work for you, either by comments to this post, or via email to bill@billstclair.com (or to billstclair@gmail.com if my web hosting mail forwarder doesn't like your email server).

The captcha module is at http://drupal.org/project/captcha

The spam comments are getting out of hand. My spam filter can't distinguish them from the real comments anymore, so it's marking all comments as spam. I can still distinguish them, though, most of the time, so don't stop commenting just because you don't see your comment until I approve it.

I've closed comments on the Hitler thread. This was beginning to look like "All Hitler, all the time." Not a pleasant prospect from my perspective. So all you Hitler lovers and Hitler lover haters. Chill.

My posting frequency has gone down a bit of late. I've been working late at night on the Puppy Linux 2.0 Alpha. I got my ipw2200 wireless networking interface to work, and found a bug in the code that makes file system changes, initially memory-resident, persistent. Today, I'll be installing Ruby and getting my S3 code to work (it'll probably "just work").

Remember, I've been a computer hacker for a lot longer than I've been a political hack.

I got a lot of bogus registrations today, so I've turned on moderation for new members. You can still join, but your account won't be active until I review it. Very few of my regular readers have chosen to register anyway. There are a few benefits to registering:

• You can post forum entries
• You won't have to type your name and email address to comment
• You can disable some of the side blocks, e.g. the banners

I finished moving my mirror of Paul Thompson's 911 Timeline to S3. billstclair.com/911timeline now redirects to a page documenting the move. All other links to the timeline automatically redirect. Apache's Redirect and RedirectMatch directives at work.

Next step in my S3 Ruby library: streaming upload of files and web URLs and download of files. The current Amazon-provided library requires objects to fit in memory.

I installed and enabled Jeremy Andrews' Drupal Spam Module 2.0, to attempt to get rid of the online poker comment spam that started appearing en masse today. It uses a Baysesian filter, plus some counts to flag spam. t will notify you if your comment is flagged as potential spam. It also sends me email, so I'll unmark anything that is obviously mischaracterized. Hopefully, it will just work (famous last words).

I got enough of my new blogmonth module written to install here. I removed the weekly links at the bottom of the right column and replaced the monthly links with my new module. For example, to see February's page, click here. I'll eventually put links to the next and previous months at the top and bottom of the page, but it's already a lot better than it was. The old one-page-per-day pages don't look as nice as they used to. C'est la guerre.

OK. I switched the Drupal blog over to billstclair.com/blog. If you switched your bookmarks to billstclair.com/drupal, please switch them back. The drupal directory now redirects to billstclair.com/blog, as you may have noticed.

Please add a comment to this post if you notice anything amiss.

YAY!!!

I'm making this post sticky for a while, so be sure to look beneath it for changes.

I wrote a Drupal module to import HTML. Somebody else had already written one called "Import HTML". I tried it, but couldn't make it work, so I wrote my own. As soon as I document it, I'll upload it to the Drupal web site in case others might find it useful. It will be called "importfiles".

So you can now go to stories and vin to get those indices, and all the yymmdd.html daily entries and yymm.html monthly summaries are there, for example, 0601.html is the January summary up to when I started using Drupal. My next two modules will be an automatic BugMeNot link inserter, and a module to auto-generate monthly summaries like I had on the old site. This will replace the "Weekly Archives" and "Monthly Archives" lists at the bottom of the right-hand column.

I also changed my mind about how I'm going to use Drupal. billstclair.com/drupal will continue to work, so that links created to the new site won't break, but I'll likely auto-forward them to billstclair.com/blog, which will be the canonical address for this weblog. The old URLS will continue to work, but they'll get the Drupal versions.

I discovered that I was wrong about unregistered people being able to vote twice. That's not the case. It looks like you can vote again when you quit and restart your browser, but if you try it, you get a mesasge saying you're not allowed to vote.

It's an interaction of the poll display with Drupal's cache. I have the whole page cache enabled. This stores the HTML for entire pages for display to anonymous users. Since the poll in the left column is initially displayed as unvoted, it always displays that way.

So, if you've wanted to vote, but didn't because you don't want to register, go ahead and do it over near the bottom of the left column

Drupal.org - a little trick I found that will allow me to support both http and https. It also stops Drupal from rewriting www.billstclair.com, or billstclair.nfshost.com, to billstclair.com. The details are only interesting for Drupal site administrators...

Drupal provides access logs and has a few statistics pages for viewing them. I've been looking at them over the last few days. Today I noticed that they allow tracking of people who have an account here, making it easy to see everything they do. So I turned them off, and cleared the cached information. I don't keep Apache logs either, and I don't think NearlyFreeSpeech does...

I made blocks for the Blogroll in the right column and for banners in the left column. Registered users can disable them both. I made aggregator entries for the blogroll sites that had one that worked with Drupal's aggregator. I don't have a cron job set up yet (NearlyFreeSpeech doesn't do cron, but WebCron will suffice). Hopefully, I'll remember to run cron at least once a day. If you want the search engine and aggregator feeds to be updated, you can go to the cron.php page, which displays as blank when there are no errors (and that link may make the search engines update it for us).

And I converted my Free Marc Emery page to Drupal format, so that I could link to it from the banners, and to get an idea of what's involved.