Certifiable


I recently switched to a new ISP, who have so far been excellent, however they use certificates signed by CAcert. While I generally agree with the principle behind that decision, it does make life difficult. They cheerfully say, “You can check the certificate is signed by CAcert, if you like, before accepting it.” But how?

Warning: the following approach to checking the certificate is signed by CAcert is quite likely to be rubbish, so it’s probably not a good idea to follow it! In my defense, it seemed like a reasonable balance between just accepting some random certificate and complete paranoia but if you know a better way, please let me know.

They aren’t on Windows but the CAcert root certificates are already included in various places, so it turns out that the simple answer might be to grab the certificate from a suitable Linux distribution. Just to be on the safe side, I wanted to find a distribution I could download securely. The best option I found was Tails, which has a secure download and, for extra peace of mind, can be verified with OpenPGP.

My chosen method for trusting the tails signing key was a tad more interesting on Windows due to the lack of an sha256sum command. Luckily it seems you can do anything in PowerShell, so with a little help from Brian Hartsock’s blog, this did the trick instead:

$ha = [System.Security.Cryptography.HashAlgorithm]::Create(“SHA256”)
$stream = New-Object System.IO.FileStream(“tails-signing.key”, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read)
$sb = New-Object System.Text.StringBuilder
$ha.ComputeHash($stream) | % { [void] $sb.Append($_.ToString(“x2”)) }
$sb.ToString()

 

All good, certificate verified. I would still rather Andrews & Arnold just used a proper certificate though: there are clearly problems with trusting all the certificate authorities that are included in browsers/operating systems by default but CAcert doesn’t exactly look like a fantastic example either, and normal users really don’t have any chance of making a more informed choice.

Advertisement

Plug and Play


Thanks to Dale, I’ve found something to keep Damn Small Linux company on my USB key (there is a lot of space left after all!) – like Dale, I have an interest in mobile computing (unlike Dale, I have less gadgets, so PortableApps sounds great to me) and I’ve posted a couple of times before on the subject. At the risk of this weblog turning in to Dave, here’s a repeat:

It sounds like, between them, Scott McNealy and Dan Gillmor have got the right idea about access to my data. Hopefully not actually my data though! Scott wants it on the network, Dan wants it with him, and I just want it.

For years, I’ve quite liked the idea that I could have some sort of rfid tag with me (on my key-ring, in my watch, or somewhere I don’t have to worry about it) that would just log me on to my PC (and phone!) when I’m nearby, locking it again when I move away. It would be even better if it worked with any computer, giving me access to the same desktop where-ever I go. Scott seems to agree, although what’s with having to get out a “smart card” to plug it in? Sounds more like a “daft card” to me.

More recently, with the amount of data I can carry around with me (I suspect I’m actually behind the times here with a meagre 1Gb split between a tiny USB key and an MP3 player!) I’ve been leaning towards Dan’s point of view although, again, fumbling around to find something to plug in is just annoying. This is the 21st century! (Isn’t it?!)

The solution should be simple; I have a nice large lump of storage with me, that can wirelessly connect with any computing device (my desktop, thinkpad, PDA, phone, public kiosk, etc. etc.) giving me access to the same data everywhere. The data is also on the network too, luckily for Scott by the sound of it, so the two copies can be synchronised automatically, allowing me to work when I can’t, or don’t want to (it might be slow, insecure or expensive), connect to a network but providing access when I don’t have my storage with me (I could have left it somewhere deliberately or, not for the first time, lost it!). Even better if my storage is on some existing format expansion card so that I can physically plug it in to a) save having to carry around yet another gadget (just plug it in to a phone/PDA) and b) get faster access to the data if the wireless link is too slow.

(Originally posted 29 June 2005)

SoulPad looks pretty interesting too.

Hats off to PowerShell, AS400 and Dale


Dale spotted a great write up of his PowerShell for WebSphere MQ SupportPac this morning. I was also really pleased to see that I wasn’t imagining the AS400 influence on PowerShell!

So far I love PowerShell and judging by my blog stats (my last PowerShell post is still the most popular), I’m not the only one who’s interested. Like Jeffrey, I want to see more products supporting it. I would also like to see PowerShell on more platforms! Also, MQ had a bit of a head start towards PowerShell cmdlets- I would love to find out more about how predominantly Java based products could take advantage of PowerShell. Does anyone have any idea if that is possible or how easy/difficult it would be?

Downloading PowerShell


I have just spent a very interesting hour watching Dale give a talk about PowerShell- he has a summary on his blog if you haven’t come across it before. Until today I was only vaguely aware of its existence but hadn’t had the time to take a look, so I’m very glad Dale took the time to share his presentation.

My immediate thought was how much it reminded me of the excellent OS/400 CL commands (I used to work with MQ on the AS/400 in my youth and, on a slight tangent, am quite fond of the rather splendid WRKMQM). Among other reasons for liking CL, I think it proves that it is possible to have a very usable command line interface; a concept which, while lost on some people, is very definitely evident in PowerShell.

What became clear was that the power in PowerShell is largely derived from its object orientated nature. No need for tortuous string parsing between piped commands (or commandlets in PowerShell speak). For example, instead of having to process a text list of process information, you get a list of process objects, which you could then display as a list, or simply select one to end (or all of them in Dale’s case- oops!). You can also extend PowerShell very nicely to add product related commandlets which, keeping the same noun and verb format along with all the generic commandlets like Sort and Select, make picking up a new product much easier for an admin.

So, cross product: good. Cross platform… hmmm, I wonder… Mono? Well, it seems others have asked the same question (and that wasn’t actually a ‘no’ in response to the open source question!) but not yet at least.