A long time ago, before IBM came down like a hammer, there was a podcast. We really enjoyed doing This Week In Lotus, but it became a bit untenable as IBM threatened all kinds of stuff (including revoking *my* Champion status.....) so we stopped. But IBM kept doing "WTF?" kinds of things.....canceling 9.0.2, going to fix packs only, spreading Java 8 out over a year (from now). After getting together at MWLUG, Stuart and I started to reminisce and we started thinking about saddling up again.

So we did.....

Image:WTF? A new podcast? If you liked This Week In Lotus, you should (at least) like ’WTF Tech’

Except this time there are some notable changes:
  • New name, WTF Tech,
  • There are three hosts now. As noted in the last ever TWIL, Jesse Gallagher joins the team. He's funny so he offsets Stu, and he's knowledgeable so he offsets me.
  • Focus has moved from IBM. I would not say IBM are irrelevant (yet, in fact Episode 001's title comes for IBM), but we've expanded out reach.  No one is safe.
  • There will be no guests. So no more shitty audio from guests who never RTFM and had no headphones.
  • It will not be weekly. We're thinking every two weeks, but some weeks will be barren and others (like this last week) will be a perfect storm.

There will be tips, so don't worry. And snark. No point doing it if there wasn't snark.

So what are you waiting for? Head on over to http://wtftech.fm/ and join the fun, and be sure to follow @wtf_tech on Twitter.

Darren Duke   |   October 31 2016 09:00:00 AM   |    podcast    |   Comments [1]

I had switched the blog to SSL a while back (mainly due to Google threatening that non-SSL website will take a hit in searches). At the time Let's Encrypt (the free, yes free, CA SSL issuer) was just getting started and didn't have roots published to most of the browser root stores. Because of this I went with free certificate available from Start SSL. I'm not disappointed with StartSSL, it's just time to try something else when the StartSSL certificate expired.  In fact if you need anything SSL related I'd suggest you give StartSSL a look, they have lots of options are very reasonable on prices.

Still this blog doesn't need EV or anything like that so Let's Encrypt it is. While this blog runs on a Domino server it is fronted by a CentOS server running nginx. These servers are located at Prominic and a quick support request had the required Linux pre-reqs installed on the nginx server.

From there it took maybe 10 minutes to create and install the SSL.

I could outline the steps here, but really, I just followed this:


And then used this for the crontab stuff:


Darren Duke   |   September 21 2016 11:55:20 AM   |    ssl  security    |   Comments [0]

I had praised, then lamented the new-ish iNotes forms templates that allow you do copy and paste images from the clipboard into IE. Well, with FP7 IBM (so far) seem to have addressed the issue search issue that forced me to disable this again.

It's now back on for my servers. Let's see how long before I lament this again.

It is probably worth pointing out that Ulrich Krause is reporting issues with the "normal" iNotes forms9.nsf shipped in FP7. I have not seen the issue he reported in the forms9s.nsf.

Darren Duke   |   September 14 2016 10:18:37 AM   |    domino  inotes    |   Comments [4]

Update : Check the comments, Shaun has added a link to the actual IBM technote..... you may or may not want 127 as the value, so check that before doing anything.

9.0.1 FP7 has shipped. It's not all we hoped (only three new features, and no Java 8) but yet again the Domino security team has added stuff, this time the oft requested update to Notes client port encryption. But (at the time of writing) all the technotes on how to enable this either go to the wrong page (ICCA) or a nice looking, but still pointless 404 page.

So how do you enable this? We'll after scouring the design partner forum I found a post from the lovely Dave Kern that outlined this a few months back and was able to pretty easily figure it from there......

This is not everything, there seems to be at least one other setting, but this will get you AES port encryption, so it's a start

It's a server side notes.ini setting called PORT_ENC_ADV and it's a bitmask value. Based on Dave's post I set this value to 127. That gets me the best available (based on current standards) port encryption that Notes can do. In this case AES_GCM_256, with a AES_128 ticket.

It is backward compatible, I tested with FP6 and FP7 clients with this new ini setting with no issue. I see no reason why any client from 6.x onwards would be an issue, but test all the same.. So to enable add this to you server notes.ini:


Restart Domino. If you have a FP7 or later client then you will be using AES. To prove this you can enable these two notes.ini settings on the client:


And you can now see the new port encryption being used. Here's a (just upgraded) FP7 client debug output:

Image:9.0.1 FP7 and how to enable the new port encryption settings

Here's a FP6 client, where the server fails back to RC4_128:

Image:9.0.1 FP7 and how to enable the new port encryption settings
Darren Duke   |   September 14 2016 04:37:42 AM   |    domino  notes  security    |   Comments [2]

Stuart, myself and Jesse Gallagher join for the weekly bi-annual podcast for one last time....listen to it here:


There is also an exciting announcement at the end.....
Darren Duke   |   September 6 2016 09:15:54 AM   |    twil  ibm  mwlug  domino    |   Comments [3]

Hawthrorn 2.0, AKA IBM Mail Support for Microsoft Outlook, AKA IMSMO has recently been released. One of the main install differences between GA (2.0) and LA (1.0) code is that GA requires use of IBM DB2 as a state store for the IMSMO Domino server (whereas 1.0 had no such requirement).

Most organizations can count on the fingers of no hands how may DB2 servers they have, so you'd expect IBM to support MS SQL server right? You'd be wrong. You along with me are a moron, and no one's ever asked for that.

Except now I have. And I have a SPR  to prove it. IBM uses SPR's to weigh the decision to add a requested feature to a product, so the more organizations that pile on, the bigger the chance IBM will provide this..

If you want this added to IMSMO then you can call IBM support (or using the website) and request that your organization be added to the SPR by referencing SPR RCGOAD5LHQ (APAR LO90041).
Darren Duke   |   August 29 2016 01:46:34 PM   |    domino  hawthorn    |   Comments [3]

Originally 9.0.2 was scheduled for release in late 2015.

Then February 2016 (this would have been 28 months since 9.0.1 shipped)

Then 2H 2016.

Then 2017.

Now, well,  never (if the scuttlebutt at MWLUG is to be believed, and I do believe it).

It was pushed for many reasons, notably to get Verse out of the door. As I mentioned in this post (9.0.2 where for art thou?) and this one (my customers don't want mail next) I've ranted and raved about this before.

To no avail.

Well, it seems some genius (<---sarcasm alert) at IBM has decided to not release 9.0.2 but to roll some (most?) of those features into the upcoming FP7 (and FP8?) release(s). At least we'll (allegedly) get Java 8 and AES port encryption at some point . I guess there is that.

So why would IBM kill a release that is all but ready to ship? I can only fathom one reasonable answer to this.....to forgo the need to support Notes/Domino for a further 5-7 years. I believe a fix pack is only supported as long as IBM want to support it (unless someone can guide me to an IBM document saying otherwise....a quick Google yielded no real answer to this), which is a whole metric shit ton less than 5-7 years. I also think that IBM is going to change the "fix pack" nomenclature, and this was alluded to in several IBM presentations at MWLUG, mainly, I believe as Domino is required for Verse On-Prem (VOP). Still it does look like this is the end of the line for the Notes client (not really a shock) and any semblance of a Domino app-dev strategy (kind of a shock).

Yet again, IBM is causing itself a decent dose of customer hate and migrations with their lack of communication, messaging and approach. You'd think both they and I would learn from this, alas I keep hoping for better for IBM. More fool me, right?

If I'm wrong about 9.0.2, I'm sure an IBM executive will post here. If I'm correct, no doubt I'll get a threatening phone call or two.
Darren Duke   |   August 24 2016 02:42:42 PM   |    902  domino  notes    |   Comments [14]

The first page of the presentation displays fine, but you can't navigate to any other slide or use any other actions (like the image below):

Image:Unable to view embedded SlideShare presentations in Chrome? Try this.....

The fix it is to allow 3rd party cookies from SlideShare.net. You can do this in the Chrome settings page, like this:

Image:Unable to view embedded SlideShare presentations in Chrome? Try this.....
Then, manage exceptions:

Image:Unable to view embedded SlideShare presentations in Chrome? Try this.....

Add the following to the hostname pattern:


Like this:

Image:Unable to view embedded SlideShare presentations in Chrome? Try this.....

You can now navigate embedded SlideShare presentations.

Darren Duke   |   August 22 2016 04:34:51 PM   |    presentations  chrome    |   Comments [0]

If you unable to view this presentation correctly in Chrome, see this post
Darren Duke   |   August 22 2016 10:21:46 AM   |    mwlug  presentations  domino  security  ssl    |   Comments [7]

I got to thinking about this earlier today...

How can I as a customer/partner/interested party let IBM know of my discontent about the lack of urgency in releasing Domino 9.0.2?

I noddled on this for a few minutes and came up with some ways. A few (along with cons) are listed below:

1) Contact your IBM rep and tell them.


If you can find them, by the time you hang up they will have a new job.

2) Move to another platform.

Real Outlook support

It'll cost a fortune

3) PMR


Well, it's a PMR

I have finally settled on number 3, create a PMR. See, I think they only way IBM will take notice and do something (new regime or otherwise) is to inundate the support channel with this request. It kind of worked for TLS support in Domino (prior even to the Poodle debacle....I have stories about this if you hit me up at MWLUG) so there is some hope with that outlet. Now, there won't be an SPR as IBM will never admit to 9.0.2 not being released is a bug, but still, enough PMR's could at least make some IBM executives uncomfortable in their Game Of Thrones.

So if you have PMR creation capability, I cordially invite you to enter a PMR requesting 9.0.2 be released soon. Here's the link to IBM PMR creation page https://www-947.ibm.com/support/servicerequest/Home.action

Here's mine:

Image:Idea - I’m going to open a PMR asking IBM to release 9.0.2....and you are invited to take part
Darren Duke   |   July 19 2016 01:11:02 PM   |    domino  lotus notes  902    |   Comments [11]