SHA-256 SSL certificates

Written late in the morning in English • Tags: , , ,

The technical details of an SSL certificate are up to the issuing CA, which is understandable. I was still surprised when my SHA-256 CSR resulted in a SHA-1 certificate back in April, when reissuing it due to heartbleed. But I didn’t pursue it at the time.

Now that Google announced sunsetting SHA-1-signed certificates by the end of the year, the issue became more pressing. Fortunately instructions for reissuing GeoTrust-based certificates — such as the RapidSSLonline ones — were already available. (more…)

Fixed width plain text in Outlook

Written at lunch time in English • Tags: , ,

One less Outlook annoyance: How to show fixed font for plain text

  • File > Options > Mail > Stationery and Fonts
  • Set the font for plain text e-mails to a monospaced font (e.g. Consolas)

Why is this not the default…

Network hostname lookup trouble

Written in the mid-afternoon in English • Tags:

Some programs sometimes fail to use the DNS search list to look up names of local hosts on my Mavericks laptop. I don’t recall ever having had this problem with earlier OS X versions. (more…)

Unbound not resolving

Written in the mid-morning in English • Tags: , , , ,

I’m not sure what failed last night, but I’m guessing the cable Internet connection was down. Interestingly, unbound had stopped resolving even local zones configured with stub-zone and stub-addr directives. This was unexpected: stub-zones are supposed to work “without referring to the public Internet” per the unbound.conf manual page.

To mitigate the issue I wanted to have backup name servers in resolv.conf (ones using a different Internet connection) even on the resolving name server hosts themselves. With resolvconf that boiled down to creating /etc/default/resolvconf with the following setting in it:

TRUNCATE_NAMESERVER_LIST_AFTER_LOOPBACK_ADDRESS=no

This way name servers configured in /etc/network/interfaces (using dns-nameservers directives) are included in resolv.conf even when unbound has been started.

However, this is a poor workaround, as I don’t have multiple Internet connections at every site.

»
To really get gapless playback, do not use local file sources with Spotify. (more…)