DigiCert SHA-1 Sunset Tool: Find & Replace SHA-1 Certificates

With very little effort I replaced my existing SSL cert which was SHA-1 based with a SHA-256 version for free.

The SHA-1 Sunset Tool makes it easy to find all of your SHA-1 certificates. Enter your domain name to find affected certificates and upgrade to SHA-256 with a free DigiCert certificate.

via DigiCert SHA-1 Sunset Tool: Find & Replace SHA-1 Certificates.

It’s a neat offer. I could have asked my existing SSL cert provider but I wanted to see how well this works. The instructions and validation steps were very simple.

New thrift shop find

I like old film cameras and I often visit Island Thrift to see what they’ve got. Normally it’s just a few 35mm plastic film cameras from the 80s. Those aren’t very interesting, but this week they had some good selections behind the case.

  • Olympus SLR OM-1MD w/50mm f/1.8 lens in good condition.
  • Olympus SLR OM-2¬†w/50mm f/1.8 lens. The shutter was jammed solid.
  • Yashica Electro 35 G (1968 version, up to ASA 500) with a dented lens rim.
  • Yashica Electro 35 from 1966. The original non-G version that went to ASA 400.

Of course I got the last one. ūüôā

original-electro-35-1966-3

I did a check out of all 4 and gave the manager a lesson in old film cameras. I looked at the shutter settings from bulb to 1/1000 on the OM-1MD, checked the aperture changed when moved, the film advance, looked for fungus and scratches on the lens and made sure the shutter didn’t stick.

Except for the OM-2, the cameras worked. The manager removed the OM-2 which I thought was decent of him.

Without a battery the Electro 35 will default to 1/500 exposure. I thought the aperture blades were stuck (they’re not) ¬†but what this new camera needs is work on is the wiring. At home when I put a battery in I got the check battery light working but I also got a ZZZT! noise on the inside.

I took the battery out quickly. This camera is over 48 years old¬†so I do expect some problems. The light seals disintegrate on touch and the whole thing can use a good cleaning. ¬†I’ll do some research, I think I know where I can get this one serviced.

An eBay purchase that worked out

Last week my latest eBay find¬†arrived and I was in for a little surprise: it wasn’t quite what I thought it would be. The listing said I¬†purchased an Olympus Pen EES-2 camera, instead I got an EE-2.

You’re forgiven for not having any idea about the difference. ūüėČ Both models are half-frame cameras, the EES-2 is just like the Olympus Trip 35 and has a f/2.8 lens and zone focusing.¬†The EE-2 I received has a lens that opens only as far as f/3.5 and is a fully automatic camera. You set the film ASA, frame anything past 1.5 meters and click. If the light is too dark then you’ll get a red flag in the viewfinder and no photo will be taken.

This worked out perfectly. ¬†The camera was one I bought for my daughter to use and reskin. She wanted to use one of mine and I didn’t want to mess with those. This one is 100%¬†point and shoot and Friday I put in a roll of Kodak BW400CN film with 36 exposures. That meant I shot 72 photos because each frame gets 2 images.

I like the results. This may be the perfect street shooter camera. You see something, frame it in the viewfinder and you get an exposure at 1/200 of a second.

Here’s ¬†some shots from that first roll.

I cleaned up the camera with isopropyl alcohol and may change the leatherette. I also left a 5  star review for the seller. Not everyone is into old cameras the way I am and it all worked out for me.

Bitten by the photo bug again

This is why I need to shoot photos more often: when I get back into it I want to take photos of everything. Last week I used my Yashica Electro 35 GSN camera and shot a roll of color and B&W film.

The results came out OK but I’m still addicted to the Olympus Trip 35. You can see my collection of Yashica photos on Flickr¬†and here’s a gallery of some from last week.

Next week will be all Olympus Trip 35 photos. ūüėČ

Getting back into the photography routine

Tonight there will probably be another snowfall so I don’t know if I’ll get any street shots tomorrow. I’ve put on the “never ready” case and replaced the camera strap on my Yashica Electro 35 GSN. The original strap worried me and I don’t want risk dropping a camera made after 1973.

It’s a rangefinder camera and takes great shots. I normally use my Olympus Trip 35 for street photography but the mood struck me to use a different camera. It will be dark when I get out of work and I want to shoot some 800 ISO film (the Trip 35 goes up to 400 ISO film). I’ve shot the Trip 35 in the dark and have gotten some good photos but they were strained. Or “retro” if you like those sort of images like this one. ūüėČ

Late night February 2013 in midtown Manhattan shot with an Olympus Trip 35
Late night February 2013 in midtown Manhattan shot with an Olympus Trip 35

Wintertime is not the best for street photography (metal camera, cold fingers) but I’ve been itching to take more photos. Last year I fell out of the habit of packing a camera and taking lots of photos. I want to get back into that routine and I hope to start this week.

I like taking photos. I love old film cameras. With film you get approximately 26 shots per roll and that forces me to think and frame the shot. They’re not always keepers but with practice I’ve posted hundreds of film shots. It’s something I enjoy and I hope this week I go through at least a couple of rolls.

Fixing my SSL based shortlinks

If you look at the HTML source for this NGINX post I wrote you’ll find this code.

<link rel='shortlink' href='http://wp.me/pLamj-2Lz' />

Which was inserted when I published the post via Jetpack. Shortlinks are cool.

But if you use curl -LI on that wp.me URL you see that it goes http -> http -> https which irks me.

$ curl -LI http://wp.me/pLamj-2Lz
HTTP/1.1 301 Moved Permanently
Location: http://blog.dembowski.net/?p=10637

HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/?p=10637

HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/2014/i-am-nginx-and-so-can-you/

$

I like https based URLs because I want the communication between my web server and your web browser to be encrypted.

My web server does 301 redirect the browser to the https version but I don’t want any plain text http in the mix. It’s not Jetpack’s fault, I’m passing the non-SSL URL to it to get the shortlink.

Having the shortlink point to a plain http URL doesn’t fit well with my tin foil hat. Since¬†my web sites are SSL enabled there is no reason to use unencrypted¬†http anymore.

YOURLS to the rescue

I am pretty sure that Jetpack’s URL shortner will handle SSL based URLs in a friendly encrypted way but I’d rather use YOURLS.

YOURLS stands for Your Own URL Shortner and I’ve been using my own installation for years. In December I blew up my¬†multisite and disabled my¬†YOURLS plugin (and several other things). Today I made a subtle change to my shortlink installation’s config.php file.

This line

define( 'YOURLS_SITE', 'http://dn7.me' );

was changed to this with https.

define( 'YOURLS_SITE', 'https://dn7.me' );

And just like that my short URLs are now SSL based. The old http shortlinks continue to work fine.

I previously used Ozh’s plugin but the plugin¬†Andrew Norcross created is recommended¬†by many¬†and I ¬†switched to that one. It’s really easy to use, you ¬†just fill in 2 fields and click the check boxes.

WP-CLI  should be used in all the things

I could not find where the heck my URLs were being generated as non-SSL. If I asked in the forums or looked at the wp_get_shortlink() source code I am sure I could figure it out. But I’m lazy and instead I just used wp-cli like so.

cd /to/my/multisite/directory
wp db export ~/save-me.sql
wp search-replace 'http://blog.dembowski.net' 'https://blog.dembowski.net' --network

The export command was my safety net incase my backups aren’t as good as I think they are. If this hurt anything then I could put the database back right before I munged it up.

Today I published a post and it has this code and shortlink.

<link rel='shortlink' href='https://dn7.me/2ou' />

Looking at that with curl reveals this.

$ curl -LI https://dn7.me/2ou
HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/2015/good-product-integration-is-important/

$

The https URL sends a 301 to the destination https URL with nothing else to see. My tin foil hat is now even a little tighter.

You do know that you use Jetpack, right Jan?

I’m not really¬†concerned about data leakage and this really is just an excercise for me. I like Jetpack and understand the implications of continuing to use it.

When you setup a ¬†web server the default port is 80 without any encryption. SSL on port 443 needs to be configured¬†and turned on manually with x509 certs. Wouldn’t it be great if you could do away with HTTP and just use HTTPS? That’s part of what Let’s Encrypt is trying to accomplish.

As a service¬†it’s supposed to be available mid-2015 and I can’t wait to see how that goes. Encryption everywhere is a great idea ¬†and in the 21st century there’s no excuse not to use it.

Good product integration is important

My iPhone 6 arrived in the mail, a few calls later it was activated and my old Note II became a paperweight. It’s not that I dislike Android or Samsung products, it’s just that my latent Phone Curse‚ĄĘ kicked in. After 2 years it was time to retire the old one.

The old phone was getting long in the tooth. It’s been months since the camera could focus (that’s important, right? For a camera to focus?) I routinely lost my playlists and the built in keyboard code would crash all the time. Even after I factory reset the phone and formatted the storage. CRASH! Instant phone grief.

It’s not the phone. It’s me and it’s always been me. Any electronic device that is near me for too long loses it’s mind.

What I like about Apple products

Apple does something really well that is evil, persuasive and disruptive. Did I mention how EVIL they are?

Their phones work well by themselves or with other things such as Bluetooth equipped cars.

See what I mean about evil? With my Galaxy Note II I had problems getting music to play in my car. I would need to start the music app on my phone and cross my fingers. To sync my music (I use both iTunes and Google Play Music) I would try different applications such as doubleTwist’s AirSync but that was always hit or miss. Occasionally the sync would go spa and I’d have to use harsh language on it.

Using the Google Play Music app always worked provided I had good cell coverage. Listening to music while driving where it pauses is enough to make¬†anyone start¬†drinking. If the music is in the phone’s cache cool but if not it could be a long ride.

With my new iPhone I get into the car, wait for the Bluetooth to connect and hit play. If the car was set to the phone player already then music would just begin by itself. No muss, no fuss it just works.

Text messaging? Oh yeah, iPhones do that but they extend it into iMessage. When you log into Facetime or iMessage and you have a Mac you can continue to message via the Mac. It’s a smooth transition and I can pickup messaging without my phone. Same with Facetime and¬†it’s not limited iPhones. I can use my phone to message or Facetime my daughter on her iPhone (she got Lily’s old phone with no service) from my phone or Mac.

With my old phone I never used a lock screen. The Note II is huge and typing the code was like walking across the room. On the iPhone the fingerprint reader is almost transparent in its use. Press the home button to awake the screen. Leave your thumb there a little longer and the phone unlocks.

While on the topic, iPhone apps can use the fingerprint reader too just like your iTunes account. I use 1Password and unlocking with just my thumb is amazingly cool. I’ve been playing with Clef and I authenticate to that service in the same way.

Again it all just works, the integration is seamless.

Yes, I can do most of that in Android with 3rd party apps

That’s where Apple extends their EVILNESS. It’s built in. The messaging and Facetime like experience on Android? Skype on your phone and Skype on your PC or Mac. There is no Facetime or iMessage for the PC that I am aware of and that’s not a mistake. Apple is in the business of selling their products, not PCs.

Same with the music sync and car integration. Apple works closely with car manufacturers so when I play music I see the cover art, time passed, time left, can select from playlists, scroll through songs, etc. With my built in Samsung music player I can see the song before, playing and next song. That’s it. The doubleTwist music player has even less functionality.

The Note II does not have a fingerprint reader but current models do. I’ll assume that they can be unlocked in similar ways but I don’t think the 3rd party app support is there.

I am not an Android hater

I like well designed products. And¬†I did look at HTC phones and the current generation of Samsung phones. They’re really good but the integration problems I’m having are inherent to ¬†the Android operating system. With the new Lollipop version that may have improved. With the Motorola line of phones running a “pure” version of Google’s OS maybe the integration with cars has improved.

There’s also the “change is good” factor for me. IOS and Android apps really are not the different anymore. With IOS you get less built in buttons (my old phone had a “go back” soft button, IOS has a home button) and once you change gears to IOS it’s all the same.

In another 2 years or so I expect my curse to kick in again. Maybe at that time I will switch back to a Google phone. Apple has a huge market and support but future Android phones might get the seamless experience I am looking for.

Thank you #wpmom for everything

kim-parsell-is-now-following-you

I can’t remember¬†when I first started interacting with #wpmom Kim Parsell. I’ve been looking and the earliest I can find was an email from April 26, 2012 saying that she was following me on Twitter.

Hundreds of tweets and many emails later and it sure seems like it was much longer than that. She had that effect on you and on October 25th, 2014 I finally got to meet her in person at WCSF.

She was so down to earth and so real. Nervous too, she was going onto tape as the Docs lead for explaining the Codex and getting involved in that team. When that video was taken I was near the podium doing the thumbs up thing before and after her presentation. She had nothing to worry about and she did fine.

The WordPress community is volunteer driven and we all focus on those things we are individually interested in. For me I like to provide support even if it’s just a “Hey, try this plugin it may help you out” reply in the forums. That’s an easy way to get involved and takes very little time.

Kim did so much more than that. She was an active and key member of the Docs team and contributed to WordPress core. She downplayed it but she was a member of and a huge person to the whole support team. She collaborated with so many people. The tag #wpmom was one that she embraced and it was true, she really was like the Mom to all of us. On my last day at WCSF I walked over to sit with her and see how she was doing. I had to, I told her I would. We talked about meeting again at other WordCamps and I wanted to introduce my kids to her.

Now that won’t happen and I feel awful.¬†When I heard the news about Kim’s passing I was shocked. I kept telling myself that she’s just taking a break or a vacation. That’s what I told myself till the last minute.

I feel so small right now. But interacting with her online made me a better person. Collaborating with her and others is amazing and even small contributions are valuable. I got to meet her in person and I’m so grateful for that. She made me feel involved and important. I’ll miss her and her encouragement but I can’t mope about it. That’s not something wpmom would approve of.

Thoughts on my LG G Watch

For the last 7¬†days I’ve been wearing my Christmas gift from my brother and sister-in-law: an LG G Watch. It’s a watch that runs Android Wear and works hand in hand with my¬†smartphone.

As a watch

It’s very comfortable. The strap is rubber like and the holes take into account¬†small wrists like mine. It stretches a little bit so I’ve got it on snug but it’s not cutting off my circulation. With my regular watch that’s not the case since I never added another hole in the strap and it’s always a little loose. I’m always aware of my Citizen watch but I can forget I’m wearing¬†this one.

The watch is rated to meet IP67 requirements which according to this Wikipedia page¬†(I had to look it up too) it means it is dust tight and can be submerged up to¬†1M at “under defined conditions of pressure and time”. I took that to mean I can wash it under the facet if I need to and wearing it in the rain will not be a problem.

I’m not sure how strong¬†the display face is. My Citizen watch has an “Anti-Reflective Mineral Crystal” and it’s tough. I bump into things all the time and I’m always amazed that 2 and half years later the face doesn’t have gouges in it.¬†The LG G Watch may be scratch resistant but I would not want to test that.

Since it’s a smart watch you can change the face with a download and I currently like TextFace.

As a display extension for the phone

When I think “smart watch” I’m really thinking about a Dick Tracy radio watch. Dick Tracy¬†never said “Oh no! I’m outside of cell phone coverage!” though he may have had to deal with Flattop jamming his signal. Android Wear devices are not that but they’re still pretty cool.

This watch connects with my Android phone via Bluetooth. It¬†can run applications designed for it but the primary function is to be another notification area. It’s a place for your phone to let you know you’ve got mail, a text message, Tweet, etc. By default the watch will vibrate though that can be turned off.

The 400mAh battery lasts me all day and except for a friend favoriting 20+ my Tweets in minutes (and you know who you are ūüėČ ) I’ve not had any problems. LG provides a micro USB cable, A/C charger and a docking stand with a tacky (not sticky) bottom so it grips your nightstand or desk.

I did install a bunch of watch faces and the Google Fit app works well. But there’s not much application utility for me. I can hold my watch up and say out loud “OK Google. Directions to Pizza.” and that¬†does work. The Google Maps app will fire up and I can select walking directions if I want to. But how often would I do that? It’s not that the watch isn’t designed well (it is) it’s just that the concept of smart watches and Android Wear is still developing.

That all said the watch is very cool and I like it

I keep my phone in my pocket and get all the notifications on my wrist. Those watch notifications can be ignored on a per app basis. I’ve gotten Slack notification on my watch and that feels like the Geek Bat Signal.

When someone calls me on my phone I get the option to accept or ignore them while getting caller ID on my watch. I occasionally get cold called on my cell and a quick swipe on my watch is a “Nope!” I don’t think I can talk to people via my watch but I’ve not tried.

I control my music playing ¬†on my¬†phone via the watch. This is the phone in my pocket. That’s just nuts. It’s in my pocket! That’s like using the TV remote to turn it on while the on¬†button is¬†2 feet away from you. You could just reach out and push the button, but it’s still very cool doing things via¬†the smart watch.

I’ll use it for at least 2 more weeks

I like my LG G watch a lot. But in a couple of weeks my cell phone contract is up and I decided months ago that I’m getting an iPhone 6. Not surprisingly, this watch¬†only works with Android phones.

The watch is fun but I really want to switch to an iPhone. If Apple does it correctly this experience will lead to me getting the iWatch when it comes out. Maybe, I’ll want to see what others think about it first.