Congratulations!

[Valid RSS] This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

Source: http://www.wiseman.la/web/cpwBlog.nsf/feed.rss

  1. <?xml version="1.0" encoding="utf-8"?>
  2. <rss version="2.0"
  3. xmlns:dc="http://purl.org/dc/elements/1.1/"
  4. xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  5. xmlns:admin="http://webns.net/mvcb/"
  6. xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  7. xmlns:content="http://purl.org/rss/1.0/modules/content/"
  8. xmlns:wfw="http://wellformedweb.org/CommentAPI/">
  9. <channel>
  10. <title>Craig Wiseman</title>
  11. <description>cpwBlog - You know, I was thinking about that....</description>
  12. <link>http://www.wiseman.la/web/cpwBlog.nsf/</link>
  13. <language>en-us</language>
  14. <lastBuildDate>Mon, 25 Apr 2016 07:51:38 -0500</lastBuildDate>
  15. <item>
  16. <title>Driving around Baton Rouge yesterday, I finally understood the scale and scope that Ms. Rometty is shooting for in IBM.</title>
  17. <pubDate>Mon, 25 Apr 2016 07:51:38 -0500</pubDate>
  18. <description>
  19. <![CDATA[
  20. :: Abstract not available ::
  21. ]]>
  22. </description>
  23. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/driving-around-baton-rouge-yesterday-i-finally-understood-the-scale-and-scope-that-ms.-rometty-is-shooting-for-in-ibm..htm</link>
  24. <category>IBM</category>
  25. <dc:creator>Craig Wiseman</dc:creator>
  26. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/driving-around-baton-rouge-yesterday-i-finally-understood-the-scale-and-scope-that-ms.-rometty-is-shooting-for-in-ibm..htm?opendocument&amp;comments</comments>
  27. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/driving-around-baton-rouge-yesterday-i-finally-understood-the-scale-and-scope-that-ms.-rometty-is-shooting-for-in-ibm..htm</guid>
  28. <content:encoded><![CDATA[  <div align=center><img  alt="Image:Driving around Baton Rouge yesterday, I finally understood the scale and scope that Ms. Rometty is shooting for in IBM." border="0" src="http://www.wiseman.la/web/cpwblog.nsf/dx/driving-around-baton-rouge-yesterday-i-finally-understood-the-scale-and-scope-that-ms.-rometty-is-shooting-for-in-ibm..htm/content/M2?OpenElement" /></div>  ]]></content:encoded>
  29. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/driving-around-baton-rouge-yesterday-i-finally-understood-the-scale-and-scope-that-ms.-rometty-is-shooting-for-in-ibm..htm</wfw:commentRss>
  30. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/driving-around-baton-rouge-yesterday-i-finally-understood-the-scale-and-scope-that-ms.-rometty-is-shooting-for-in-ibm..htm?opendocument&amp;comments</wfw:comment>
  31. </item>
  32. <item>
  33. <title>Looks notable: Google, Microsoft, Yahoo, and others propose new IETF SMTP Strict Transport Security (STS) standard to ensure secure email transfer</title>
  34. <pubDate>Tue, 22 Mar 2016 20:43:17 -0500</pubDate>
  35. <description>
  36. <![CDATA[
  37. One of the things that's annoyed me is that even if both sides support STARTTLS, you can't easily tell if any given email has been transferred securely. It looks like some big names (but not IBM) ha ...
  38. ]]>
  39. </description>
  40. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/looks-notable-google-microsoft-yahoo-and-others-propose-new-ietf-smtp-strict-transport-security-sts-standard-to-ensure-secure-email-transfer.htm</link>
  41. <category>Administration</category>
  42. <dc:creator>Craig Wiseman</dc:creator>
  43. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/looks-notable-google-microsoft-yahoo-and-others-propose-new-ietf-smtp-strict-transport-security-sts-standard-to-ensure-secure-email-transfer.htm?opendocument&amp;comments</comments>
  44. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/looks-notable-google-microsoft-yahoo-and-others-propose-new-ietf-smtp-strict-transport-security-sts-standard-to-ensure-secure-email-transfer.htm</guid>
  45. <content:encoded><![CDATA[ <a href=http://www.ideajam.net/IdeaJam/P/ij.nsf/0/8E3C8A36CC7C27EF862576440002666C?OpenDocument target=_blank><font size=4 color=blue face="Georgia"><u>One of the things that's annoyed me</u></font></a><font size=4 face="Georgia"> is that even if both sides support STARTTLS, you can't easily tell if any given email has been transferred securely.</font><font size=4> <br /> </font><font size=4 face="Georgia"><br /> It looks like some big names (but not IBM) have picked up this banner recently and </font><a href="https://tools.ietf.org/html/draft-margolis-smtp-sts-00" target=_blank><font size=4 color=blue face="Georgia"><u>put in a draft</u></font></a><font size=4 face="Georgia"> to the IETF to address this:</font><font size=4> <br /> </font><font size=4 face="Arial"><br /> <blockquote></font><font size=4 face="Georgia">This means that STARTTLS connections are vulnerable to man-in-the-middle attacks, where a hacker in a position to intercept the traffic could present the email sender with any certificate, even a self-signed one, and it will be accepted, allowing for the traffic to be decrypted. Furthermore, STARTTLS connections are vulnerable to so-called encryption downgrade attacks, where the encryption is simply removed.</font><font size=4> <br /> </font><font size=4 face="Georgia"><br /> The newly proposed SMTP Strict Transport Security (SMTP STS) addresses both of those issues. It gives email providers the means to inform connecting clients that TLS is available and should be used. It also tells them how the presented certificate should be validated and what should happen if a TLS connection cannot be safely negotiated.</font><font size=4> <br /> </font><font size=4 face="Georgia"><br /> These SMTP STS policies are defined through special DNS records added to the email server's domain name. The protocol provides mechanisms for clients to automatically validate these policies and to report back on any failures.</font><font size=4></blockquote> </font><font size=4><br /> </font><font size=4 face="Georgia"><em><br /> Details:----------</em></font><font size=4> <br /> </font><font size=4 face="Georgia"><strong><em><br /> The Register</em></strong></font><font size=4> </font><font size=4 face="Georgia"><br /> IETF group proposes better SMTP hardening to secure email. At last</font><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://www.theregister.co.uk/2016/03/22/ietf_group_proposes_better_smtp_hardening/><font size=4 color=blue face="Georgia"><u>http://www.theregister.co.uk/2016/03/22/ietf_group_proposes_better_smtp_hardening/</u></font></a><font size=4> <br /> <br /> </font><font size=4 face="Georgia"><strong><em><br /> INFOWORLD</em></strong></font><font size=4> </font><font size=4 face="Georgia"><br /> Google, Microsoft, Yahoo, and others publish new email security standard</font><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href="http://www.infoworld.com/article/3046850/security/google-microsoft-yahoo-and-others-publish-new-email-security-standard.html" target=_blank><font size=4 color=blue face="Georgia"><u>http://www.infoworld.com/article/3046850/security/google-microsoft-yahoo-and-others-publish-new-email-security-standard.html</u></font></a><font size=4> <br /> <br /> <br /> </font>  ]]></content:encoded>
  46. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/looks-notable-google-microsoft-yahoo-and-others-propose-new-ietf-smtp-strict-transport-security-sts-standard-to-ensure-secure-email-transfer.htm</wfw:commentRss>
  47. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/looks-notable-google-microsoft-yahoo-and-others-propose-new-ietf-smtp-strict-transport-security-sts-standard-to-ensure-secure-email-transfer.htm?opendocument&amp;comments</wfw:comment>
  48. </item>
  49. <item>
  50. <title>Perspective - Welcome to the top 1%</title>
  51. <pubDate>Fri, 30 Jan 2015 08:38:44 -0500</pubDate>
  52. <description>
  53. <![CDATA[
  54. Perspective To be in the top 1% of the US, you have to make more than $380,000. To be in the top 1% of the WORLD, you have to make more than $47,000. Welcome to the top 1%. World: Go here to see ...
  55. ]]>
  56. </description>
  57. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/perspective-welcome-to-the-top-1.htm</link>
  58. <category></category>
  59. <dc:creator>Craig Wiseman</dc:creator>
  60. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/perspective-welcome-to-the-top-1.htm?opendocument&amp;comments</comments>
  61. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/perspective-welcome-to-the-top-1.htm</guid>
  62. <content:encoded><![CDATA[  <br /><font size=3 color=#00201f face="Georgia"><strong>Perspective</strong></font> <br /> <br /><font size=3 color=#00201f face="Georgia">To be in the top 1% of the US, you have to make more than $380,000.</font> <br /> <br /><font size=3 color=#00201f face="Georgia">To be in the top 1% of the WORLD, you have to make more than $47,000.</font> <br /> <br /><font size=3 color=#00201f face="Georgia">Welcome to the top 1%.</font> <br /> <br /><font size=3 color=#00201f face="Georgia"><strong>World:</strong></font> <br /><font size=3 color=#00201f face="Georgia">Go here to see where you rank in the world: </font><a href=http://www.globalrichlist.com/ target=_blank><font size=3 color=blue face="Georgia">http://www.globalrichlist.com/</font></a> <br /> <br /><font size=3 color=#00201f face="Georgia"><strong>US:</strong></font> <br /><a href="http://mentalfloss.com/sites/default/files/one-percent2.png" target=_blank><img  alt="Image:Perspective - Welcome to the top 1%" border="0" src="http://www.wiseman.la/web/cpwblog.nsf/dx/perspective-welcome-to-the-top-1.htm/content/M2?OpenElement" /></a> <br /> <br /> <br />  ]]></content:encoded>
  63. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/perspective-welcome-to-the-top-1.htm</wfw:commentRss>
  64. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/perspective-welcome-to-the-top-1.htm?opendocument&amp;comments</wfw:comment>
  65. </item>
  66. <item>
  67. <title>and the spinning is on... IBM denies &quot;layoffs&quot;, Cringley admits to being a gadfly</title>
  68. <pubDate>Tue, 27 Jan 2015 13:09:23 -0500</pubDate>
  69. <description>
  70. <![CDATA[
  71. IBM (IBM.N) dismissed on Monday a Forbes magazine report claiming the technology firm is preparing to cut about 26 percent of its workforce, which would represent its biggest-ever layoffs. IBM is c ...
  72. ]]>
  73. </description>
  74. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/and-the-spinning-is-on...-ibm-denies-layoffs-cringley-admits-to-being-a-gadfly.htm</link>
  75. <category></category>
  76. <dc:creator>Craig Wiseman</dc:creator>
  77. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/and-the-spinning-is-on...-ibm-denies-layoffs-cringley-admits-to-being-a-gadfly.htm?opendocument&amp;comments</comments>
  78. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/and-the-spinning-is-on...-ibm-denies-layoffs-cringley-admits-to-being-a-gadfly.htm</guid>
  79. <content:encoded><![CDATA[ <font size=3 face="sans-serif"><br /> <blockquote>IBM (IBM.N) dismissed on Monday a Forbes magazine report claiming the technology firm is preparing to cut about 26 percent of its workforce, which would represent its biggest-ever layoffs.</font><font size=4> <br /> </font><font size=3 face="sans-serif"><br /> IBM is cutting jobs, as disclosed in its latest earnings report last week, but those reductions will affect "several thousand" employees, a "small fraction" of what Forbes reported, according to an emailed statement from IBM to Reuters. Forbes had said as many as 112,000 employees could be laid off. - </font><a href="http://www.reuters.com/article/2015/01/26/us-ibm-restructuring-forbes-idUSKBN0KZ1WF20150126"><font size=3 color=blue face="Georgia"><u>Reuters (full story)</u></font></a><font size=3 face="Georgia"></blockquote></font><font size=4> <br /> <br /> </font><font size=3 face="Georgia"><br /> Cringely follow up with this article:</font><font size=4> </font><font size=3 face="sans-serif"><br /> <blockquote>So what's the truth about these job cuts? Well we'll know this week because I hear the notices are already in transit to be delivered on Wednesday. (I originally wrote in the mail but then realized IBM would condemn me if they are coming by FedEx, instead.)</font><font size=4> <br /> </font><font size=3 face="sans-serif"><br /> I think IBM is dissembling, fixating on the term 110,000 layoffs, which by the way I never used. Like my young sons who never hit each other but instead push, slap, graze, or brush, IBM is playing word games to obscure the truth. </font><font size=3 face="Georgia"><br />  - </font><a href="http://www.cringely.com/2015/01/26/ibm-right-gadfly/"><font size=3 color=blue face="Georgia"><u>Full Cringely post</u></font></a><font size=3 face="Georgia"></blockquote></font><font size=4> <br /> </font><font size=3 face="Georgia"><br /> This makes the rest of the week mighty interesting.</font><font size=4> </font>  ]]></content:encoded>
  80. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/and-the-spinning-is-on...-ibm-denies-layoffs-cringley-admits-to-being-a-gadfly.htm</wfw:commentRss>
  81. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/and-the-spinning-is-on...-ibm-denies-layoffs-cringley-admits-to-being-a-gadfly.htm?opendocument&amp;comments</wfw:comment>
  82. </item>
  83. <item>
  84. <title>Trying to work out what was missing from the ConnectED 2015 OGS</title>
  85. <pubDate>Tue, 27 Jan 2015 07:57:49 -0500</pubDate>
  86. <description>
  87. <![CDATA[
  88. :: Abstract not available ::
  89. ]]>
  90. </description>
  91. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/trying-to-work-out-what-was-missing-from-the-connected-2015-ogs.htm</link>
  92. <category></category>
  93. <dc:creator>Craig Wiseman</dc:creator>
  94. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/trying-to-work-out-what-was-missing-from-the-connected-2015-ogs.htm?opendocument&amp;comments</comments>
  95. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/trying-to-work-out-what-was-missing-from-the-connected-2015-ogs.htm</guid>
  96. <content:encoded><![CDATA[ <img  alt="Image:Trying to work out what was missing from the ConnectED 2015 OGS" border="0" src="http://www.wiseman.la/web/cpwblog.nsf/dx/trying-to-work-out-what-was-missing-from-the-connected-2015-ogs.htm/content/M2?OpenElement" />  ]]></content:encoded>
  97. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/trying-to-work-out-what-was-missing-from-the-connected-2015-ogs.htm</wfw:commentRss>
  98. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/trying-to-work-out-what-was-missing-from-the-connected-2015-ogs.htm?opendocument&amp;comments</wfw:comment>
  99. </item>
  100. <item>
  101. <title>Three points that Lotusphere, er, Connect, er, ConnectED 2015 should refute</title>
  102. <pubDate>Sun, 25 Jan 2015 11:58:03 -0500</pubDate>
  103. <description>
  104. <![CDATA[
  105. There's no one driving the bus. This has been pretty clear for years, but made even clearer by the dissolution of the Lotus brand. Who "owns" and drives development for Connections, Portal, Sametime ...
  106. ]]>
  107. </description>
  108. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/three-points-that-lotusphere-er-connect-er-connected-2015-should-refute.htm</link>
  109. <category>ibm</category>
  110. <dc:creator>Craig Wiseman</dc:creator>
  111. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/three-points-that-lotusphere-er-connect-er-connected-2015-should-refute.htm?opendocument&amp;comments</comments>
  112. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/three-points-that-lotusphere-er-connect-er-connected-2015-should-refute.htm</guid>
  113. <content:encoded><![CDATA[ <font size=3 face="Georgia"><strong>There's no one driving the bus.</strong></font><font size=3> </font><font size=3 face="Georgia"><br /> This has been pretty clear for years, but made even clearer by the dissolution of the Lotus brand.</font><font size=3> </font><font size=3 face="Georgia"><br /> Who "owns" and drives development for Connections, Portal, Sametime, Notes, Domino, etc.? The entire group of "social" products seems to be on autopilot. Who pushes them and markets them? If you are not in the IBM blackhole, it's impenetrable. And why would anyone not already sucked in care?</font><font size=3> &nbsp; <br /> </font><img  alt="Image:Three points that Lotusphere, er, Connect, er, ConnectED 2015 should refute" border="0" src="http://www.wiseman.la/web/cpwblog.nsf/dx/three-points-that-lotusphere-er-connect-er-connected-2015-should-refute.htm/content/M2?OpenElement" /><font size=3 face="Georgia"><strong><br /> <br /> OK, what we really mean is that we value you&#91;r renewals&#93; as customers.</strong></font><font size=3> </font><font size=3 face="Georgia"><br /> Virtually all the products in the Social area are in "milk the customer" mode. <br /> There's no </font><a href=http://en.wikipedia.org/wiki/Marketing target=_blank><font size=3 color=blue face="Georgia"><u>marketing</u></font></a><font size=3 face="Georgia">.</font><font size=3> </font><font size=3 face="Georgia"><br /> Much requested basic </font><a href=http://ideajam.net/IdeaJam/P/ij.nsf/0/342557C4307F678D86257833004C527F?OpenDocument><font size=3 color=blue face="Georgia"><u>maintenance</u></font></a><font size=3 face="Georgia"> and upkeep is not done.</font><font size=3> </font><font size=3 face="Georgia"><br /> It's OK if things are </font><a href="http://www.wiseman.la/web/cpwBlog.nsf/dx/domino-customer-please-call-ibm-support-help-get-smtp-tlsssl-fixed.htm"><font size=3 color=blue face="Georgia"><u>left broken</u></font></a><font size=3 face="Georgia"> as long as customers pay up.</font><font size=3> <br /> </font><img  alt="Image:Three points that Lotusphere, er, Connect, er, ConnectED 2015 should refute" border="0" src="http://www.wiseman.la/web/cpwblog.nsf/dx/three-points-that-lotusphere-er-connect-er-connected-2015-should-refute.htm/content/M3?OpenElement" /><font size=3 face="Georgia"><strong><br /> <br /> <br /> We don't care what you want, it's all about I (BM).</strong></font><font size=3> </font><font size=3 face="Georgia"><br /> Cringely has a </font><a href="http://www.cringely.com/2015/01/22/ibms-reorg-hell-launches-next-week/"><font size=3 color=blue face="Georgia"><u>good article</u></font></a><font size=3 face="Georgia"> about what's about to happen within IBM, go read it and the comments</font><font size=3> </font><font size=3 face="Georgia"><br /> For many years, when IBM was at its best, it found out what the customer needed and then produced hardware, software, and services to fill the need. <br /> Now, it is hard to say what IBM is about, but it's certainly not about the people and companies that pay it money.</font><font size=3> <br /> </font><img  alt="Image:Three points that Lotusphere, er, Connect, er, ConnectED 2015 should refute" border="0" src="http://www.wiseman.la/web/cpwblog.nsf/dx/three-points-that-lotusphere-er-connect-er-connected-2015-should-refute.htm/content/M4?OpenElement" />  ]]></content:encoded>
  114. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/three-points-that-lotusphere-er-connect-er-connected-2015-should-refute.htm</wfw:commentRss>
  115. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/three-points-that-lotusphere-er-connect-er-connected-2015-should-refute.htm?opendocument&amp;comments</wfw:comment>
  116. </item>
  117. <item>
  118. <title>I, Cringley:  IBM&#8217;s reorg-from-Hell launches next week</title>
  119. <pubDate>Fri, 23 Jan 2015 10:57:17 -0500</pubDate>
  120. <description>
  121. <![CDATA[
  122. A worthy read, particularly the comments: IBM's reorg-from-Hell launches next week IBM's big layoff-cum-reorganization called Project Chrome kicks-off next week when 26 percent of IBM employees will ...
  123. ]]>
  124. </description>
  125. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/i-cringley-.htm</link>
  126. <category>Domino</category>
  127. <dc:creator>Craig Wiseman</dc:creator>
  128. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/i-cringley-.htm?opendocument&amp;comments</comments>
  129. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/i-cringley-.htm</guid>
  130. <content:encoded><![CDATA[ <font size=2 face="sans-serif">A worthy read, particularly the comments:</font> <br /> <br /><font size=2 face="sans-serif"><strong><blockquote>IBM's reorg-from-Hell launches next week</strong></font> <br /><font size=2 face="sans-serif">IBM's big layoff-cum-reorganization called Project Chrome kicks-off next week when 26 percent of IBM employees will get calls from their managers followed by thick envelopes on their doorsteps. &nbsp;By the end of February all 26 percent will be gone. I'm told this has been in the planning for months and I first heard about it back in November. This biggest reorganization in IBM history is going to be a nightmare for everyone and at first I expected it to be a failure for IBM management, too. </font> <br /><font size=2 face="sans-serif">But then I thought further and I think I&#8217;ve figured it out&#8230;</blockquote></font> <br /> <br /><a href="http://www.cringely.com/2015/01/22/ibms-reorg-hell-launches-next-week/" target=_blank><font size=2 color=blue face="sans-serif">http://www.cringely.com/2015/01/22/ibms-reorg-hell-launches-next-week/</font></a>  ]]></content:encoded>
  131. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/i-cringley-.htm</wfw:commentRss>
  132. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/i-cringley-.htm?opendocument&amp;comments</wfw:comment>
  133. </item>
  134. <item>
  135. <title>Domino customer? Please call IBM support help get SMTP TLS/SSL fixed</title>
  136. <pubDate>Fri, 16 Jan 2015 12:56:27 -0500</pubDate>
  137. <description>
  138. <![CDATA[
  139. After much worrying non-communication, IBM came out with the initial POODLE for SSL patch and then the POODLE for TLS patch. These were timely and clean fixes - thank you IBM for these. I've inclu ...
  140. ]]>
  141. </description>
  142. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/domino-customer-please-call-ibm-support-help-get-smtp-tlsssl-fixed.htm</link>
  143. <category>Domino SSL TLS</category>
  144. <dc:creator>Craig Wiseman</dc:creator>
  145. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/domino-customer-please-call-ibm-support-help-get-smtp-tlsssl-fixed.htm?opendocument&amp;comments</comments>
  146. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/domino-customer-please-call-ibm-support-help-get-smtp-tlsssl-fixed.htm</guid>
  147. <content:encoded><![CDATA[ <font size=2 face="Georgia">After </font><a href=http://www.billmal.com/billmal/billmal.nsf/dx/ssl3.poodle.intro.htm target=_blank><font size=2 color=blue face="Georgia"><u>much</u></font></a><font size=2 face="Georgia"> </font><a href="http://www.wiseman.la/web/cpwblog.nsf/dx/poor-domino-users.-for-folks-who-care-about-security-looks-like-now-is-when-ibms-disrespect-contempt-for-its-userbase-bites-us-new-poodle-ssl-v3-hack.htm" target=_blank><font size=2 color=blue face="Georgia"><u>worrying</u></font></a><font size=2 face="Georgia"> </font><a href="http://www.wiseman.la/web/cpwblog.nsf/dx/what-ibms-response-to-the-poodle-ssl-v3-attack-feels-like-to-its-domino-customers.htm" target=_blank><font size=2 color=blue face="Georgia"><u>non-communication</u></font></a><font size=2 face="Georgia">, IBM came out with the initial </font><a href="http://blog.nashcom.de/nashcomblog.nsf/dx/domino-tls-1.0-sha-2-support-to-prevent-poodle-has-been-shipped-today.htm"><font size=2 color=blue face="Georgia"><u>POODLE for SSL</u></font></a><font size=2 face="Georgia"> patch and then the </font><a href="http://blog.nashcom.de/nashcomblog.nsf/dx/domino-tls-poodle-fix-released.htm"><font size=2 color=blue face="Georgia"><u>POODLE for TLS</u></font></a><font size=2 face="Georgia"> patch. <br /> <br /> These were timely and clean fixes - <strong>thank you IBM for these</strong>. <br /> <br /> I've included an email to IBM support regarding <strong>the fact that the POODLE SSL/TLS fixes break Domino as an internet-facing SMTP host</strong>... a role it Domino has served for many many organizations since the Notes Server R4 days.</font><font size=3> </font><font size=2 face="Georgia"><br /> <br /> If you are an IBM Domino customer,<strong> please call IBM support and open a PMR on this issue.</strong> Ask them to add the PMR to <strong>SPR LMES9QRUZY</strong> this will end weight to this issue and may sway development to actual fix this fundamental issue.</font><font size=3> &nbsp;(PMR = "Problem Management Record" | SPR = "Software Problem Report")<br /> </font> <br /><img  alt="Image:Domino customer? Please call IBM support help get SMTP TLS/SSL fixed" border="0" src="http://www.wiseman.la/web/cpwblog.nsf/dx/domino-customer-please-call-ibm-support-help-get-smtp-tlsssl-fixed.htm/content/M2?OpenElement" />  ]]></content:encoded>
  148. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/domino-customer-please-call-ibm-support-help-get-smtp-tlsssl-fixed.htm</wfw:commentRss>
  149. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/domino-customer-please-call-ibm-support-help-get-smtp-tlsssl-fixed.htm?opendocument&amp;comments</wfw:comment>
  150. </item>
  151. <item>
  152. <title>IBM&#8217;s POODLE TLS fixes for Domino, while timely (thanks!) breaks SMTP email connectivity (BAD,BAD)</title>
  153. <pubDate>Thu, 15 Jan 2015 09:12:21 -0500</pubDate>
  154. <description>
  155. <![CDATA[
  156. After much worrying non-communication, IBM came out with the initial POODLE for SSL patch and then the POODLE for TLS patch. These were timely and clean fixes - thank you IBM for these. However, w ...
  157. ]]>
  158. </description>
  159. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/ibms-poodle-tls-fixes-for-domino-while-timely-thanks-breaks-smtp-email-connectivity-badbad.htm</link>
  160. <category>Domino</category>
  161. <dc:creator>Craig Wiseman</dc:creator>
  162. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/ibms-poodle-tls-fixes-for-domino-while-timely-thanks-breaks-smtp-email-connectivity-badbad.htm?opendocument&amp;comments</comments>
  163. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/ibms-poodle-tls-fixes-for-domino-while-timely-thanks-breaks-smtp-email-connectivity-badbad.htm</guid>
  164. <content:encoded><![CDATA[ <font size=3 face="Georgia">After </font><a href=http://www.billmal.com/billmal/billmal.nsf/dx/ssl3.poodle.intro.htm target=_blank><font size=3 color=blue face="Georgia"><u>much</u></font></a><font size=3 face="Georgia"> </font><a href="http://www.wiseman.la/web/cpwblog.nsf/dx/poor-domino-users.-for-folks-who-care-about-security-looks-like-now-is-when-ibms-disrespect-contempt-for-its-userbase-bites-us-new-poodle-ssl-v3-hack.htm" target=_blank><font size=3 color=blue face="Georgia"><u>worrying</u></font></a><font size=3 face="Georgia"> </font><a href="http://www.wiseman.la/web/cpwblog.nsf/dx/what-ibms-response-to-the-poodle-ssl-v3-attack-feels-like-to-its-domino-customers.htm" target=_blank><font size=3 color=blue face="Georgia"><u>non-communication</u></font></a><font size=3 face="Georgia">, IBM came out with the initial </font><a href="http://blog.nashcom.de/nashcomblog.nsf/dx/domino-tls-1.0-sha-2-support-to-prevent-poodle-has-been-shipped-today.htm"><font size=3 color=blue face="Georgia"><u>POODLE for SSL</u></font></a><font size=3 face="Georgia"> patch and then the </font><a href="http://blog.nashcom.de/nashcomblog.nsf/dx/domino-tls-poodle-fix-released.htm"><font size=3 color=blue face="Georgia"><u>POODLE for TLS</u></font></a><font size=3 face="Georgia"> patch.</font><font size=3> </font><font size=3 face="Georgia"><br /> <br /> These were timely and clean fixes - <strong>thank you IBM for these</strong>.</font><font size=3> </font><font size=3 face="Georgia"><br /> <br /> However, we've noticed an issue with the impact these fixes have on SMTP traffic.</font><font size=3> </font><font size=3 face="Georgia"><br /> <br /> The issue is that the POODLE fixes completely drop support for </font><a href="http://www-10.lotus.com/ldd/dominowiki.nsf/dx/SSLv2"><font size=3 color=blue face="Georgia"><u>SSLv2</u></font></a><font size=3 face="Georgia">, which on one level is fine - SSLv2 is insecure. But there's a more subtle issue caused by completely dropping SSLv2 support:</font><font size=3> </font><font size=3 face="Georgia"><br /> According to various SSL/TLS RFCs (rfc</font><a href=https://www.ietf.org/rfc/rfc2246.txt><font size=3 color=blue face="Georgia"><u>2246</u></font></a><font size=3 face="Georgia">)(rfc</font><a href=https://tools.ietf.org/html/rfc6176><font size=3 color=blue face="Georgia"><u>6176</u></font></a><font size=3 face="Georgia">), the opening HELLO may be received even it it's SSLv2 and then a re-negotiate process must be run to upgrade the communication to an agreed, higher level.</font><font size=3> </font><font size=3 face="Georgia"><strong><br /> <br /> Why is this a problem? Because there are a LARGE number of SMTP hosts that try to connect with an SSLv2-signed initial connection and Domino shuts them down. And NO mail gets received by Domino </strong>(REMINDER: Domino is a mail server, among its many other roles).</font><font size=3> </font><font size=3 face="Georgia"><br /> <br /> This issue has been </font><a href="http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId&aelig;14F339E975A7A485257D860064343A#C34E8BE4A58E315A85257D8E00041AE0" target=_blank><font size=3 color=blue face="Georgia"><u>raised and pushed by Mark Gottschalk and others</u></font></a><font size=3 face="Georgia"> - go read that thread. Historically IBM prided itself on providing robust, secure solutions. We're not seeing that here.</font><font size=3> </font><font size=3 face="Georgia"><br /> <br /> <blockquote>SMTP inbound TLS on Domino is incomplete/broken as currently offered. &nbsp;It only satisfies a lawyer's interpretation of 'we have given the clients a solution to the problem', and cannot be used for inbound SMTP by organizations in the real world without the risk of rejecting significant legitimate mail.</font><font size=3> </font><font size=3 face="Georgia"><br />  - Mr. Gottschalk</blockquote></font><font size=3> </font><font size=3 face="Georgia"><br /> <br /> Wonder what some mailcontrol.com user is tring to send me? *sigh* I'll never know.</font><font size=3> </font><font size=1 face="Georgia"><br /> <br /> &#91;0468:000A-17CC&#93; 01/15/2015 07:54:23 AM &nbsp;SMTP Server: cluster-a.mailcontrol.com (85.115.52.190) connected</font><font size=1> </font><font size=1 face="Georgia"><br /> &#91;0468:000A-0FA8&#93; 01/15/2015 07:54:23.44 AM SMTP CITask StateMachine> Received 30 bytes from 85.115.52.190</font><font size=1> </font><font size=1 face="Georgia"><br /> &#91;0468:000A-17CC&#93; 01/15/2015 07:54:23.44 AM SMTP CITask StateMachine> Sent 182 bytes to 85.115.52.190</font><font size=1> </font><font size=1 face="Georgia"><br /> &#91;0468:000A-17CC&#93; 01/15/2015 07:54:23.57 AM SMTP CITask StateMachine> Received 8 bytes from 85.115.52.190</font><font size=1> </font><font size=1 face="Georgia"><br /> &#91;0468:000A-0FA8&#93; 01/15/2015 07:54:23.57 AM SMTP CITask StateMachine> Sent 24 bytes to 85.115.52.190</font><font size=1> </font><font size=1 face="Georgia"><br /> &#91;0468:000A-0FA8&#93; 01/15/2015 07:54:23 AM &nbsp;SMTP Server: cluster-a.mailcontrol.com (85.115.52.190) disconnected. 0 message&#91;s&#93; received</font><font size=1> </font>  ]]></content:encoded>
  165. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/ibms-poodle-tls-fixes-for-domino-while-timely-thanks-breaks-smtp-email-connectivity-badbad.htm</wfw:commentRss>
  166. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/ibms-poodle-tls-fixes-for-domino-while-timely-thanks-breaks-smtp-email-connectivity-badbad.htm?opendocument&amp;comments</wfw:comment>
  167. </item>
  168. <item>
  169. <title>Rethinking Ray Ozzie</title>
  170. <pubDate>Sat, 1 Nov 2014 17:34:09 -0500</pubDate>
  171. <description>
  172. <![CDATA[
  173. Mr. Thurrott wrote this a year ago, but it's worth a re-read. From a public perspective, Mr. Ozzie kind of disappeared into Microsoft, but it's clear he had the forethough and intelligence to see what ...
  174. ]]>
  175. </description>
  176. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/rethinking-ray-ozzie.htm</link>
  177. <category>IBM Lotus</category>
  178. <dc:creator>Craig Wiseman</dc:creator>
  179. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/rethinking-ray-ozzie.htm?opendocument&amp;comments</comments>
  180. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/rethinking-ray-ozzie.htm</guid>
  181. <content:encoded><![CDATA[ <font size=3 face="sans-serif">Mr. Thurrott wrote this a year ago, but it's worth a re-read. From a public perspective, Mr. Ozzie kind of disappeared into Microsoft, but it's clear he had the forethough and intelligence to see what was coming.</font> <br /> <br /><font size=3 face="sans-serif"><blockquote>Microsoft's history is full of baloney legends, like "The Internet Tidal Wave" memo from Bill Gates that allegedly caused the company to "turn on a dime" and embrace the Internet (and in the process squash Netscape). But a more complete and less hagiographic telling of that history should also include those signs that Microsoft missed, and in this case, those memos that Microsoft completely and utterly ignored.</font> <br /> <br /><font size=3 face="sans-serif">Ray Ozzie wrote at least two of them. And each is, in its own way, as prophetic and important as that Internet Tidal Wave memo.</blockquote></font> <br /> <br /><font size=3 face="sans-serif">Head over and read the whole thing: </font> <br /><a href="http://winsupersite.com/cloud/rethinking-ray-ozzie" target=_blank><font size=3 color=blue face="sans-serif">http://winsupersite.com/cloud/rethinking-ray-ozzie</font></a>  ]]></content:encoded>
  182. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/rethinking-ray-ozzie.htm</wfw:commentRss>
  183. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/rethinking-ray-ozzie.htm?opendocument&amp;comments</wfw:comment>
  184. </item>
  185. <item>
  186. <title>Good! Communication on upcoming short term fixes for both the Poodle and SHA-2 issues from IBM regarding Domino | MIA: No confirmation or roadmap for TLS 1.2/1.3 or HTTP v2</title>
  187. <pubDate>Tue, 21 Oct 2014 10:37:17 -0500</pubDate>
  188. <description>
  189. <![CDATA[
  190. What these are: GOOD Short time, targeted fixes to immediate issues Domino faces. This is some good, hard news. Updates on what's going to be done and timelines that work. Remember, the Poodle expl ...
  191. ]]>
  192. </description>
  193. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/communication-on-both-the-poodle-and-sha-2-issues-from-ibm.-.htm</link>
  194. <category>Domino</category>
  195. <dc:creator>Craig Wiseman</dc:creator>
  196. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/communication-on-both-the-poodle-and-sha-2-issues-from-ibm.-.htm?opendocument&amp;comments</comments>
  197. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/communication-on-both-the-poodle-and-sha-2-issues-from-ibm.-.htm</guid>
  198. <content:encoded><![CDATA[  <br /><font size=3 face="Georgia"><strong>What these are:</strong> GOOD Short time, targeted fixes to immediate issues Domino faces.</font> <br /><font size=3 face="Georgia">This is some good, hard news. Updates on what's going to be done and timelines that work.</font> <br /><font size=3 face="Georgia">&nbsp;</font> <br /><font size=3 face="Georgia">Remember, the Poodle exploit is *at this point* proof of concept from Google, so we do have a window of time before it becomes a true issue.</font> <br /> <br /><font size=3 face="Georgia">This is a very acceptable approach. As I told support... I'm fine with having a Poodle-resistant solution for Domino 8.5.x and moving to full TLS and HTTP in 9.x. </font> <br /> <br /><font size=3 face="Tahoma"><strong>Planned SHA-2 deliveries for IBM Domino 9.x</strong></font> <br /><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21418982"><font size=3 color=blue face="Tahoma">http://www-01.ibm.com/support/docview.wss?uid=swg21418982</font></a> <br /> <br /><font size=3 face="Tahoma"><strong>How is IBM Domino impacted by the POODLE attack?</strong></font> <br /><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21687167"><font size=3 color=blue face="Tahoma">http://www-01.ibm.com/support/docview.wss?uid=swg21687167</font></a> <br /> <br /> <br /><font size=3 face="Georgia"><strong>What we still need:</strong> A commitment and roadmap to full TLS 1.2/1.3 and HTTP v2 support, native in Domino, across all platforms.</font> <br /> <br /><font size=3 face="Tahoma"><blockquote>I<strong>BM is committed</strong> to delivering a secure and reliable offering. It is our intention to continue to address general enhancements including security updates as is our general practice in our product development cycles or in our ongoing subscription updates. </blockquote></font> <br /> <br /> <br />  ]]></content:encoded>
  199. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/communication-on-both-the-poodle-and-sha-2-issues-from-ibm.-.htm</wfw:commentRss>
  200. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/communication-on-both-the-poodle-and-sha-2-issues-from-ibm.-.htm?opendocument&amp;comments</wfw:comment>
  201. </item>
  202. <item>
  203. <title>What IBM&#8217;s response to the POODLE SSL v3 attack feels like to its Domino customers</title>
  204. <pubDate>Mon, 20 Oct 2014 14:24:50 -0500</pubDate>
  205. <description>
  206. <![CDATA[
  207. What IBM's response to the POODLE SSL v3 attack feels like to its Domino customers: ...
  208. ]]>
  209. </description>
  210. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/what-ibms-response-to-the-poodle-ssl-v3-attack-feels-like-to-its-domino-customers.htm</link>
  211. <category>Domino SSL TLS</category>
  212. <dc:creator>Craig Wiseman</dc:creator>
  213. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/what-ibms-response-to-the-poodle-ssl-v3-attack-feels-like-to-its-domino-customers.htm?opendocument&amp;comments</comments>
  214. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/what-ibms-response-to-the-poodle-ssl-v3-attack-feels-like-to-its-domino-customers.htm</guid>
  215. <content:encoded><![CDATA[ <font size=4 face="Georgia">What IBM's response to the POODLE SSL v3 attack feels like to its Domino customers:</font> <br /> <br /><font size=4 face="Georgia"><img  src="http://www.wiseman.la/web/cpwblog.nsf/dx/TopMen.jpg/$file/TopMen.jpg" alt="TOP men are working on it"/> </font>  ]]></content:encoded>
  216. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/what-ibms-response-to-the-poodle-ssl-v3-attack-feels-like-to-its-domino-customers.htm</wfw:commentRss>
  217. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/what-ibms-response-to-the-poodle-ssl-v3-attack-feels-like-to-its-domino-customers.htm?opendocument&amp;comments</wfw:comment>
  218. </item>
  219. <item>
  220. <title>I, Cassandra? If you&#8217;re wondering what&#8217;s wrong with IBM (and why the bad news today), Cringley&#8217;s been telling you for years</title>
  221. <pubDate>Mon, 20 Oct 2014 10:02:14 -0500</pubDate>
  222. <description>
  223. <![CDATA[
  224. &#91;Background research: Who was Cassandra?&#93; IBM announced some pretty bad news today... IBM's PAYING GlobalFoundries to take its chip making facility off its hands and IBM's given up on its HU ...
  225. ]]>
  226. </description>
  227. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/i-cassandra-if-youre-wondering-whats-wrong-with-ibm-and-why-the-bad-news-today-cringleys-been-telling-you-for-years.htm</link>
  228. <category>Domino</category>
  229. <dc:creator>Craig Wiseman</dc:creator>
  230. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/i-cassandra-if-youre-wondering-whats-wrong-with-ibm-and-why-the-bad-news-today-cringleys-been-telling-you-for-years.htm?opendocument&amp;comments</comments>
  231. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/i-cassandra-if-youre-wondering-whats-wrong-with-ibm-and-why-the-bad-news-today-cringleys-been-telling-you-for-years.htm</guid>
  232. <content:encoded><![CDATA[ <font size=3 face="Georgia">&#91;Background research: </font><a href=http://en.wikipedia.org/wiki/Cassandra><font size=3 color=blue face="Georgia"><u>Who was Cassandra?</u></font></a><font size=3 face="Georgia">&#93;</font><font size=3> </font><font size=3 face="Georgia"><br /> <br /> IBM announced some pretty bad news today... </font><a href="https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=newssearch&amp;cd=1&amp;cad=rja&amp;uact=8&amp;ved=0CB0QqQIoADAA&amp;url=http%3A%2F%2Fwww.usatoday.com%2Fstory%2Ftech%2F2014%2F10%2F20%2Fibm-globalfoundries%2F17597597%2F&amp;ei=syRFVJzzIYW_8gHk94GADQ&amp;usg&macr;QjCNGWi7SZ3AIsb29KU-yPvP9liyVYvw&amp;sig2&not;K2zOS9MXIYWXPA1tk_BQ"><font size=3 color=blue face="Georgia"><u>IBM's PAYING GlobalFoundries to take its chip making facility off its hands</u></font></a><font size=3 face="Georgia"> and </font><a href="https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=newssearch&amp;cd=1&amp;cad=rja&amp;uact=8&amp;ved=0CCIQ-AsoAzAA&amp;url=http%3A%2F%2Fwww.bloomberg.com%2Fnews%2F2014-10-20%2Fibm-abandons-2015-earnings-goal-as-rometty-divests-assets-1-.html&amp;ei=syRFVJzzIYW_8gHk94GADQ&amp;usg&macr;QjCNGUjyPNco-CW5hTCBdqf4JfA2jyxQ&amp;sig2=ZKFoj5Y7izK1Jk8TNbH99g"><font size=3 color=blue face="Georgia"><u>IBM's given up on its HUGELY vaunted earnings plans</u></font></a><font size=3 face="Georgia">.</font><font size=3> </font><font size=3 face="Georgia"><br /> <br /> If you're interested in why this may be, take a gander at what Cringely been saying for a long, long time:</font><font size=3> </font><font size=3 color=blue><u><br /> <br /> </u></font><a href="http://www.cringely.com/2014/06/04/decline-fall-ibm/"><font size=3 color=blue face="Arial"><strong><u>The Decline and Fall of IBM</u></strong></font></a><font size=3> </font><font size=3 face="Georgia"><br /> (italics are mine) </font><font size=3 face="Arial"><br /> <blockquote>Even on the surface, IBM in early 2014 looks like a troubled company. Sales are flat to down, and earnings are too. More IBM customers are probably unhappy with Big Blue right now than are happy. After years of corporate downsizing, employee morale is at an all-time low. Bonuses and even annual raises are rare. But for all that, IBM is still an enormous multinational corporation with high profits, deep pockets, and grand ambitions for new technical initiatives in cloud computing, Big Data analytics, and artificial intelligence as embodied in the company's Jeopardy game-show-winning Watson technology. Yet for all this, IBM seems to have lost some of its mojo, or at least that's what Wall Street and the business analysts are starting to think.</font><font size=3> </font><font size=3 face="Arial"><br /> <br /> Just starting to think? <em>The truth is that IBM is in deep trouble and has been since before the Great Recession of 2008. The company has probably been doomed since 2010</em>. It's just that nobody knew it. These are harsh words, I know, and I don't write them lightly. By doomed I mean that IBM has chosen a path that, if unchanged, can only lead to decline, corporate despair, and ultimately insignificance for what was once the mightiest of American businesses.</font><font size=3> </font><font size=3 face="Arial"><br /> <br /> If I am correct about IBM, whose fault is it?</font><font size=3> </font><font size=3 color=blue><u><br /> </u></font><a href="http://www.cringely.com/2014/06/04/decline-fall-ibm/"><font size=3 color=blue face="Arial"><u>Full Source</u></font></a><font size=3 face="Arial"> </font><font size=3></blockquote> </font>  ]]></content:encoded>
  233. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/i-cassandra-if-youre-wondering-whats-wrong-with-ibm-and-why-the-bad-news-today-cringleys-been-telling-you-for-years.htm</wfw:commentRss>
  234. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/i-cassandra-if-youre-wondering-whats-wrong-with-ibm-and-why-the-bad-news-today-cringleys-been-telling-you-for-years.htm?opendocument&amp;comments</wfw:comment>
  235. </item>
  236. <item>
  237. <title>Apparent (small) update from IBM on &quot;concerns around TLS and SHA-2&quot; from the Domino 9 forum</title>
  238. <pubDate>Thu, 16 Oct 2014 21:51:56 -0500</pubDate>
  239. <description>
  240. <![CDATA[
  241. This seems promising. OK, "promising" is way overselling it. Really, I guess it's not "promising" when the vendor acknowledges something that customers have been asking about for over 8 years. But ...
  242. ]]>
  243. </description>
  244. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/apparent-small-update-from-ibm-on-concerns-around-tls-and-sha-2-from-the-domino-9-forum.htm</link>
  245. <category>Administration</category>
  246. <dc:creator>Craig Wiseman</dc:creator>
  247. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/apparent-small-update-from-ibm-on-concerns-around-tls-and-sha-2-from-the-domino-9-forum.htm?opendocument&amp;comments</comments>
  248. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/apparent-small-update-from-ibm-on-concerns-around-tls-and-sha-2-from-the-domino-9-forum.htm</guid>
  249. <content:encoded><![CDATA[ <font size=3 face="Georgia"><br /> This seems promising. OK, "promising" is way overselling it. <br /> Really, I guess it's not "promising" when the vendor acknowledges something that customers have been asking about for over 8 years. <br /> <br /> But that's not the point: <br /> <br /> <blockquote></font><font size=3 face="Tahoma">Re: Poodle SSL vulnerability <br /> Greetings, <br /> <br /> We are currently working on statements regarding solutions for our clients with concerns around TLS and SHA-2. <br /> <br /> Thanks, <br /> <br />  &nbsp; &nbsp;dave <br /> <br /> David Kern | Resident Paranoid <br /> STSM, Global ICS Security Architect </font><font size=3 color=blue face="Tahoma"><u><br /> </u></font><a href="http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=026BD2D47421025985257D7200452B47" target=_blank><font size=3 color=blue face="Tahoma"><u>Source</u></font></a><font size=3 face="Georgia"></blockquote> <br /> <br /> <br /> <br /> <img  src="http://www.wiseman.la/web/cpwblog.nsf/dx/IBM-Poodle.jpg/$file/IBM-Poodle.jpg" alt="Resident Paranoid"/> <br /> </font> <div align=center></div>  ]]></content:encoded>
  250. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/apparent-small-update-from-ibm-on-concerns-around-tls-and-sha-2-from-the-domino-9-forum.htm</wfw:commentRss>
  251. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/apparent-small-update-from-ibm-on-concerns-around-tls-and-sha-2-from-the-domino-9-forum.htm?opendocument&amp;comments</wfw:comment>
  252. </item>
  253. <item>
  254. <title>Poor Domino users. For folks who care about security, looks like now is when IBM&#8217;s disrespect (contempt) for its userbase bites us: new Poodle SSL v3 hack</title>
  255. <pubDate>Wed, 15 Oct 2014 07:50:22 -0500</pubDate>
  256. <description>
  257. <![CDATA[
  258. For over 8 years, there's been post after post, PMR after PMR, IdeaJam idea after idea on upgrade Domino's SSL security in order to keep it current. (Here's a google search for: Please upgrade Domino ...
  259. ]]>
  260. </description>
  261. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/poor-domino-users.-for-folks-who-care-about-security-looks-like-now-is-when-ibms-disrespect-contempt-for-its-userbase-bites-us-new-poodle-ssl-v3-hack.htm</link>
  262. <category></category>
  263. <dc:creator>Craig Wiseman</dc:creator>
  264. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/poor-domino-users.-for-folks-who-care-about-security-looks-like-now-is-when-ibms-disrespect-contempt-for-its-userbase-bites-us-new-poodle-ssl-v3-hack.htm?opendocument&amp;comments</comments>
  265. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/poor-domino-users.-for-folks-who-care-about-security-looks-like-now-is-when-ibms-disrespect-contempt-for-its-userbase-bites-us-new-poodle-ssl-v3-hack.htm</guid>
  266. <content:encoded><![CDATA[ <font size=3 face="Georgia">For over 8 years, there's been post after post, PMR after PMR, IdeaJam idea after idea on upgrade Domino's SSL security in order to keep it current. <br /> (Here's a google search for: </font><a href="http://lmgtfy.com/?q=please+upgrade+Domino+ssl" target=_blank><font size=3 color=blue face="Georgia"><u>Please upgrade Domino SSL</u></font></a><font size=3 face="Georgia"> ) <br /> <br /> While they've been very busy apparently doing nothing about this, IBM's also been very quiet about it, although they have acknowledged that IBM's PAYING CUSTOMERS think it's important (</font><a href="http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=0BBA1D75D92075FC85257D3B006FABB8"><font size=3 color=blue face="Georgia"><u>see here</u></font></a><font size=3 face="Georgia">). <br /> <br /> Now, we expect to hear something about how to fix this. SOON. It's not like IBM hasn't had time to prepare. <strong><br /> <br /> Give me details!</strong> <br /> Bill Malchisky covers the actual vulnerability very well, so I'll send you his way for the techy detail: </font><a href=http://planetlotus.org/c4db50 target=_blank><font size=3 color=blue face="Georgia"><u>New SSL3 Exploit: The POODLE Is Here and Lifting Its Leg </u></font></a><font size=3 face="Georgia">( http://planetlotus.org/c4db50 ) <br /> <strong><br /> Update </strong>See the comments for some mitigation options for Domino. UNTIL IBM FIXES THIS. </font>  ]]></content:encoded>
  267. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/poor-domino-users.-for-folks-who-care-about-security-looks-like-now-is-when-ibms-disrespect-contempt-for-its-userbase-bites-us-new-poodle-ssl-v3-hack.htm</wfw:commentRss>
  268. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/poor-domino-users.-for-folks-who-care-about-security-looks-like-now-is-when-ibms-disrespect-contempt-for-its-userbase-bites-us-new-poodle-ssl-v3-hack.htm?opendocument&amp;comments</wfw:comment>
  269. </item>
  270. <item>
  271. <title>Re: IBM Domino and SHA-1 / SHA-2  / SHA-256 (etc) ... that doesn&#8217;t sound promising, does it?</title>
  272. <pubDate>Mon, 6 Oct 2014 12:04:11 -0500</pubDate>
  273. <description>
  274. <![CDATA[
  275. What do you say when you have bad news or no news... when you really should be saying something? One corporate take is to say as little as possible. (and hope the issue goes away, I guess). I've ...
  276. ]]>
  277. </description>
  278. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/re-sha-2-sha-256...-that-doesnt-promising-does-it.htm</link>
  279. <category></category>
  280. <dc:creator>Craig Wiseman</dc:creator>
  281. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/re-sha-2-sha-256...-that-doesnt-promising-does-it.htm?opendocument&amp;comments</comments>
  282. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/re-sha-2-sha-256...-that-doesnt-promising-does-it.htm</guid>
  283. <content:encoded><![CDATA[ <font size=4 face="Georgia"></font><font size=4> </font><font size=4 face="Georgia"><br /> What do you say when you have <strong>bad</strong> news or <strong>no</strong> news... when you really should be saying something? <br /> <br /> One corporate take is to say as little as possible. (and hope the issue goes away, I guess).</font><font size=4> </font><font size=4 face="Georgia"><br /> <br /> I've blurred the name of the source for this comment, because I don't want her (or is it him?) blamed &nbsp;for my extrapolation.</font><font size=4> </font><font size=4 face="Georgia"><br /> <img  src="http://www.wiseman.la/web/cpwblog.nsf/dx/IBM-SHA2.jpg/$file/IBM-SHA2.jpg"/> <br /> <br /> <br /> <br /> <br /> <blockquote></font><font size=4> </font><font size=4 face="Georgia">Related to this issue we have an answer from our colleagues from Level 2 that even the future version 10 does not have the support for it yet - and there is an enhancement request even for that version. The enhancement request for SHA-2 is the most needed one in Domino history. The more customers are requesting it, the more chance there is that IBM will put time and money into fixing it. We added your PMR to this very long list. The software problem report number is SPR # ABAI7SASE6 and APAR #LO46492.</font><font size=4> </font><font size=4 face="Georgia"></blockquote></font><font size=4> </font><font size=4 face="Georgia"><strong><br /> <br /> If you haven't yet, please call IBM and open a PMR in support of this SPR/APAR.</strong></font><font size=4> </font><font size=4 face="Georgia"><strong><br /> <br /> C'mon, IBM I want to believe you're going to do the right thing here. <em>and soon.</em></strong></font><font size=4> </font> <div align=center><font size=4 face="Georgia"><img  src="http://www.wiseman.la/web/cpwblog.nsf/dx/DominoIWantToBelieve.jpg/$file/DominoIWantToBelieve.jpg" alt="really. I do."/> </font></div>  ]]></content:encoded>
  284. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/re-sha-2-sha-256...-that-doesnt-promising-does-it.htm</wfw:commentRss>
  285. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/re-sha-2-sha-256...-that-doesnt-promising-does-it.htm?opendocument&amp;comments</wfw:comment>
  286. </item>
  287. <item>
  288. <title>Hey, IBM! While you&#8217;re adding SHA-2 support across all Domino services, we expect to see HTTP/2 on the road map (soon)</title>
  289. <pubDate>Mon, 6 Oct 2014 07:21:39 -0500</pubDate>
  290. <description>
  291. <![CDATA[
  292. . One of the great things about Notes and Domino has been the iterative growth of features. Well, that was true until about 4 years ago. Lately, a lot has been said about IBM's poor performance in ke ...
  293. ]]>
  294. </description>
  295. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/hey-ibm-while-youre-adding-sha-2-support-across-all-domino-services-please-add-http2-to-the-road-map.htm</link>
  296. <category></category>
  297. <dc:creator>Craig Wiseman</dc:creator>
  298. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/hey-ibm-while-youre-adding-sha-2-support-across-all-domino-services-please-add-http2-to-the-road-map.htm?opendocument&amp;comments</comments>
  299. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/hey-ibm-while-youre-adding-sha-2-support-across-all-domino-services-please-add-http2-to-the-road-map.htm</guid>
  300. <content:encoded><![CDATA[ <font size=4 face="Georgia">.</font><font size=4> </font><font size=4 face="Georgia"><br /> One of the great things about Notes and Domino has been the iterative growth of features. Well, that was true until about 4 years ago. Lately, a lot has been said about IBM's poor performance in keeping Domino's security stack up to date:</font><font size=4> </font><font size=4 color=blue><u><br /> </u></font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c27d79><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c27d79</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c28ea9><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c28ea9</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c2841d><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c2841d</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c2af15><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c2af15</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c39b14><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c39b14</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c2af24><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c2af24</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://www.ideajam.net/IdeaJam/P/ij.nsf/0/342557C4307F678D86257833004C527F?OpenDocument><font size=4 color=blue face="Georgia"><u>http://www.ideajam.net/IdeaJam/P/ij.nsf/0/342557C4307F678D86257833004C527F?OpenDocument</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href="http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=0BBA1D75D92075FC85257D3B006FABB8"><font size=4 color=blue face="Georgia"><u>http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=0BBA1D75D92075FC85257D3B006FABB8</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c41a5d><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c41a5d</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c3db15><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c3db15</u></font></a><font size=4> </font><font size=4 color=blue><u><br /> </u></font><a href=http://planetlotus.org/c40739><font size=4 color=blue face="Georgia"><u>http://planetlotus.org/c40739</u></font></a><font size=4> </font><font size=4 color=#000080 face="Georgia"><em><br /> <br /> <br /> Not that we've heard ANYTHING from IBM on this topic, but that's not the point of this post...</em></font><font size=4> </font><font size=4 face="Georgia"><strong><br /> <br /> The HTTP/2 protocol is rapidly being developed and accepted. </strong><br /> <br /> <blockquote>The standardization effort comes as an answer to the rise of SPDY, an HTTP compatible protocol launched by Google&#91;3&#93; and supported in Chrome, Opera, Firefox, Internet Explorer 11 and Amazon Silk browsers.</font><font size=4> </font><font size=4 face="Georgia"><br /> <br /> Full detail: </font><a href=http://en.wikipedia.org/wiki/HTTP/2><font size=4 color=blue face="Georgia"><u>http://en.wikipedia.org/wiki/HTTP/2</u></font></a><font size=4 face="Georgia"></blockquote></font><font size=4> </font><font size=4 face="Georgia"><br /> <br /> As <strong>paying customers</strong> of a pretty <strong>expensive product</strong>, I think we have a <strong>fair expectation</strong> that we see <strong>HTTP/2 support in Domino</strong> on the roadmap <strong>across all platforms</strong>, just as we expect <strong>TLS 1.3 and SHA-2+ across all protocols on all platforms.</strong></font><font size=4> </font> <div align=center><font size=4 face="Georgia"><CENTER><script type="text/javascript">
  301. <!--
  302. inwidth = 500;inheight = 520;id = "26A12C383DDDA38286257D6900455515";//-->
  303. </script>
  304. <script type="text/javascript"
  305. src="http://www.ideajam.net/IdeaJam/P/ij.nsf/ideajamblogthis.js">
  306. </script>
  307. </CENTER> </font> <br /></div> <br /><font size=4 face="Georgia"><strong>Update: </strong></font> <br /><font size=4 face="Georgia"><blockquote> ...</font> <br /><font size=4 face="Georgia">I have completed the creation of Software Problem Report #ITDL9PMP32 (APAR #LO82258) reporting the issue to the Domino Development team. </font> <br /><font size=4 face="Georgia">....</font> <br /><font size=4 face="Georgia">I have created Software Problem Report asking that the product be enhanced to do this in a future release. </blockquote></font> <br /> <br /><font size=4 face="Georgia"><em>If you wish, please open PMR in support of this SPR/APAR</em></font> <div align=center> <br /></div>  ]]></content:encoded>
  308. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/hey-ibm-while-youre-adding-sha-2-support-across-all-domino-services-please-add-http2-to-the-road-map.htm</wfw:commentRss>
  309. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/hey-ibm-while-youre-adding-sha-2-support-across-all-domino-services-please-add-http2-to-the-road-map.htm?opendocument&amp;comments</wfw:comment>
  310. </item>
  311. <item>
  312. <title>Google accelerates end of SHA-1 support - IBM&#8217;s letting its customers down</title>
  313. <pubDate>Thu, 11 Sep 2014 11:25:15 -0500</pubDate>
  314. <description>
  315. <![CDATA[
  316. There's been a justifiable bit of a hullabaloo about security and IBM Domino (nee Lotus Domino). The biggest point lately concerning Domino's shameful lack of general support for modern Web security ...
  317. ]]>
  318. </description>
  319. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/google-accelerates-end-of-sha-1-support-ibms-letting-its-customers-down.htm</link>
  320. <category>Administration</category>
  321. <dc:creator>Craig Wiseman</dc:creator>
  322. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/google-accelerates-end-of-sha-1-support-ibms-letting-its-customers-down.htm?opendocument&amp;comments</comments>
  323. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/google-accelerates-end-of-sha-1-support-ibms-letting-its-customers-down.htm</guid>
  324. <content:encoded><![CDATA[ <font size=4 face="Georgia">There's been a justifiable bit of a </font><a href=http://planetlotus.org/c27d79 target=_blank><font size=4 color=#800000 face="Georgia"><u>hullabaloo</u></font></a><font size=4 face="Georgia"> </font><a href=http://planetlotus.org/c28ea9 target=_blank><font size=4 color=#008000 face="Georgia"><u>about</u></font></a><font size=4 face="Georgia"> </font><a href=http://planetlotus.org/c2841d target=_blank><font size=4 color=#808000 face="Georgia"><u>security</u></font></a><font size=4 face="Georgia"> </font><a href=http://planetlotus.org/c2af15 target=_blank><font size=4 color=#008080 face="Georgia"><u>and</u></font></a><font size=4 face="Georgia"> IBM Domino (nee Lotus Domino). <br /> <br /> The biggest point lately concerning <strong>Domino's shameful lack of general support for modern Web security</strong> has hinged around Domino's support for only the </font><a href="http://en.wikipedia.org/wiki/SHA-1" target=_blank><font size=4 color=blue face="Georgia"><u>SHA1 hash</u></font></a><font size=4 face="Georgia">. What's sad about this is that "</font><a href="https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know" target=_blank><font size=4 color=blue face="Georgia"><u>The first signs of weaknesses in SHA1 appeared (almost) ten years ago.</u></font></a><font size=4 face="Georgia"> - Qualys Blog". Ten years ago... back when IBM gave the appearance of caring about Domino's future. <br /> <br /> Now Google has announced (bolding is mine): <blockquote>The use of SHA-1 within TLS certificates is no longer sufficiently secure. This is an intent to phase them out (in 2-3 years). In order to make such a phase-out execute smoothly, rather than be an Internet flag day, <strong>we will be degrading the experience when these certificates are used in the wild.</strong></blockquote> </font><font size=4 color=blue><u><br /> </u></font><a href="https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/2-R4XziFc7A/NDI8cOwMGRQJ" target=_blank><font size=4 color=blue face="Georgia"><u>Google's full proposal, "Intent to Deprecate: SHA-1 certificates"</u></font></a><font size=4 face="Georgia"> </font><font size=4 color=blue><u><br /> <br /> </u></font><a href="http://www.zdnet.com/google-accelerates-end-of-sha-1-support-certificate-authorities-nervous-7000033159/" target=_blank><font size=4 color=blue face="Georgia"><u>ZDnet discussion, "Google accelerates end of SHA-1 support; certificate authorities nervous"</u></font></a><font size=4 face="Georgia"> <strong><br /> <br /> This apparently means that in Google Chrome, your "secure" Domino websites will get a user interface indicator that there's something wrong, or not up to snuff with your site.</strong> <br /> <br /> Just to remind you, as of 09/11/2014, here's IBM's official stance on SHA2 support: <br /> <blockquote></font><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21418982" target=_blank><font size=4 color=blue face="Georgia"><u>click to see on IBM's site</u></font></a><font size=4 face="Georgia"> <strong><br /> Problem</strong> <br /> When trying to import the root CA, with a key length of 4096 and SHA-256, the following error appears: <br /> <br /> "Certificate signature does not match contents." <br /> <br /> Is it possible to use a CA with a key length of 4096 and SHA-256 with Domino 8.x or 9.0.x? <strong><br /> <br /> Resolving the problem</strong> <br /> No, Domino does not support SHA-2; only MD5, SHA-1, and DSA are currently supported. SPR # ABAI7SASE6 (APAR LO48388) has been submitted to Quality Engineering to request support for SHA-2 in future releases.</blockquote> </font><font size=4><br /> </font><font size=4 face="Georgia"><strong><br /> IMPORTANT: This SHA1 discussion is only a small piece of this issue.</strong> Traditionally, Lotus, then IBM has been a good steward and added new features and security to Domino as things evolved. Before v4.6, Domino didn't even have a web server (actually, it was called the Notes server before v4.6), and SMTP was originally a separate piece that hooked into the Notes server. LDAP, POP3, XML, RSS, etc... all were added and melded into the product over time. <u>We need TLS 1.2+, DKIM, DMARC, etc.</u><br /> <br /> Very simply and clearly, <strong>it's time </strong>for IBM to continue this process and <strong>add full TLS 1.3 support</strong> for <strong>all Domino services</strong> (HTTPS, SMTP, POP3, LDAP, IMAP, etc) <strong>on all platforms</strong>. <br /> <br /> Otherwise, better hope Rose has some room on the plank for you. </font><font size=4><br /> </font><font size=4 face="Georgia"><br /> .</font><font size=4> </font> <div align=center><font size=4 face="Georgia"><img  src="http://www.wiseman.la/web/cpwblog.nsf/dx/Icebergsmall.jpg/$file/Icebergsmall.jpg" alt="Titantic hitting the iceberg"/> </font></div> <br /><font size=4 face="Georgia"><br /> <br /> </font>  ]]></content:encoded>
  325. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/google-accelerates-end-of-sha-1-support-ibms-letting-its-customers-down.htm</wfw:commentRss>
  326. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/google-accelerates-end-of-sha-1-support-ibms-letting-its-customers-down.htm?opendocument&amp;comments</wfw:comment>
  327. </item>
  328. <item>
  329. <title>(Repost): IBM... PLEASE update Domino&#8217;s SSL/TLS. It&#8217;s stuck in ancient times and vulnerable.</title>
  330. <pubDate>Mon, 25 Aug 2014 11:51:58 -0500</pubDate>
  331. <description>
  332. <![CDATA[
  333. I posted about this here in 2011. Other good folks have been posting about this as well, here, here, here, here, etc. Simply put, Domino needs proper, modern TLS 1.3 support across all protocols, in ...
  334. ]]>
  335. </description>
  336. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/repost-ibm...-please-update-dominos-ssltls.-its-stuck-in-ancient-times-and-vulnerable..htm</link>
  337. <category>Domino SSL TLS </category>
  338. <dc:creator>Craig Wiseman</dc:creator>
  339. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/repost-ibm...-please-update-dominos-ssltls.-its-stuck-in-ancient-times-and-vulnerable..htm?opendocument&amp;comments</comments>
  340. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/repost-ibm...-please-update-dominos-ssltls.-its-stuck-in-ancient-times-and-vulnerable..htm</guid>
  341. <content:encoded><![CDATA[ <font size=3 face="Georgia">I posted about this </font><a href="https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=2&amp;cad=rja&amp;uact=8&amp;ved=0CCYQFjAB&amp;url=http%3A%2F%2Fwww.wiseman.la%2Fweb%2FcpwBlog.nsf%2Fdx%2Fibm...-please-update-dominos-ssltls.-its-stuck-in-ancient-times-and-vulnerable..htm%3Fopendocument%26comments&amp;ei=Hmr7U72nOsr88AHRv4HABw&amp;usg&macr;QjCNG27A24nWVVtC6QRZgDvi3ng23FvQ&amp;sig2=Gh8ZHLrWSSmeZnTOnum-6Q&amp;bvm=bv.73612305,d.b2U"><font size=3 color=blue face="Georgia"><u>here</u></font></a><font size=3 face="Georgia"> in 2011. Other good folks have been posting about this as well, </font><a href=http://planetlotus.org/c28418><font size=3 color=blue face="Georgia"><u>here</u></font></a><font size=3 face="Georgia">, </font><a href=http://planetlotus.org/c28ea9><font size=3 color=blue face="Georgia"><u>here</u></font></a><font size=3 face="Georgia">, </font><a href=http://planetlotus.org/c27d79><font size=3 color=blue face="Georgia"><u>here</u></font></a><font size=3 face="Georgia">, </font><a href=http://planetlotus.org/c29c55><font size=3 color=blue face="Georgia"><u>here</u></font></a><font size=3 face="Georgia">, etc. <br /> <br /> Simply put, Domino needs <u>proper</u>, <em>modern </em><strong>TLS 1.3 </strong>support across all protocols, including SMTP, LDAP, HTTP, POP, IMAP, etc. <br /> What kind of shocks me is that there's any discussion about making this happen. If I had a product in this situation, the only meetings I'd be having is about WHEN the enhancements will be finished. <br /> <br /> IBM is all about security, except... when it isn't? <br /> <br /> and, please... let's not hear anyone at IBM say, "We've not head that our customers want this." <br /> <br /> What can be done? <br /> + <strong>Call</strong> in to IBM support and get them to create a PMR and add it to <br /> "</font><a href="http://www-01.ibm.com/support/docview.wss?uid=swg1LO48388"><font size=3 color=blue face="Georgia"><u>APAR LO48388: ENHANCEMENT REQUEST: SUPPORT SHA-2 ALGORITHM FOR SSL ON DOMINO</u></font></a><font size=3 face="Georgia">" <br /> Apparently "APAR LO67453 SPR #YDEN8RNH22 for Enhancement " has disappeared. <br /> <br /> + <strong>Comment</strong> here at what used to be Notes.net: </font><a href="http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=0BBA1D75D92075FC85257D3B006FABB8"><font size=3 color=blue face="Georgia"><u>http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=0BBA1D75D92075FC85257D3B006FABB8</u></font></a><font size=3 face="Georgia"> <br /> <br /> </font> <div align=center><font size=3 face="Georgia"><CENTER><script type="text/javascript">
  342. <!--
  343. inwidth = 500;inheight = 520;id = "342557C4307F678D86257833004C527F";//-->
  344. </script>
  345. <script type="text/javascript"
  346. src="http://www.ideajam.net/IdeaJam/P/ij.nsf/ideajamblogthis.js">
  347. </script>
  348. </CENTER> </font></div>  ]]></content:encoded>
  349. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/repost-ibm...-please-update-dominos-ssltls.-its-stuck-in-ancient-times-and-vulnerable..htm</wfw:commentRss>
  350. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/repost-ibm...-please-update-dominos-ssltls.-its-stuck-in-ancient-times-and-vulnerable..htm?opendocument&amp;comments</wfw:comment>
  351. </item>
  352. <item>
  353. <title>Something was added in the latest Java update from Oracle: Suppress sponsor offers when installing or updating Java</title>
  354. <pubDate>Thu, 21 Aug 2014 17:13:14 -0500</pubDate>
  355. <description>
  356. <![CDATA[
  357. Here's a subtle thing for IT folks. This check box was added in the very latest Java release. See anything useful about it? ...
  358. ]]>
  359. </description>
  360. <link>http://www.wiseman.la/web/cpwblog.nsf/dx/something-was-added-in-the-latest-java-update-from-oracle-suppress-sponsor-offers-when-installing-or-updating-java.htm</link>
  361. <category>Administration</category>
  362. <dc:creator>Craig Wiseman</dc:creator>
  363. <comments>http://www.wiseman.la/web/cpwblog.nsf/dx/something-was-added-in-the-latest-java-update-from-oracle-suppress-sponsor-offers-when-installing-or-updating-java.htm?opendocument&amp;comments</comments>
  364. <guid isPermaLink="true">http://www.wiseman.la/web/cpwblog.nsf/dx/something-was-added-in-the-latest-java-update-from-oracle-suppress-sponsor-offers-when-installing-or-updating-java.htm</guid>
  365. <content:encoded><![CDATA[ <font size=3 face="Georgia">Here's a subtle thing for IT folks. This check box was added in the very latest Java release. <br /> See anything useful about it? <br /> </font> <div align=center><font size=3 face="Georgia"><img  src="http://www.wiseman.la/web/cpwblog.nsf/dx/JavaControlP.jpg/$file/JavaControlP.jpg" alt="Java Control Panel"/> </font></div>  ]]></content:encoded>
  366. <wfw:commentRss> http://www.wiseman.la/web/cpwblog.nsf/dxcomments/something-was-added-in-the-latest-java-update-from-oracle-suppress-sponsor-offers-when-installing-or-updating-java.htm</wfw:commentRss>
  367. <wfw:comment> http://www.wiseman.la/web/cpwblog.nsf/dx/something-was-added-in-the-latest-java-update-from-oracle-suppress-sponsor-offers-when-installing-or-updating-java.htm?opendocument&amp;comments</wfw:comment>
  368. </item>
  369. </channel></rss>
  370.  

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

  1. Download the "valid RSS" banner.

  2. Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)

  3. Add this HTML to your page (change the image src attribute if necessary):

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//www.wiseman.la/web/cpwBlog.nsf/feed.rss

Copyright © 2002-9 Sam Ruby, Mark Pilgrim, Joseph Walton, and Phil Ringnalda