17.9.14
The technical details of an SSL certificate are up to the issuing CA, which is understandable. I was still surprised when my SHA-256 CSR resulted in a SHA-1 certificate back in April, when reissuing it due to heartbleed. But I didn’t pursue it at the time.
Now that Google announced sunsetting SHA-1-signed certificates by the end of the year, the issue became more pressing. Fortunately instructions for reissuing GeoTrust-based certificates — such as the RapidSSLonline ones — were already available. (more…)
1.8.14
One less Outlook annoyance: How to show fixed font for plain text
- File > Options > Mail > Stationery and Fonts
- Set the font for plain text e-mails to a monospaced font (e.g. Consolas)
Why is this not the default…
2.3.14
Some programs sometimes fail to use the DNS search list to look up names of local hosts on my Mavericks laptop. I don’t recall ever having had this problem with earlier OS X versions. (more…)
21.2.14
I’m not sure what failed last night, but I’m guessing the cable Internet connection was down. Interestingly, unbound had stopped resolving even local zones configured with stub-zone and stub-addr directives. This was unexpected: stub-zones are supposed to work “without referring to the public Internet” per the unbound.conf manual page.
To mitigate the issue I wanted to have backup name servers in resolv.conf (ones using a different Internet connection) even on the resolving name server hosts themselves. With resolvconf that boiled down to creating /etc/default/resolvconf with the following setting in it:
TRUNCATE_NAMESERVER_LIST_AFTER_LOOPBACK_ADDRESS=no
This way name servers configured in /etc/network/interfaces (using dns-nameservers directives) are included in resolv.conf even when unbound has been started.
However, this is a poor workaround, as I don’t have multiple Internet connections at every site.