268 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
The 2015 Snarky Review
Mon, Jan 11th 2016 24
If you get page errors after disabling HTTPEnableConnectorHeaders in Domino, try this
Mon, Nov 2nd 2015 13
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 18
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 14
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 15
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 16
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 14
Top 10
The 2015 Snarky Review
Mon, Jan 11th 2016 24
SOLUTION - Domino Directory Assistance to Active Directory when using SSL DOES NOT break with 9.0.1 FP4
Thu, Jul 16th 2015 22
Domino Directory Assistance to Active Directory when using SSL breaks with 9.0.1 FP4
Wed, Jul 15th 2015 19
Here is a freely available VM to reverse proxy Domino - shoot the poodle
Wed, Oct 15th 2014 18
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 18
iNotes and IE11 - yes it is supported
Tue, Mar 18th 2014 17
TLS 1.2 in Domino and the settings I use
Mon, Apr 6th 2015 17
How to disable SSLv3 in Domino
Fri, Dec 12th 2014 16
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 16
Domino adds HSTS to it’s security arsenal
Tue, Sep 15th 2015 15


Darren Duke
Blog Title Darren Duke Blog Zone
Blog Description Occasionally useful stuff around technology, VMware, Domino, Symantec, accents and the pursuit of happiness.
Blog URL http://blog.darrenduke.net
RSS Feed http://blog.darrenduke.net/Darren/DDBZ.nsf/feed.rss
Validate Feed feedvalidator.org or validator.w3.org
Feed Last Checked Feb 03, 2016 9:23:26 AM EST. Realtime Update:
Location Atlanta, GA, USA


Recent Blog Posts
24
The 2015 Snarky Review
Mon, Jan 11th 2016 1:00p   Darren Duke
Firefox started at 34, ended at 43 (which also seemed to break everything). Chrome started at 39, ended at 47. IE, 11 and 11 (or Edge depending on your OS). My browser preference has changed. I'd love to still use Firefox (as they give a shit about privacy) but it's performance compared to Chrome is laughably right now. So Chrome it is (hangs head in shame)... IBM finally grasped that web security in Domino is important. We got SHA2, TLS1.2, OCSP, HSTS and modern ciphers. Only in R
13
If you get page errors after disabling HTTPEnableConnectorHeaders in Domino, try this
Mon, Nov 2nd 2015 5:53a   Darren Duke
If you are wondering why you want to disable HTTPEnableConnectorHeaders go read Jasper Kiaer's excellent post on why this maybe the worst security hole in Domino ever. Yes, ever. So now you've sent HTTPEnableConnectorHeaders=0 in the server notes.ini (make sure the setting has taken with a "show config http*" in the server console). You restart HTTP on Domino and you get this when you try to access the server: Request contains an HTTP header that does not contain a colon Then you
18
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 5:11p   Darren Duke
There are times when a SSL certificate would be nice but not economical. Like for this blog for example. I'm hardly going to splurge $100+ on SSL certificate "just because", and "SSL everywhere" and Google ranking be damned. But here are options out there to get free Class 1 SSL certificates from a trusted root certifier. StartSSL will provide you a free 1 year SSL for most domains (anything with the word financial in the domain is not allowed, and I'm sure there are more rules than th
14
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 8:11a   Darren Duke
There are times when an SSL certificate would be nice but not economical. Like for this blog for example. I'm hardly going to splurge $100+ on SSL certificate "just because", and "SSL everywhere" and Google ranking be damned. But here are options out there to get free Class 1 SSL certificates from a trusted root certifier. StartSSL will provide you a free 1 year SSL for most domains (anything with the word financial in the domain is not allowed, and I'm sure there are more rules than t
15
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 8:12a   Darren Duke
OK, so I know I said IBM were dropping the ball on 9.0.2 but the Domino security team have been knocking the ball out of the park lately (IBM, don't ignore security again.....just saying). Anyhow, yesterday was HSTS, today I give you OCSP Stapling in Domino. Again the crowds ask, "WTF?"....Via Wikipedia (and, yes a bit yawny....): OCSP stapling, formally known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for
16
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 7:17a   Darren Duke
OK, so I know I said IBM were dropping the ball on 9.0.2 but the Domino security team have been knocking the ball out of the park lately (IBM, don't ignore security again.....just saying). Anyhow, yesterday was HSTS, today I give you OCSP Stapling in Domino. Again the crowds ask, "WTF?"....Via Wikipedia (and, yes a bit yawny....): OCSP stapling, formally known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) f
14
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 7:17a   Darren Duke
OK, so I know I said IBM were dropping the ball on 9.0.2 but the Domino security team have been knocking the ball out of the park lately (IBM, don't ignore security again.....just saying). Anyhow, yesterday was HSTS, today I give you OCSP Stapling in Domino. Again the crowds ask, "WTF?"....Via Wikipedia (and, yes a bit yawny....): OCSP stapling, formally known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) f
15
Domino adds HSTS to it’s security arsenal
Tue, Sep 15th 2015 9:53a   Darren Duke
I didn't see this initially (RTFM Darren....RTFM....). HTTPS Strict Transport Security (HSTS).....what's that? I call on the all knowing Wikipedia for a short answer...... It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,and never via the insecure HTTP protocol Basically it prevents some downgrade attacks, some man in the middle attacks and some cookie hijacking attacks. Now you've b
6
Domino adds HSTS to it’s security arsenal
Tue, Sep 15th 2015 8:53a   Darren Duke
I didn't see this initially (RTFM Darren....RTFM....). HTTPS Strict Transport Security (HSTS).....what's that? I call on the all knowing Wikipedia for a short answer...... It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,and never via the insecure HTTP protocol Basically it prevents some downgrade attacks, some man in the middle attacks and some cookie hijacking attacks. Now you
8
Domino adds HSTS to it’s security arsenal
Tue, Sep 15th 2015 8:53a   Darren Duke
I didn't see this initially (RTFM Darren....RTFM....). HTTPS Strict Transport Security (HSTS).....what's that? I call on the all knowing Wikipedia for a short answer...... It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,and never via the insecure HTTP protocol Basically it prevents some downgrade attacks, some man in the middle attacks and some cookie hijacking attacks. Now you
4
A completely password-less IBM Notes set up using SAML and ADFS - the movie
Wed, Sep 2nd 2015 10:47a   Darren Duke
For assistance with this contact Lisa. This came out of a conversation at MWLUG where an attendee was unsure if you could go completely password-less. Well, you can. And now you've seen it.
7
A completely password-less IBM Notes set up using SAML and ADFS - the movie
Wed, Sep 2nd 2015 10:32a   Darren Duke
For assistance with this contact Lisa. This came out of a conversation at MWLUG where an attendee was unsure if you could go completely password-less. Well, you can. And now you've seen it.
3
A completely password-less IBM Notes set up using SAML and ADFS - the movie
Wed, Sep 2nd 2015 10:32a   Darren Duke
For assistance with this contact Lisa. This came out of a conversation at MWLUG where an attendee was unsure if you could go completely password-less. Well, you can. And now you've seen it.
7
9.0.2 where for art thou? IBM has truly lost the plot this time
Tue, Sep 1st 2015 8:39a   Darren Duke
Notes/Domino 9.0.2. It's like the pot of gold at the end of the rainbow. There are promises that it exists, but no real people have seen it. Some people (IBMers) even use it in a sentence. We've even been told about it at at least two Lotuspheres/Connect/ConnectED conferences (my guess is another Lotusphere will come and go before we see it). We're told of the (very much needed) new features (Java 8, AES port encryption, usability features, etc). But still it doesn't see the light of day. St
4
9.0.2 where for art thou? IBM has truly lost the plot this time
Tue, Sep 1st 2015 7:57a   Darren Duke
Notes/Domino 9.0.2. It's like the pot of gold at the end of the rainbow. There are promises that it exists, but no real people have seen it. Some people (IBMers) even use it in a sentence. We've even been told about it at at least two Lotuspheres/Connect/ConnectED conferences (my guess is another Lotusphere will come and go before we see it). We're told of the (very much needed) new features (Java 8, AES port encryption, usability features, etc). But still it doesn't see the light of day. St
4
9.0.2 where for art thou? IBM has truly lost the plot this time
Tue, Sep 1st 2015 7:57a   Darren Duke
Notes/Domino 9.0.2. It's like the pot of gold at the end of the rainbow. There are promises that it exists, but no real people have seen it. Some people (IBMers) even use it in a sentence. We've even been told about it at at least two Lotuspheres/Connect/ConnectED conferences (my guess is another Lotusphere will come and go before we see it). We're told of the (very much needed) new features (Java 8, AES port encryption, usability features, etc). But still it doesn't see the light of day. St
7
MWLUG 2015 Presentation - Domino Security - not know is not an option
Mon, Aug 24th 2015 7:41a   Darren Duke
Wow. This conference keeps getting better. 210+ attendees, great sponsors, literally a 5 star location. Great work Richard Moy, Lisa, Mike McGarel and Leann Moy. Here is my Domino Security presentation (no I'm not posting the World According to Darren Part 2): Domino Security - not knowing is not an option - MWLUG 2015 from Darren Duke So that's it for another year. See you in Austin TX next August-ish!
3
MWLUG 2015 Presentation - Domino Security - not knowing is not an option
Mon, Aug 24th 2015 7:34a   Darren Duke
Wow. This conference keeps getting better. 210+ attendees, great sponsors, literally a 5 star location. Great work Richard Moy, Lisa, Mike McGarel and Leann Moy. Here is my Domino Security presentation (no I'm not posting the World According to Darren Part 2): Domino Security - not knowing is not an option - MWLUG 2015 from Darren Duke So that's it for another year. See you in Austin TX next August-ish!
3
MWLUG 2015 Presentation - Domino Security - not knowing is not an option
Mon, Aug 24th 2015 7:34a   Darren Duke
Wow. This conference keeps getting better. 210+ attendees, great sponsors, literally a 5 star location. Great work Richard Moy, Lisa, Mike McGarel and Leann Moy. Here is my Domino Security presentation (no I'm not posting the World According to Darren Part 2): Domino Security - not knowing is not an option - MWLUG 2015 from Darren Duke So that's it for another year. See you in Austin TX next August-ish!
6
I was going to blog that MWLUG is in month, but I just checked - 2 weeks!!! Yikes!
Tue, Aug 4th 2015 12:20p   Darren Duke
There a maybe a handful of spaces left. I could tell you why you should come to Atlanta, but honestly Jermaine Dupri and Ludacris do it better. So without further ado.....(and I swear at 3:39 in Ulrich Krause makes an appearance, oh, and there have been more that a few MWLUG nights that do indeed go on until 8 in the morning....)
3
I was going to blog that MWLUG is in month, but I just checked - 2 weeks!!! Yikes!
Tue, Aug 4th 2015 12:20p   Darren Duke
Go to the MWLUG site to snap up the last few spaces.....and you to can be a player.
3
I was going to blog that MWLUG is in month, but I just checked - 2 weeks!!! Yikes!
Tue, Aug 4th 2015 12:20p   Darren Duke
Go to the MWLUG site to snap up the last few spaces.....and you to can be a player.
6
Windows 10 support for Notes - it’s supported on 9.0.1 FP4
Thu, Jul 30th 2015 12:49p   Darren Duke
I had asked IBM to get out a head for Windows 10 but alas nothing came of it. So then yesterday I went the public route (strange how that works but the "official channels" don't eh?): Again I ask, what is the official IBM stance on Windows 10 with regards to IBM Notes? @IBM_ICSsupport— Darren Duke (@darrenduke) July 29, 2015 So today the fine folks that run the @IBM_ICSsupport account responded: @darrenduke Here's an update about Notes & Windows 10 support - https
4
Windows 10 support for Notes - it’s supported on 9.0.1 FP4
Thu, Jul 30th 2015 12:41p   Darren Duke
I had asked IBM to get out a head for Windows 10 but alas nothing came of it. So then yesterday I went the public route (strange how that works but the "official channels" don't eh?): Again I ask, what is the official IBM stance on Windows 10 with regards to IBM Notes? @IBM_ICSsupport— Darren Duke (@darrenduke) July 29, 2015 So today the fine folks that run the @IBM_ICSsupport account responded: @darrenduke Here's an update about Notes & Windows 10 support - https
3
Windows 10 support for Notes - it’s supported on 9.0.1 FP4
Thu, Jul 30th 2015 12:41p   Darren Duke
I had asked IBM to get out a head for Windows 10 but alas nothing came of it. So then yesterday I went the public route (strange how that works but the "official channels" don't eh?): Again I ask, what is the official IBM stance on Windows 10 with regards to IBM Notes? @IBM_ICSsupport— Darren Duke (@darrenduke) July 29, 2015 So today the fine folks that run the @IBM_ICSsupport account responded: @darrenduke Here's an update about Notes & Windows 10 support - https
22
SOLUTION - Domino Directory Assistance to Active Directory when using SSL DOES NOT break with 9.0.1 FP4
Thu, Jul 16th 2015 7:33a   Darren Duke
In my last post I made a mistake. I made the mistake of believing that R9 changed something for the better that it apparently does not, and that when the product gets updated. so do the tools. My bad. Basically I'm moron. First the good news, Domino 9.0.1 FP4 does work with Active Directory 2012 with TLS1.2. Woohoo. I was under the impression that you could now cross certify an internet certificate into the Domino Directory and it would now be trusted. I could have sworn I read this some
4
SOLUTION - Domino Directory Assistance to Active Directory when using SSL DOES NOT break with 9.0.1 FP4
Thu, Jul 16th 2015 7:20a   Darren Duke
In my last post I made a mistake. I made the mistake of believing that R9 changed something for the better that it apparently does not, and that when the product gets updated. so do the tools. My bad. Basically I'm moron. First the good news, Domino 9.0.1 FP4 does work with Active Directory 2012 with TLS1.2. Woohoo. I was under the impression that you could now cross certify an internet certificate into the Domino Directory and it would now be trusted. I could have sworn I read this some
3
SOLUTION - Domino Directory Assistance to Active Directory when using SSL DOES NOT break with 9.0.1 FP4
Thu, Jul 16th 2015 7:20a   Darren Duke
In my last post I made a mistake. I made the mistake of believing that R9 changed something for the better that it apparently does not, and that when the product gets updated. so do the tools. My bad. Basically I'm moron. First the good news, Domino 9.0.1 FP4 does work with Active Directory 2012 with TLS1.2. Woohoo. I was under the impression that you could now cross certify an internet certificate into the Domino Directory and it would now be trusted. I could have sworn I read this some
19
Domino Directory Assistance to Active Directory when using SSL breaks with 9.0.1 FP4
Wed, Jul 15th 2015 8:07a   Darren Duke
DA and AD's....how could this not get confusing? Over the past few days I've been working to figure out why 9.0.1 FP4 can no longer connect to Active Directory when using a SSL connection for the LDAP connection from Domino. Specifically this is AD 2012 but I would guess the same issues hit 2012 R2. Not sure about 2008. Like this: Anyway, what worked in 9.0.1 FP3 no longer worked after an upgrade to 9.0.1 FP4. After much testing it appears that Windows 2012 servers really doesn't li
4
Domino Directory Assistance to Active Directory when using SSL breaks with 9.0.1 FP4
Wed, Jul 15th 2015 7:19a   Darren Duke
UPDATE - Apparently LDAPSearch is broken, not TLS1.2 to AD. Go read this post instead and see how to do it with SHA2 certs : SOLUTION - Domino Directory Assistance to Active Directory when using SSL DOES NOT break with 9.0.1 FP4 DA and AD's....how could this not get confusing? Over the past few days I've been working to figure out why 9.0.1 FP4 can no longer connect to Active Directory when using a SSL connection for the LDAP connection from Domino. Specifically this is AD 2012 but I w
3
Domino Directory Assistance to Active Directory when using SSL breaks with 9.0.1 FP4
Wed, Jul 15th 2015 7:19a   Darren Duke
UPDATE - Apparently LDAPSearch is broken, not TLS1.2 to AD. Go read this post instead and see how to do it with SHA2 certs : SOLUTION - Domino Directory Assistance to Active Directory when using SSL DOES NOT break with 9.0.1 FP4 DA and AD's....how could this not get confusing? Over the past few days I've been working to figure out why 9.0.1 FP4 can no longer connect to Active Directory when using a SSL connection for the LDAP connection from Domino. Specifically this is AD 2012 but I w
8
Do IBM test any of their stuff anymore? IBM Mobile Connect installation woes
Wed, Jul 8th 2015 8:26a   Darren Duke
IBM apparently have unlimited budget for renaming, re-branding products and acquiring analytics cloud companies, but as we all know if you put in a PMR and it gets routed to the Philippines then you basically give up They no longer value support. Now it seems as if basic testing has gone the way of Filipino support. While there have been some epic FUBAR's by IBM of late (renaming the Android Traveler app to Verse for example) this is a more basic problem. Installing their software. Now, I
5
Do IBM test any of their stuff anymore? IBM Mobile Connect installation woes
Wed, Jul 8th 2015 7:34a   Darren Duke
IBM apparently have unlimited budget for renaming, re-branding products and acquiring analytics cloud companies, but as we all know if you put in a PMR and it gets routed to the Philippines then you basically give up They no longer value support. Now it seems as if basic testing has gone the way of Filipino support. While there have been some epic FUBAR's by IBM of late (renaming the Android Traveler app to Verse for example) this is a more basic problem. Installing their software. Now, I
6
Do IBM test any of their stuff anymore? IBM Mobile Connect installation woes
Wed, Jul 8th 2015 7:34a   Darren Duke
IBM apparently have unlimited budget for renaming, re-branding products and acquiring analytics cloud companies, but as we all know if you put in a PMR and it gets routed to the Philippines then you basically give up They no longer value support. Now it seems as if basic testing has gone the way of Filipino support. While there have been some epic FUBAR's by IBM of late (renaming the Android Traveler app to Verse for example) this is a more basic problem. Installing their software. Now, I
6
MWLUG is less than 8 weeks away, your chance to see two of the best IBM presenters on the planet (and maybe a TWiL)
Mon, Jun 29th 2015 12:42p   Darren Duke
That's right, it's only eight weeks away. And it's in Atlanta, so it'll be very, very easy to get to. Not only do you get over 50 sessions for $50 (yeah, $50....not. a. typo) but you will get to see, in person, two of the best presenters IBM have (not to mention an OGS guest speaker who I can't name right now, but who knock your socks off). Richard has already mentioned he OGS IBM speakers, we've all seen Kramer (not to disrespect Kramer though), but the one of the two speakers I'm ex
3
MWLUG is less than 8 weeks away, your chance to see two of the best IBM presenters on the planet (and maybe a TWiL)
Mon, Jun 29th 2015 7:50a   Darren Duke
That's right, it's only eight weeks away. And it's in Atlanta, so it'll be very, very easy to get to. Not only do you get over 50 sessions for $50 (yeah, $50....not. a. typo) but you will get to see, in person, two of the best presenters IBM have (not to mention an OGS guest speaker who I can't name right now, but who knock your socks off). Richard has already mentioned he OGS IBM speakers, we've all seen Kramer (not to disrespect Kramer though), but the one of the two speakers I'm ex
3
MWLUG is less than 8 weeks away, your chance to see two of the best IBM presenters on the planet (and maybe a TWiL)
Mon, Jun 29th 2015 7:50a   Darren Duke
That's right, it's only eight weeks away. And it's in Atlanta, so it'll be very, very easy to get to. Not only do you get over 50 sessions for $50 (yeah, $50....not. a. typo) but you will get to see, in person, two of the best presenters IBM have (not to mention an OGS guest speaker who I can't name right now, but who knock your socks off). Richard has already mentioned he OGS IBM speakers, we've all seen Kramer (not to disrespect Kramer though), but the one of the two speakers I'm ex
11
I don’t use LastPass, I use the open source KeePass for password creation and management
Wed, Jun 17th 2015 9:08a   Darren Duke
I'd forgot about the LastPass hack until I read Mitch's post this morning. I also had this appear in my Twitter stream the other day: LastPass just got hacked, so it's time to change your password: http://t.co/w5uz4TCR24 pic.twitter.com/wZ8uFKQMtn— Mashable (@mashable) June 16, 2015 I didn't give it much though. I use a password manager but it ain't the famous ones. I don't like the idea of someone else storing my list of God-like credentials. OK, I use two services
4
I don’t use LastPass, I use the open source KeePass for password creation and management
Wed, Jun 17th 2015 8:06a   Darren Duke
I'd forgot about the LastPass hack until I read Mitch's post this morning. I also had this appear in my Twitter stream the other day: LastPass just got hacked, so it's time to change your password: http://t.co/w5uz4TCR24 pic.twitter.com/wZ8uFKQMtn— Mashable (@mashable) June 16, 2015 I didn't give it much though. I use a password manager but it ain't the famous ones. I don't like the idea of someone else storing my list of God-like credentials. OK, I use two services
5
I don’t use LastPass, I use the open source KeePass for password creation and management
Wed, Jun 17th 2015 8:06a   Darren Duke
I'd forgot about the LastPass hack until I read Mitch's post this morning. I also had this appear in my Twitter stream the other day: LastPass just got hacked, so it's time to change your password: http://t.co/w5uz4TCR24 pic.twitter.com/wZ8uFKQMtn— Mashable (@mashable) June 16, 2015 I didn't give it much though. I use a password manager but it ain't the famous ones. I don't like the idea of someone else storing my list of God-like credentials. OK, I use two services
6
Good news - Domino (at least 9.0.1) does not seem to be affected by the LogJam TLS vuln
Wed, May 20th 2015 2:23p   Darren Duke
Another week, another SSL/TLS security vulnerability. This one is termed Logjam (read about it here http://www.theregister.co.uk/2015/05/20/logjam_johns_hopkins_cryptoboffin_ids_next_branded_bug). Luckily a site has already been created to test your web servers, it is available at https://weakdh.org/sysadmin.html. A quick test of a Domino 9.0.1 server with the latest IF and the perfect forward secrecy server-side notes.ini settings enabled (see this previous blog post for those settings) y
4
Good news - Domino (at least 9.0.1) does not seem to be affected by the LogJam TLS vuln
Wed, May 20th 2015 2:06p   Darren Duke
Another week, another SSL/TLS security vulnerability. This one is termed Logjam (read about it here http://www.theregister.co.uk/2015/05/20/logjam_johns_hopkins_cryptoboffin_ids_next_branded_bug). Luckily a site has already been created to test your web servers, it is available at https://weakdh.org/sysadmin.html. A quick test of a Domino 9.0.1 server with the latest FP & IF and the perfect forward secrecy server-side notes.ini settings enabled (see this previous blog post for those
3
Good news - Domino (at least 9.0.1) does not seem to be affected by the LogJam TLS vuln
Wed, May 20th 2015 2:06p   Darren Duke
Another week, another SSL/TLS security vulnerability. This one is termed Logjam (read about it here http://www.theregister.co.uk/2015/05/20/logjam_johns_hopkins_cryptoboffin_ids_next_branded_bug). Luckily a site has already been created to test your web servers, it is available at https://weakdh.org/sysadmin.html. A quick test of a Domino 9.0.1 server with the latest FP & IF and the perfect forward secrecy server-side notes.ini settings enabled (see this previous blog post for those
5
MWLUG rolls into the ATL - August 19-21 2015
Thu, May 7th 2015 11:26a   Darren Duke
I swear I voted for somewhere other than Atlanta.....no, really I did. Anyway, even thought it is technically called the Midwest User Group anyone can (and should) attend. So if you are in the Southeast you have no rational reason to not attend. If you use any of the IBM collaboration technologies this a conference you should have on your schedule. "But Darren, I can't get $1,500 approved to attend a conference". That's fine. It's only $50. Yes Fifty. I didn't miss off a zero. So now
3
MWLUG rolls into the ATL - August 19-21 2015
Thu, May 7th 2015 11:12a   Darren Duke
I swear I voted for somewhere other than Atlanta.....no, really I did. Anyway, even though it is technically called the Midwest User Group anyone can (and should) attend. So if you are in the Southeast you have no rational reason to not attend. If you use any of the IBM collaboration technologies this a conference you should have on your schedule. "But Darren, I can't get $1,500 approved to attend a conference". That's fine. It's only $50. Yes Fifty. I didn't miss off a zero. So no
3
MWLUG rolls into the ATL - August 19-21 2015
Thu, May 7th 2015 11:12a   Darren Duke
I swear I voted for somewhere other than Atlanta.....no, really I did. Anyway, even though it is technically called the Midwest User Group anyone can (and should) attend. So if you are in the Southeast you have no rational reason to not attend. If you use any of the IBM collaboration technologies this a conference you should have on your schedule. "But Darren, I can't get $1,500 approved to attend a conference". That's fine. It's only $50. Yes Fifty. I didn't miss off a zero. So no
4
Do you subscribe to the IBM daily product update newletter? Part deux - or why renaming your products sucks
Fri, Apr 10th 2015 11:00a   Darren Duke
A few years ago I wrote about how to subscribe to the daily IBM product update newsletter. A few days ago some one asks me if I still used this service. I thought I did, but on recollection I hadn't gotten an email from them in ages (or "yonks" for a more technical definition). At first I thought it was getting stuck in spam.....nope. Hummm. OK Let me log in a see.... I had no subscriptions listed. None. Nada. Ziltch. WTF? So I started adding in my subscriptions again and realized that
3
Do you subscribe to the IBM daily product update newletter? Part deux - or why renaming your products sucks
Fri, Apr 10th 2015 10:38a   Darren Duke
A few years ago I wrote about how to subscribe to the daily IBM product update newsletter. A few days ago some one asked me if I still used this service. I thought I did, but on recollection I hadn't gotten an email from them in ages (or "yonks" for a more technical definition). At first I thought it was getting stuck in spam.....nope. Hummm. OK Let me log in a see.... I had no subscriptions listed. None. Nada. Ziltch. WTF? So I started adding in my subscriptions again and realized th
5
Do you subscribe to the IBM daily product update newletter? Part deux - or why renaming your products sucks
Fri, Apr 10th 2015 10:38a   Darren Duke
A few years ago I wrote about how to subscribe to the daily IBM product update newsletter. A few days ago some one asked me if I still used this service. I thought I did, but on recollection I hadn't gotten an email from them in ages (or "yonks" for a more technical definition). At first I thought it was getting stuck in spam.....nope. Hummm. OK Let me log in a see.... I had no subscriptions listed. None. Nada. Ziltch. WTF? So I started adding in my subscriptions again and realized th
17
TLS 1.2 in Domino and the settings I use
Mon, Apr 6th 2015 8:20a   Darren Duke
Unless you have been living under a rock somewhere you no doubt know that IBM finally gave use TLS 1.2 for IBM Domino servers. This means that Domino servers can now use SSLv3, TLS 1.0 and TLS 1.2. But it's IT, so just because you can does not mean you should......for example I would suggest most servers (I'll get the outliers further down the page) would probably want SSLv3 disabled. If you have been under a rock, then you need Domino 9.0.1 FP3 IF2 to get this new goodness. Now this fix is
3
TLS 1.2 in Domino and the settings I use
Mon, Apr 6th 2015 6:50a   Darren Duke
Unless you have been living under a rock somewhere you no doubt know that IBM finally gave use TLS 1.2 for IBM Domino servers. This means that Domino servers can now use SSLv3, TLS 1.0 and TLS 1.2. But it's IT, so just because you can does not mean you should......for example I would suggest most servers (I'll get the outliers further down the page) would probably want SSLv3 disabled. If you have been under a rock, then you need Domino 9.0.1 FP3 IF2 to get this new goodness. Now this fix i
5
TLS 1.2 in Domino and the settings I use
Mon, Apr 6th 2015 6:50a   Darren Duke
Unless you have been living under a rock somewhere you no doubt know that IBM finally gave use TLS 1.2 for IBM Domino servers. This means that Domino servers can now use SSLv3, TLS 1.0 and TLS 1.2. But it's IT, so just because you can does not mean you should......for example I would suggest most servers (I'll get the outliers further down the page) would probably want SSLv3 disabled. If you have been under a rock, then you need Domino 9.0.1 FP3 IF2 to get this new goodness. Now this fix i
7
Domino and SSL ciphers. The server document may not be doing what we expect it to do
Tue, Feb 3rd 2015 7:03a   Darren Duke
While sat in Daniel Nashed and David Kern's excellent Domino Security session at Connect, there was a comment and slide that made me tweet this: Domino SSL ciphers set in the Domino Server document are ONLY applicable to HTTP. Not SMTP, LDAP, et al.... Doh. You can set with note.ini— Darren Duke (@darrenduke) January 27, 2015 Now, I'm back in the office it's time to address this. So based on that session it seems as if LDAP, SMTP, DIIOP, POP3 and IMAP (and Remote debug mo
6
Domino and SSL ciphers. The server document may not be doing what we expect it to do
Tue, Feb 3rd 2015 7:03a   Darren Duke
While sat in Daniel Nashed and David Kern's excellent Domino Security session at Connect, there was a comment and slide that made me tweet this: Domino SSL ciphers set in the Domino Server document are ONLY applicable to HTTP. Not SMTP, LDAP, et al.... Doh. You can set with note.ini— Darren Duke (@darrenduke) January 27, 2015 Now, I'm back in the office it's time to address this. So based on that session it seems as if LDAP, SMTP, DIIOP, POP3 and IMAP (and Remote debug mo
6
ConnectED-sphere sudo review
Mon, Feb 2nd 2015 11:43a   Darren Duke
UPDATE 2/2/15 : 5:03PM EST - Super doh! Forgot to mention the Domino4Wine (hence the sudo)... I was fully expecting to write a "what a train wreck" review before I went. I was not expecting to say I had a metric shit ton of fun. But I did. And based on other posts I've perused it seems almost everyone else did. There are far more eloquent reviews elsewhere, so this will be bare bones. First the "ups", in no particular order: Much, much improved OGS. Flow, demos, people who care.....
4
ConnectED-sphere sudo review
Mon, Feb 2nd 2015 11:43a   Darren Duke
UPDATE 2/2/15 : 5:03PM EST - Super doh! Forgot to mention the Domino4Wine (hence the sudo)... I was fully expecting to write a "what a train wreck" review before I went. I was not expecting to say I had a metric shit ton of fun. But I did. And based on other posts I've perused it seems almost everyone else did. There are far more eloquent reviews elsewhere, so this will be bare bones. First the "ups", in no particular order: Much, much improved OGS. Flow, demos, people who care.....
3
New-ish Domino Configuration Tuner (DCT) rules are available
Mon, Feb 2nd 2015 4:16a   Darren Duke
Somehow I missed this, so I'm guessing some of you did too....New rules dated 10/16/2014. Thank you IBM. Woohoo! Indeed!!
6
New-ish Domino Configuration Tuner (DCT) rules are available
Mon, Feb 2nd 2015 4:16a   Darren Duke
Somehow I missed this, so I'm guessing some of you did too....New rules dated 10/16/2014. Thank you IBM. Woohoo! Indeed!!
4
If you are using my Reverse Proxy, please change the SSH host key
Wed, Jan 14th 2015 6:55a   Darren Duke
Well, technically this is for any Linux VM appliance you download, not just my reverse proxy.... Anyway, every Linux host should have it's own unique host SSH key to ensure security and authenticity of the server you are connecting to. When you create a server from an OVF that doesn't happen automatically. In fact you get the SSH host key that is on the OVA at time of creation (in this case mine).....potentially opening you up to man in the middle attacks (potentially.....although unlikely




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition