Those of you who are all up on modern web security practices probably recognize this problem already, but I didn't have the relevant information and was completely boggled.
]]> When I looked at our certificate vendor's support site for the third or fourth time, I found a certificate installation checker. It was right there on the support homepage all along, but I guess you tend to miss things if you're only focusing in on your latest guess rather than keeping the main problem in your mind.Anyway, this checker lets you enter a hostname and port and it will tell you if the cert on that connection is valid, and if not, what's wrong with it. That told me that the forums server was missing two intermediate CA certs. I didn't understand what was up with that, but it gave me the certs to install, so I shrugged and dropped them into the webserver's cert DB and voila-- IE quit complaining and reported a valid secure connection.
I still didn't understand what was going on and why that solution worked, so I did a bit of digging around.
Apparently in recent years, certification authorities have moved from signing customer certs directly with a root certificate, to signing them with an intermediate certificate which is signed by the CA's root (or possibly by a higher-level intermediate cert that is signed by the root). All modern browsers come with root certs from many different certification authorities, but that is no longer enough by itself because most site certs are no longer directly signed by the CA root.
Firefox has a bunch of intermediate certs installed in it by default, so it can validate certs from sites that don't provide the whole chain. IE on the other hand only has the root certs, so unless a webserver provides the intermediate certs, IE users are out of luck (insert obligatory firefox-is-better assertion here.)
I suppose at some point I could explain about SSL and certificates and signing and all that, but maybe later.
]]>So let's see how well this performs...
]]>But you know... we still can't actually use this, because it can't put blogs into the main website. Crap. So we're back to trying to compile that $%*&^}$(*$#{$!!! DBD::mysql module on firefly again. For freak's sake, this was supposed to be done a week ago now!
]]>So probably this will go into the DB but publishing will fail, then next time I publish from the old server it will work. In other words, we have not yet succeeded. Probably.
]]>Most people who edit pages on the WOU website use Macromedia Contribute. (Well, OK, technically it's adobe now, since they bought out Macromedia.) Before you can get started editing, though, you need to connect to your site. Here's how to do that:
You now have access to edit the Writing Center website at "http://www.wou.edu/las/humanities/writingctr/". Katherine asked me to get you set up to use Macromedia Contribute for editing that site; here's how to do that.
One more thing: After clicking Edit and making changes on a page, make sure you either publish it, cancel it, or save it for later. If you quit the program without doing any of these things, the page will be locked and you will get an error the next time you try to edit the page; Contribute will think that you are already editing it on another machine and not let you in. Call or email me to get that lock cleared.
If you want training with Contribute or about Web design, contact Scott Carter in the Technology Resource Center, at carters@wou.edu or extension 88848. I can answer basic questions and help if anything seems to be wrong, but Scott handles any training beyond that.
To use Google Docs, go to docs.google.com. If you already have a Gmail or Google Docs account, log in with that username and password. Otherwise, create an account by following the instructions in this howto doccument.
The first time you log in, there will be a "Getting Started" box with an arrow pointing to the Upload button. This button is, naturally enough, what you use to upload files. Next to it is the "Create New" menu; we'll get to that in a moment, but first let's talk about uploading.
When you click the Upload button, you'll be taken to a separate page which tells you how much storage you are currently using, and gives you upload options. Let's look at these:
You can share individual documents by clicking on them and then using the Share menu on the details page, but if you have many files to share it is easier to create a shared folder and then simply put documents into it. Here's how to do that:
Once you've shared a folder, you can simply upload documents into it, or drag them from the All Documents list onto the folder name in the sidebar. Now here's something that will seem weird if you don;t already use Gmail: documents can be in more than one folder. If you share one folder with a certain group of people, and another folder with a different group, you can share a document with both groups by dragging it to both folders. Whether you're looking at All Documents or the contents of a folder, each document will show the names of the folders it is in; if you want to remove it from a folder, just drag it to the All Documents item in the sidebar (though this only works if you have editing rights on the document.)
Now, you might be thinking "but what about viewing and downloading documents? All this uploading, sharing, and foldering is pretty useless otherwise." Fair enough; luckily this is easy. Whenever you see the name of a document, you can just click it to get to its details page. This will show you a preview if one is available, and give you links to download the document or open it. Note that some documents, such as video files, cannot be previewed or opened in Google Docs, but can be downloaded.
Anyway, this was just the basic introduction. Like most Google services, there's a Help link next to the sign our link in the upper right; explore that for lots more about Google Docs!
]]>If you want to use Google Docs but don't already have a Gmail or Google Docs account, you'll need to click the "Create an account now" link below the login box, which will take you to the account creation form. There, you need to enter the following:
Once you are done with the form, you will get a confirmation email at the address you gave in step one. The subject line will be "Google Email Verification" and it will be sent from "account-verification-noreply@google.com", so make sure your spam filters are set to allow the message through. You should save this message, because you may need it again if you forget your account name or password. Consider saving it as a file in your home directory, so you have a backup in case the email is accidentally deleted.
Click the verification link near the top of the email. You'll be taken to a page that confirms that your account is now active and gives you several options and informational links. It is not necessary to link your account to a gmail address or a mobile phone, but you can do so if you want to. However, instructions for those actions are beyond the purpose of this document.
The "Click here to continue" link will take you to Google Docs itself, which I will cover in another document.
]]>If this is happening to you, the first thing to check is the label on your X: drive in My Computer. It should say "wouwebsite$ on 'Samba 3.3.4 (firefly)' (X:)". If your X: drive says 'sundown' instead of 'firefly', it means that your X: drive was set up manually at some point, and so it couldn't get changed automatically when we changed everybody else's.
Right-click the drive and choose Disconnect, then log out and back in to your computer, and whether you see an X: drive and that it says firefly instead of sundown. If you see that, everything should be fine now, except that if you use the Terminal Server, you need to make sure to check there too.
If you don't see an X: drive after logging back in, let me know. You can reconnect it by going to the Tools menu at the top of the My Computer window and choosing "Map network drive" which should pop up a dialog box. Choose X: from the Drive menu, and type "\\firefly\wouwebsite$" in the Folder box. (Don't type the quotes, and make sure you use backslashes \ rather than normal slashes /.) Make sure the "Reconnect at logon" box is checked, then click Finish and you should be all set.
EDIT: We have now changed things so that you can no longer make changes if your X: drive is connected to the wrong place. If you went into your X: drive and saw only a text file that told you to come here, that's why. If you go through the above process (remember to do it on the terminal server too, if you use it) and it does not fix anything, please let me know!
All recently changed files in the old server (sundown) have been moved to the new server (firefly) as of 1:00 AM on Monday August 30. Again, please let me know if anything is missing or looks wrong.
]]>Unfortunately, what looks good at 4:00 AM isn't always so great by the light of day. Ever since then I've been running around putting out fires.
Here's a brief list of the problems we've seen (most are already solved.)
There's more, but I need to get back to that WOUAlert problem.
]]>Dear network user, Your account has violated a quota and will be turned off. To avoid this, email your login name and password to somebody@somewhere.com.Signed, wou.edu administrator
To us geek types, this is obviously a scam. I just keep getting reminded that other people don't instantly spot this for what it is, even when it tells them to send their info to a non-WOU address. It can be even harder to spot when the From: address on the email is something like admin@wou.edu, or the message tells you to go to a link that looks like it's on our website but actually goes elsewhere.
So really what we need are some general rules of thumb. The first and most obvious is never, ever, ever, EVER put your password into an email message. Never. And did I mention never? Of course this means we UCS folks should never ask someone for their password except in person -- we really don't even want to get users in the habit of saying their password over the phone.
Another rule of thumb would be never trust emails from generic addresses. When we send messages out, they'll have a specific name on them, not just "admin@wou.edu" or some such.
If we agree on this among ourselves and communicate it to users, hopefully that'll help everybody.
]]>Brian is going to be gone again next week, but this time we won't have these problems because we've improved the process. First of all, we found out why most of the notifications were misrouted and fixed that. Also, I've added some more automation to the faculty/staff account creation system, so there's less work to do. I can't really talk about the details because that would mean giving out too many specifics about our servers, but several steps that formerly had to be done by hand now happen by themselves. The weird part was how easy it was to do, once we took another look at the process; once upon a time it had to be complicated, but thanks to various changes we've made in the last few years, a bunch of stuff was no longer needed.
Anyway it's way the heck late at night and I need to get out of here. At least the prettymail stuff is working , um, pretty well. (Yeah, this is my 2AM sense of humor.)
]]>