lighttpd and Thawte

Thawte have done it again: mucked about with their root cert. This did this once, years ago. You'd think they'd learn.

So, after much grief I found out how to set up a new SSL certificate in lighttpd:

domain.key is the key you signed your CSR with.
domain.cert is what you have just "Picked up" from Thawte. You want the X.509 one.
cat domain.key domain.cert >domain.pem

wget https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem
Note, please change domain to whatever the FQDN your certificate is for.

You then need to following two lines in your lighttpd config file
ssl.pemfile     = "/etc/lighttpd/domain.pem"

ssl.ca-file = "/etc/lighttpd/SSL123_CA_Bundle.pem"
The CA Bundle is a chain of certificates. Normaly, an SSL cert is signed directly by a root certificate installed with the browser. But Thawte likes doing things the hard way. So they signed a certificate with their root and now sign all new SSL certs with that intermediate certificate. So the web server has supply both the SSL cert and the intermediate certificate to the browser. That's what SSL123_CA_Bundle.pem is. If you bought one of the more expensive options, you should download another bundle.



I do this too often.

So I want to build an Ugly Drum Smoker. Why? So I can cook pulled pork and BBQ chicken the way it's done by the pros. Also, maybe make some smoked salmon. But something that big wouldn't get used that often, so maybe I should just make a small smoker in a flower pot.

For the flower pot's burner, I'd have to get a rheostat (expensive) or a stove-top-control-the-technical-name-of-I-don't-remember (cheap, but not very precise). But I'm the hacker born! Why not use a K-type thermocouple and an SSR and control the temperature precisely from a laptop. I already have the thermocouple and can get readings from my DMM. But plugging a thermocouple into a computer is expensive; most people who want to do it need 0.1 C precession and 24/7 reliability, so one channel over USB is about 60 $.

(On a side note, why is it that a thermometer that has an LCD output is cheap, but one that would send the temperature over USB or RS-232 so expensive? I've often dreamed of a universal 8-segment to computer converter.)

Ideally, would build a thermocouple interface with this PCB, a few parts and an Arduino board. Total of about 100$, but I get 4 ports so I could log ambiant temperature and meat temperature plus a few digitals output to control the SSR. I'd also get to play with an Arduino. However, it means I have to give up some of my precious Copious Spare Time.

But if I just wanted to save time, I could use a PIB controller, about 80 $ on eBay. No wasted time, but no computer logging and meat temp would have to be verified by eye on the DMM.




It's time

So the time changed a week or so back. But it didn't on my cellphone. My 16h15 Désirée reminder was going off at 15h15, most annoying. Finally, I called Solo to complain. The script reader got me to do a bunch of silly things, none of which worked. A modern cellphone gets its time from the cellular network, so basically the problem was on their side.

That evening Dominique told me her work cell would have the wrong time in the morning, but the right time during the day. Faulty cell tower, I blame you!

My support call was eventually escalated to an engineering ticket, they said 24-48 hours to fix. As I was making bread just now, my cell did the looking-for-server-beep, well, several of those beeps, and now it has got the time right.

Which I guess means they just rebooted the tower.

All this sort of makes me wonder: am I the only person in North Hatley and Katevale to notice that their cell was out of sync? If not, why didn't anyone phone in before me? If was the only one to notice, wtf you people?


Server-side javascript, yep!

Turns out the solution to server-side Javascript is V8, NodeJS, node-mysql and express. When I get a few spare tuits I'm going to see how all this fits together.

EDIT: Also dnode, expresso


So I bit the bullet and installed MSIE 8 on my Windows VM. A task that would have been made easier if the download page didn't crash MSIE 6. Brilliant move there.

Today I was poking around a bit and discovered some startling things: A JavaScript debugger, logging console, CSS and DOM viewer and more! WHO'S A HAPPY PROGRAMMER NOW?

Mind you the MSIE Dev Tools are equivalent to a 3 year old version of Firebug. And the dev tools are pretty slow, about as slow as a ... a very slow thing. I'm going to have to up the resources to that VM.

And of course, this being MS, they go and muck up the console.log API.

The following works as expected:
This next snippet however fails:
Someone please track down the programmer who wrote this and all the team leads and suits who signed off on it and SLAP THEM UPSIDE THE HEAD! .apply has been part of JavaScript since 1.3, which was released back in the previous millennium. So we get yet another arbitrary work arounds for MSIE.

Because I can't just go sprinkle console.log() through out the code; many/most users will not have Firebug or MSIE 8 installed.
function fb_log () {

if( window['console'] && window['console']['log'] ) {
if( window['console']['log']['apply'] ) {
console.log.apply( console, arguments );
else {
// Assume this is the MSIE 8 console
console.log( fb_format( arguments ) );

Firebug has printf-like formatting of console.log output. For MSIE 8 we have to do it by hand:
function fb_format ( args ) {

var N=1;
var string = args[0];
if(typeof string == "object" ) {
return fb_object( string );

return string.replace( /%([sdi])/g,
function (str, p1, offset, s) {
var ret = '';
if( p1 == 's' ) {
ret = args[N];
else {
ret = args[N].toString();
return ret;
} );

Firebug also has some magic for logging objects:
function fb_object (obj) { 

var a = [];
for( var k in obj ) {
if( typeof obj[k] == 'string' ) {
a.push( k+': "'+obj[k].replace(/"/g, '\\"' )+'"' ); // "
else {
a.push( k+': '+obj[k].toString() );
return "{ "+a.join( ', ' )+" }";


Large projects

While chatting with some friends last weekend, someone asked "What ever happened to the gov't plan to computerise hospital records?" Or something equivalent in conversational French.

My prediction : this will take 5-10 years to happen, will cost 5x times the initial budget, will cause a huge amount of grief for doctors and nurses will have some really stupid implementation details and will have back doors the size of semi-trailers.

I used to say that a web site can cost you 500$ if you get the boss's cousin to do it, 5000$ if you get me to do it or 500,000$ if you go like Archambault and get CGI to do it. Obviously each of us will supply different levels of support and so on. But they won't necessarily produce better websites. Where better means more profits.

The big thing distinguishing the different levels is the sales force. The boss's cousin just has to convince the boss at Christmas time that he can do the job. If I'm doing the job, you probably heard of me through word of mouth, then I show up with long hair, trimmed beard, 3 piercings in my left ear and in my normal-person-disguise. But the half-million dollar level needs some sort of bidding or negotiation. And an entire sales staff who dress to the nines, take the boss out to supper, tell all the right jokes and smile the entire time. These people cost money so out of the half million a lot of that is going to the sales staff. But of course they still hire recent grads to reinvent the wheel badly and have it run on Windows. To keep costs down you see.

Now the hospital records digitisation projects is going to cost on the order of billions of dollars. This will require more then just good jokes; I will bet you any money that bribes or almost bribes or "nobody broke the law" type bribes are going to happen. Things like handing a politician a credit card or paying for his daughter's private school.

Or put it another way, if I show up to build a web site, we are roughly on the same level: Small business owners. But selling a project to Monsieur Ministre de la Santé et des Services sociaux, Madame la Ministre Délégué and Monsieur le Sous-Ministre requires a sales force that is paid a magnitude more. So a lot of the money goes into suits-and-ties, fancy offices and all the overhead of "being an important business".

And there's also the Collège des médecins du Québec and the Ordre des infirmières et infirmiers du Québec, the ones who are going to actually have to use the system. And the institutional inertia of the CMQ is staggering. The number of road blocks and unnecessary requirements they are going to throw in the way of this is going to be impressive.

Now I'd love to design something like this. The security requirements and privacy requirements would be difficult. Who would be allowed to access or modify something. Availability is also going to be tough. The doctor must be able to get at the dossiers even if the Internet has failed, the power has failed or the doctor lost his crypto-token (or whatever).

What's more, getting all the current dossier's digitized will be a herculean task. And any notes the doctor writes down or dictates (you can't expect them to type, now) will have to also be digitized rapidly. Ideally not the way it is done in the USA; several levels of sub-contracting until eventually it is done by someone working for peanuts in India.

However, I wonder if this really has to be done.

When Dominique was pregnant, we initially went to a doctor, before getting a midwife. We had to transfer Dominique's dossier to the midwife. In my mind, this required getting a CD-ROM or something or maybe an rsync. I mean I've written and maintain a document archive system. I had a "WTF? Oh of course, right!" moment when I realised it meant lugging around an small armload of dead trees, something that hasn't changed much since the dawn of modern medicin.

All this is not to say I wouldn't enjoy designing such a system. In fact, at one level it resembles the large contract that Louis is trying to get us. So it wouldn't be wasted effort. Maybe in a future post.

One for the Google bot

If you get the following really strange message :
Can't coerce array into hash at /usr/lib/perl5/5.8.8/ExtUtils/Install.pm line 94. 

Just do
touch Makefile.PL; make ; make install

Yes you need 2 makes: first one will cause Makefile to be rebuilt with the same params as used the first time, second one will do the install you wanted in the first place.

Now the longer question is "WHAT CHANGED?" And I have no answer to that.


Programming languages

Like most programmers of my generation, I first learned BASIC. On an IBM PCjr called Tommy to be exact. November 1984 I went on a 2 week vacation of sorts in France. I took as reading material the hard cover 3-ring binder of IBM BASIC that came with the computer. While on the plane, I tried to work out the equations for projecting 3d objects onto a 2d surface (ie, the screen). I failed.

A year or so later I got my hands on TurboPascal and had great fun with that, especially the better and faster graphics handling.

My first summer job after high-school was programming dBase IV for the North Hatley Library.

In CEGEP (1987-1992), I learned Z80 and 8088 assembler, Forth and C and C++. I also pulled apart a BASIC port of the venerable Star Trek text game and ported it to QuickBASIC, expanding it and giving it a HUD as I did.

At some point I found 2 large books about AI in my father's office at the university. I read as much of them as I understood. I don't remember if I brought them to Bolivia in 1992 or not, but I did try to figure out how to encode AI into a game that would be an extension of the Star Trek text game, which would happen on a randomly generated planet surface. I never coded them up, but I still probably have the notes somewhere.

While in Bolivia, I did some dBase coding and messed around with Fortran so I could play with some 24bit graphics hardware attached to a GIS system. I learned just enough Fortran that I decided I very much disliked Fortran.

After CEGEP, I did an internship at the MTQ where I encountered Clipper, a compiled implementation of the xBase language, with some very powerful extensions. In 1995, I switched to Windows 95 because even if I disliked the GUI, compiling my projects were an order of magnitude faster.

In 1997 I decided to hitch my wagon the rising wave (if you will permit a very mixed metaphor) of the Web in Quebec. Which at that time meant programming in Perl. A language I fell in love with very quickly and have stuck with pretty much since. I played around with Java when it first came out. It looked to be very interesting. But the overhead in terms of setting up classes was so annoying and Perl was so smooth, I gave up on Java.

I spend the week before my 30th birthday learning XML, XSLT and XPath for a project.

Between 1995 and 2005 I went from Windows 95 to dual booting Windows and Linux to using Linux 24/7. I don't remember the exact date though.

2 years ago I wrote POE::XUL, which required me learning JavaScript properly. I'm pleased to see that it has mostly grown up into a real language, despite MS's attempts to sabotage it. The project I wrote based on POE::XUL required me to learn PRO/5 Business Basic. Writing all 3 in the same project was mind bending at times.

Of all languages I've used Clipper, JavaScript and Perl stand out as the most pleasing to use. And Clipper is pretty useless these days, unless someone manages to find me and gets me to maintain some legacy system. Or port it to Linux which would be a nice contract.

I have fond memories of Forth, how small and highly modular it was. But looking at Forth code now just gives me a headache.

Of all the languages I've mentioned, C++ stands out as being annoying, misguided and plane stupid at times. Which is surprising as some very smart people put their minds to creating it.

One regret I have is never learning LISP or another functional language. Erlang in particular gives me a thrill.