Download the GeoTrust DV Intermediate CA file from https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422

Log in to the openfire admin UI ( http://server:9090/ ) and navigate to “Server Settings” -> “Server Certificates” and click on the “import” link ( http://server:9090/import-certificate.jsp ). Copy the appropriate sections from your certificate into the two text fields. Next, open the GT_QuickSSL_and_Premium_and_Trial_intermediate_bundle.pem file you just downloaded and paste the contents of this file into the certificate text field. Make sure there isn’t any space between the end of your certificate and the start of the intermediate certificates.

Here’s what the text field should look like given the intermediate bundle as of 2011:

-----BEGIN CERTIFICATE-----
Your certificate
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIID+jCCAuKgAwIBAgIDAjbSMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjI2MjEzMjMxWhcNMjAwMjI1MjEzMjMxWjBhMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMURG9tYWluIFZh
bGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBDQTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKa7jnrNpJxiV9RRMEJ7ixqy0ogGrTs8
KRMMMbxp+Z9alNoGuqwkBJ7O1KrESGAA+DSuoZOv3gR+zfhcIlINVlPrqZTP+3RE
60OUpJd6QFc1tqRi2tVI+Hrx7JC1Xzn+Y3JwyBKF0KUuhhNAbOtsTdJU/V8+Jh9m
cajAuIWe9fV1j9qRTonjynh0MF8VCpmnyoM6djVI0NyLGiJOhaRO+kltK3C+jgwh
w2LMpNGtFmuae8tk/426QsMmqhV4aJzs9mvIDFcN5TgH02pXA50gDkvEe4GwKhz1
SupKmEn+Als9AxSQKH6a9HjQMYRX5Uw4ekIR4vUoUQNLIBW7Ihq28BUCAwEAAaOB
2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIz02ZMKR7wAoErOS3VuoLaw
sn78MB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMBIGA1UdEwEB/wQI
MAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5j
b20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
hhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBADOR
NxHbQPnejLICiHevYyHBrbAN+qB4VqOC/btJXxRtyNxflNoRZnwekcW22G1PqvK/
ISh+UqKSeAhhaSH+LeyCGIT0043FiruKzF3mo7bMbq1vsw5h7onOEzRPSVX1ObuZ
lvD16lo8nBa9AlPwKg5BbuvvnvdwNs2AKnbIh+PrI7OWLOYdlF8cpOLNJDErBjgy
YWE5XIlMSB1CyWee0r9Y9/k3MbBn3Y0mNhp4GgkZPJMHcCrhfCn13mZXCxJeFu1e
vTezMGnGkqX2Gdgd+DYSuUuVlZzQzmwwpxb79k1ktl8qFJymyFWOIPllByTMOAVM
IIi0tWeUz12OYjf+xLQ=
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26×1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
—–END CERTIFICATE—–


If you don’t include the intermediate cert data in the second field or the intermediate certs don’t match you’ll see errors such as “Incomplete certificate chain in reply”, “Failed to establish chain from reply” or “Certificate chain in reply does not verify: Signature does not match.”

If you see the message “invalid DER-encoded certificate data” then you most likely have an empty line between one or other of the certificate lines.

I’ve confirmed that this works with the Openfire 3.7 server and Empathy as the IM client.

Google Transliterate has been available for a while, but what’s nice is that it now supports Sinhalese too. Check it out:

http://www.google.com/transliterate/sinhalese

If you type “Roshan”, it’ll transcribe exactly as it should. My surname is a bit trickier so you can’t type it as it’s normally written in English but you instead have to type “sembakuttiarachchi” to get the correct transliteration.

Windows Vista and Windows 7 come with Sinhala support out-of-the-box. Windows XP doesn’t initially support Sinhala, but there’s an extra language-pack you can install to make things work. Once you install the correct fonts, things work properly on Linux too, but it’s a different story with Mac OS X. Even with the latest version of Snow Leopard, Mac OS X has problems rendering Sinhala properly.

Firefox versions prior to 3.0 stored their cookies in a standard cookies.txt file that could be used by tools like wget or curl. From version 3.0 onwards, Firefox uses sqlite for persistence of cookies and other data, making it slightly more difficult to use the same cookies. Here’s an invocation you can use to generate a cookies.txt file from your cookies.sqlite file:

sqlite3 -separator $'\t' cookies.sqlite \
    'select host, "TRUE", path, case isSecure when 0 then "FALSE" else "TRUE" end, expiry, name, value from moz_cookies' > cookies.txt

Make sure you’re in the proper profile directory, and that Firefox isn’t running. Otherwise, you’ll get a message that the database is locked.

I’ve tested this so far with Firefox 3.5 and 3.6. Should work as long as the structure of the cookies.sqlite file doesn’t change.

I recently got an Olimex AVR-ISP500 and wanted to upgrade the firmware from my Ubuntu desktop (didn’t really fancy installing any drivers on the Windows machine). Here’s what I had to do:

First, make sure you have lrzsz available:

roshan@optimus $ sudo apt-get install lrzsz
[sudo] password for roshan:
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
  minicom
The following NEW packages will be installed:
  lrzsz
0 upgraded, 1 newly installed, 0 to remove and 9 not upgraded.
Need to get 108kB of archives.
After this operation, 279kB of additional disk space will be used.
Get:1 http://mirror.switch.ch jaunty/universe lrzsz 0.12.21-4.1 [108kB]
Fetched 108kB in 0s (430kB/s)
Selecting previously deselected package lrzsz.
(Reading database … 293796 files and directories currently installed.)
Unpacking lrzsz (from …/lrzsz_0.12.21-4.1_amd64.deb) …
Processing triggers for man-db …
Setting up lrzsz (0.12.21-4.1) …
roshan@optimus $

The AVR-ISP500 starts in firmware-update mode if you have a jumper between pins 1 and 3 of the ICSP10 connector. Plug in the programmer and make sure the status LED continues flashing the sequence green, red, off.

Check /var/log/messages to see what device node is associated with the programmer. On my machine, it turns up as /dev/ttyACM0.

Download the latest firmware from the Olimex AVR-ISP500 page. Unzip the file, and you’ll find the firmware image avr-isp500.img

Run the sx command as shown, making sure to adjust the firmware image file and ports to suit your system. If all goes well, you’ll see the following:

roshan@optimus $ sx -X –16-bit-crc avr-isp500.img > /dev/ttyACM0 < /dev/ttyACM0
Sending avr-isp500.img, 97 blocks: Give your local XMODEM receive command now.
Bytes Sent:  12416   BPS:870                             

Transfer complete
roshan@optimus $

I found that it took a few tries to get the timing right, and that if you ran the command too soon it errored out:

roshan@optimus $ sx -X --16-bit-crc avr-isp500.img > /dev/ttyACM0 < /dev/ttyACM0
Sending avr-isp500.img, 97 blocks: Give your local XMODEM receive command now.
Xmodem sectors/kbytes sent: 0/ 0kRetry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Got 01 for sector ACK
Retry 0: Retry Count Exceeded

Transfer incomplete
roshan@optimus $

I just repeated the command every time it failed, until it finally “took”.

I’ve recently started using Flickr more than I have before, where my workflow consisted of using Lightroom to sort out the photos, process them and to give them a rating, export from lightroom, watermark, upload all the files to my photostream, and then add the photos I’d rated with at least 4 stars to a particular photo pool. These steps were not as seamless to me as they could have been, so I started looking for ways to automate the process. flickcurl came up as an obvious candidate, so I put together the following script.

Pre-requisites for this script to run are

• jhead, to extract EXIF information
• flickcurl, for all the flickr magic
• Imagemagick, used for watermarking
• XMLStarlet, to execute XPath

You should be able to install all the pre-requisites on a Debian-based system using apt:

sudo apt-get install flickcurl-utils jhead imagemagick xmlstarlet

And now for the script:

#!/bin/bash
if [ ! -d to_upload ]
then
  mkdir to_upload
fi

POOL_ID="1234567@N89"
FLICKCURL="/home/roshan/progs/flickcurl/bin/flickcurl"
WATERMARK="/home/roshan/graphics/watermark.png"

for img in `ls *.tif | sort -r`
do
  imgbase="${img/.tif/}"
  echo "Photo $imgbase"
  target="to_upload/${imgbase}.jpg"
  xmpfile="to_upload/${imgbase}.xmp"
  logfile="to_upload/${imgbase}.log"
  echo "  Watermarking"
  composite -gravity SouthWest "$WATERMARK" "$img" "$target"
  jhead -v "$target" 2> /dev/null | sed -n -e '/xmpmeta/,/xmpmeta/p' > "$xmpfile"
  rating=`xmlstarlet sel -N xap="http://ns.adobe.com/xap/1.0/" -t -m "//xap:Rating" -v . $xmpfile`
  echo "  Rating: $rating"
  echo "  Uploading"
  $FLICKCURL upload "$target" public 2> "$logfile"
  PHOTO_ID=`sed -n -e '/Photo ID/{s/^.*: //;p}' "$logfile"`
  echo "  Uploaded as Photo ID $PHOTO_ID"
  if [ $rating -gt 3 ]
  then
    echo "  Adding $imgbase to pool"
    $FLICKCURL groups.pools.add $PHOTO_ID $POOL_ID 2> "$logfile.zrh"
  fi
done

I found that flickcurlutils 1.3 available through the Ubuntu Jaunty repositories would consistently segfault while trying to upload any photo which I wanted to mark public. The latest code (1.14) available on the flickcurl page doesn’t have this problem, so you might want to download and compile that yourself.

The script itself is relatively straightforward. It sets up a few constants (adjust to suit your system), creates a working directory, and then starts looping over all TIFF files in the current directory. For every TIFF file, it creates a watermarked JPG file, and extracts the XMP information that Lightroom has embedded in the image. The XMP file is an XML file, and among the information stored in it is the image rating which we get at using XMLStarlet. Upload the image, and depending on the rating given to the image, also add it to the pool.

It’s a relatively simple script, with no error-checking at all, but it does what I need.

The latest addition on Google Maps: Tiles for Sri Lanka, with the ability to search for any address.

View Larger Map

That’s it - today is the day the internet broke! People started realising something was wrong with Google when almost every search result had the accompanying text “This site may harm your computer”. Clicking on any result led to a page warning the user that the page they wanted to visit was very likely a page which would try to do bad things to your computer. Thankfully, the glitch only lasted for 30-45 minutes, and things were back to normal again, with an explanation of what went wrong. And the world breathed a sigh of relief… or did they?

A few minutes ago, I got an e-mail alert from Hyperspin. Hyperspin monitor your servers, and e-mail you if something goes wrong. Apparently something had - it was failing to resolve my domain name! A few nslookups showed that this really was the case. Worse - none of my domains were being resolved. I try to access the eNom website, and find that even THEIR website isn’t working.

Ok, fine - so something’s wrong with eNom’s DNS servers - all 5 of their geographically-separated locations! None of them respond! A global failure of their DNS servers for more than a few minutes is really unthinkable. They say on their web-site:

eNom services set new standards for reliability, thanks in part to redundant name servers dispersed around world. Each server has multiple high-bandwidth Internet connections, back-up power, security, and access to three different major Internet backbones. This powerful system enables to handle millions of transactions with no interruption in service.

I thought I’d call their tech-support to see what they have to say. Of course, their number is listed on their web-site, and that’s completely unreachable right now. Thankfully, the web archive was helpful to locate and find an archived contact page from their site. So I call up the number listed, dutifully press “3″ for technical support and hear the message “Please enter your support PIN - this PIN is available within the ‘Info’ section of the ‘My Account’ page on our site”. AAARGH! Ok … don’t panic. A quick visit to Netcraft, and I’m in possession of the IP address they last switched to. http://69.64.157.35 does the trick, and I’m greeted with the familiar Enom home page. Login, get my phone-support PIN and call them again. I’m not that surprised that I get through to a support drone almost immediately - most of their customers are still battling their way throgh to their phone support PIN! Unfortunately, the support drone was of no help at all. He acknowledged that there was a problem, that their entire team of engineers was investigating what had gone wrong, but no, they don’t have an ETA as to when things will be sorted out.

It’s been over half an hour since I got the initial alert mail, and nothing has changed yet. Wonder how long this will take to fix.

Update:

1.5 hours later, it looks as if things are recovering. Most queries do get a valid response, although some of them do still time-out.

Of course, their Outage reporting site was also completely inaccessible. And now, even when you are able to access it, all it says is “Unscheduled Maintenance - Our site is currently undergoing an unscheduled maintenance to upgrade our systems in order to better serve you.”

Final update:
I just received a response to the ticket I filed with eNom. Turns out the entire thing was due to a DDoS attack.

Hello,

Thank you for contacting us regarding the recent site resolution issues you were experiencing.

For a period of hours beginning a Noon PST on Saturday January 31, 2009, a eNom DNS servers were victim to a large Distributed Denial of Service (DDoS) attack. This attack affected hosted customers and other services, which rely on our DNS infrastructure. Our DNS regularly handles attack traffic during the normal course of business; however, this attack was particularly large and required additional effort by eNom Operations to counteract it. Services were largely restored by 3:30pm PST. By policy, eNom doesn’t detail the nature of attacks against our infrastructure.

Thank you for your understanding and patience.

Technical Support,

Facebook has a million and one applications. Among them are a number of IQ Test applications. Even to view someone else’s results, you have to install the app, with the corresponding permissions screen as shown below:

Now, maybe I’m not supposed to have the IQ to understand, but why should an IQ Test application need access to “your profile information, your photos, your friends’ info and other content that it requires to work”? Ah - maybe all that information is used to adjust your IQ score… you know, if you’ve used L33T-speak on your profile, that’s a -20 adjustment right there. Are you in a Palin supporters group? -30 for you! Photos of kittens? +5. Photos of dogs? +10!

Naah, quite unlikely. In my opinion, what should happen if you press that “Allow” button is the message: “Your IQ Score: 0″!

It’s difficult to identify a single page or site on the Net as being yours. Sure, you may have your own blog or even a completely independent website, but with sites like Del.icio.us, Flickr, FriendFeed and your profiles on all these pages, you’re bound to have at least a half dozen other pages that are “yours”. So now that you’re on these services, what should you do? To get the most of them, you’ll of course need to find your buddies on these sites, and that’s where things get tough. How do you know that the John Smith on service XYZ is in fact the same John Smith that you play scrabble with? If John has linked from his web page to his user profile then it’s no problem, but what if he’s only got a link the other way around, from his user-profile page back to his web-site. You shouldn’t have to click through the dozens of profile pages to find his - let Google do the work for you through the Google Social API!

A few months ago, Google made available an API which you can use to query the social network inherent in the web, by following the “me” links or pointers from one network’s profille to another, as well as the “friend” pointers. By then giving the URL of my web site, I can find all my “other” pages on the Internet, as well as everyone else that I link to or am linked by.

Using this social graph of services, it’s easy for you to find what services you have in common with someone else to be able to link with them there. To make this easier I have a very trivial bookmarklet I can invoke when I’m on any site, which does a lookup via Google Social’s API. To use it, simply drag and drop the “Google Social API Lookup” link to your bookmarks toolbar. Click it when you’re on any blog or profile page, and you’ll do a Google Social lookup. Enjoy!

A lot of people know that I’ve been working with Selenium to automate UI tests. You can now see a few examples of how specifically we use Selenium at Google, via the publicly released Selenium-based tests used as part of the Maps API testing process.

When you’re developing a Web-based application, testing a Web UI can get quite time-consuming. Throw in the problem of having to support multiple browsers, and the complexity of AJAX, and things can get out of hand quite quickly. This is where having an automated set of UI tests can be a life-saver. Make these tests part of your CI process, and you’ll get feedback as soon as something is broken.

Often, people end up testing the UI as part of an end-to-end test. This isn’t necessarily the best way to be testing the UI, as you’re no longer able to pinpoint the location of problems to a particular layer. Is that problem you’re seeing a data-encoding issue of the HTTP request/response, the database, or the persistence API? It could be anywhere. So take advantage of that multi-tiered system design which you have. Test each layer in isolation, separate it from the other layers that it’s talking to by putting fake, mock or stub layers in place, and test that layer by pumping in events and calling methods. Check the calls appearing out of that layer to verify they’re what you expect, and you have a much more useful set of tests.