Congratulations!

[Valid RSS] This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

Source: http://blog.darrenduke.net/Darren/DDBZ.nsf/feed.rss

  1. <?xml version="1.0" encoding="utf-8"?>
  2. <rss version="2.0"
  3. xmlns:dc="http://purl.org/dc/elements/1.1/"
  4. xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  5. xmlns:admin="http://webns.net/mvcb/"
  6. xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  7. xmlns:content="http://purl.org/rss/1.0/modules/content/"
  8. xmlns:wfw="http://wellformedweb.org/CommentAPI/">
  9. <channel>
  10. <title>Darren Duke Blog Zone</title>
  11. <description>Occasionally useful stuff around technology, VMware, Domino, Symantec, accents and the pursuit of happiness.</description>
  12. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/</link>
  13. <language>en-us</language>
  14. <lastBuildDate>Mon, 15 Jan 2018 13:51:20 -0400</lastBuildDate>
  15. <item>
  16. <title>How to prevent ROBOT (Return Of Bleichenbacher&#8217;s Oracle Threat) on Domino servers</title>
  17. <pubDate>Mon, 15 Jan 2018 13:51:20 -0400</pubDate>
  18. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm</link>
  19. <category>domino</category>
  20. <dc:creator>Darren Duke</dc:creator>
  21. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm?opendocument&amp;comments</comments>
  22. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm</guid>
  23. <content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif">Last month, in December 2017 a new (well old, but new) vulnerability was discovered in TLS,</span><a href=https://robotattack.org/><span style=" font-size:10pt;color:blue;font-family:sans-serif"><span style="text-decoration:underline"> the ROBOT attack (Return Of Bleichenbacher's Oracle Threat)</span></span></a><span style=" font-size:10pt;font-family:sans-serif"> and yes, your Domino servers are probably susceptible to it. To avoid re-posting everything from that article go read it them come back. <br /> <br /> Your back? OK. So you need to disable any and all RSA encryption ciphers. So here goes (all tests were done on a 9.0.1 FP9 server).....</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Before a custom SSLCipherSpec:</span><span style=" font-size:12pt"> <br /> <br /> </span><img  alt="Image:How to prevent ROBOT (Return Of Bleichenbacher&#8217;s Oracle Threat) on Domino servers" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm/content/M2?OpenElement" /><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> If you look at the ciphers, sure enough there are RSA ciphers in there (TLS_RSA_xxxxxx) for both TLS 1.2 and TLS 1.0 respectively:</span><span style=" font-size:12pt"> <br /> <br /> </span><img  alt="Image:How to prevent ROBOT (Return Of Bleichenbacher&#8217;s Oracle Threat) on Domino servers" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm/content/M3?OpenElement" /><span style=" font-size:12pt"><br /> <br /> </span><img  alt="Image:How to prevent ROBOT (Return Of Bleichenbacher&#8217;s Oracle Threat) on Domino servers" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm/content/M4?OpenElement" /><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> OK, Houston we have a problem. To rectify it use this SSLCipherSpec <br /> <br /> <blockquote></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> C030009FC02F009EC028006BC0140039C0270067C013C0140039C013</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> </blockquote></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Note, I added this via the Domino Console):</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> <blockquote></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> set config SSLCIPHERSPEC= C030009FC02F009EC028006BC0140039C0270067C013C0140039C013</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> </blockquote></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Results of the SSL Test after restarting HTTP:</span><span style=" font-size:12pt"> <br /> <br /> </span><img  alt="Image:How to prevent ROBOT (Return Of Bleichenbacher&#8217;s Oracle Threat) on Domino servers" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm/content/M5?OpenElement" /><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> And the errant ciphers are gone:</span><span style=" font-size:12pt"> <br /> <br /> </span><img  alt="Image:How to prevent ROBOT (Return Of Bleichenbacher&#8217;s Oracle Threat) on Domino servers" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm/content/M6?OpenElement" />  ]]></content:encoded>
  24. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm</wfw:commentRss>
  25. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/how-to-prevent-robot-return-of-bleichenbachers-oracle-threat-on-domino-servers.htm?opendocument&amp;comments</wfw:comment>
  26. </item>
  27. <item>
  28. <title>2017 Snark Review</title>
  29. <pubDate>Thu, 21 Dec 2017 14:59:00 -0400</pubDate>
  30. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/2017-snark-review.htm</link>
  31. <category>misc</category>
  32. <dc:creator>Darren Duke</dc:creator>
  33. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/2017-snark-review.htm?opendocument&amp;comments</comments>
  34. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/2017-snark-review.htm</guid>
  35. <content:encoded><![CDATA[ <span style=" font-size:12pt">Holy crap, this snark-laced review thing has been going since 2010...... <br /> <br /> Firefox started at 50, ended at 57. <br /> <br /> Chrome started at 55, ended at 63. <br /> <br /> IE...ho-hum. <br /> <br /> Edge...keeps informing me it's more secure than Firefox. Show me the source code and I'll decide that. <br /> <br /> Switched back to Firefox as of Quantum (57) as my main browser. Seems (at least to me) to be much faster than Chrome. <br /> <br /> Was there a Connect 17? If there was I wasn't there. Pretty certain I won't be at Think 18 so I'm starting a streak of some type. <br /> <br /> Still never seen a live (or otherwise) CCM installation. This is now a very long streak, as long as CCM has been a thing. CCM still is thing right? <br /> <br /> Rob Novak and a collaborator issued a fix for Chrome and Firefox users still using Quickr. IBM really screwed up killing Quickr and foisting CCM on the world. I see Quickr every now and then, for CCM see above, <br /> <br /> Speaking of IBM, they claim they are in no way exiting the Domino market, nor selling it all to HCL. Confused? Yeah..... <br /> <br /> At MWLUG in August IBM pretty much 'fessed up to screwing the whole "we're not dead yet" message and mentioned there "could" be a Domino 10. <br /> <br /> And there will be a Domino 10. They've sort of pinky promised that in "Jam" sessions. This is a much needed and somewhat surprising admission that the whole "lets just do fix packs and rename them to feature packs and no one will notice" message that, while completely insane, was IBM's "message" for quite a while. It seems to me that the "only feature packs" insanity is a microcosm of the whole IBM 2015 plan. Remember that train wreck? Everyone knew it was bad but carry on they did, doing irreparable damage. Yeah, it's a lot like that now I recollect on it. <br /> <br /> I mentioned HCL and the confusing things around that right? <br /> <br /> Speaking of "jams" I attended the virtual one. IBM keep doing the same thing over and over again and expecting different results. For now I'll be reserving my jam participation to the one I use on toast. <br /> <br /> The new pod has stalled a bit. Not sure why. Shame as I actually have some useful tips piling up. <br /> <br /> Alien technology apparently exists in some building in Vegas. Isn't Think 18 in Vegas? Maybe I will go to Think 18.....oh wait, IBM and alien technology? Maybe I should leave the country during Think. <br /> <br /> Many companies screwed up their UI designs, including but not limited to Sonos and Skype (on Windows 10). <br /> <br /> Confusion around HCL and IBM....I mentioned that already but it's stuck in my head. <br /> <br /> Speaking of Windows 10, I'm now running it on my main work PC's except the laptop I travel with. It's irritating as f#*@ but you get used to it being irritating as [email protected]#$. Still, it's not all bad. Just mostly bad. And irritating as f*%!. <br /> <br /> Speaking of "mostly bad" things Trump is *still* in office and Brexit is *still* happening. <br /> <br /> The 0.29 of a bitcoin I mined back in 2013-14 is now worth $5,000+. If it keeps up this growth rate for 3 more years it'll be worth over $5,000,000. Cross your fingers dear reader, cross your fingers. <br /> <br /> HCL? Kinda weird right? <br /> <br /> Got an Apple Pencil. I actually like it. A lot. Glad I didn't have to shell out $75 on a Apple Pencil Sharpener. If you do get an Apple Pencil for $99 make sure to get the $10 app "Notes Plus". It makes the Pencil. Truly it does. <br /> <br /> Tried to use Verse several times. The install was surprisingly easy. More Domino and less Websphere of an install process (at least a 1.0.2 where I came into this song). But it's still missing *so* much that I go back to iNotes/Notes almost immediately. Then I forget the lack of features is as irritating as f**# and try it again, only to be mightily disappointed by it again. The search though?....absolutely wonderful. Get that in Notes and iNotes you'd have a winner. I may have a 2014 blog post to that effect somewhere......if only IBM would hold Jams to get excellent feedback from their customers and partners. <br /> <br /> So this IBM/HCL thing......WTF? <br /> <br /> Software/hardware that made 2017 Keepass, Wink Smarthome Hub, Firefox Quantum, Apple Pencil and Notes Plus for iPad. <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> </span>  ]]></content:encoded>
  36. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/2017-snark-review.htm</wfw:commentRss>
  37. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/2017-snark-review.htm?opendocument&amp;comments</wfw:comment>
  38. </item>
  39. <item>
  40. <title>Quickr Fix for Chrome 60+</title>
  41. <pubDate>Fri, 25 Aug 2017 15:53:43 -0400</pubDate>
  42. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/quickr-fix-for-chrome-60.htm</link>
  43. <category>quickr</category>
  44. <dc:creator>Darren Duke</dc:creator>
  45. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/quickr-fix-for-chrome-60.htm?opendocument&amp;comments</comments>
  46. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/quickr-fix-for-chrome-60.htm</guid>
  47. <content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif">Yeah, Quickr right? Long time since I've posted about Quickr. Still a great (if somewhat complicated and unsupported) product, Still being used by me and several clients despite IBM having several products claiming to replace it.. Despite IBM ceasing support many moons ago it chugged along very nicely &nbsp;so long as a reverse proxy is in front of it to allow TLS 1.2 and SHA2. Except Chrome 60 broke it. Google (and Safari before it) changed the way XHR works and basically buggered Quickr in the process (and Connections, but IBM will give you a fix for that).</span> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif">There is a thread in the Quickr forum about this Chrome issue, The always friendly (and usually beer laden on the way to present a session) Rob Novak indicated he had collaborated with some other folks and has came out with a fix. Even better he offered it to anyone who asks. If you still use Quickr, ask away. Oh, the fix also addresses Safari too (apparently)......</span> <br /> <br /><img  alt="Image:Quickr Fix for Chrome 60+" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/quickr-fix-for-chrome-60.htm/content/M2?OpenElement" />  ]]></content:encoded>
  48. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/quickr-fix-for-chrome-60.htm</wfw:commentRss>
  49. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/quickr-fix-for-chrome-60.htm?opendocument&amp;comments</wfw:comment>
  50. </item>
  51. <item>
  52. <title>MWLUG 2017 presentation - Notes, Domino and the single sign on soup</title>
  53. <pubDate>Thu, 10 Aug 2017 15:44:31 -0400</pubDate>
  54. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/mwlug-2017-presentation-notes-domino-and-the-single-sign-on-soup.htm</link>
  55. <category>domino</category>
  56. <dc:creator>Darren Duke</dc:creator>
  57. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/mwlug-2017-presentation-notes-domino-and-the-single-sign-on-soup.htm?opendocument&amp;comments</comments>
  58. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/mwlug-2017-presentation-notes-domino-and-the-single-sign-on-soup.htm</guid>
  59. <content:encoded><![CDATA[ As promised, here is the presentation from my MWLUG 2017 session on SSO. If you need (for hire) help with any of this see the <a href="http://simplified-tech.com/website/webapp.nsf/webpages/ContactUs"><span style="text-decoration:underline">STS contact page</span></a>.   ]]></content:encoded>
  60. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/mwlug-2017-presentation-notes-domino-and-the-single-sign-on-soup.htm</wfw:commentRss>
  61. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/mwlug-2017-presentation-notes-domino-and-the-single-sign-on-soup.htm?opendocument&amp;comments</wfw:comment>
  62. </item>
  63. <item>
  64. <title>Renewing LetsEncrypt SSL certificates automatically - redux</title>
  65. <pubDate>Wed, 2 Aug 2017 05:56:57 -0400</pubDate>
  66. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/renewing-letsencrypt-ssl-certificates-automatically-redux.htm</link>
  67. <category>security</category>
  68. <dc:creator>Darren Duke</dc:creator>
  69. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/renewing-letsencrypt-ssl-certificates-automatically-redux.htm?opendocument&amp;comments</comments>
  70. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/renewing-letsencrypt-ssl-certificates-automatically-redux.htm</guid>
  71. <content:encoded><![CDATA[ After almost a year of using <a href=https://letsencrypt.org/>Let's Encrypt</a> to secure this very site, I'm still running into issues automatically renewing the certificates every 90 days. In my last post about this I'd documented the procedure I was using but was unable to ever get it to work successfully via cron (it was fine manually). I've now switched to a different auto-renew method....Enter: <br /> <br /><blockquote>certbot</blockquote> <br /> <br />This seems much simpler, tidier solution. The only snag for me was it required Python 2.7 to be installed. I sent a request off the the kindly folks at <a href=https://prominic.net/>Prominic</a> and they had that part done in no time.....now to wait 90 days, which happened to be today. I ran <a href=https://certbot.eff.org/>certbot</a> manually and it did indeed renew the certificate for me, so now I added it to a cron job to see if I can get it to work.  <br /> <br />On CentOS 6 run this command to get certbot (I'm presuming you already have Let's Encrypt working) : <br /> <br /><blockquote><tt>wget </tt><a href="https://dl.eff.org/certbot-auto"><tt>https://dl.eff.org/certbot-auto</tt></a><tt><br /> chmod a+x certbot-auto</blockquote></tt> <br /> <br />&nbsp;Then I created cron job with this in it: <br /> <br /><blockquote>52 5,17 * * * root /root/certbot-auto renew --quiet</blockquote> <br /> <br />We'll know in mid-October if this works any better..... <br /> <br />For other Linux and BSD distributions, check out the <a href=https://certbot.eff.org/>certbot website</a>, it pretty much has all the bases covered. <br /> <br />  ]]></content:encoded>
  72. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/renewing-letsencrypt-ssl-certificates-automatically-redux.htm</wfw:commentRss>
  73. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/renewing-letsencrypt-ssl-certificates-automatically-redux.htm?opendocument&amp;comments</wfw:comment>
  74. </item>
  75. <item>
  76. <title>Domino NIFNSF update - you probably don&#8217;t want to enable it</title>
  77. <pubDate>Fri, 31 Mar 2017 10:33:37 -0400</pubDate>
  78. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/nifnsf-update-you-probably-dont-want-to-enable-it.htm</link>
  79. <category>domino</category>
  80. <dc:creator>Darren Duke</dc:creator>
  81. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/nifnsf-update-you-probably-dont-want-to-enable-it.htm?opendocument&amp;comments</comments>
  82. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/nifnsf-update-you-probably-dont-want-to-enable-it.htm</guid>
  83. <content:encoded><![CDATA[ <strong>Update - April 17 2017 - IBM has fixed the issue in 9.0.1 FP8 IF1.</strong>  <br /> <br />In my last <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/moving-domino-nif-indexes-out-of-the-nsf.htm" title="moving-domino-nif-indexes-out-of-the-nsf.htm" target="_blank"/>post about NIFNSF</a>, Christian Hensler left this comment: <br /> <br /> <img  alt="Image:Domino NIFNSF update - you probably don&#8217;t want to enable it" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/nifnsf-update-you-probably-dont-want-to-enable-it.htm/content/M2?OpenElement" /><br /> I couldn't find anything on the internet, so off I went to the Design Partner forum and sure enough there is a post in there from Michael Bourak. Now this is a NDA'd so I'm maybe skirting the rules here, but there is indeed an IBM reproduced issue with performance with NIFNSF. So this AM I did some testing and I was able to reproduce the issue. Based on my testing, on average, the current NIFNSF implementation is <strong>twice as slow</strong> as non-NIFNSF databases. <br /> <br /> So you many not want to implement it just yet.   ]]></content:encoded>
  84. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/nifnsf-update-you-probably-dont-want-to-enable-it.htm</wfw:commentRss>
  85. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/nifnsf-update-you-probably-dont-want-to-enable-it.htm?opendocument&amp;comments</wfw:comment>
  86. </item>
  87. <item>
  88. <title>Moving Domino NIF indexes out of the NSF</title>
  89. <pubDate>Wed, 29 Mar 2017 12:16:32 -0400</pubDate>
  90. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/moving-domino-nif-indexes-out-of-the-nsf.htm</link>
  91. <category>domino</category>
  92. <dc:creator>Darren Duke</dc:creator>
  93. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/moving-domino-nif-indexes-out-of-the-nsf.htm?opendocument&amp;comments</comments>
  94. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/moving-domino-nif-indexes-out-of-the-nsf.htm</guid>
  95. <content:encoded><![CDATA[ <strong>Update 2 - April 17 2017 - IBM has fixed the issue in 9.0.1 FP8 IF1.</strong> <br /> <br /><strong>Update - March 31 2017 - &nbsp;You may not want to enable this, see <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/nifnsf-update-you-probably-dont-want-to-enable-it.htm" title="nifnsf-update-you-probably-dont-want-to-enable-it.htm" target="_blank"/>this post</a>.</strong> <br /> <br /> New in <span style="text-decoration:line-through">Fix Pack</span> Feature Pack 8 is the ability to move the view index files out of the NSF. NIF is the technical term for these index files and end with the file suffix of NDX. Doing this has several advantages including:  <ul> <li>Make the NSF smaller, so better backup times  </li><li>Help get more out of the 64GB limit....if 6GB of your NSF is NIF index, that's a logt of space  </li><li>Move NIF's to better performing storage, for example SSD's  </li><li>Allows concurrent access to to databases and views, so theoretically better performance</li></ul><br /> I decided to upgrade my production cluster to FP8 and turn on this new feature that was originally slated for 9.0.2. Here's what I did: <br /> 1. &nbsp; &nbsp; &nbsp; &nbsp;I added a new VMDK for these new files, in my case an i: drive and a folder, so my NIF path is i:\NIF\ <br /> 2. &nbsp; &nbsp; &nbsp; &nbsp;Upgraded server to FP8 <br /> 3. &nbsp; &nbsp; &nbsp; &nbsp;Made sure CREATE_R9_DATABASES=1 (or CREATE_R85_DATABASES=1) is in the notes.ini file <br /> 4. &nbsp; &nbsp; &nbsp; &nbsp;Added NIFNSFEnable=1 to the notes.ini <br /> 5. &nbsp; &nbsp; &nbsp; &nbsp;Added NIFBasePath=i:\nif\ to the notes.ini <br /> 6. &nbsp; &nbsp; &nbsp; &nbsp;Added CREATE_NIFNSF_DATABASES=1 to the notes.ini (this makes any newly created NSF use the NIF repository so you don't have to constantly worry about enabling it for new databases) <br /> 7. &nbsp; &nbsp; &nbsp; &nbsp;Restarted Domino <br /> <br /> Like DAOS before it, this only enabled NIF, it doesn't switch it on for existing databases. So on the server I issued a compact command: <br /> <br /> <blockquote>load compact -c -nifnsf on mail\blah.nsf</blockquote> <br /> <br /> Off the server goes and here's the output: <br /> <br /> <img  alt="Image:Moving Domino NIF indexes out of the NSF" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/moving-domino-nif-indexes-out-of-the-nsf.htm/content/M2?OpenElement" /><br /> <br /> Oooh. Off I go to look at the new NIF drive and sure enough there it is: <br /> <br /> <img  alt="Image:Moving Domino NIF indexes out of the NSF" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/moving-domino-nif-indexes-out-of-the-nsf.htm/content/M3?OpenElement" /><br /> <br /> Humm. Not a lot of savings....25MB (about 8% savings, and not a lot of folders). OK, let's try my archive mail file, that's a big-ish one: <br /> <br /> <img  alt="Image:Moving Domino NIF indexes out of the NSF" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/moving-domino-nif-indexes-out-of-the-nsf.htm/content/M4?OpenElement" /><br /> <br /> Better. About 11% of the archive were view indexes (archive is 6.5GB logical size...not physical). <br /> <br /> So what are we seeing here? Well, I think you'd see much larger savings, 25% or more, if you have a custom application with lots and lots of heavily used views and lots and lots of documents. And if that app is, oh, let's say 40GB then you can shave 10GB+ off that size that is not a bad thing. Mail seems to be between 5-15% for the record. Still that *could* equate to 15% off the time to backup your data, so even that maybe worth doing in your environment. <br /> <br /> In some environments it may also be useful doing the Domino Directory, in this case (and for admin4 and log) the server needs to be down. <br /> <br /> Further details are in <a href=https://www.ibm.com/support/knowledgecenter/en/SSKTMJ_9.0.1/admin/admn_moving_views_out_of_databases.html><span style="text-decoration:underline">this IBM article</span></a>. <br /> <br /> <br />   ]]></content:encoded>
  96. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/moving-domino-nif-indexes-out-of-the-nsf.htm</wfw:commentRss>
  97. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/moving-domino-nif-indexes-out-of-the-nsf.htm?opendocument&amp;comments</wfw:comment>
  98. </item>
  99. <item>
  100. <title>2016 the annus horribilis review</title>
  101. <pubDate>Mon, 19 Dec 2016 09:30:56 -0400</pubDate>
  102. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/2016-the-annus-horribilis-review.htm</link>
  103. <category>misc</category>
  104. <dc:creator>Darren Duke</dc:creator>
  105. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/2016-the-annus-horribilis-review.htm?opendocument&amp;comments</comments>
  106. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/2016-the-annus-horribilis-review.htm</guid>
  107. <content:encoded><![CDATA[ Firefox started at 43, ended at 50 (they are slowing down....) <br /> <br />Chrome started at 47, ended at 55 (they are speeding up....) <br /> <br />IE....you know what? F**k IE. <br /> <br />Still using Chrome as my primary browser, although Vivaldi is slowly taking over <br /> <br />Didn't go Connect 16. Won't be at Connect 17. I already know what's going to happen....IBM is going to tell you about all the products that they promise *&nbsp;cognitive* is being added too. Like Verse (2 years ago?) and Toscana. "No, really we are" they will promise. There is a new GM. Can't possibly be worse than the last one. <br /> <br />Speaking of Toscana, it was released. In only a way IBM can release something. Think Verse Basic with all the features taken out.&nbsp; <br /> <br />Following on from the "release" of new products, IBM decided not to release (as in ever) 9.0.2. Yeah, I know right..... <br /> <br />But Verse On-Prem should see the light of day on&nbsp;December&nbsp;30th. Yeah, I know right..... <br /> <br />Oh, Hawthorn was released. So there's that. <br /> <br />Still never seen a live (or otherwise) CCM installation.&nbsp; <br /> <br />Moved up to an iPhone 7 Plus, fingerprint smudge edition. Or as most people call it the shiny black one. <br /> <br />Oh, oh....new podcast. Stu and I could resist no longer. We also brought along Jesse Gallagher so IBM can blame someone new. <br /> <br />We also sneaked in one last TWIL. No really, 115 is it. (see above) <br /> <br />Any "Big IT" thinking of&nbsp;splitting itself in two&nbsp;should&nbsp;endeavor&nbsp;to be more like HPE/HP and not at all like the train wreck that is the Symantec/Veritas split. Train. Wreck.&nbsp; <br /> <br />By year end I should have 50+ nights in hotels. Not the rented by the hour type, but *real* hotels. That number went up, but my time in a car is about 90 minutes less per day. Yes, per day. Ah, life in ATL. <br /> <br />Brexit *and* Trump. Luckily my grandparents were Irish, so I see another passport in my future. <br /> <br />After having voters potentially end the world, I decided not to inflict further damage on my psyche and stayed with Windows 7 Pro. Even a free Windows 10 is too much to take. <br /> <br />Completed 10,000+ steps every day since Nov 30, 2015. So over 365 days now....the streak is still active. 15,000,000 total steps on my various Fitbit devices. <br /> <br />Technologies that made 2016, Let's Encrypt, SONOS, Nest, Roku, 4K TV's <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />  ]]></content:encoded>
  108. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/2016-the-annus-horribilis-review.htm</wfw:commentRss>
  109. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/2016-the-annus-horribilis-review.htm?opendocument&amp;comments</wfw:comment>
  110. </item>
  111. <item>
  112. <title>Renewing LetsEncrypt SSL certificates automatically with NginX</title>
  113. <pubDate>Fri, 9 Dec 2016 11:06:31 -0400</pubDate>
  114. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/renewing-letsencrypt-ssl-certificates-automatically-with-nginx.htm</link>
  115. <category>ssl</category>
  116. <dc:creator>Darren Duke</dc:creator>
  117. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/renewing-letsencrypt-ssl-certificates-automatically-with-nginx.htm?opendocument&amp;comments</comments>
  118. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/renewing-letsencrypt-ssl-certificates-automatically-with-nginx.htm</guid>
  119. <content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif">A while back I <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/switched-to-lets-encrypt-for-the-blog-ssl-certificate.htm" title="switched-to-lets-encrypt-for-the-blog-ssl-certificate.htm" target="_blank"/>blogged that I switched the SSL</a> on this blog to </span><a href=https://letsencrypt.org/><span style=" font-size:10pt;color:blue;font-family:sans-serif"><span style="text-decoration:underline">Let's Encypt</span></span></a><span style=" font-size:10pt;font-family:sans-serif">, the free SSL provider. I even linked to the Crontab post I used to renew the SSL certificate (they are only good for 90 days, so need to be renewed regularly). <br /> <br /> Except mine would not renew. Hum.... I eventually got around to looking at this before the certificate ran out on Dec 20th and it turns out I needed to do a few more steps.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> If you manually run the renew.sh on the server without these additional steps this is what you get:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> <blockquote>&#91;[email protected] ~&#93;# /root/letsencrypt/scripts/renew.sh</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> /root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> DeprecationWarning</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Saving debug log to /var/log/letsencrypt/letsencrypt.log</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> -------------------------------------------------------------------------------</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Processing /etc/letsencrypt/renewal/darrenduke.net.conf</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> -------------------------------------------------------------------------------</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Cert is due for renewal, auto-renewing...</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Renewing an existing certificate</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Performing the following challenges:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> tls-sni-01 challenge for darrenduke.net</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> tls-sni-01 challenge for blog.darrenduke.com</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> tls-sni-01 challenge for blog.darrenduke.net</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> tls-sni-01 challenge for www.darrenduke.net<br /> Cleaning up challenges</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Attempting to renew cert from /etc/letsencrypt/renewal/darrenduke.net.conf produced an unexpected error: Cannot find a VirtualHost matching domain darrenduke.net.. Skipping.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> All renewal attempts failed. The following certs could not be renewed:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> /etc/letsencrypt/live/darrenduke.net/fullchain.pem (failure)</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> 1 renew failure(s), 0 parse failure(s)</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The Let's Encrypt cert has not been renewed!</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 776, in main return config.func(config, plugins) File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 592, in renew renewal.renew_all_lineages(config) File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py", line 365, in renew_all_lineages len(renew_failures), len(parse_failures))) Error: 1 renew failure(s), 0 parse failure(s)</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> </blockquote></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Well that's not good....off I went a Goggling. Here's the missing step.....at least for NginX servers.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> <blockquote> ./letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=/usr/share/nginx/html/ -d darrenduke.net -d blog.darrenduke.net -d blog.darrenduke.com -d www.darrenduke.net</blockquote></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> A few notes, check that the </span><span style=" font-size:10pt;font-family:Courier New">webroot-path</span><span style=" font-size:10pt;font-family:sans-serif"> is what is listed as the root in the NginX config and add each domain that is part of the SSL certificate with the </span><span style=" font-size:10pt;font-family:Courier New">-d</span><span style=" font-size:10pt;font-family:sans-serif"> option (I have 4 above).</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Once you do this you will see a fair amount of messages on the screen and eventually get to this:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> <blockquote>IMPORTANT NOTES:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> - Congratulations! Your certificate and chain have been saved at</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> /etc/letsencrypt/live/darrenduke.net/fullchain.pem. Your cert will</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> expire on 2017-03-09. To obtain a new or tweaked version of this</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> certificate in the future, simply run letsencrypt-auto again. To</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> non-interactively renew *all* of your certificates, run</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> "letsencrypt-auto renew"</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> - If you like Certbot, please consider supporting our work by:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Donating to ISRG / Let's Encrypt: &nbsp; </span><a href=https://letsencrypt.org/donate><span style=" font-size:10pt;color:blue;font-family:sans-serif"><span style="text-decoration:underline">https://letsencrypt.org/donate</span></span></a><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Donating to EFF: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</span><a href="https://eff.org/donate-le"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><span style="text-decoration:underline">https://eff.org/donate-le</span></span></a><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> </blockquote></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Now when I manually try to renew the certificate I don't get any errors:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> <blockquote>&#91;[email protected] letsencrypt&#93;# ./letsencrypt-auto renew --nginx</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> /root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> DeprecationWarning</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Saving debug log to /var/log/letsencrypt/letsencrypt.log</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> -------------------------------------------------------------------------------</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Processing /etc/letsencrypt/renewal/darrenduke.net.conf</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> -------------------------------------------------------------------------------</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Cert not yet due for renewal</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> The following certs are not due for renewal yet:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> /etc/letsencrypt/live/darrenduke.net/fullchain.pem (skipped)</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> No renewals were attempted.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> </blockquote></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Another thing worth noting is that I appended </span><span style=" font-size:10pt;font-family:Courier New">--nginx</span><span style=" font-size:10pt;font-family:sans-serif"> to the crontab job as well. That takes care of restarting NginX for me once the certificate is renewed.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> I guess we'll see if this all works at the end of February.</span><span style=" font-size:12pt"> </span>  ]]></content:encoded>
  120. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/renewing-letsencrypt-ssl-certificates-automatically-with-nginx.htm</wfw:commentRss>
  121. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/renewing-letsencrypt-ssl-certificates-automatically-with-nginx.htm?opendocument&amp;comments</wfw:comment>
  122. </item>
  123. <item>
  124. <title>WTF? A new podcast? If you liked This Week In Lotus, you should (at least) like &#8217;WTF Tech&#8217;</title>
  125. <pubDate>Mon, 31 Oct 2016 09:00:00 -0400</pubDate>
  126. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/wtf-a-new-podcast-if-you-liked-this-week-in-lotus-you-should-at-least-like-wtf-tech.htm</link>
  127. <category>podcast</category>
  128. <dc:creator>Darren Duke</dc:creator>
  129. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/wtf-a-new-podcast-if-you-liked-this-week-in-lotus-you-should-at-least-like-wtf-tech.htm?opendocument&amp;comments</comments>
  130. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/wtf-a-new-podcast-if-you-liked-this-week-in-lotus-you-should-at-least-like-wtf-tech.htm</guid>
  131. <content:encoded><![CDATA[ A long time ago, before IBM came down like a hammer, there was a podcast. We really enjoyed doing This Week In Lotus, but it became a bit untenable as IBM threatened all kinds of stuff (including revoking *my* Champion status.....) so we stopped. But IBM kept doing "WTF?" kinds of things.....canceling 9.0.2, going to fix packs only, spreading Java 8 out over a year (from now). After getting together at MWLUG, Stuart and I started to reminisce and we started thinking about saddling up again. <br /> <br /> So we did..... <br /> <br /> <img  alt="Image:WTF? A new podcast? If you liked This Week In Lotus, you should (at least) like &#8217;WTF Tech&#8217;" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/wtf-a-new-podcast-if-you-liked-this-week-in-lotus-you-should-at-least-like-wtf-tech.htm/content/M2?OpenElement" /><br /> <br /> Except this time there are some notable changes:  <ul> <li>New name, <strong>WTF Tech</strong>,  </li><li>There are three hosts now. As noted in the last ever TWIL, Jesse Gallagher joins the team. He's funny so he offsets Stu, and he's knowledgeable so he offsets me.  </li><li>Focus has moved from IBM. I would not say IBM are irrelevant (yet, in fact Episode 001's title comes for IBM), but we've expanded out reach. &nbsp;No one is safe.  </li><li>There will be no guests. So no more shitty audio from guests who never RTFM and had no headphones.  </li><li><strong>It will not be weekly</strong>. We're thinking every two weeks, but some weeks will be barren and others (like this last week) will be a perfect storm.</li></ul><br /> There will be tips, so don't worry. And snark. No point doing it if there wasn't snark. <br /> <br /> So what are you waiting for? Head on over to <a href=http://wtftech.fm/><span style="text-decoration:underline">http://wtftech.fm/</span></a> and join the fun, and be sure to follow <a href=https://twitter.com/wtf_tech><span style="text-decoration:underline">@wtf_tech</span></a> on Twitter. <br /> <br /> <br />   ]]></content:encoded>
  132. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/wtf-a-new-podcast-if-you-liked-this-week-in-lotus-you-should-at-least-like-wtf-tech.htm</wfw:commentRss>
  133. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/wtf-a-new-podcast-if-you-liked-this-week-in-lotus-you-should-at-least-like-wtf-tech.htm?opendocument&amp;comments</wfw:comment>
  134. </item>
  135. <item>
  136. <title>Switched to Let&#8217;s Encrypt for the blog SSL certificate</title>
  137. <pubDate>Wed, 21 Sep 2016 11:55:20 -0400</pubDate>
  138. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/switched-to-lets-encrypt-for-the-blog-ssl-certificate.htm</link>
  139. <category>ssl</category>
  140. <dc:creator>Darren Duke</dc:creator>
  141. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/switched-to-lets-encrypt-for-the-blog-ssl-certificate.htm?opendocument&amp;comments</comments>
  142. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/switched-to-lets-encrypt-for-the-blog-ssl-certificate.htm</guid>
  143. <content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif">I had switched the blog to SSL a while back (mainly due to Google threatening that non-SSL website will take a hit in searches). At the time </span><a href=https://letsencrypt.org/ target=_blank><span style=" font-size:10pt;color:blue;font-family:sans-serif"><span style="text-decoration:underline">Let's Encrypt</span></span></a><span style=" font-size:10pt;font-family:sans-serif"> (the free, yes free, CA SSL issuer) was just getting started and didn't have roots published to most of the browser root stores. Because of this I went with free certificate available from </span><a href=https://www.startssl.com/ target=_blank><span style=" font-size:10pt;color:blue;font-family:sans-serif"><span style="text-decoration:underline">Start SSL</span></span></a><span style=" font-size:10pt;font-family:sans-serif">. I'm not disappointed with StartSSL, it's just time to try something else when the StartSSL certificate expired. &nbsp;In fact if you need anything SSL related I'd suggest you give StartSSL a look, they have lots of options are very reasonable on prices.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Still this blog doesn't need EV or anything like that so Let's Encrypt it is. While this blog runs on a Domino server it is fronted by a CentOS server running nginx. These servers are located at Prominic and a quick support request had the required Linux pre-reqs installed on the nginx server.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> From there it took maybe 10 minutes to create and install the SSL.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I could outline the steps here, but really, I just followed this:</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:12pt;color:blue"><span style="text-decoration:underline"><br /> </span></span><a href="http://idroot.net/tutorials/how-to-install-letsencrypt-ssl-with-nginx-on-centos-6/" target=_blank><span style=" font-size:10pt;color:blue;font-family:sans-serif"><span style="text-decoration:underline">http://idroot.net/tutorials/how-to-install-letsencrypt-ssl-with-nginx-on-centos-6/</span></span></a><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> And then used this for the crontab stuff:</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:12pt;color:blue"><span style="text-decoration:underline"><br /> </span></span><a href="https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/" target=_blank><span style=" font-size:10pt;color:blue;font-family:sans-serif"><span style="text-decoration:underline">https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/</span></span></a><span style=" font-size:12pt"> <br /> </span>  ]]></content:encoded>
  144. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/switched-to-lets-encrypt-for-the-blog-ssl-certificate.htm</wfw:commentRss>
  145. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/switched-to-lets-encrypt-for-the-blog-ssl-certificate.htm?opendocument&amp;comments</wfw:comment>
  146. </item>
  147. <item>
  148. <title>iNotes and IE Standards mode now seems to work in 9.0.1 FP7</title>
  149. <pubDate>Wed, 14 Sep 2016 10:18:37 -0400</pubDate>
  150. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/inotes-and-ie-standards-mode-now-seems-to-work-in-9.0.1-fp7.htm</link>
  151. <category>domino</category>
  152. <dc:creator>Darren Duke</dc:creator>
  153. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/inotes-and-ie-standards-mode-now-seems-to-work-in-9.0.1-fp7.htm?opendocument&amp;comments</comments>
  154. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/inotes-and-ie-standards-mode-now-seems-to-work-in-9.0.1-fp7.htm</guid>
  155. <content:encoded><![CDATA[ I had <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/inotes-and-ie11-yes-it-is-supported.htm" title="inotes-and-ie11-yes-it-is-supported.htm" target="_blank"/>praised</a>, then <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/well-so-much-for-ie11-and-inotes-standards-mode.htm" title="well-so-much-for-ie11-and-inotes-standards-mode.htm"/>lamented</a> the new-ish iNotes forms templates that allow you do copy and paste images from the clipboard into IE. Well, with FP7 IBM (so far) seem to have addressed the issue search issue that forced me to disable this again. <br /> <br /> It's now back on for my servers. Let's see how long before I lament this again. <br /> <br /> It is probably worth pointing out that Ulrich Krause is reporting issues with the "normal" iNotes forms9.nsf shipped in FP7. I have not seen the issue he reported in the forms9s.nsf. <br /> <br /> <blockquote class="twitter-tweet" data-partner="tweetdeck"><p lang="en" dir="ltr"><a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/<a href="https://twitter.com/hashtag/IBM?src=hash"><span style="text-decoration:underline">https://twitter.com/hashtag/IBM?src=hash</span></a>">#IBM</a> <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/<a href="https://twitter.com/hashtag/Domino?src=hash"><span style="text-decoration:underline">https://twitter.com/hashtag/Domino?src=hash</span></a>">#Domino</a> 901FP7 breaks iNotes. „Formula error“ when opening mailfile in the browser</p>&amp;mdash; Ulrich Krause (@Eknori) <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/<a href=https://twitter.com/Eknori/status/776058177364299777><span style="text-decoration:underline">https://twitter.com/Eknori/status/776058177364299777</span></a>">September 14, 2016</a></blockquote> <br /> <script async src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx///platform.twitter.com/widgets.js" charset="utf-8"></script> <br /> <br /> <br /> <br />  &nbsp;  ]]></content:encoded>
  156. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/inotes-and-ie-standards-mode-now-seems-to-work-in-9.0.1-fp7.htm</wfw:commentRss>
  157. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/inotes-and-ie-standards-mode-now-seems-to-work-in-9.0.1-fp7.htm?opendocument&amp;comments</wfw:comment>
  158. </item>
  159. <item>
  160. <title>9.0.1 FP7 and how to enable the new port encryption settings</title>
  161. <pubDate>Wed, 14 Sep 2016 04:37:42 -0400</pubDate>
  162. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/9.0.1-fp7-and-how-to-enable-the-new-port-encryption-settings.htm</link>
  163. <category>domino</category>
  164. <dc:creator>Darren Duke</dc:creator>
  165. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/9.0.1-fp7-and-how-to-enable-the-new-port-encryption-settings.htm?opendocument&amp;comments</comments>
  166. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/9.0.1-fp7-and-how-to-enable-the-new-port-encryption-settings.htm</guid>
  167. <content:encoded><![CDATA[ <strong>Update : Check the comments, Shaun has added a link to the actual IBM technote..... you may or may not want 127 as the value, so check that before doing anything.</strong><br /> <br /> 9.0.1 FP7 has shipped. It's not all we hoped (only three new features, and no Java 8) <strong>but</strong> yet again the Domino security team has added stuff, this time the oft requested update to Notes client port encryption. But (at the time of writing) all the technotes on how to enable this either go to the wrong page (ICCA) or a nice looking, but still pointless 404 page. <br /> <br /> So how do you enable this? We'll after scouring the design partner forum I found a post from the lovely Dave Kern that outlined this a few months back and was able to pretty easily figure it from there...... <strong><br /> <br /> This is not everything, there seems to be at least one other setting, but this will get you AES port encryption, so it's a start</strong> <br /> <br /> It's a server side notes.ini setting called PORT_ENC_ADV and it's a bitmask value. Based on Dave's post I set this value to 127. That gets me the best available (based on current standards) port encryption that Notes can do. In this case AES_GCM_256, with a AES_128 ticket. <br /> <br /> It is backward compatible, I tested with FP6 and FP7 clients with this new ini setting with no issue. I see no reason why any client from 6.x onwards would be an issue, but test all the same.. So to enable add this to you server notes.ini: <br /> <br /> <blockquote>PORT_ENC_ADV=127</blockquote> <br /> <br /> Restart Domino. If you have a FP7 or later client then you will be using AES. To prove this you can enable these two notes.ini settings on the client: <br /> <br /> <blockquote>LOG_AUTHENTICATION=1 <br /> Debug_Console=1</blockquote> <br /> <br /> And you can now see the new port encryption being used. Here's a (just upgraded) FP7 client debug output: <br /> <br /> <img  alt="Image:9.0.1 FP7 and how to enable the new port encryption settings" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/9.0.1-fp7-and-how-to-enable-the-new-port-encryption-settings.htm/content/M2?OpenElement" /><br /> <br /> Here's a FP6 client, where the server fails back to RC4_128: <br /> <br /> <img  alt="Image:9.0.1 FP7 and how to enable the new port encryption settings" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/9.0.1-fp7-and-how-to-enable-the-new-port-encryption-settings.htm/content/M3?OpenElement" /><br />   ]]></content:encoded>
  168. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/9.0.1-fp7-and-how-to-enable-the-new-port-encryption-settings.htm</wfw:commentRss>
  169. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/9.0.1-fp7-and-how-to-enable-the-new-port-encryption-settings.htm?opendocument&amp;comments</wfw:comment>
  170. </item>
  171. <item>
  172. <title>The last ever (no really....) This Week In Lotus has been posted, number 115</title>
  173. <pubDate>Tue, 6 Sep 2016 09:15:54 -0400</pubDate>
  174. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/the-last-ever-no-really....-this-week-in-lotus-has-been-posted-number-115.htm</link>
  175. <category>twil</category>
  176. <dc:creator>Darren Duke</dc:creator>
  177. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/the-last-ever-no-really....-this-week-in-lotus-has-been-posted-number-115.htm?opendocument&amp;comments</comments>
  178. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/the-last-ever-no-really....-this-week-in-lotus-has-been-posted-number-115.htm</guid>
  179. <content:encoded><![CDATA[ Stuart, myself and Jesse Gallagher join for the <span style="text-decoration:line-through">weekly</span> bi-annual podcast for one last time....listen to it here: <br /> <br /><a href="http://thisweekinlotus.com/115-doing-a-three-way/">http://thisweekinlotus.com/115-doing-a-three-way/</a> <br /> <br />There is also an exciting announcement at the end.....  ]]></content:encoded>
  180. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/the-last-ever-no-really....-this-week-in-lotus-has-been-posted-number-115.htm</wfw:commentRss>
  181. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/the-last-ever-no-really....-this-week-in-lotus-has-been-posted-number-115.htm?opendocument&amp;comments</wfw:comment>
  182. </item>
  183. <item>
  184. <title>Using Hawthorn gold code? Want IBM to add SQL Server support? Here&#8217;s the SPR you&#8217;ll want to add your name to....</title>
  185. <pubDate>Mon, 29 Aug 2016 13:46:34 -0400</pubDate>
  186. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/using-hawthorn-gold-code-want-ibm-to-add-sql-server-support-heres-the-spr-youll-want-to-add-your-name-to.....htm</link>
  187. <category>domino</category>
  188. <dc:creator>Darren Duke</dc:creator>
  189. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/using-hawthorn-gold-code-want-ibm-to-add-sql-server-support-heres-the-spr-youll-want-to-add-your-name-to.....htm?opendocument&amp;comments</comments>
  190. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/using-hawthorn-gold-code-want-ibm-to-add-sql-server-support-heres-the-spr-youll-want-to-add-your-name-to.....htm</guid>
  191. <content:encoded><![CDATA[ Hawthrorn 2.0, AKA IBM Mail Support for Microsoft Outlook, AKA IMSMO has recently been released. One of the main install differences between GA (2.0) and LA (1.0) code is that GA requires use of IBM DB2 as a state store for the IMSMO Domino server (whereas 1.0 had no such requirement). <br /> <br />Most organizations can count on the fingers of no hands how may DB2 servers they have, so you'd expect IBM to support MS SQL server right? You'd be wrong. You along with me are a moron, and no one's ever asked for that.  <br /> <br />Except now I have. And I have a SPR &nbsp;to prove it. IBM uses SPR's to weigh the decision to add a requested feature to a product, so the more organizations that pile on, the bigger the chance IBM will provide this.. <br /> <br />If you want this added to IMSMO then you can call IBM support (or using the website) and request that your organization be added to the SPR by referencing<strong> SPR RCGOAD5LHQ</strong> (APAR LO90041).  ]]></content:encoded>
  192. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/using-hawthorn-gold-code-want-ibm-to-add-sql-server-support-heres-the-spr-youll-want-to-add-your-name-to.....htm</wfw:commentRss>
  193. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/using-hawthorn-gold-code-want-ibm-to-add-sql-server-support-heres-the-spr-youll-want-to-add-your-name-to.....htm?opendocument&amp;comments</wfw:comment>
  194. </item>
  195. <item>
  196. <title>There is no 9.0.2. Dead. Canceled. Killed. </title>
  197. <pubDate>Wed, 24 Aug 2016 14:42:42 -0400</pubDate>
  198. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/there-is-no-9.0.2.-dead.-canceled.-killed.-.htm</link>
  199. <category>902</category>
  200. <dc:creator>Darren Duke</dc:creator>
  201. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/there-is-no-9.0.2.-dead.-canceled.-killed.-.htm?opendocument&amp;comments</comments>
  202. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/there-is-no-9.0.2.-dead.-canceled.-killed.-.htm</guid>
  203. <content:encoded><![CDATA[ Originally 9.0.2 was scheduled for release in late 2015. <br /> <br /> Then February 2016 (this would have been 28 months since 9.0.1 shipped) <br /> <br /> Then 2H 2016. <br /> <br /> Then 2017. <br /> <br /> Now, well, &nbsp;never (if the scuttlebutt at MWLUG is to be believed, and I do believe it). <br /> <br /> It was pushed for many reasons, notably to get Verse out of the door. As I mentioned in this <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/9.0.2-where-for-art-thou-ibm-has-truly-lost-the-plot-this-time.htm" title="9.0.2-where-for-art-thou-ibm-has-truly-lost-the-plot-this-time.htm" target="_blank"/>post (9.0.2 where for art thou?)</a> and this <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/my-customers-dont-want-mail.next.htm" title="my-customers-dont-want-mail.next.htm" target="_blank"/>one (my customers don't want mail next)</a> I've ranted and raved about this before. <br /> <br /> To no avail. <br /> <br /> Well, it seems some genius (<---sarcasm alert) at IBM has decided to not release 9.0.2 but to roll some (most?) of those features into the upcoming FP7 (and FP8?) release(s). At least we'll (allegedly) get Java 8 and AES port encryption at some point . I guess there is that. <br /> <br /> So why would IBM kill a release that is all but ready to ship? I can only fathom one reasonable answer to this.....to forgo the need to support Notes/Domino for a further 5-7 years. I believe a fix pack is only supported as long as IBM want to support it (unless someone can guide me to an IBM document saying otherwise....a quick Google yielded no real answer to this), which is a whole metric shit ton less than 5-7 years. I also think that IBM is going to change the "fix pack" nomenclature, and this was alluded to in several IBM presentations at MWLUG, mainly, I believe as Domino is required for Verse On-Prem (VOP). Still it does look like this is the end of the line for the Notes client (not really a shock) and any semblance of a Domino app-dev strategy (kind of a shock). <br /> <br /> Yet again, IBM is causing itself a decent dose of customer hate and migrations with their lack of communication, messaging and approach. You'd think both they and I would learn from this, alas I keep hoping for better for IBM. More fool me, right? <br /> <br /> If I'm wrong about 9.0.2, I'm sure an IBM executive will post here. If I'm correct, no doubt I'll get a threatening phone call or two.   ]]></content:encoded>
  204. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/there-is-no-9.0.2.-dead.-canceled.-killed.-.htm</wfw:commentRss>
  205. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/there-is-no-9.0.2.-dead.-canceled.-killed.-.htm?opendocument&amp;comments</wfw:comment>
  206. </item>
  207. <item>
  208. <title>Unable to view embedded SlideShare presentations in Chrome? Try this.....</title>
  209. <pubDate>Mon, 22 Aug 2016 16:34:51 -0400</pubDate>
  210. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm</link>
  211. <category>presentations</category>
  212. <dc:creator>Darren Duke</dc:creator>
  213. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm?opendocument&amp;comments</comments>
  214. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm</guid>
  215. <content:encoded><![CDATA[ The first page of the presentation displays fine, but you can't navigate to any other slide or use any other actions (like the image below): <br /> <br /><img  alt="Image:Unable to view embedded SlideShare presentations in Chrome? Try this....." border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm/content/M2?OpenElement" /> <br /> <br />The fix it is to allow 3rd party cookies from SlideShare.net. You can do this in the Chrome settings page, like this: <br /> <br /><img  alt="Image:Unable to view embedded SlideShare presentations in Chrome? Try this....." border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm/content/M3?OpenElement" /> <br />Then, manage exceptions: <br /> <br /><img  alt="Image:Unable to view embedded SlideShare presentations in Chrome? Try this....." border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm/content/M4?OpenElement" /> <br /> <br />Add the following to the hostname pattern: <br /> <br /><blockquote>&#91;*.&#93;slideshare.net</blockquote> <br /> <br />Like this: <br /> <br /><img  alt="Image:Unable to view embedded SlideShare presentations in Chrome? Try this....." border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm/content/M5?OpenElement" /> <br /> <br /> <br />You can now navigate embedded SlideShare presentations. <br /> <br /> <br /> <br /> <br /> <br />  ]]></content:encoded>
  216. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm</wfw:commentRss>
  217. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm?opendocument&amp;comments</wfw:comment>
  218. </item>
  219. <item>
  220. <title>My MWLUG presentation - Domino Security - not knowing is not an option (2016 edition)</title>
  221. <pubDate>Mon, 22 Aug 2016 10:21:46 -0400</pubDate>
  222. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/my-mwlug-presentation-domino-security-not-knowing-is-not-an-option-2016-edition.htm</link>
  223. <category>mwlug</category>
  224. <dc:creator>Darren Duke</dc:creator>
  225. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/my-mwlug-presentation-domino-security-not-knowing-is-not-an-option-2016-edition.htm?opendocument&amp;comments</comments>
  226. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/my-mwlug-presentation-domino-security-not-knowing-is-not-an-option-2016-edition.htm</guid>
  227. <content:encoded><![CDATA[ If you unable to view this presentation correctly in Chrome, <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm" title="unable-to-view-embedded-slideshare-presentations-in-chrome-try-this......htm" target="_blank"/>see this post</a>  ]]></content:encoded>
  228. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/my-mwlug-presentation-domino-security-not-knowing-is-not-an-option-2016-edition.htm</wfw:commentRss>
  229. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/my-mwlug-presentation-domino-security-not-knowing-is-not-an-option-2016-edition.htm?opendocument&amp;comments</wfw:comment>
  230. </item>
  231. <item>
  232. <title>Idea - I&#8217;m going to open a PMR asking IBM to release 9.0.2....and you are invited to take part</title>
  233. <pubDate>Tue, 19 Jul 2016 13:11:02 -0400</pubDate>
  234. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/idea-im-going-to-open-a-pmr-asking-ibm-to-release-9.0.2....and-you-are-invited-to-take-part.htm</link>
  235. <category>domino</category>
  236. <dc:creator>Darren Duke</dc:creator>
  237. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/idea-im-going-to-open-a-pmr-asking-ibm-to-release-9.0.2....and-you-are-invited-to-take-part.htm?opendocument&amp;comments</comments>
  238. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/idea-im-going-to-open-a-pmr-asking-ibm-to-release-9.0.2....and-you-are-invited-to-take-part.htm</guid>
  239. <content:encoded><![CDATA[ I got to thinking about this earlier today... <br /> <br /> <blockquote>How can I as a customer/partner/interested party let IBM know of my discontent about the lack of urgency in releasing Domino 9.0.2?</blockquote> <br /> <br /> I noddled on this for a few minutes and came up with some ways. A few (along with cons) are listed below: <br /> <br /> 1) Contact your IBM rep and tell them. <strong><br /> Pros:</strong> <br /> Erm.... <strong><br /> Cons:</strong> <br /> If you can find them, by the time you hang up they will have a new job. <br /> <br /> 2) Move to another platform. <strong><br /> Pros:</strong> <br /> Real Outlook support <strong><br /> Cons:</strong> <br /> It'll cost a fortune <br /> <br /> 3) PMR <strong><br /> Pros: </strong><br /> Fast <strong><br /> Cons:</strong> <br /> Well, it's a PMR <br /> <br /> I have finally settled on number 3, create a PMR. See, I think they only way IBM will take notice and do something (new regime or otherwise) is to inundate the support channel with this request. It kind of worked for TLS support in Domino (prior even to the Poodle debacle....I have stories about this if you hit me up at MWLUG) so there is some hope with that outlet. Now, there won't be an SPR as IBM will never admit to 9.0.2 not being released is a bug, but still, enough PMR's could at least make some IBM executives uncomfortable in their Game Of Thrones. <br /> <br /> So if you have PMR creation capability, I cordially invite you to enter a PMR requesting 9.0.2 be released soon. Here's the link to IBM PMR creation page <a href="https://www-947.ibm.com/support/servicerequest/Home.action"><span style="text-decoration:underline">https://www-947.ibm.com/support/servicerequest/Home.action</span></a> <br /> <br /> Here's mine: <br /> <br /> <img  alt="Image:Idea - I&#8217;m going to open a PMR asking IBM to release 9.0.2....and you are invited to take part" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/idea-im-going-to-open-a-pmr-asking-ibm-to-release-9.0.2....and-you-are-invited-to-take-part.htm/content/M2?OpenElement" /><br />   ]]></content:encoded>
  240. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/idea-im-going-to-open-a-pmr-asking-ibm-to-release-9.0.2....and-you-are-invited-to-take-part.htm</wfw:commentRss>
  241. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/idea-im-going-to-open-a-pmr-asking-ibm-to-release-9.0.2....and-you-are-invited-to-take-part.htm?opendocument&amp;comments</wfw:comment>
  242. </item>
  243. <item>
  244. <title>Well, so much for IE11 and iNotes standards mode</title>
  245. <pubDate>Tue, 19 Jul 2016 07:00:44 -0400</pubDate>
  246. <link>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/well-so-much-for-ie11-and-inotes-standards-mode.htm</link>
  247. <category>inotes</category>
  248. <dc:creator>Darren Duke</dc:creator>
  249. <comments>https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/well-so-much-for-ie11-and-inotes-standards-mode.htm?opendocument&amp;comments</comments>
  250. <guid isPermaLink="true">https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/well-so-much-for-ie11-and-inotes-standards-mode.htm</guid>
  251. <content:encoded><![CDATA[ In my <a href="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/inotes-ie11-and-copy-and-paste-images-from-the-clipboard.-how-to-enable-it..htm" title="inotes-ie11-and-copy-and-paste-images-from-the-clipboard.-how-to-enable-it..htm" target="_blank"/>last post</a> I made the mistake of thinking IBM had done a bang up job on the copy and paste with images from the clipboard into iNotes using IE11. Well.....about that..... <br /> <br />After enabling the following settings in the server notes.ini file a user is no longer able to use type-ahead search (view search): <br /> <br /><blockquote>iNotes_WA_DefaultFormsFile=iNotes/Forms9s.nsf<br /> iNotes_WA_FormsFiles=iNotes/Forms9s.nsf  <br /></blockquote> <br /> <br />Here's the difference, search view in quirks mode works, standard mode does not:.... <br /> <br />Quirks mode IE: <br /><img  alt="Image:Well, so much for IE11 and iNotes standards mode" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/well-so-much-for-ie11-and-inotes-standards-mode.htm/content/M2?OpenElement" /> <br /> <br />Standards mode IE: <br /> <br /><img  alt="Image:Well, so much for IE11 and iNotes standards mode" border="0" src="https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/well-so-much-for-ie11-and-inotes-standards-mode.htm/content/M3?OpenElement" /> <br /> <br />Time to revert back to quirks mode by removing the notes.ini settings....balls. <br /> <br />Time and time again, testing and QA is IBM's downfall. I'm beginning to think that I, together with IBM, will never learn this lesson. In the top screeshot you can even see my PMR about this.....oh, the hellish times we live in. <br />  ]]></content:encoded>
  252. <wfw:commentRss> https://blog.darrenduke.net/Darren/DDBZ.nsf/dxcomments/well-so-much-for-ie11-and-inotes-standards-mode.htm</wfw:commentRss>
  253. <wfw:comment> https://blog.darrenduke.net/Darren/DDBZ.nsf/dx/well-so-much-for-ie11-and-inotes-standards-mode.htm?opendocument&amp;comments</wfw:comment>
  254. </item>
  255. </channel></rss>
  256.  

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

  1. Download the "valid RSS" banner.

  2. Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)

  3. Add this HTML to your page (change the image src attribute if necessary):

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//blog.darrenduke.net/Darren/DDBZ.nsf/feed.rss

Copyright © 2002-9 Sam Ruby, Mark Pilgrim, Joseph Walton, and Phil Ringnalda