i just got hit in the head with a rock and it started to bleed while i was in the pool and it happened before 11:00am while my family was getting checked out of the KOA Kampground.
I have a program that I have written that collects weather forecast from US and Canadian organizations. It then takes that information does some processing and distributes the data via SOAP to a number of WebCTRL servers.
I have written the program in C# using Microsoft Visual Studio 2010.
In the past I have just created a quick self signed certificate from within the publishing wizard in Visual Studio. I have always felt a little uncomfortable about this since it creates a certificate associated with my local development computer and seemed quite lame.
I have a number of needs in our organization for certificates and so I thought it might be time to break down and create my own Certificate Authority. Then I would be able to have a certificate signed and associated with the company for which I work.
This turned out to be a long and complicated process, and I am only going to touch on a couple of specific issues that I found quite exasperating.
Here are the specifics of my environment.
Server 2003 stand alone, with the Certificate Services installed and configured as a CA.
Windows 7 Pro
Microsoft Visual Studio 2010
Issue one: The tools available with the certificate services on Windows Server 2003 do allow me to create a code signing certificate but there is no way that I was able to discover to export a certificate.pfx format which contain both the certificate and the private key required to use the certificate in Visual Studio 2010.
I have to export a certificate.p7b and then combine that with the certificate.pvk private key file.
So off to www.google.com I go to try and find a way to convert / merge my files. Now my Google foo may not be at the wicked level yet I am a reasonably proficient user, I worked for years as a programmer at an internet search engine company. I cannot tell you how many pages I visited before stumbling onto pvk2pfx.exe.
This brings up issue two: The only(that I could find) way Microsoft has to combine these pieces properly and securely was to use the above referenced command line application pvk2pfx.exe.
Now I have no problem using the command line and in many cases actually prefer to do things this way. But this tool is only available via the Windows Platform SDK. Now far be it from me to question the logic behind Microsoft packaging decisions. It does seem a bit of a stretch to not have some of the certificate managing utilities not included as part of the Certificate Services install.
So I download and install the Windows Platform SDK and get the utility that I need.
Issue three: Virtually all of the documentation for pvk2pfx and code signing refer to an .spc file, instead of a .p7b. To make a long story short they are identical it makes no difference what you call it, the PKCS #7 standard does not address file extensions and so different entities pick whatever makes sense to them but it sure can be confusing, and sometimes the differences are very real.
So the final command goes like this, and yes you have to type out your password(s) minus the quotes.
pvk2pfx.exe -pvk certificate.pvk -pi "your_pvk_password" -spc certificate.p7b -pfx certificate.pfx -po "your_pfx_password"
Voila a pfx code signing password.
I am a club cyclist, I love to ride my bike.
I commute to work on my bike and this week I have had two separate motorist whom I am sure are normally very nice people honk at me in anger.
Now even though I was acting completely legally, I can understand why they might not think that my actions were appropriate. The thing that really gets to me is that neither of these gentlemen were inconvenienced or even slowed down by my actions.
In the first instance I am traveling with traffic on the correct side of the road on a two lane road with no marked bike lane. A new right turn only lane gradually starts and since I am not turning right I ride exactly down the middle of the marked dividing line between the center lane and the turn lane.
This gentleman was angry that I was not hugging the right curb.
In the second instance I was riding down a residential street with almost no traffic ever, 25 mph speed limit. I come to a stop sign, slow down to make sure there is no other traffic and then proceed through the stop without coming to a full stop.
Now this gentleman was more than 1 block behind me when I passed through the intersection and he honked and yelled at me for not stopping. Now some of you might be saying hey you need to stop there and he was right to correct me. Well Idaho law specifically allows cyclist to treat a stop sign as a yield, and a red light as a stop sign.
If I had blasted through a stop sign in a high traffic area, or inconvenienced this man in any way maybe I can see why he might be upset, but seriously does he not have any important issues in his life to occupy his time. Would it have been too much to slow down and talk to me about this issue, I could have explained it very easily.
I take great pride in being a responsible rider, stop to help people, I carry tools and a first aid kit and have helped a large number of people along the way.
I wear my teams and my team sponsors logos prominently on my kit, I want to be a good representative.
Do I need to live my life and act in a manner contrary to my own legal self interest just to avoid upsetting the public around me?
The following is a letter I wrote to Senator Wyden, one of the few senators that has the balls and intelligence to stand up for the values our country was based on.
Mr. Wyden, I wanted to take a moment to commend you for your willingness to make sure that our laws make sense and do what they should do improve the lives of our citizens.
Specifically I appreciate the hold you placed on S. 968, the PROTECT IP Act.
While I also feel that we need to protect everyone’s creative output, I feel that recent efforts do more harm than good in this respect.
I believe that any changes to law in this area need to be first focused on the core goals of copyright, those of encouraging creation of new content for the greater good.
I feel that S. 968, the PROTECT IP Act does not do any of these things, it focuses almost to exclusion of all else on enforcing draconian rules and interpretations based on nothing but fear and doubt, without a shred of evidence that they will even accomplish their stated goals.
I welcome a more through discussion of what can be done based on facts.
Also as the System Administrator for a company that has offices in Oregon and other states, I am very very concerned about the unintended consequences to the electronic communication systems that we rely on to provide excellent services to our customers.
I also want to commend you for your stance on the “Patriot Act”. In the long run this law may be even worse for individual citizens than S. 968, the PROTECT IP Act.
Our government needs to be open and direct about its goals and interpretation of law. I understand that we live in difficult times and that our security and intelligence systems need to be robust and effective.
But we cannot allow ourselves to sacrifice core values to achieve these goals and I believe that we do not have to.
I don’t take many vacations, but in about 2 minutes I am off on a real adventure.
We are driving from Boise, ID to Dripping Springs, TX for a family reunion.
3500 miles, at least 60 hours of driving (rough estimates since our path and schedule are not fixed), nine people one suburban, a tent trailer and two bicycles.
Well I guess I need to explain the name powertoaster.
I used to work for an Internet company called Powercast Media, we created quite a few websites most of which had power in the name the flagship site being www.powersearch.com.
My official title was ‘Power Programmer’. On those nights when we would push our new changes to the server farm, we would all hang out and play computer games while waiting for the new changes to go live.
I was very good at game like Need for Speed and Age of Empires but not so good at the first person shooters, Half life, Doom, Counterstrike. In fact I was frequently toast.