Download the GeoTrust DV Intermediate CA file from https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422

Log in to the openfire admin UI ( http://server:9090/ ) and navigate to “Server Settings” -> “Server Certificates” and click on the “import” link ( http://server:9090/import-certificate.jsp ). Copy the appropriate sections from your certificate into the two text fields. Next, open the GT_QuickSSL_and_Premium_and_Trial_intermediate_bundle.pem file you just downloaded and paste the contents of this file into the certificate text field. Make sure there isn’t any space between the end of your certificate and the start of the intermediate certificates.

Here’s what the text field should look like given the intermediate bundle as of 2011:

-----BEGIN CERTIFICATE-----
Your certificate
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIID+jCCAuKgAwIBAgIDAjbSMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjI2MjEzMjMxWhcNMjAwMjI1MjEzMjMxWjBhMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMURG9tYWluIFZh
bGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBDQTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKa7jnrNpJxiV9RRMEJ7ixqy0ogGrTs8
KRMMMbxp+Z9alNoGuqwkBJ7O1KrESGAA+DSuoZOv3gR+zfhcIlINVlPrqZTP+3RE
60OUpJd6QFc1tqRi2tVI+Hrx7JC1Xzn+Y3JwyBKF0KUuhhNAbOtsTdJU/V8+Jh9m
cajAuIWe9fV1j9qRTonjynh0MF8VCpmnyoM6djVI0NyLGiJOhaRO+kltK3C+jgwh
w2LMpNGtFmuae8tk/426QsMmqhV4aJzs9mvIDFcN5TgH02pXA50gDkvEe4GwKhz1
SupKmEn+Als9AxSQKH6a9HjQMYRX5Uw4ekIR4vUoUQNLIBW7Ihq28BUCAwEAAaOB
2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIz02ZMKR7wAoErOS3VuoLaw
sn78MB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMBIGA1UdEwEB/wQI
MAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5j
b20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
hhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBADOR
NxHbQPnejLICiHevYyHBrbAN+qB4VqOC/btJXxRtyNxflNoRZnwekcW22G1PqvK/
ISh+UqKSeAhhaSH+LeyCGIT0043FiruKzF3mo7bMbq1vsw5h7onOEzRPSVX1ObuZ
lvD16lo8nBa9AlPwKg5BbuvvnvdwNs2AKnbIh+PrI7OWLOYdlF8cpOLNJDErBjgy
YWE5XIlMSB1CyWee0r9Y9/k3MbBn3Y0mNhp4GgkZPJMHcCrhfCn13mZXCxJeFu1e
vTezMGnGkqX2Gdgd+DYSuUuVlZzQzmwwpxb79k1ktl8qFJymyFWOIPllByTMOAVM
IIi0tWeUz12OYjf+xLQ=
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26×1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
—–END CERTIFICATE—–


If you don’t include the intermediate cert data in the second field or the intermediate certs don’t match you’ll see errors such as “Incomplete certificate chain in reply”, “Failed to establish chain from reply” or “Certificate chain in reply does not verify: Signature does not match.”

If you see the message “invalid DER-encoded certificate data” then you most likely have an empty line between one or other of the certificate lines.

I’ve confirmed that this works with the Openfire 3.7 server and Empathy as the IM client.

Google Transliterate has been available for a while, but what’s nice is that it now supports Sinhalese too. Check it out:

http://www.google.com/transliterate/sinhalese

If you type “Roshan”, it’ll transcribe exactly as it should. My surname is a bit trickier so you can’t type it as it’s normally written in English but you instead have to type “sembakuttiarachchi” to get the correct transliteration.

Windows Vista and Windows 7 come with Sinhala support out-of-the-box. Windows XP doesn’t initially support Sinhala, but there’s an extra language-pack you can install to make things work. Once you install the correct fonts, things work properly on Linux too, but it’s a different story with Mac OS X. Even with the latest version of Snow Leopard, Mac OS X has problems rendering Sinhala properly.

Firefox versions prior to 3.0 stored their cookies in a standard cookies.txt file that could be used by tools like wget or curl. From version 3.0 onwards, Firefox uses sqlite for persistence of cookies and other data, making it slightly more difficult to use the same cookies. Here’s an invocation you can use to generate a cookies.txt file from your cookies.sqlite file:

sqlite3 -separator $'\t' cookies.sqlite \
    'select host, "TRUE", path, case isSecure when 0 then "FALSE" else "TRUE" end, expiry, name, value from moz_cookies' > cookies.txt

Make sure you’re in the proper profile directory, and that Firefox isn’t running. Otherwise, you’ll get a message that the database is locked.

I’ve tested this so far with Firefox 3.5 and 3.6. Should work as long as the structure of the cookies.sqlite file doesn’t change.

I recently got an Olimex AVR-ISP500 and wanted to upgrade the firmware from my Ubuntu desktop (didn’t really fancy installing any drivers on the Windows machine). Here’s what I had to do:

First, make sure you have lrzsz available:

roshan@optimus $ sudo apt-get install lrzsz
[sudo] password for roshan:
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
  minicom
The following NEW packages will be installed:
  lrzsz
0 upgraded, 1 newly installed, 0 to remove and 9 not upgraded.
Need to get 108kB of archives.
After this operation, 279kB of additional disk space will be used.
Get:1 http://mirror.switch.ch jaunty/universe lrzsz 0.12.21-4.1 [108kB]
Fetched 108kB in 0s (430kB/s)
Selecting previously deselected package lrzsz.
(Reading database … 293796 files and directories currently installed.)
Unpacking lrzsz (from …/lrzsz_0.12.21-4.1_amd64.deb) …
Processing triggers for man-db …
Setting up lrzsz (0.12.21-4.1) …
roshan@optimus $

The AVR-ISP500 starts in firmware-update mode if you have a jumper between pins 1 and 3 of the ICSP10 connector. Plug in the programmer and make sure the status LED continues flashing the sequence green, red, off.

Check /var/log/messages to see what device node is associated with the programmer. On my machine, it turns up as /dev/ttyACM0.

Download the latest firmware from the Olimex AVR-ISP500 page. Unzip the file, and you’ll find the firmware image avr-isp500.img

Run the sx command as shown, making sure to adjust the firmware image file and ports to suit your system. If all goes well, you’ll see the following:

roshan@optimus $ sx -X –16-bit-crc avr-isp500.img > /dev/ttyACM0 < /dev/ttyACM0
Sending avr-isp500.img, 97 blocks: Give your local XMODEM receive command now.
Bytes Sent:  12416   BPS:870                             

Transfer complete
roshan@optimus $

I found that it took a few tries to get the timing right, and that if you ran the command too soon it errored out:

roshan@optimus $ sx -X --16-bit-crc avr-isp500.img > /dev/ttyACM0 < /dev/ttyACM0
Sending avr-isp500.img, 97 blocks: Give your local XMODEM receive command now.
Xmodem sectors/kbytes sent: 0/ 0kRetry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Retry Count Exceeded

Transfer incomplete
roshan@optimus $

I just repeated the command every time it failed, until it finally “took”.

I’ve recently started using Flickr more than I have before, where my workflow consisted of using Lightroom to sort out the photos, process them and to give them a rating, export from lightroom, watermark, upload all the files to my photostream, and then add the photos I’d rated with at least 4 stars to a particular photo pool. These steps were not as seamless to me as they could have been, so I started looking for ways to automate the process. flickcurl came up as an obvious candidate, so I put together the following script.

Pre-requisites for this script to run are

• jhead, to extract EXIF information
• flickcurl, for all the flickr magic
• Imagemagick, used for watermarking
• XMLStarlet, to execute XPath

You should be able to install all the pre-requisites on a Debian-based system using apt:

sudo apt-get install flickcurl-utils jhead imagemagick xmlstarlet

And now for the script:

#!/bin/bash
if [ ! -d to_upload ]
then
  mkdir to_upload
fi

POOL_ID="1234567@N89"
FLICKCURL="/home/roshan/progs/flickcurl/bin/flickcurl"
WATERMARK="/home/roshan/graphics/watermark.png"

for img in `ls *.tif | sort -r`
do
  imgbase="${img/.tif/}"
  echo "Photo $imgbase"
  target="to_upload/${imgbase}.jpg"
  xmpfile="to_upload/${imgbase}.xmp"
  logfile="to_upload/${imgbase}.log"
  echo "  Watermarking"
  composite -gravity SouthWest "$WATERMARK" "$img" "$target"
  jhead -v "$target" 2> /dev/null | sed -n -e '/xmpmeta/,/xmpmeta/p' > "$xmpfile"
  rating=`xmlstarlet sel -N xap="http://ns.adobe.com/xap/1.0/" -t -m "//xap:Rating" -v . $xmpfile`
  echo "  Rating: $rating"
  echo "  Uploading"
  $FLICKCURL upload "$target" public 2> "$logfile"
  PHOTO_ID=`sed -n -e '/Photo ID/{s/^.*: //;p}' "$logfile"`
  echo "  Uploaded as Photo ID $PHOTO_ID"
  if [ $rating -gt 3 ]
  then
    echo "  Adding $imgbase to pool"
    $FLICKCURL groups.pools.add $PHOTO_ID $POOL_ID 2> "$logfile.zrh"
  fi
done

I found that flickcurlutils 1.3 available through the Ubuntu Jaunty repositories would consistently segfault while trying to upload any photo which I wanted to mark public. The latest code (1.14) available on the flickcurl page doesn’t have this problem, so you might want to download and compile that yourself.

The script itself is relatively straightforward. It sets up a few constants (adjust to suit your system), creates a working directory, and then starts looping over all TIFF files in the current directory. For every TIFF file, it creates a watermarked JPG file, and extracts the XMP information that Lightroom has embedded in the image. The XMP file is an XML file, and among the information stored in it is the image rating which we get at using XMLStarlet. Upload the image, and depending on the rating given to the image, also add it to the pool.

It’s a relatively simple script, with no error-checking at all, but it does what I need.

The latest addition on Google Maps: Tiles for Sri Lanka, with the ability to search for any address.

View Larger Map

I have to travel to London next month, and started the usual visa application process. I’ve grown accustomed to filling these out, as I usually go through the visa process of some country every few months. The Schengen visa application is a two-page affair and is not too bad. The US application application isn’t that bad either. But then I filled out the UK online form just now - 93 questions scattered across 27 pages of an online-form!

One section was about “You stated that you had made an application to the Home Office to remain in the UK in the last 10 years. “, and requesting for more information. Under the “Granted or Refused” field, I entered “Granted”, but was then surprised to see that the form refused to proceed, instead marking the “Reason (if refused)” field as a required field. Brilliant.

Other compulsory questions:

• Your total monthly income from all sources of work or employment after tax
• Do you receive income from any other sources‚ including friends or family?
• Do you have savings‚ properties or other income‚ for example‚ from stocks and shares?
• How much of your monthly income is used to support your family member’s?
• How much do you spend each month on living costs?
• You stated that you have savings‚ property or income. Please give details

Then there were the usual “Are you a terrorist” type questions which are also on the US visa and entry forms. The last question in that block: “Have you engaged in any other activities that might indicate that you may not be considered a person of good character?”

Definitely the most intrusive and convoluted visa form I’ve come across.

In my earlier simple attempts at aggregating my online activities, I had set up my blog to cross-post to my Twitter stream, for my Twitter tweets to post back to my blog, and for my del.icio.us bookmarks to do a nightly aggregated post back to my blog too (which would of course also generate a tweet).

With the arrival of FriendFeed, though, all of this cross-linkage was unnecessary. Even more so, it was polluting my FriendFeed stream, with multiple events from different streams, all announcing the same thing.

And so, all the cross-posting is now turned off, and enjoy the simplicity of FriendFeed.

That’s it - today is the day the internet broke! People started realising something was wrong with Google when almost every search result had the accompanying text “This site may harm your computer”. Clicking on any result led to a page warning the user that the page they wanted to visit was very likely a page which would try to do bad things to your computer. Thankfully, the glitch only lasted for 30-45 minutes, and things were back to normal again, with an explanation of what went wrong. And the world breathed a sigh of relief… or did they?

A few minutes ago, I got an e-mail alert from Hyperspin. Hyperspin monitor your servers, and e-mail you if something goes wrong. Apparently something had - it was failing to resolve my domain name! A few nslookups showed that this really was the case. Worse - none of my domains were being resolved. I try to access the eNom website, and find that even THEIR website isn’t working.

Ok, fine - so something’s wrong with eNom’s DNS servers - all 5 of their geographically-separated locations! None of them respond! A global failure of their DNS servers for more than a few minutes is really unthinkable. They say on their web-site:

eNom services set new standards for reliability, thanks in part to redundant name servers dispersed around world. Each server has multiple high-bandwidth Internet connections, back-up power, security, and access to three different major Internet backbones. This powerful system enables to handle millions of transactions with no interruption in service.

I thought I’d call their tech-support to see what they have to say. Of course, their number is listed on their web-site, and that’s completely unreachable right now. Thankfully, the web archive was helpful to locate and find an archived contact page from their site. So I call up the number listed, dutifully press “3″ for technical support and hear the message “Please enter your support PIN - this PIN is available within the ‘Info’ section of the ‘My Account’ page on our site”. AAARGH! Ok … don’t panic. A quick visit to Netcraft, and I’m in possession of the IP address they last switched to. http://69.64.157.35 does the trick, and I’m greeted with the familiar Enom home page. Login, get my phone-support PIN and call them again. I’m not that surprised that I get through to a support drone almost immediately - most of their customers are still battling their way throgh to their phone support PIN! Unfortunately, the support drone was of no help at all. He acknowledged that there was a problem, that their entire team of engineers was investigating what had gone wrong, but no, they don’t have an ETA as to when things will be sorted out.

It’s been over half an hour since I got the initial alert mail, and nothing has changed yet. Wonder how long this will take to fix.

Update:

1.5 hours later, it looks as if things are recovering. Most queries do get a valid response, although some of them do still time-out.

Of course, their Outage reporting site was also completely inaccessible. And now, even when you are able to access it, all it says is “Unscheduled Maintenance - Our site is currently undergoing an unscheduled maintenance to upgrade our systems in order to better serve you.”

Final update:
I just received a response to the ticket I filed with eNom. Turns out the entire thing was due to a DDoS attack.

Hello,

Thank you for contacting us regarding the recent site resolution issues you were experiencing.

For a period of hours beginning a Noon PST on Saturday January 31, 2009, a eNom DNS servers were victim to a large Distributed Denial of Service (DDoS) attack. This attack affected hosted customers and other services, which rely on our DNS infrastructure. Our DNS regularly handles attack traffic during the normal course of business; however, this attack was particularly large and required additional effort by eNom Operations to counteract it. Services were largely restored by 3:30pm PST. By policy, eNom doesn’t detail the nature of attacks against our infrastructure.

Thank you for your understanding and patience.

Technical Support,

Facebook has a million and one applications. Among them are a number of IQ Test applications. Even to view someone else’s results, you have to install the app, with the corresponding permissions screen as shown below:

Now, maybe I’m not supposed to have the IQ to understand, but why should an IQ Test application need access to “your profile information, your photos, your friends’ info and other content that it requires to work”? Ah - maybe all that information is used to adjust your IQ score… you know, if you’ve used L33T-speak on your profile, that’s a -20 adjustment right there. Are you in a Palin supporters group? -30 for you! Photos of kittens? +5. Photos of dogs? +10!

Naah, quite unlikely. In my opinion, what should happen if you press that “Allow” button is the message: “Your IQ Score: 0″!