jump to article
...intermittent thoughts

Certificate Errors on Firefox for Ubuntu

There was only one thing that drove me mad on my Ubuntu installation. In a certain location I use, all WIFI access points are accessed by a https based login. The SSL certificate used for that, are self signed, which is fully ok, if you know the background and the care that is taken by the administrators of that environment. Unfortunately from the very first days of my Ubuntu installation, I was unable to connect to those sites, since my Firefox simply did not accept that certificates. While I got that "normal" exception message, that the certificate is self signed and the site probably harmful, I opted to add an exception, retrieved the certificate, even showed it and then pressed on "Add Exception". Nothing happened. The Window did not close nor was an exception added. I even tried to add an exception manually via Advanced Options - no way :-(
That happened even after several Updates of my Ubuntu installation. Lastly I found a tiny but easily overseen hint on the web: delete your profile once and rebuild it.
So I started
firefox -p
from a terminal and opted to delete the default profile. Well, I had to reinstall every single Add on, but on the bright side two things happened: I am now able to access those WIFI access points and I am also able to retrieve my bookmarks now via Syncplaces - that was a second thing, I never managed to get to work on Ubuntu - and it wasn't the fault of Syncplaces as I already had assumed.
So, if anybody is experiencing similar things, give that profile removing thing a chance - probably it is better to rename such a profile of firstly to try out a newly created one instead of deleting as I did...

don’t use underscores in hostnames...

Yesterday and today a very strange behavior of Internet Explorer occupied me and my colleagues. There was a server migrated into a new Active Directory Domain and though its hostname appeared to be differently reachable. That new hostname was something like
subdomain._server.masterdomain._organization.mydomain.tld
and the server was reachable very easily. Unfortunately Internet Explodrer was unable to perform a session based login to that server and all attempts to store a cookie on a page opened from that server failed silently. Tracking this issue down with Firefox was impossible, since Firefox was not only able to store the cookie but also to login to the Domino Server. So we ended up on a trial and error seek to find out more. At the end, we tried to create a cookie via JavaScript, avoiding any further server traffic. That way we were able to exclude Domino from being the bad guy. And in fact - the cookie was simply not set and IE did show up the notification, Cookies were not allowed for that particular site - which was simply untrue, since IE was configured to act as insecure as possible and to trust absolutely anything for that moment. No way - the cookie was not accepted.
We then changed the machines host file to reach that server by the same name but without the underscores:
subdomain.server.masterdomain.organization.mydomain.tld
It worked out immediately!

It looks a bit like this naming is not compliant to several RFCs. IE's cookie subsystem seems to be quite picky about that. A quick look though RFC-921 (hey, very old but good in that case) says, a name (read, the part between two periods) must not start with anything else than a letter. That rule is hurt here for sure by the underscores. While RFC-1123 allows a more relaxed naming but still does not allow underscores at the beginning, it also refers to RFC-952, which mentions name parts of a host name have to start with a letter. So it looks like IE is not really the bad guy - the real problem is "just" the naming of the host. This is especially hard, since the browser itself resolves that name by using DNS, so contacting that host and retrieving data in general works - but the cookie subsystem works different, which is quite intransparent to the user as well as the admin as well as the developer.

Well long text and confusing links - this all has lead to one single conclusion to me:
Lesson learned:
Do not use underscores in hostnames - ever!

attending

Today I made it clear, I will be able to attend the Lotusphere Comes to You - Rheinland in Düsseldorf. Since I did not attend LotuSphere this year this is my very special summary to it. I am really looking forward on the session of Thomas Gumz - one of the brains behind XPages. But also the other speakers are really valued and certainly worth listening to - so I hope I do not get in trouble with the packed session schedule. Even though I already know Daniels session, I know it is going to be a great one, Christian is presenting about Alloy, which is extremely interesting, Angela is presenting about DDE, Ed is telling about strategy and there are lots of more valued and credible speakers this time. Besides of all of that, I am also looking forward to meet with friends and customers over there. I know, my colleagues have been organizing this event very hard for quite some time, so this is going to be great event :-)

Lotusphere Comes to You - Rheinland