Saturday, September 13, 2014

FIXED: iMessage, FaceTime Broken on OSX

Hey, time for my yearly blog post.

If your iMessages aren’t being received and are not going out from your Mac, and if your FaceTime isn’t working at all on your Mac, and you are noticing “apsd: Root certificate is not explicitly trusted” errors in the console, and you don’t see Entrust certificates in your System keychain, and you’d rather not wade through a bunch of blather, skip down to a possible solution.

Yeah, so one day I flipped on my Mac and over the course of a half hour noticed that something had gone awry in my keychain, specifically with certificates. Certain apps could not log into their remote server, but the most annoying thing to me was iMessages stopped working with the Messages app.

I get text messages frequently from friends, family and colleagues, most of them owning iPhones. With the Messages app on OSX you can add your iMessage account(s) to the app and send/receive those iMessages on your computer as well as your other iThings. It’s downright handy while you’re working to not have to pick up your iThing to interact with your dad who wants advice on a fabulous offer from a Nigerian businessman.

Okay, so what was happening is that Messages would not receive any iMessage sent to it and, conversely, when I tried to send one it would think about it for a bit before giving me the little red exclamation point.

fail fail fail

So I sleuthed around in the console app and notice this happening a lot:

more fail more fail more fail

Wha?

Much googling too place and I ended up on winding roads through the techno-babble wheat fields of the internet. This is what I did that finally resolved the issue:

  1. Go here: https://www.entrust.net/downloads/root_index.cfm. You may get a message in your browser that the site isn’t trusted and blah blah blah. Live dangerously!1 Seriously, there is something hosed with their certificate:
    Screenshot 2014 09 13 10 25 59Beats me, but Apple uses them.
  2. You’ll be presented with a form containing two radio buttons:
     Screenshot 2014 09 13 10 34 16I don’t know if it makes any difference but I chose the first one and clicked the download button.
  3. Now you’ll be presented with a list of certificate options:
     Screenshot 2014 09 13 10 35 16Select the first option (Root Certificates).
  4. You’ll be presented with a handful of text boxes containing unreadable stuff. Above each of those boxes is link to download that unreadable stuff. Find the one named "Entrust.net Certification Authority (2048)” (should be the second option) and click the download link with the “cer” extension.
  5. Open the Keychain app on your computer. Note that with a handful of the following steps you may be prompted to enter your credentials one or more times. Live dangerously!
  6. Click the System Keychain in the upper left of the window.
  7. Go to File, Import Items.
  8. Navigate your way to the cer file you just downloaded. Select it and import it.
  9. Click on Certificates in the bottom left of the window.
  10. You should see the certificate you just imported. YOU ARE ALMOST DONE.
     Screenshot 2014 09 13 10 44 40
  11. Right click on the Entrust certificate and choose Get Info.
  12. At the next window expand the “Trust” section at the top. You’ll be presented with a bunch of dropdowns. 
  13. The first dropdown is labeled “When using this certificate”. Click the dropdown and select “Always Trust”. Close the window.
  14. Now your certificate should have a little blue cross on it:
     Screenshot 2014 09 13 10 48 09
  15. You are done. Beer yourself.
I did not have to reboot anything on my machine before iMessages and FaceTime started working, but your mileage may vary. If it doesn’t work right away try rebooting your machine. Also try logging out of your iMessage account in Messages and logging back in. If it still doesn’t work then you have another issue or two going on, and it still may have to do with certificates. You can read more about those issues using a tool I frequently employ that I like to call google.
 
If this did happen to work for you then great! Please drop me a comment and let me know. I only wrote this because I didn’t find this specific solution using the tool I frequently employ that I like to call google. Maybe I should have used a bing.

 

  1. Of course, any harm done to your or your computer up to and including and exceeding the pwnage of your network(s), your neighbor’s networks, and the entire power grid within a 1.5AU radius of your computer is solely your responsibility. Live dangerously, responsibly.
 

Friday, October 04, 2013

Adobe Gets Pwned

For those who have accounts with Adobe, you may have woken up to this little greeting:

Important Customer Security Alert
To view this message in a language other than English, please click here.

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care

Wednesday, July 31, 2013

Ride Retrospective: CT Challenge 107

This is supposed to be a ride retrospective (and indeed it is in here somewhere) but this is also a bit of a retrospective of recent history.

On Saturday, July 27th I took part in my first century ride. Hopefully it will not be my last.

I was bit by the cycling bug last year when I started cycling to get into shape. Friends encouraged me to get into a century ride last year but I had to decline. I felt there was no way I would be physically able to do it, and I also felt like I hadn't studied cycling itself enough to be confident in what I was doing.

When I started I was in full Fred mode – hiking shoes, hiking shorts, cotton t-shirt. Over the course of the year things evolved a bit. I found cheap biking undershorts to wear, I wore wicking shirts, and I bought a pair of minimalist shoes to wear while riding. No clip-in shoes yet as I felt like I'd be spending most of my cycling time laying on the ground instead of up in the saddle.

By the beginning of this year I was ready for some changes to take things to the next level. With the generous help of family I upgraded into a newer bike with solid components. The old bike was shipped to my parents' home across the country so I could ride while out there. I found cycling clothes on the cheap (the pockets on the back of a jersey are insanely useful). Most of all I switched to a set of clip-in pedals and shoes. I've only fallen down three times this year!

As I started "training" in late March I began looking for a century ride to participate in and came across The Connecticut Challenge. The CT Challenge is an organization which "empowers cancer survivors to live healthier, happier and longer lives by creating and funding unique survivorship programs and research." Great, there are members of my family who have overcome cancer, and there are others who are dealing with the possibility of it.

Around the time I entered the ride my wife Lori was diagnosed as being positive for the BRCA2 gene mutation. It was a process of a couple years that led us to this diagnosis which I explained in the "charity beg" messages I sent out:
Cancer has been a frequent topic of discussion in our family. Over twenty years ago my wife Lori's sister was diagnosed with and treated for melanoma from which she is fully recovered. A handful of years later their mother was diagnosed with leukemia and against all odds beat it. She is currently in remission. 
Lori's Aunt was diagnosed with breast cancer a couple years ago and subsequently had a mastectomy. Last year this Aunt's oldest daughter (Lori's cousin, who was in her early 30s at the time) was also diagnosed with breast cancer and had a double mastectomy. Prior to surgery this cousin elected to be tested for the BRCA2 gene mutation and she tested positive.
The BRCA2 gene mutation generally increases the chances of several different types of cancers including breast, ovarian, prostate and pancreatic. It is closely related to the BRCA1 gene mutation which made the news earlier this year when Angelina Jolie disclosed that she had a double-mastectomy after testing positive for this mutation. You can read the details about these mutations here
After Lori's cousin tested positive for the mutation the cousin's younger sister tested positive for the gene mutation and also had a double-mastectomy. So earlier this year Lori and her sister were both tested for the BRCA2 gene mutation and both tested positive (this also means their father is positive for the mutation). 
A little over a month ago Lori underwent a hysterectomy and oophorectomy and is currently recovering. Lori's sister has already had a hysterectomy for other reasons. Both Lori and her sister are now evaluating their options with regards to having mastectomies.
In all I thought this would be a good ride to get involved in as it felt close to home, personal. So I "trained" all spring and summer, about 1600 miles worth.

On the eve of the ride we received the results of Lori's third breast biopsy in the past 18 months – positive for cancer.

On the day of the event all the riders assembled in the different staging areas with the hundred mile riders at the front to go first. The master of ceremonies gave us a word of advice – as you grind up one of those obnoxious hills remember the people you are riding for. During this little pep-talk I have to say it was hard not to lose it.

So, yes, about that ride retrospective. A little after 8am they let the hundred milers take off. The first segment (and by segments I mean the riding intervals between the aid stops) was flat and mostly about not running into each other. There were a lot of riders out on the road and I got a feel of what the peloton effect is all about. I was riding on adrenaline. Somewhere after the 15th mile the first aid stop showed up.

The aid stops were awesome – hydration, snacks, ice to cool you off, first aid, porta-potties and a bike mechanic.

The second segment was still all about the adrenaline but a handful of climbs starting working their way into mix. Still doing pretty well but I'm having to suppress the jerk-wad tendency in my head to race so that I don't fall into the dumb-wad trap of not finishing. The second aid stop appeared after the 34th mile.

The third segment I'd have to say was brutal. It felt like mostly climbing with a couple downhills, and one of those downhills occurred on a mile-long piece of road that was dug up for resurfacing (we were riding on dirt). The continual climb led to the north shore of Lake Waramaug, 50 miles from the start and the site of station 3.


I have to say if this station served hot dogs and potato salad I would be hitching a ride to the finish line. My legs felt pretty much spent. Also at this point my stomach was telling me to stop sending solid stuff its way. You're supposed to be constantly snacking on stuff on long rides but the stomach was issuing a veto. I didn't feel like throwing up, I just felt like it wasn't a good idea to shove something down my gullet. This would likely hose me as far as energy levels go the rest of the ride.

Mercifully the fourth segment was mostly downhill or flat to the next station at the 69th mile. No more food but I did switch over from water to this magical, pee-colored elixir known as Gatorade. I felt like I had a little more life in my legs leaving this station.

Even more mercifully the next station was less than ten miles away at the 78th mile. During this segment there were a few muscles threatening to lock up. If I had to jerk my legs in any motion that they hadn't already been doing the past 78 miles then a muscle was going to lock up and one of the SAG vehicles would be extricating me from my bike on the side of the road somewhere and hauling me back. At the 6th station I took in electrolyte tablets and noticed that it hurt to breath and swallow. Awesome.

Somewhere after the 80th mile somebody installed a terrible, morale-killing hill on the route. Thank you not for that.

The last aid station, number 7, was at the 93rd mile. I'm going to be honest, I barely remember being at this station.

The last 14 miles to the finish were mostly flat and I was mostly alone. I had begun to wonder if I was so slow that they rolled everything up and put it away but that went away as I hit the finish line – to the cheers of strangers (which, I have to admit, was pretty nice) as well to the cheers of family and Lori (also pretty nice).



Looking back at it less than a week later I feel like I'm talking about somebody else who did that ride. I don't know if it was the ride itself or more the surreal timing of the ride with the news of Lori's diagnosis.

In any event I am thankful for many things:

  • The generous donations of family and friends who contributed to the CT Challenge. I am humbled. (PS – it's not too late, you can still donate here).
  • The prayers of many for not just the ride but for our family. Also very humbling.
  • The generosity of my family who chipped in with the bike.
  • To the friends and family who were generous with their time and food while Lori was laid up following her surgery. They allowed me to keep putting time on the bike.
  • The friends who helped us get a room close to the event so we didn't have to schlep ourselves down there the morning of the event.
  • All the staff and volunteers who worked the CT Challenge ride. What an amazingly well organized/run event – meals the night before and the morning of the event, an orderly check-in and check-out process (including keeping tabs on you at each aid station), ridiculously well-stocked aid stations, SAG vehicles, a bazillion marshals riding along, and everything ran on time. Bravo. 
  • Most of all, to God who ultimately is the one who kept me out of the ditch and off the hood of somebody's car.
I will most likely give this ride a try again. I don't feel like I rode my best due to the nutritional issues I had the second half of the ride (I wonder if I kicked up some GERD the night before) and the fact that I did my "long" training ride maybe too soon before the event.

For those that like to see data and maps and such things you can get a nerds-eye view of the ride here.

Saturday, December 15, 2012

Missing Search Services in SharePoint 2013 Installation?

So, let's say you just installed SharePoint 2013* and elected to go the route of using psconfig to create/provision the configuration database and Central Admin app. Upon launching Central Admin you find that you can't install any services. If you launch the configuration wizard the only service available is health and usage, if you go to Manage Service Applications then nothing happens when you click the new button in the upper left. When you go to Manage Services On Server you'll find six or seven services but not search services.

It turns out you'll need to run a couple more commands if you elect to strictly go the psconfig route:

psconfig -cmd services -install
psconfig -cmd services -provision

After running these commands you should be able to install search services, as well as any other services you're looking for.

UPDATE: You'll also need to install features using:

psconfig -cmd installfeatures

* And, let's say, if you didn't then just skip the rest of this post.

Friday, September 16, 2011

He Was Only Quoting A Nobel Prize Economist

Social Security is structured from the point of view of the recipients as if it were an ordinary retirement plan: what you get out depends on what you put in. So it does not look like a redistributionist scheme. In practice it has turned out to be strongly redistributionist, but only because of its Ponzi game aspect, in which each generation takes more out than it put in. Well, the Ponzi game will soon be over, thanks to changing demographics, so that the typical recipient henceforth will get only about as much as he or she put in (and today's young may well get less than they put in).

Rick Perry
Some Evil Republican
Paul Krugman

Friday, August 05, 2011

Philip Rivers vs. Dan Fouts

Here’s one for the casual or not-so-casual Chargers homer.

Nick Canepa of the San Diego Union Tribune offers up the opinion that Philip Rivers has already taken the mantle of greatest Chargers quarterback ever… over Dan Fouts. Although I’m not a Canepa fan this is an opinion I started to hold back in 2006. Not necessarily that Rivers was already the best Chargers QB ever but, when the dust had settled, we (that is, you the Chargers homer and myself) would look back on the respective careers of these two fine gentlemen and conclude the Rivers was the better QB, overall.

This doesn’t settle so well for those who look back misty-eyed at the Air Coryell era. When asking for commentary on the article from a fellow friend and Chargers homer I’d have to classify his reaction as a tiger who just had a stick poked in his cage. Now comparing two athletes playing in the same position in two different eras is always a challenge, but my friend said that I could compare Fouts’ golden years (1979 – 1981) with any three years from Philip Rivers and it wouldn’t be close.

Well, I somewhat agree with my friend except I think the scales are tilted solidly in Rivers’ favor.

Rivers_vs_Fouts

(From NFL.com. Click for full size.)

Friday, December 10, 2010

On WikiLeaks

No, I'm not just trying to cash in on traffic from this search. But I do have an opinion here, and I wanted to share it.

I have been reading about the retaliation by hacker groups (Anonymous taking lots of credit there) who seem to be targeting those who would quiet WikiLeaks in any way. While I do agree that the site has damaged the US and the operators should be punished, I wholeheartedly disagree with commercial entities stepping in. Are you listening, Visa and Amazon?

This is a political matter, and you need to stay the hell out of it. This is new ground for many laws, so let the case be set out publicly in full understanding, and let the legal system be upgraded to handle it.

As for the hackers themselves, they have an opportunity to show restraint and still get the message across. I like this bit scoured from the web:

"We are replacing operation #payback with operation #payitforward. Hackers, please perform random acts of kindness."
This could be a great PR move, but must also be matched by governmental restraint along with open discussion. The concept at play here is how to deal with sensitive information. What's become apparent in the news is that the information released has more to do with interaction and personal tactics. The lesson for the government is to understand that the public servants need to learn a little more professionalism

That being said, if you stifle an individual's ability to share their opinion privately, you are losing much of the value of that person in making decisions. There needs to be a venue for off-the-record discussions (so, don't record them, perhaps?). Of course that flies in the face of appropriate documentation. What to do, what to do...?

Here's what I see at the moment, though I admit I have not gone hunting too much: Assange is a dick for supporting the illegal dissemination of sensitive information. Manning is a bigger dick for doing it in the first place (treason in a time of war, but not of the executable variety) this time around. The problem from the government side is releasing info to the wild does not automatically declassify it. But through Executive Order, members of the gov't (i.e., anyone authorized to handle classified info in this case) are not allowed to comment on whether something is truly classified, to what level, or what impact the release may have.

That means WikiLeaks can't legally be shut down without some serious dancing as to why and specifically what might be classified. But, the Feds should have authority to shut down the site so long as there is appropriate public justification and a closed court record. What should NEVER happen in a case like this is business getting involved without direct Federal oversite, again with legal consent. And the citizenry (global, in this case) should strive to demonstrate its power by being reasonable but firm

This is indeed sticky.