Blogging Techstacks

Back on January 20th, 2011, Ross Mason, MuleSoft Founder, posted an article on the company blog, From the Mule's Mouth, titled "Systems Admins. R.I.P.?", which became popular this week due to it being posted on many aggregation sites and is filled with some lively commentary by many sysadmins around the world.

As I sit here waiting for the Cloud to rapture me off to the Choir Invisible, I can't help but think of those that fell before us. Who can forget back in the mid-70's when Digital Equipment Corporation's proclaimed the death of the mainframe with the introduction of mini computers and the effect it had on mainframe systems engineers.  There are none left.  They are all gone.  Remember when Microsoft introduced Windows NT Server?  That's the day we lost all the UNIX administrators. 

Perhaps they were the lucky ones because the hype around Cloud Computing is so great, this may be one of the greatest extinction events ever.   

All kidding aside, I do feel sorry for the MuleSoft systems administrator alluded to in the article. When the founder of your company publicly wonders what you do, you have a very tough job.

The Adobe MAX 2010 conference is underway and a bunch of announcements have already been made including updates to Flash Builder and Flex but the big news of today is the availability of Adobe AIR 2.5.  Targeting mobile platforms and TVs in addition to Desktops, the What's New in Adobe AIR 2.5 page provides a really good summary of all the changes that 2.5 introduces.  

In fact, the only thing missing from the SDK announcement is an actual downloadable SDK but when it is available, it will be awesome!  Perhaps you were thinking that building applications that can target televisions, desktops, and Android, Blackberry, and iOS devices was too fantastical to be true and with today's announcement and missing SDK, you would still be right!  

Since the keynote announcing these is not scheduled until 9:30 AM PST, perhaps what we are seeing today is a live demo of Adobe's LifeCycle Content Management features!  Editors note:  Zing! This page will be updated when the SDK transitions to meatspace.

UPDATE 1:  The blog post announcing the availability of the downloadable SDK has been updated, which now states that the SDK should be available for download at 12:00 PM PST.

UPDATE 2:  12:20 PM PST.  A comment on the announcement blog indicates that there has been some delay in getting the SDK released.  More info posted as I get it.

UPDATE 3:  At approximately 1PM PST, the 2.5 SDK download appeared but the comments on the announcement page are getting nasty!  

It's only been about a week since the last release but I thought folks might appreciate this new version of evnark codenamed "snarky".  No new functionality has been added but if you run this in a VT100 compatible terminal that supports color output and you are concerned about security, you will see a trust-inducing "green bar" on hosts using extended validation certificates.  You can rest assured that the ssl host you are connecting to is using encryption that is 'state-of-the-art', (even though the actual encryption level between the two hosts has not changed).  The screenshot below illustrates the change, first with a "normal" site using a scary, "traditional" SSL certificate and the second line of output is the extended validation output:

Hopefully, someone reading this post and has also built-in the green bar support in a browser can comment on whether there is some additional check being performed above and beyond what I'm doing here.  With extended validation certificates costing at least twice as much and the only distinguishing trait in the certificate turning the browser bar green is an object identifier embedded within the cert, I'm kind of feeling like the Internet is getting hoodwinked.

Downloads are now available from the main EVNark page

#!/usr/bin/env groovy
// usage: 'evnark [-h/--host "hostname"] [-p/--port "port"]'
//
// v0.2 
//   + Adds hostname lookup exception handling
//   + Adds connection Timeout exception handling
//   + Modified the output so that it will now state
//     whether or not an EV cert was found.

import java.security.*
import javax.net.ssl.*
import sun.security.x509.* 

/* This section sets up the command 
   line arguments portion of this script. */ 

def cli = new CliBuilder( usage: 'evnark [-h/--host "hostname"] [-p/--port "port"]' )
  cli.h( longOpt:'host', args:1, required:true, type:GString, 'The host or site you want to test' )
  cli.p( longOpt:'port', args:1, required:false, type:GString, 'Optional. Defaults to port 443')

def opt = cli.parse(args)
  if (!opt) return
  if (opt.h) host = opt.h

def port = 443
  if (opt.p) port = Integer.parseInt(opt.p)

// Create the socket
def factory = SSLSocketFactory.getDefault()

try {
  socket = factory.createSocket()
  socketaddr = new InetSocketAddress(host, port)
  socket.connect(socketaddr, 5000)
  } catch(UnknownHostException ex) {
      println "Hostname Resolution Failed.  Is ${host} a valid host?"
      return
  } catch(SocketTimeoutException ex) {
      println "Connection Timed Out. Is ${host} up or available?"
      return
  } 

try {
  socket.addHandshakeCompletedListener( new listener() )
  
  socket.startHandshake() 
  } catch(SSLHandshakeException ex) {
    println "CERTIFICATE PEER COULD NOT BE VERIFIED"
  } catch(SSLException ex) {
      println "The port number you specified (${port}) does not appear to be an ssl port"
  }

  class listener implements HandshakeCompletedListener {
  void handshakeCompleted(HandshakeCompletedEvent e) {

  def ev_oids = [
    // 'A-Trust GmbH':' Doesn't appear to offer the .yet',
    'AC Camerfirma SA':' 1.3.6.1.4.1.17326.10.14.2',
    'Buypass AS':'2.16.578.1.26.1.3.3',
    // 'Certum':' Doesn't appear to offer them yet',
    'Comodo CA Limited':'1.3.6.1.4.1.6449.1.2.1.5.1',
    'Cybertrust, Inc':'1.3.6.1.4.1.6334.1.100.1',
    'D-TRUST GmbH':'1.3.6.1.4.1.4788.2.202.1',
    // 'DanID':' Doesn't appear to offer the yet ',
    'DigiCert Inc':'2.16.840.1.114412.2.1',
    'DigiNotar':'2.16.528.1.1001.1.1.1.12.6.1.1.1',
    // 'Echoworx Corporation':' Doesn't appear to offer them yet',
    'Entrust, Inc.':'2.16.840.1.114028.10.1.2',
    'GeoTrust Inc.':'1.3.6.1.4.1.14370.1.6',
    // 'Getronics PinkRoccade':'Doesn't appear to offer them yet',
    'GlobalSign nv-sa':'1.3.6.1.4.1.4146.1.1',
    'The Go Daddy Group, Inc.':'2.16.840.1.114413.1.7.23.3',
    // 'IdenTrust, Inc.':' Doesn't appear to offer the yet',
    // 'IpsCA, IPS Certification Authority s.l.':' ',
    'Izenpe S.A.':'1.3.6.1.4.1.14777.6.1.1',
    'Network Solutions L.L.C.':'1.3.6.1.4.1.782.1.2.1.8.1',
    'QuoVadis Limited':'1.3.6.1.4.1.8024.0.2.100.1.2',
    // 'RSA Security, Inc.':' ',
    'SECOM Trust Systems CO.,LTD.':'1.2.392.200091.100.721.1',
    'SecureTrust Corporation':'2.16.840.1.114404.1.1.2.4.1',
    // 'Skaitmeninio sertifikavimo centras (SSC)':' ',
    'StartCom Ltd.':'1.3.6.1.4.1.23223.2',
    'Starfield Technologies':'2.16.840.1.114414.1.7.23.3',
    'SwissSign AG':'2.16.756.1.89.1.2.1.1',
    // 'T-Systems Enterprise Services GmbH':' ',
    // 'TC TrustCenter GMBh':'1.2.276.0.44.1.1.1.4',
    'thawte, Inc.':'2.16.840.1.113733.1.7.48.1',
    // 'Trustis Limited':Doesn't appear to offer them yet',
    'ValiCert, Inc.':'2.16.840.1.114414.1.7.23.3',
    'VeriSign, Inc.':'2.16.840.1.113733.1.7.23.6',
    'Wells Fargo WellsSecure':'2.16.840.1.114171.500.9'
  ]

  def certs = e.getPeerCertificates()
  def crt = certs[0]
  def intcrt = certs[1]

  def ext = crt.getCertificatePoliciesExtension()
  def policies = ext.get(CertificatePoliciesExtension.POLICIES)
    for ( PolicyInformation info in policies ) {
      CertificatePolicyId id = info.getPolicyIdentifier()
        def certpolicyid = id.getIdentifier().toString()
        //println ""
        //println "Found Certificate Policy ID: ${certpolicyid}"
      if ( ev_oids.any { it.value == certpolicyid } )
        println "\033[0;42m" + " This host uses an Extended Validation Cert " + "\033[0m" + "\nThe Certficate Policy ID is: ${certpolicyid}\n"
        else 
        println "This host does NOT use an Extended Validation Cert\nThe Certificate Policy ID is: ${certpolicyid}\n"

    }
  }
}

socket.close()