I’ve finally worked out how to create self-signed SSL certificates for multiple domain names with openssl.
These notes relate to Debian GNU/Linux, but the principles will apply to other operating systems.
The first step to make the process easier and repeatable in the future is to copy the default configuration file from /etc/ssl/openssl.cnf to a working directory where you can adapt it
Let’s assume that you’ve copied /etc/ssl/openssl.cnf to ~/project-openssl.cnf. Edit the new file and set the various default values to the ones that you need — that’s better than having to respond to openssl’s prompts every time you run it.
For real non-self-signed certificates, you would generate a certificate signing request (.csr) file, ready for a certificate authority to sign it for you. In that case, you need to follow the instructions at http://wiki.cacert.org/FAQ/subjectAltName.
But for a self-signed certificate, the subjectAltName has to go in a different place. Make sure you’ve got this line present and un-commented in the [req] section of the config file:[req] ... x509_extensions = v3_ca
and then this goes at the end of the [v3_ca] section:[v3_ca] ... subjectAltName = @alt_names [alt_names] DNS.1 = example.com DNS.2 = www.example.com DNS.3 = example.co.uk DNS.4 = www.example.co.uk
There is (apparently) a limit to the number (or total length) of the alternate names, but I didn’t reach it with 11 domain names.
It’s also possible to add IP addresses to the alt_names section like this:IP.1 = 192.168.1.1 IP.2 = 192.168.69.14
Then to create the key and self-signed certificate, run commands similar to these:openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout project.key -out project.crt -config ~/project-openssl.cnf cp project.crt /etc/ssl/localcerts/ mv project.key /etc/ssl/private/
Note that I move (rather than copy) the key to the private directory to avoid leaving a copy of it lying around unprotected.
You can check that the certificate contains all the domains that you added by running this:openssl x509 -in project.crt -text -noout | less Alternative approach
I haven’t tried this, but according to http://apetec.com/support/GenerateSAN-CSR.htm it’s also possible to create a CSR and then self-sign it like this:openssl x509 -req -days 3650 -in project.csr -signkey project.key -out project.crt v3_req -extfile project-openssl.cnf References:
Once upon a time I setup a centralized service for spam-testing blog/forum-comments in real time, that service is BlogSpam.net.
This was created because the Debian Administration site was getting hammered with bogus comments, as was my personal blog.
Today the unfortunate thing happened, the virtual machine this service was running on ran out of RAM and died - The redis-store that holds all the state has now exceeded the paltry 512Mb allocated to the guest, so OOM killed it.
So I'm at an impasse - I either recode it to use MySQL instead of Redis, or something similar to allow the backing store to exceed the RAM-size, or I shut the thing down.
There seems to be virtually no liklihood somebody would sponsor a host to run the service, because people just don't pay for this kind of service.
I've temporarily given the guest 1Gb of RAM, but that comes at a cost. I've had to shut down my "builder" host - which is used to build Debian packages via pbuilder.
Offering an API, for free, which has become increasingly popular and yet equally gets almost zero feedback or "thanks" is a bit of a double-edged sword. Because it has so many users it provides a better service - but equally costs more to run in terms of time, effort, and attention.
(And I just realized over the weekend that my Flattr account is full of money (~50 euro) that I can't withdraw - since I deleted my paypal account last year. Ooops.)
Happy news? I'm avoiding the issue of free service indefinitely with the git-based DNS product which was covering costs and now is .. doing better. (20% off your first months bill with coupon "20PERCENT".)
I put out the call for nominations for the 2014 Software in the Public Interest (SPI) Board election last week. At this point I haven't yet received any nominations, so I'm mentioning it here in the hope of a slightly wider audience. Possibly not the most helpful as I would hope readers who are interested in SPI are already reading spi-announce. There are 3 positions open this election and it would be good to see a bit more diversity in candidates this year. Nominations are open until the end of Tuesday July 13th.
The primary hard and fast time commitment a board member needs to make is to attend the monthly IRC board meetings, which are conducted publicly via IRC (#spi on the OFTC network). These take place at 20:00 UTC on the second Thursday of every month. More details, including all past agendas and minutes, can be found at http://spi-inc.org/meetings/. Most of the rest of the board communication is carried out via various mailing lists.
The ideal candidate will have an existing involvement in the Free and Open Source community, though this need not be with a project affiliated with SPI.
Software in the Public Interest (SPI, http://www.spi-inc.org/) is a non-profit organization which was founded to help organizations develop and distribute open hardware and software. We see it as our role to handle things like holding domain names and/or trademarks, and processing donations for free and open source projects, allowing them to concentrate on actual development.
At work I needed a cheap laptop for a computer-illiterate user. Giving them Windows, would have meant that they would have had to keep up-to-date with Windows Updates, with all the potential issues that would cause, along with the need for malware protection. It would also have pushed up the cost, a laptop capable of pushing Windows along reasonably decently, would have cost a few hundred pounds at least.
Generally I would just have purchased a low-end Lenovo laptop and installed Ubuntu onto it, but I was aware that Ebuyer had recently launched an HP255 G1 Laptop with Ubuntu pre-installed for £219.99 inc. vat (just £183 if you can reclaim the VAT).
Buying pre-installed with Ubuntu afforded me the comfort of knowing that everything would work. Whilst Ubuntu generally does install very easily, there are sometimes hassles in getting some of the function buttons working, for brightness, volume etc. Knowing that these issues would all be sorted, along with saving me the time in having to install Ubuntu, seemed an attractive proposition.Unboxing
My first impressions were good, the laptop comes with a laptop case and the laptop itself looks smart enough for a budget machine. An Ubuntu sticker, instead of the usual Windows sticker, was welcome, although the two sticky marks where previous stickers had been removed were less so. Still, at least they had been removed.
Whilst we are on the subject of Windows’ remnants – the Getting Started leaflet was for Windows 8 rather than Ubuntu. Most Ubuntu users won’t care, but this is a poor attention to detail and, if this laptop is to appeal to the mass market, then it may cause confusion.First Boot
Booting up the laptop for the first time gave me an “Essential First Boot Set-up is being performed. Please wait.” message. I did wait and for quite a considerable time – probably a not dissimilar time to installing Ubuntu from scratch; I couldn’t help but suspect that was precisely what was happening. Eventually I was presented with a EULA from HP, which I had no choice but to accept or choose to re-install from scratch. Finally I was presented with an Ubuntu introduction, which I confess I skipped; suffice to say the new user was welcomed to Ubuntu with spinny things.
The first thing to note is that this is Ubuntu 12.04, the previous LTS (Long Term Support release). This will be supported until 2017, but it is a shame that it didn’t have the latest LTS release – Ubuntu 14.04. Users may of course choose to upgrade.
Secondly, the wireless was slow to detect the wireless access points on the network. Eventually I decided to restart network-manager, but just as I was about to do so, it suddenly sprang into life and displayed all the local access points. Once connected, it will re-connect quickly enough, but it does seem to take a while to scan new networks. Or perhaps I am just too impatient.
Ubuntu then prompted to run some updates, but the updates failed, as “22.214.171.124” was said to be unreachable, even though it was ping-able. The address is owned by Canonical, but whether this was a momentary server error, or some misconfiguration on the laptop, I have no idea.
This would have been a major stumbling block for a new Ubuntu user. Running apt-get update and apt-get dist-upgrade worked fine, typing Ctrl+Alt+t to bring up the terminal and then typing:$ sudo apt-get update $ sudo apt-get dist-upgrade
I notice that this referenced an HP-specific repository doubtless equipped with hardware specific packages:http://oem.archive.canonical.com/updates/ precise-oem.sp1 public http://hp.archive.canonical.com/updates precise-stella-anaheim public
I assume that adding this latter repository would be a good idea if purchasing a Windows version of this laptop and installing Ubuntu.Hardware
This is a typical chunky laptop. But, if you were expecting a sleek Air-like laptop for £220, then you need to take a reality shower. What it is, is a good-looking, well-made, traditional laptop from a quality manufacturer. At this price, that really should be enough.
Ubuntu “System Details” reveals that this is running an “AMD E1-1500 APU with Radeon HD Graphics x 2″, running 64-bit with a 724GB drive and 3.5GiB RAM. That would appear to be a lower spec processor than is typically available on-line for an HP 255 G1 running Windows; which generally seem to have 1.75Ghz processors (albeit at twice the price).
The great news was that, as expected, all the buttons worked. So what? Well, it may seem like a trivial matter whether, for example, pressing Fn10 increases the volume or not, but I think many of us have the experience of spending inordinate amounts of time trying to get such things to work properly. And buttons that don’t work, continue to irritate until the day you say goodbye to that machine. The fact that everything works as it should is enormously important and is the primary reason why buying Ubuntu pre-installed is such a big deal.
The keyboard and trackpad seem perfectly good enough to me, certainly much better than on my Novatech ultrabook; although not everyone seems to like them. In particular, it is good to have a light on the caps lock key.
I have not tested battery life, but, as this is usually the first thing to suffer in an entry-level machine, I would not hope for much beyond a couple of hours.
Booting up takes around 45 seconds and a further 20 seconds to reach the desktop. That is quite a long time these days for Ubuntu, but fast enough I would imagine for most users and considerably faster than it takes Windows to reach a usable state, at least in my experience.
Being that bit slower to boot, Suspend becomes more important: Closing the lid suspended the laptop and opening it again brought up the lock screen password prompt almost immediately. Repeated use showed this to work reliably.
As to system performance, well frankly this is not a fast laptop. Click on Chromium, post boot, and it takes about 9 seconds to load; LibreOffice takes about 6 seconds to load. Even loading System Settings takes a second or two. Once you’ve run them once, after each boot, they will load again in less than half the time. Despite the slow performance, it is always perfectly usable, and is absolutely fine for email and web-browsing applications.
The other thing to remember is that this will be the performance you should be able to expect throughout its life – i.e. it will not slow down even more as it gets older. Windows users typically expect their computers to slow down over time, largely because of the different way in which system and application settings are stored in Windows. Ubuntu does not suffer from this problem, meaning that a 5-year-old Ubuntu installation should be working as fast as it did when it was first installed.Conclusions
I struggle to think of what else you could buy that provides a full desktop experience for £220. And it isn’t even some cheap unbranded laptop from the developing world. Sure, it isn’t the fastest laptop around, but it is perfectly fast enough for web, email and office documents. And the fact that you can expect it to continue working, with few, if any, worries about viruses, makes it ideal for many users. It certainly deserves to be a success for HP, Ubuntu and Ebuyer.
But, whilst this low-price, low-power combination was ideal for me on this occasion, it is a shame that there are no other choices available pre-installed with Ubuntu. I wonder how many newcomers to Ubuntu will come with the belief that Ubuntu is slow, when in reality it is the low-end hardware that is to blame?
Please HP, Ubuntu and Ebuyer – give us more choice.
And Lenovo, please take note – you just lost a sale.
For more reviews please visit Reevo.
It now supports:
Needless to say, this software is not endorsed by Strava. Suggestions, feedback and contributions welcome.
I have a Brother MFC-7360N printer at home and there is also one at work. I wanted to to get Cloudprint working with Android devices rather than use the Android app Brother provide, which is great when it works but deeply frustrating (for my wife) when it doesn't.
What I describe below is how to Cloudprint enable "Classic printers" using Debian Wheezy.Install CUPS
Install CUPS and the Cloudprint requirements.sudo apt-get install cups python-cups python-daemon python-pkg-resources Install the MFC-7360N Drivers
I used the URL below to access the .deb files required.
If you're running a 64-bit Debian, then install ia32-libs first.sudo apt-get install ia32-libs
Download and install the MFC-7360N drivers.wget -c http://download.brother.com/welcome/dlf006237/mfc7360nlpr-2.1.0-1.i386.deb wget -c http://download.brother.com/welcome/dlf006239/cupswrapperMFC7360N-2.0.4-2.i386.deb sudo dpkg -i --force-all mfc7360nlpr-2.1.0-1.i386.deb sudo dpkg -i --force-all cupswrapperMFC7360N-2.0.4-2.i386.deb Configure CUPS
Edit the CUPS configuration file commonly located in /etc/cups/cupsd.conf and make the section that looks like:# Only listen for connections from the local machine. Listen localhost:631 Listen /var/run/cups/cups.sock
look like this:# Listen on all interfaces Port 631 Listen /var/run/cups/cups.sock
Modify the Apache specific directives to allow connections from everywhere as well. Find the follow section in /etc/cups/cupsd.conf:<Location /> # Restrict access to the server... Order allow,deny </Location> # Restrict access to the admin pages... <Location /admin> Order allow,deny </Location> # Restrict access to the configuration files... <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny </Location>
Add Allow All after each Order allow,deny so it looks like this:<Location /> # Restrict access to the server... Order allow,deny Allow All </Location> # Restrict access to the admin pages... <Location /admin> Order allow,deny Allow All </Location> # Restrict access to the configuration files... <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny Allow All </Location> Add the MFC-7360N to CUPS.
If your MFC-7360N is connected to your server via USB then you should be all set. Login to the CUPS administration interface on http://yourserver:631 and modify the MFC7360N printer (if one was created when the drivers where installed) then make sure you can print a test page via CUPS before proceeding.Install Cloudprint and Cloudprint service wget -c http://davesteele.github.io/cloudprint-service/deb/cloudprint_0.11-5.1_all.deb wget -c http://davesteele.github.io/cloudprint-service/deb/cloudprint-service_0.11-5.1_all.deb sudo dpkg -i cloudprint_0.11-5.1_all.deb sudo dpkg -i cloudprint-service_0.11-5.1_all.deb Authenticate
Google accounts with 2 step verification enabled need to use an application-specific password.
Authenticate cloudprintd.sudo service cloudprintd login
You should see something like this.Accounts with 2 factor authentication require an application-specific password Google username: email@example.com Password: Added Printer MFC7360N
Start the Cloudprint daemon.sudo service cloudprintd start
If everything is working correctly you should see your printer the following page:
Add the Google Cloud Print app to Android devices and you'll be able to configure your printer preferences and print from Android..Chrome and Chromium
When printing from within Google Chrome and Chromium you can now select Cloudprint as the destination and choose your printer.References
The Tour de France visits YorkshireLocation: Yorkshire
Arbitrary tweets made by TheGingerDog up to 16 June 2014
Attempt to pass homeopathy off as credible by combining it with empirically valid medicine.
We woke to continual thunder.
I think it is time to leave the country.
It seems Mozilla is targeting emerging markets and developing nations with $25 cell phones. This is tremendous news, and an admirable focus for Mozilla, but it is not without risk.
Bringing simple, accessible technology to these markets can have a profound impact. As an example, in 2001, 134 million Nigerians shared 500,000 land-lines (as covered by Jack Ewing in Businessweek back in 2007). That year the government started encouraging wireless market competition and by 2007 Nigeria had 30 million cellular subscribers.
This generated market competition and better products, but more importantly, we have seen time and time again that access to technology such as cell phones improves education, provides opportunities for people to start small businesses, and in many cases is a contributing factor for bringing people out of poverty.
So, cell phones are having a profound impact in these nations, but the question is, will it work with FirefoxOS?
I am not sure.
In Mozilla’s defence, they have done an admirable job with FirefoxOS. They have built a powerful platform, based on open web technology, and they lined up a raft of carriers to launch with. They have a strong brand, an active and passionate community, and like so many other success stories, they already have a popular existing product (their browser) to get them into meetings and headlines.
Success though is judged by many different factors, and having a raft of carriers and products on the market is not enough. If they ship in volume but get high return rates, it could kill them, as is common for many new product launches.
What I don’t know is whether this volume/return-rate balance plays such a critical role in developing markets. I would imagine that return rates could be higher (such as someone who has never used a cell phone before taking it back because it is just too alien to them). On the other hand, I wonder if those consumers there are willing to put up with more quirks just to get access to the cell network and potentially the Internet.
What seems clear to me is that success here has little to do with the elegance or design of FirefoxOS (or any other product for that matter). It is instead about delivering incredibly dependable hardware. In developing nations people have less access to energy (for charging devices) and have to work harder to obtain it, and have lower access to support resources for how to use new technology. As such, it really needs to just work. This factor, I imagine, is going to be more outside of Mozilla’s hands.
So, in a nutshell, if the $25 phones fail to meet expectations, it may not be Mozilla’s fault. Likewise, if they are successful, it may not be to their credit.
I am a firm believer in building strong and empowered communities. We are in an age of a community management renaissance in which we are defining repeatable best practice that can be applied many different types of communities, whether internal to companies, external to volunteers, or a mix of both.
I have been working to further this growth in community management via my books, The Art of Community and Dealing With Disrespect, the Community Leadership Summit, the Community Leadership Forum, and delivering training to our next generation of community managers and leaders.
Last year I ran my first community management training course, and it was very positively received. I am delighted to announce that I will be running an updated training course at three events over the coming months.OSCON
On Sunday 20th July 2014 I will be presenting the course at the OSCON conference in Portland, Oregon. This is a tutorial, so you will need to purchase a tutorial ticket to attend. Attendance is limited, so be sure to get to the class early on the day to reserve a seat!
Firstly, on Fri 22nd August 2014 I will be presenting the course at LinuxCon North America in Chicago, Illinois and then on Thurs Oct 16th 2014 I will deliver the training at LinuxCon Europe in Düsseldorf, Germany.
Tickets are $300 for the day’s training. This is a steal; I usually charge $2500+/day when delivering the training as part of a consultancy arrangement. Thanks to the Linux Foundation for making this available at an affordable rate.
Space is limited, so go and register ASAP:
So what is in the training course?
My goal with each training day is to discuss how to build and grow a community, including building collaborative workflows, defining a governance structure, planning, marketing, and evaluating effectiveness. The day is packed with Q&A, discussion, and I encourage my students to raise questions, challenge me, and explore ways of optimizing their communities. This is not a sit-down-and-listen-to-a-teacher-drone on kind of session; it is interactive and designed to spark discussion.
The day is mapped out like this:
I will warn you; it is an exhausting day, but ultimately rewarding. It covers a lot of ground in a short period of time, and then you can follow with further discussion of these and other topics on our Community Leadership discussion forum.
I hope to see you there!
Arbitrary tweets made by TheGingerDog up to 04 June 2014
Arbitrary tweets made by TheGingerDog up to 01 June 2014
I just want to say how touched I have been by the response. The comments, social media posts, emails, and calls from you have been so kind and supportive. You are all good people, and I am going to miss every single one of you.
The reason why I have devoted my life to understanding communities is that I believe communities bring out the best in people, and all of you are a perfect example of that. I cannot express just how much I appreciate it.
Over the course of the next few weeks my replacement will be sourced and announced. and in the interim my team (Daniel Holbach, Michael Hall, David Planella, Nicholas Skaggs, Alan Pope) will take over my duties. Everything has been transitioned over, and remember, the weekly Q&As will continue at 6pm UTC every Tuesday on Ubuntu On Air with my team filling in for me. As ever, any and all Ubuntu questions are welcome!
Of course, I will still be around. I am going to continue to be a member of the Ubuntu community and an avid Ubuntu user, tester, and supporter. I will continue to be on IRC, you can email me at firstname.lastname@example.org, I will continue to do Bad Voltage, and I have a busy schedule at the Community Leadership Summit, OSCON, and more. I am also going to continue to have my own Q&A session every week where you can ask questions about my perspectives on Ubuntu, Canonical, community management, XPRIZE, and more; I will announce this soon.
Ubuntu has a tremendous future ahead of it, built on the hard work and passion of a global community. We are only just getting started with a new era of Ubuntu convergence and cloud orchestration and while I will miss being there in an official capacity, I am just thankful that I can continue to be along for the ride in the very community I played a part in building.
I now have a few weeks off and then my new adventure begins. Stay tuned.
As many of you will know, I organize an event every year called the Community Leadership Summit. The event brings together community leaders, organizers and managers and the projects and organizations that are interested in growing and empowering a strong community.
The event pulls together these leading minds in community management, relations and online collaboration to discuss, debate and continue to refine the art of building an effective and capable community.
The event is taking place on 18 – 19 July 2014 in Portland, Oregon. I hope to see you all there, it is going to be a fantastic CLS this year!
I also have a few other things to share too…Community Leadership Forum
My goal as a community manager is to help contribute to the growth of the community management profession. I started this journey by publishing The Art of Community and ensuring it is available freely as well as in stores. I then set up the Community Leadership Summit as just discussed, and now I am keen to put together a central community for community management and leadership discussion.
As such, I am proud to launch the new Community Leadership Forum for discussing topics that relate to community management, as well as topics for discussion at the Community Leadership Summit event each year. The forum is designed to be a great place for sharing and learning tips and techniques, getting to know other community leaders, and having fun.
Be sure to go and sign up!Speaking Events and Training
I also wanted to share that I will be at OSCON this year and I will be giving a presentation called Dealing With Disrespect that is based upon my free book of the same name for managing complex communications.
This is the summary of the talk:
In this new presentation from Jono Bacon, author of The Art of Community, founder of the Community Leadership Summit, and Ubuntu Community Manager, he discusses how to process, interpret, and manage rude, disrespectful, and non-constructive feedback in communities so the constructive criticism gets through but the hate doesn’t.
The presentation covers the three different categories of communications, how we evaluate and assess different attributes in each communication, the factors that influence all of our communications, and how to put in place a set of golden rules for handling feedback and putting it in perspective.
If you personally or your community has suffered rudeness, trolling, and disrespect, this presentation is designed to help.
This presentation is on Wed 23rd July at 2.30pm in E144.
In addition to this I will also be providing a full day of community management training at OSCON on Sunday 20th July in D135.
Lots of fun things ahead and I hope to see you there!