posted Sep 25, 2016, 8:19 AM by Sami Lehtinen
updated Sep 25, 2016, 8:20 AM
- This electronic key management and access control is just like firewalls. Usually and mostly more or less misconfigured, sometimes extremely badly misconfigured for extended times.
- Systems require constant maintenance, one webhook just dropped off without any warning. The code didn't have automatic webhook reactivation feature nor check to confirm that webhook is still active and system did break down. -> Trivial to fix, when noticed. But it always causes a temporary service interruption.
- Duplicity + lftp + GnuTLS issue was so wonderful. Somehow the default mode has been modified with Ubuntu distribution upgrade (which upgraded lftp) so that ftps default changed from Explicit to Implicit and this caused the problem. Reconfiguring settings fixed the issue. (Hopefully, verify) Well well. It took a while, most of instructions were totally misleading. They claimed it's required to ignore the certificate. Nope, that's all BS. It has nothing to do with the certificate. What's the real problem? Well, it seems that it has been changed so that ftps means implicit TLS. If you wan't to use ftpes aka ftps explicit which was earlier the default option you'll have to use ftp:// as for plain text and then set additional configuration file parameters to require starting encrypted explicit ftp(s) session after that in .ftp/rc to be exact set ftp:ssl-force on set ftp:ssl-protect-data on. Sure, I blogged those, so I can Google my own site if I start to swear about this stuff again. Also I've been so happy about 'software quality' at times. Another interesting thing was that lftp -vvv ftp://mysite which should be verbose according man pages, actually shows version message which should be show with --version. I just hate it when documentation is absolutely misleading and incorrect. Thank you for that too. Yet opening lftp and giving command debug 9 did the trick and now I can clearly see that ftp://mysite without any kind of TLS request actually does AUTH TLS and certificate is being checked as well as PROT P mode is being negotiated and used for data transfer so it's working. - Done. I just which things wouldn't be this annoying always. But this is business as usual. Go figure, it'll work. You're just doing it wrong, if it doesn't. I'm sure that default change is documented somewhere, I just didn't bother to dig it up, now it works.
- Can Apple engineers really make such a lousy software, that you can't sync over 3G / 4G data connection. They require WiFi (WLAN) for syncing. That really doesn't make any sense, whatever at all. Checked several forums and discussions and that seems to be the case. There's utterly stupid but working workaround. Turn mobile hotspot on, and then connect the phone to computer using USB and then set the computer to sync over the phones WiFi connection. But that if something is really retarded. It would be so simple to have an option which method(s) are allowed / disallowed for syncing, but phew, go figure.