Eric Covener’s Journal

cringeworthy exchange on usenet

This is like the polar opposite of “How To Ask Questions The Smart Way”

I used to have a set of mod_rewrite rules that returned my favicon (the ‘C’) when someone linked to one of my pictures from something other then a select few places — I was seeing lots of bandwidth from the most retarded phpbb-style forums.

While it’s funny to click-through some of the referrers and see links to lmaonade.gif or reminder.jpg that just show the ‘C’ instead, I’ve now disabled the rule.

I was recently invited to become an Apache httpd commiter by the ASF, complete with vanity email address and people.apache.org webspace.

I hope to actually do some worthwhile things, notably with mod_ldap/mod_authnz_ldap, in the near future when things slow down a bit at work.

http://support.microsoft.com/kb/843518/

There’s an hour of reading traces I won’t get back

AJ Lambert, via the Daily Collegian, on the movie selection at Ruckus

While browsing for movies such as Wedding Crashers, Old School and Fight Club, no matches were found. However, Ruckus did offer a wide selection of unpopular 90’s movies such as Natural Born Killers, L.A. Confidential

When you are validating an X509 (SSL) certificate, there are a few types of online repositories where the issuer may publish that the certificate has been revoked.

An extension in the certificate, CRLDistributionPoint, can point you to an LDAP directory — but whoever issues the cert has to embed it in the client certificates so you even know to check.

I couldn’t get openssl to accept the value I was trying to pass in, and I found a lot of questions about this online and most of them referred to some difference between openssl .9.9 and earlier. None of them seemed to have a good resolution.

The problem with the configuration is the comma in the LDAP uri screws up the parser if you provide it directly. Documentation tells you to provide things with embedded commas in the “long” form where there is an extra level of indirection, multivalue items are stored in their own little section.

@ symbol before section name or not? Is the LHS of the section supposed to be the “crlDistributionPoints” or something else? Is the RHS supposed to contain the URI:ldap://… or not? Shouldn’t fullName appear somewhere?

Well here’s what worked for me w/ openssl .9.8

crlDistributionPoints=@cdp_section
[cdp_section]
URI=ldap://foo.com/cn=ALTCDP,c=US?certificateRevocationList?base?objectClass=cRLDistributionPoint