Extra Pepperoni

I needed a place to keep openssl commands for reference. See http://www.reppep.com/~pepper/writing/tidbits/ssl-article/ for much more depth.

Read a cert (I use this to build all my .crt files, so I can easily tell what I’m working with later):

openssl x509 -text -fingerprint -sha1 -in certificate.crt

Read a CSR (most fields should match the account with your CA, or your private CA cert):

openssl req -text -in request.csr

The classic, for testing availability of an SSL server, is:

openssl s_client -connect server:port — e.g., openssl s_client -connect www:443

For web sites, I generally use a browser to review the certificate, but for other protocols openssl is invaluable. Apple’s /System/Library/CoreServices/Certificate\ Assistant.app/ (available from Keychain Access’ Keychain menu) is also good for verifying SSL status of arbitrary SSL servers.

For traffic analysis, ssldump can (with the server’s private key) decrypt tcpdump captures or live traffic.

From a Windows admin, requesting a cert for IIS (I have not tested):

I need for you to combine the crt with the key to make a pfx file.

openssl pkcs12 -export -out canonicalName.pfx -inkey canonicalName.key -in canonicalName.crt

I stopped posting about the Super-Tent, because not much has changed since we moved in. I did get a bigger desk when Mark left Rockefeller, which matters to me but not much to anyone else. I have continued to take pictures of Rockefeller as the various construction projects proceed, though.

• http://www.reppep.com/~pepper/album/ru/ru-2007-07/
• http://www.reppep.com/~pepper/album/ru/ru-2007-08/
• http://www.reppep.com/~pepper/album/ru/ru-2007-09/
• http://www.reppep.com/~pepper/album/ru/ru-2007-10/

A bizarre and perverse journey is completed. At 12:21am 2007/10/19, I reported my 1,500th documentable bug to Apple. I have actually reported a bunch more over the years, which have since been lost to the sands of history. I remember reporting bugs against eWorld and Newton beta software! But I can currently identify 1,500 bug reports against Apple’s products.

A few of these, of course, are bogus — there have been times I just made a mistake, and thought it was an Apple problem. Some of my mistakes indicate that Apple’s user interface needed clarification or improvement; others are simply my foolish mistakes.

Many of my reports are documentation issues. Right now, I’m looking at Apple’s thousands of pages of brand-new documentation on Mac OS X 10.5 “Leopard” Server and sighing (repeatedly) — I don’t have time to read the half on topics that interest me — but as an admin, the documentation has to be correct. Rockefeller has an Apple Enterprise Support contract, but they are limited, expensive, and problematic to use. Most Mac admins have to make do with peer support, and Apple supports this because Apple only has to support (some of) the fora — not pay support staff. This means Mac admins need to be able to help ourselves through researching and the documentation. Ambiguous or simply incorrect documentation is bad. Fortunately Apple aspires to perfection (though they don’t always aspire very hard — the early Mac OS X manual pages were badly neglected).

Other reports are feature requests, handled slightly differently but through the same bug reporting system. For example, I want to use my iPhone as a secure password store, an offline web browser, and with a Bluetooth GPS. Feature requests are how I tell Apple my priorities for product development — sometimes they even pay attention! ;)

And lots of bug reports are bugs. This is a bittersweet time, as I recognize my reports behind a bunch of fixes in Leopard, but I also know I’m about to lose a lot of traction. Until very recently, Apple has been focused on perfecting Leopard — meaning things have been fluid and could be improved, and there was lots of pressure to fix bugs. Now that they have finalized 10.5.0 and are preparing to sell it, the developers are hoping they didn’t miss any hideous bugs and recovering. In a little while they’ll go back to the grindstone to start fixing and building 10.5.1, but 10.5 will never be as flexible again. It’s going to be a while before I can start pestering Apple about what to do for Mac OS 10.6, and various bugs or design flaws will be too large to build into a point release, meaning they are already baked into the 10.5.x series, not eligible for fixing during Leopard’s lifetime.

• Bug Hunting
• Bug Hunting II

Apple just posted the docs for Mac OS X 10.5 “Leopard” Server — which I’ve been asking for in the beta program for over a year. As one tester said, “Now we finally can find out all what we should have been able to test in the last 14 months… “

And I can begin planning the migration from 10.4.10S on a PMG4 (”wind tunnel”, dual 1.25GHz, 1gb, 250gb mirrored) to 10.5S on a PMG5 (”cheese grater”, dual 2GHz, 2gb, 750gb mirrored). It looks like all reppep users will have to reset their passwords, as Apple doesn’t support exporting passwords, and I don’t want to upgrade my standalone 10.4 to Open Directory and then upgrade that to 10.5 on the PMG5. Now that I think of it, 10.4@G4 vs. 10.5@G5 is slightly amusing.

Also, I have 1,472 bugs logged, so between the ones in ADC now that don’t show up, and the ones I will report by next Friday, I am no longer concerned about reaching 1,500 by 10.5 release.

Last night, the AppleCare phone rep assured me that Apple would replace or repair my iPhone free under AppleCare. At rubber vs. road time, however, the Apple “Genius” showed his sad face and explained that AppleCare only covers defects in manufacture (which would make it useless, as you’ll almost always find those within the 90-day warranty). My (second) replacement iPhone cost me $249 + tax (why do they charge tax for a service replacement??), or $279 today.

I also got a rubber shell to protect the iPhone, since I obviously can’t depend on AppleCare for any repairs in the future.

Unfortunately, all these protective wrappers make the iPhone larger (and less pretty). This wouldn’t matter so much if Steve Jobs hadn’t sold the svelte elegance of the iPhone so heavily. So the three iPhone holsters I bought (all problematic for one reason or another) won’t fit, and nobody should use them, since iPhones really need full-time protection (meaning a sleeve or hard case). I’ll stick with my $5 Treo (650) case, which is large enough for 2 iPhones, or one iPhone in an incase sleeve.

Regarding Apple Support: It’s nice to have good things to say, I am now a sad panda.

Update: See next post, “AppleCare let me down”.

This morning, when I tried to play music on my iPhone, it told me I had “No songs” on the iPhone. I couldn’t even use the bottom buttons to switch to video mode, but Settings:General:About told me I had “0 Songs” & “0 Videos”, even though I only had 420mb free on the iPhone. I keep 4gb of music on the phone, so they were obviously onboard, just not accessible. No problem, I figured — this is exactly what iPhone Restore is for.

Adding injury to insult, tonight I noticed that the iPhone kept raising the ringer volume spontaneously. I keep it in vibrate mode, so this isn’t such a problem, but I thought my new Luxmo case was bad. Alex has one that’s not quite right, so I got the other two models, and they’re both quite flawed — hard to get the iPhone out, and one presses on the power button — I keep taking the iPhone out and seeing the prompt to do a full shutdown. I now suspect my problem wasn’t the case, because I saw the iPhone’s metal shell itself is a bit bent, and the volume up button is stuck in. Hopefully a belt holster didn’t do that!

I plugged the iPhone into my MBP, and it picked up the iPhone’s version, serial number, and phone number, but instead of 8gb, iTunes showed its capacity as “n/a”. I tried to do a full restore, and it failed:

The iPhone “iPhone” could not be restored. An unknown error occurred (-18).

This was bad — I couldn’t get today’s photos or PIM updates off the iPhone, and I couldn’t restore it.

I reset all settings — avoiding the full wipe in case I wasn’t able to get data back onto the tabula rasa iPhone. I thought it might be a bad cable (unlikely — it was fine yesterday), or bad Dock port on the iPhone (damaged at the same time as the volume control, perhaps?). I tried the MBP’s other USB port, and Amy’s MacBook — still the same error -18.

I called Apple Educational Support, but they were closed. I called Apple iPhone support (800 my iPhone), which is open later (24 hours?), and spoke to a very nice fellow who couldn’t find error -18, but talked me through putting the iPhone into Restore mode:

1. Launch iTunes.
2. Turn iPhone off (hold down top power button & swipe when prompted).
3. Hold down Home button.
4. Plug iPhone into USB/Dock cable.
5. iPhone shows a picture of a Dock cable being plugged into the iTunes CD icon.
6. Release Home button.

The first time, this didn’t work — iTunes didn’t notice the iPhone. That was very worrisome, but the second time I tried, it restored the iPhone. Perhaps a full wipe (can be done with Home & Power on the iPhone, or from Settings:General:Reset) would have done it too.

I asked about the volume buttons, explaining the case is bent, and was told I can get a box and send it in, but return takes 5-7 days. My several PowerBook repairs have been consistently faster than the official time estimate, but this is still not a good option. The alternative is to bring it to an Apple Store and get it either replaced or repaired. They can provide a loaner “service iPhone” for $29, but this fee is waived as part of my AppleCare contract. Hopefully they won’t give me a hard time about what’s covered under AppleCare — Apple’s policies for what it covers are considerably more stringent than phone companies, who are very flexible about what they cover.

The AppleCare Protection Plan for iPhone Terms and Conditions includes the following:

b. Limitations The Plan does not cover:

…

(ii) Damage to the Covered Equipment caused by accident, abuse, neglect, misuse (including faulty installation, repair or maintenance by anyone other than Apple or an Apple Authorized Service Provider), unauthorized modification, extreme environment (including extreme temperature or humidity), extreme physical or electrical stress or interference, fluctuation or surges of electrical power, lightning, static electricity, fire, acts of God or other external causes;

…

(iv) Problems caused by a device that is not the Covered Equipment, including equipment that is not Apple-branded, whether or not purchased at the same time as the Covered Equipment;

…

(xiii) Except as specifically provided herein, any other damages that do not arise from defects in materials and workmanship or ordinary and customary usage of the Covered Equipment.

Unfortunately, the Apple “Genius Bar” always requires a significant wait, even with an appointment. The concierge site is currently down, but hopefully I’ll be able to minimize the wait by making an appointment before I head in http://concierge.apple.com/store/R095.

Restoring was complicated by the stuck volume button — it apparently kept registering during the restore, aborting the sync. I eventually got it all restored, though.

The iPhone makes heavy use of email. It’s the easiest way to send yourself a URL and the only way to get Notes out of the iPhone (for now, at least).

I generally try to filter as much as possible out of my INBOX, including mail from me (mostly replies to mailing lists I’m on, and I don’t need to read what I just wrote), but I want mail from my iPhone to stay in the INBOX where it’s easy to find. I was annoyed that my sieve filters apparently cannot match on the body of messages, only on headers, but the solution turns out to be very easy — I put this at the top of my sieve file, and now mail from my iPhone (but not my Macs) shows up in INBOX:

# personal short circuit
if allof
 (
  header :contains "From" "pepper@",
  header :contains "X-Mailer" "iPhone Mail"
 )
 { stop; }

I move a lot of video files around our apartment, generally over Apple Filing Protocol. All my systems have Gigabit Ethernet, but moving around often shifts me over to much slower AirPort (802.11g) wireless networking.

Apple has a nice reconnection feature that brings connections back up if the network goes away. In my situation, this means that if I’m sitting downstairs with a gigabit connection to my server and unplug the Ethernet, Mac OS X reconnects to the server via AirPort. I then carry my laptop upstairs and plug back in, now connected to the server over the wireless network. Wirelessly, downloading video takes at least 10 times as long.

I can get around this by putting the laptop to sleep before disconnecting Ethernet, but I don’t use sleep as a rule, and I have to enter my password to wake up. I have verified that if I plug in via Ethernet, briefly disable AirPort, and then re-enable, Mac OS X will automatically reconnect via Ethernet, but that’s awkward (and bounces iChat connections).

Tonight I have settled on a pretty good solution — an alias that unmounts and remounts all my server volumes; for it to work right I have to make sure I don’t have any of these volumes in use, but that’s not difficult. The alias is:

alias remount='umount /Volumes/115gb/; umount /Volumes/280gb/; umount \
/Volumes/g5/; umount /Volumes/www/; umount /Volumes/pepper; open \
afp://wwwe/www afp://wwwe/115gb afp://g5e/g5 afp://g5e/280gb'

iPhone zooming is complicated. When designing MobileSafari (the iPhone version of the Safari web browser), Apple opted to preserve the desktop Safari experience as closely as possible. This lets them talk about “the real web in your pocket”, and provides Apple an opportunity to sneer at competing handheld devices that present “the mobile web” instead. The reality, of course, is that there’s some value to the mobile web, or it wouldn’t exist. The issue is that the iPhone is quite limited compared to a Mac or PC ‘desktop’ (or laptop) computer, so mobile browsers have been making trade-offs for years to come as close as practical to the desktop experience, while accepting that there must be deficiencies.

One area where Apple’s desktop mimicry is particularly clear is in page rendering. MobileSafari appears to first calculate how desktop Safari would lay out a particular page, then compress it to fit on the iPod’s relatively tiny screen, and let you zoom around the page to read content of interest. This gives great demo, but begs the question: When I’m reading a web site on my iPhone, why would I care what it looks like on my desktop? My desktop has 4,224,000 pixels, a full keyboard, and a 5-button 2D scrolling mouse. My iPhone has 153,600 pixels (less than 1/27th as many) and 10 fat fingers. Denial of these differences is a neat trick, but can never completely succeed.

For comparison, Plucker focuses on getting easy-to-read text onto a handheld device, with optional support for anti-aliased fonts and images up to the maximum display quality of the Palm’s screen. This means lines wrap wherever they fit, text is whatever size you choose (although the built-in set of fonts is quite limited), and web pages look nothing like they would on a full-sized computer. Plucker’s display model is quite popular, and very much “the mobile web” Steve Jobs scoffed at, although Plucker for offline web browsing — it predates the iPhone’s 802.11g and EDGE standards. A full-sized computer downloads web pages, reformats and compresses them for the Palm, and stores them for later downloading. The Palm part works even without a network connection — subways passengers, rejoice!

Similarly, one almost always wants to scroll a full page in a web browser and the Palm has physical keys for this, but the iPhone instead scrolls based on how far and fast you flick. I’d prefer an option (at least in MobileSafari) to always scroll by a page. This would save me both the effort of figuring out how far and fast to flick, and time finding my place after scrolling.

My initial reaction to MobileSafari was that the fonts were surprisingly fuzzy and hard to read. Naturally — they were designed for computers with more and larger pixels, being scaled down by the iPhone’s smaller pixels, and scaled again to fit on-screen. Sometimes fonts are scaled up, to make them easier to read. In contrast, Plucker never scales its fonts.

Craig Hockenberry’s furbo.org has several articles on the iPhone, including pointers for web designers on how to manage iPhone scaling. It doesn’t answer my question, though: How can I choose a particular font size, and get the iPhone to wrap text to fit? Unfortunately, I don’t think there is an answer right now.

MobileSafari scaling is complicated and occasionally buggy. I am aware of these scaling options:

When a page is loaded, the iPhone renders it as closely as it can to the way desktop Safari would — not at all based on the iPhone’s capabilities, but instead for a fictitious Mac. Then it shrinks everything down to fit the width of the iPhone’s screen (either 320 pixels in vertical mode, or 480 in horizontal mode).

I tried to duplicate the iPhone’s default scaling, and it was a pretty good match for a 684-pixel-wide by 695-pixel-high Mac Safari 3 window (475,380 total, over 3 times as many pixels as an iPhone has). At 72dpi that would be 9.5″ by 9.65″, or 13.54″ diagonal; on a 110dpi 15″ MacBook Pro it’s 6.22″ by 6.32″, or 8.86″ diagonal. In contrast, the iPhone screen displays the same text at 2″ wide by 3″ high, or 3.5″ diagonal. Tiny!!

If you tap twice on a column of text, the iPhone zooms to fit the column to the width of the screen. For pages that have no native width (plain HTML, no layout), tapping twice centers the tapped paragraph on-screen — very handy for scrolling, as you can just tap at the bottom of the screen each time you get to the end of the page. For pages with layout, tapping twice a second time zooms back out.

If you tap twice on an image, the iPhone zooms to fit the entire image on-screen. It does not work for all images, such Questionable Content — perhaps because QCs are too tall, and MobileSafari doesn’t even try to fit them.

If you place two fingers on the screen and pinch them together, the iPhone zooms out. If you “unpinch”, it zooms in. Unfortunately the iPhone does not reflow the text to fit edge-to-edge, so this is almost never convenient for reading — either space is wasted or text is off-screen.

That’s six different zoom options and I may be missing more. But none is the one I want (which would be easiest to read) because the iPhone’s browser always wraps text to match desktop Safari, and never to provide the most readable page on the iPhone.

In reality, I double-tap almost every page to zoom a column to full width, and then hope that I can read the text in either vertical or horizontal mode. Usually I can.

I find the whole subject disappointing. I had more readable web pages on the Treo 600 and 650 for years! Apple could make the iPhone a superior device for reading web sites and ebooks, but has instead gotten hung up on “the real web in your pocket” and pretending that iPhones are running desktop Safari.

Update 2007/10/26: Apple’s just-released “Safari on iPhone Part II: Optimization” video discloses that the iPhone renders everything to 980wx1091h, presumably calculated to be close to the usable area of a browser window on a 1280×1024 17″ LCD, after menu bar, Dock, and Safari controls. This leaves me wondering why 684w*695h was such a close match.

I’ve added a couple lines to a couple of my pages, and they improve iPhone presentation substantially (no, they aren’t new, but they do work):

<meta name="viewport" content="width=device-width">
<meta name="viewport" content="initial-scale=.8">

I was walking down the street this morning, burning a piece of paper with some old passwords on it, and holding the box of matches I had used to light it. A woman saw me, and said “Hi. Gimme a match?” I got out a match and prepared to light it for her. Before I could strike flame, the woman leaned over to my burning password paper and lit a cigarette from it, then said “Thank you.”

There I was, standing on the street, thinking “Smoking’s bad, mm-kay,” and wondering why she asked for a match when she wanted a light (yes, I know, I cannot turn off being an editor), and thinking this was probably actually not the first time someone’s lit a cigarette from a burning password, but it’s still unusual.

Rockefeller University, where I work, was one of the original UNIX sites. In 1975, Mel Ferentz held what was apparently the second UNIX users group meeting (it is not clear if he was one of the organizers of the first meeting, in 1974). Mel went on to build USENIX out of those meetings. He moved on to Rockefeller University soon after those first meetings; just before I started at RU Computing Services, Mel stepped down as Director of RUCS, and moved on to develop Internet2 at NYSERNET.

Last week, Mark Kowitz left RU IT (RUCS after a name change), where he had worked for 23 years. Mark met his wife, Robin, in RUCS over 20 years ago. I met Amy there too, when I started in 1992 (I left in 1995, and Amy left in 1996; I came back; she has not). While cleaning out his papers, Mark found some old documentation on booting UNIX on the PDP-11/70, VAX 11/750, and VAX 11/780, and passed it along to me. Mark doesn’t remember whether he or Mel wrote the documentation, but it is visibly classic UNIX documentation (distinctive fonts and layout).

You can see some more about booting PDP-11 UNIX (in emulation) at Ancient UNIX, 8bitsunplugged.org Digital Archeology, and Amit Singh’s GBA UNIX.

To give you some idea of how much water there has since been under this particular bridge, UNIX was first developed on a DEC PDP-7 in 1969. Digital Equipment Corporation was basically bought by Compaq, which itself was later acquired by HP. This version of UNIX contains Western Electric license statement; UNIX was createdat Bell Labs, which was jointly owned by Western Electric and AT&T. Bell Labs was later absorbed into AT&T, spun out as part of Lucent, and merged with Alcatel to become part of Alcatel-Lucent.

AT&T split off UNIX into UNIX System Labs, which was later bought by Novell. Novell sold much of the UNIX business to Santa Cruz Operation, which sold its UNIX rights and the “SCO” name to Caldera. SCO changed its name to Tarantella and Caldera transformed itself from a Linux company into a UNIX company named “SCO Group”. Alas, Caldera didn’t make money either way, and eventually sued the world — IBM, Novell, various of its own customers, etc.

Along the way, several BSDs were created to provide an alternative to AT&T’s UNIX, later providing a family of excellent UNIX-based operating systems (including the core of Mac OS X). In contrast, Linux was launched in 1991 by Linux Torvalds, born in 1969, the same year as UNIX.

Those little pages are quite a time capsule!

Another paper, by Dennis Richie: http://cm.bell-labs.com/cm/cs/who/dmr/cacm.html.