Heute morgen habe ich etwas sehr seltsames erhalten: Der niederösterreichische LAbg. Karl Schwab von der FPÖ (eh schon wissen) bietet eine rhetorische Show der Superlative. Ich denke, Österreich hat seinen “Barak Obama” gefunden! Einfach mal reinhören.
Für die Ergreifung des integrierten Gronenhirsches (tot und lebendig!) wird eine Belohnung in Form einer Nullparzelle in “Meckenburg-Vorkommen” ausgelobt!
It’s on again: Gmail.com XMPP servers are dropping TLS enabled S2S connections again.
A strange feeling startet to cripple up my spine as I noticed that all of my Jabber contacts over at gmail.com are offline for the second day in a row. “Looks like an error with S2S” was the first thought that crossed my mind. So i waded through the logs of my ejabberd server and it came up with messages like this:
I turned off TLS in /etc/ejabberd/ejabberd.cfg and … all gmail.com contacts back online.
{s2s_use_starttls, false}.
Turn TLS security back on … gmail.com completely gone.
For heavens sake Google, fix your TLS implementation!
And by the way, TLS encrypted S2S does not prevent your XMPP provider from spying on your messages. It justs prevents this for all the ISP that XMPP data has to cross to get from one Jabber system to the other. So this is no show-stopper for happy data-mining Google!
I could not wait any longer I pulled Gnome 2.24 from Debian experimental and so far, it works like a charm. No big changes are visible at first sight. The launcher icons in my panel now fade towrads me when I click them and every thing feels a bit faster, but that can be my own imagination.
Two things I noticed that are broken:
My beloved sshmenu applet which is missing the symbol gtk_file_system_error_quark in /usr/lib/ruby/1.8/x86_64-linux/gtk2.so. DBTS mentions that there is a fix upstream and I hope a fixed package will soon be uploaded. Until then I switched to hotssh which does somewhat the same, but runs as a standalone application with SSH-sessions as tabs.
gnome-keyring-daemon does start when called by libpam-gnome-keyring which leads to a lot of annoying password-prompts when doing SSH, GPG, WebDAV or CIFS through GVFS.
There are some warnings in /var/log/auth but I haven’t found a fix for it yet:
gdm[3331]: gnome-keyring-daemon: couldn't lookup keyring component setting: Der Konfigurationsserver konnte nicht kontaktiert werden; mögliche Fehlerquellen sind, dass TCP/IP für ORBit nicht aktiviert ist oder auf Grund eines Systemabsturzes alte NFS-Sperren gesetzt sind. Unter http://www.gnome.org/projects/gconf/ erhalten Sie weitere Informationen (Details - 1: Verbindung zur Sitzung konnte nicht abgerufen werden: dbus-launch failed to autolaunch D-Bus session: No protocol specified
gdm[3331]: Autolaunch error: X11 initialization failed.
Since two weeks, most of my sites are available through HTTPS and are properly using a certificate (only one!) corresponding to their hostnames.
Before I set this up for myself, I believed, that there was no way to run multiple vhosts with Apache on a single IP with SSL enabled. Recently Walter pointed me to a very interesting article on the Net which made me aware of a not so well known field inside x509 certificates: subjectAltName
With this field correctly used, it is possible to use a certificate for multiple virtual hosts inside Apache. The subjectAltName can contain some kind of alias for each hostname the certificate will be valid for. Thus it is possible to set the fields content to correspond to all the possible used hostnames for the IP Apache is running on. This leads to at least one drawback: The restriction that there is only one Certificate per IP is still in place.
Upon starting a SSL connection Apache will use the certificate and the browser will honor the subjectAltName in the same way as the CN field and thereby validate the hostname of the vhost. (more…)
