Site domino database search updating where can

If you are using Apache as either a HTTP server or a reverse proxy (like my free one) then it is relatively simple to disable TLS1.0 and TLS1.1. Basically this should do it:

SSLProtocol TLSv1.2

Except if you're using SNI. With Apache you may see a strange phenomenon where no matter what you do to a virtual server config TLS1.0 and TLS1.1 still remain active. This has to do with an OpenSSL bug outlined here

What this bug means is that if you have multiple virtual hosts (either in a single config or as multiple configs), Apache can only use the SSLProtocol setting from the first host it loads. Which one will load first? No idea. But if you change each and every virtual host to the above an reload Apache, voila, TLS1.0 and TLS1.1 are now disabled.

Darren Duke   |   March 12 2018 10:15:02 AM   |    android  security  ssl    |   Comments [0]

We've all heard the swirl around IBM's reversal on releasing a Domino 10 (a really good reversal of a really bad decision), but let's not forget until 10 ships it's still feature packs that distribute new features and fixes and feature pack 10 (FP10) is a biggie.....

FP10 completes IBM's promise to finally provide Java 8 in both the client and DDE (new in FP10) and on the server (release in FP8...I think....). So because of this quite massive change (and Eclipse has been updated to 4 dot something from 3 dot something) I would test this more than I generally would especially if you are doing anything Ecplisy or Javery stuff in your clients or apps.

Also if you are updating your Traveler server to Domino 9.0.1 FP10 be sure to install Traveler first!. You have been warned.

Get your FP10 here

Domino :

Notes :

It is also worth pointing out that with FP9 there were new templates released for mail9, pubnames and pernames. These are not installed when you upgrade to FP9 or FP10 and need to be installed separately. These add some new features like running mail rules on existing mail.

Darren Duke   |   January 31 2018 07:17:44 AM   |    901  domino  lotus  lotus notes  notes    |   Comments [4]

Holy crap, this snark-laced review thing has been going since 2010......

Firefox started at 50, ended at 57.

Chrome started at 55, ended at 63.


Edge...keeps informing me it's more secure than Firefox. Show me the source code and I'll decide that.

Switched back to Firefox as of Quantum (57) as my main browser. Seems (at least to me) to be much faster than Chrome.

Was there a Connect 17? If there was I wasn't there. Pretty certain I won't be at Think 18 so I'm starting a streak of some type.

Still never seen a live (or otherwise) CCM installation. This is now a very long streak, as long as CCM has been a thing. CCM still is thing right?

Rob Novak and a collaborator issued a fix for Chrome and Firefox users still using Quickr. IBM really screwed up killing Quickr and foisting CCM on the world. I see Quickr every now and then, for CCM see above,

Speaking of IBM, they claim they are in no way exiting the Domino market, nor selling it all to HCL. Confused? Yeah.....

At MWLUG in August IBM pretty much 'fessed up to screwing the whole "we're not dead yet" message and mentioned there "could" be a Domino 10.

And there will be a Domino 10. They've sort of pinky promised that in "Jam" sessions. This is a much needed and somewhat surprising admission that the whole "lets just do fix packs and rename them to feature packs and no one will notice" message that, while completely insane, was IBM's "message" for quite a while. It seems to me that the "only feature packs" insanity is a microcosm of the whole IBM 2015 plan. Remember that train wreck? Everyone knew it was bad but carry on they did, doing irreparable damage. Yeah, it's a lot like that now I recollect on it.

I mentioned HCL and the confusing things around that right?

Speaking of "jams" I attended the virtual one. IBM keep doing the same thing over and over again and expecting different results. For now I'll be reserving my jam participation to the one I use on toast.

The new pod has stalled a bit. Not sure why. Shame as I actually have some useful tips piling up.

Alien technology apparently exists in some building in Vegas. Isn't Think 18 in Vegas? Maybe I will go to Think 18.....oh wait, IBM and alien technology? Maybe I should leave the country during Think.

Many companies screwed up their UI designs, including but not limited to Sonos and Skype (on Windows 10).

Confusion around HCL and IBM....I mentioned that already but it's stuck in my head.

Speaking of Windows 10, I'm now running it on my main work PC's except the laptop I travel with. It's irritating as f#*@ but you get used to it being irritating as f@#$. Still, it's not all bad. Just mostly bad. And irritating as f*%!.

Speaking of "mostly bad" things Trump is *still* in office and Brexit is *still* happening.

The 0.29 of a bitcoin I mined back in 2013-14 is now worth $5,000+. If it keeps up this growth rate for 3 more years it'll be worth over $5,000,000. Cross your fingers dear reader, cross your fingers.

HCL? Kinda weird right?

Got an Apple Pencil. I actually like it. A lot. Glad I didn't have to shell out $75 on a Apple Pencil Sharpener. If you do get an Apple Pencil for $99 make sure to get the $10 app "Notes Plus". It makes the Pencil. Truly it does.

Tried to use Verse several times. The install was surprisingly easy. More Domino and less Websphere of an install process (at least a 1.0.2 where I came into this song). But it's still missing *so* much that I go back to iNotes/Notes almost immediately. Then I forget the lack of features is as irritating as f**# and try it again, only to be mightily disappointed by it again. The search though?....absolutely wonderful. Get that in Notes and iNotes you'd have a winner. I may have a 2014 blog post to that effect somewhere......if only IBM would hold Jams to get excellent feedback from their customers and partners.

So this IBM/HCL thing......WTF?

Software/hardware that made 2017 Keepass, Wink Smarthome Hub, Firefox Quantum, Apple Pencil and Notes Plus for iPad.

Darren Duke   |   December 21 2017 02:59:00 PM   |    misc    |   Comments [5]

Yeah, Quickr right? Long time since I've posted about Quickr. Still a great (if somewhat complicated and unsupported) product, Still being used by me and several clients despite IBM having several products claiming to replace it.. Despite IBM ceasing support many moons ago it chugged along very nicely  so long as a reverse proxy is in front of it to allow TLS 1.2 and SHA2. Except Chrome 60 broke it. Google (and Safari before it) changed the way XHR works and basically buggered Quickr in the process (and Connections, but IBM will give you a fix for that).

There is a thread in the Quickr forum about this Chrome issue, The always friendly (and usually beer laden on the way to present a session) Rob Novak indicated he had collaborated with some other folks and has came out with a fix. Even better he offered it to anyone who asks. If you still use Quickr, ask away. Oh, the fix also addresses Safari too (apparently)......

Darren Duke   |   August 25 2017 03:53:43 PM   |    quickr    |   Comments [0]

As promised, here is the presentation from my MWLUG 2017 session on SSO. If you need (for hire) help with any of this see the STS contact page.

Darren Duke   |   August 10 2017 03:44:31 PM   |    domino  notes  saml  mwlug    |   Comments [0]

After almost a year of using Let's Encrypt to secure this very site, I'm still running into issues automatically renewing the certificates every 90 days. In my last post about this I'd documented the procedure I was using but was unable to ever get it to work successfully via cron (it was fine manually). I've now switched to a different auto-renew method....Enter:


This seems much simpler, tidier solution. The only snag for me was it required Python 2.7 to be installed. I sent a request off the the kindly folks at Prominic and they had that part done in no to wait 90 days, which happened to be today. I ran certbot manually and it did indeed renew the certificate for me, so now I added it to a cron job to see if I can get it to work.

On CentOS 6 run this command to get certbot (I'm presuming you already have Let's Encrypt working) :

 Then I created cron job with this in it:

52 5,17 * * * root /root/certbot-auto renew --quiet

We'll know in mid-October if this works any better.....

For other Linux and BSD distributions, check out the certbot website, it pretty much has all the bases covered.

Darren Duke   |   August 2 2017 05:56:57 AM   |    security  letsencrypt  ssl    |   Comments [0]

Update - April 17 2017 - IBM has fixed the issue in 9.0.1 FP8 IF1.

In my last post about NIFNSF, Christian Hensler left this comment:

I couldn't find anything on the internet, so off I went to the Design Partner forum and sure enough there is a post in there from Michael Bourak. Now this is a NDA'd so I'm maybe skirting the rules here, but there is indeed an IBM reproduced issue with performance with NIFNSF. So this AM I did some testing and I was able to reproduce the issue. Based on my testing, on average, the current NIFNSF implementation is twice as slow as non-NIFNSF databases.

So you many not want to implement it just yet.

Darren Duke   |   March 31 2017 10:33:37 AM   |    domino    |   Comments [7]

Update 2 - April 17 2017 - IBM has fixed the issue in 9.0.1 FP8 IF1.

Update - March 31 2017 -  You may not want to enable this, see this post.

New in Fix Pack Feature Pack 8 is the ability to move the view index files out of the NSF. NIF is the technical term for these index files and end with the file suffix of NDX. Doing this has several advantages including:
  • Make the NSF smaller, so better backup times
  • Help get more out of the 64GB limit....if 6GB of your NSF is NIF index, that's a logt of space
  • Move NIF's to better performing storage, for example SSD's
  • Allows concurrent access to to databases and views, so theoretically better performance

I decided to upgrade my production cluster to FP8 and turn on this new feature that was originally slated for 9.0.2. Here's what I did:
1.        I added a new VMDK for these new files, in my case an i: drive and a folder, so my NIF path is i:\NIF\
2.        Upgraded server to FP8
3.        Made sure CREATE_R9_DATABASES=1 (or CREATE_R85_DATABASES=1) is in the notes.ini file
4.        Added NIFNSFEnable=1 to the notes.ini
5.        Added NIFBasePath=i:\nif\ to the notes.ini
6.        Added CREATE_NIFNSF_DATABASES=1 to the notes.ini (this makes any newly created NSF use the NIF repository so you don't have to constantly worry about enabling it for new databases)
7.        Restarted Domino

Like DAOS before it, this only enabled NIF, it doesn't switch it on for existing databases. So on the server I issued a compact command:

load compact -c -nifnsf on mail\blah.nsf

Off the server goes and here's the output:

Oooh. Off I go to look at the new NIF drive and sure enough there it is:

Humm. Not a lot of savings....25MB (about 8% savings, and not a lot of folders). OK, let's try my archive mail file, that's a big-ish one:

Better. About 11% of the archive were view indexes (archive is 6.5GB logical size...not physical).

So what are we seeing here? Well, I think you'd see much larger savings, 25% or more, if you have a custom application with lots and lots of heavily used views and lots and lots of documents. And if that app is, oh, let's say 40GB then you can shave 10GB+ off that size that is not a bad thing. Mail seems to be between 5-15% for the record. Still that *could* equate to 15% off the time to backup your data, so even that maybe worth doing in your environment.

In some environments it may also be useful doing the Domino Directory, in this case (and for admin4 and log) the server needs to be down.

Further details are in this IBM article.

Darren Duke   |   March 29 2017 12:16:32 PM   |    domino    |   Comments [4]

Firefox started at 43, ended at 50 (they are slowing down....)

Chrome started at 47, ended at 55 (they are speeding up....) know what? F**k IE.

Still using Chrome as my primary browser, although Vivaldi is slowly taking over

Didn't go Connect 16. Won't be at Connect 17. I already know what's going to happen....IBM is going to tell you about all the products that they promise * cognitive* is being added too. Like Verse (2 years ago?) and Toscana. "No, really we are" they will promise. There is a new GM. Can't possibly be worse than the last one.

Speaking of Toscana, it was released. In only a way IBM can release something. Think Verse Basic with all the features taken out. 

Following on from the "release" of new products, IBM decided not to release (as in ever) 9.0.2. Yeah, I know right.....

But Verse On-Prem should see the light of day on December 30th. Yeah, I know right.....

Oh, Hawthorn was released. So there's that.

Still never seen a live (or otherwise) CCM installation. 

Moved up to an iPhone 7 Plus, fingerprint smudge edition. Or as most people call it the shiny black one.

Oh, podcast. Stu and I could resist no longer. We also brought along Jesse Gallagher so IBM can blame someone new.

We also sneaked in one last TWIL. No really, 115 is it. (see above)

Any "Big IT" thinking of splitting itself in two should endeavor to be more like HPE/HP and not at all like the train wreck that is the Symantec/Veritas split. Train. Wreck. 

By year end I should have 50+ nights in hotels. Not the rented by the hour type, but *real* hotels. That number went up, but my time in a car is about 90 minutes less per day. Yes, per day. Ah, life in ATL.

Brexit *and* Trump. Luckily my grandparents were Irish, so I see another passport in my future.

After having voters potentially end the world, I decided not to inflict further damage on my psyche and stayed with Windows 7 Pro. Even a free Windows 10 is too much to take.

Completed 10,000+ steps every day since Nov 30, 2015. So over 365 days now....the streak is still active. 15,000,000 total steps on my various Fitbit devices.

Technologies that made 2016, Let's Encrypt, SONOS, Nest, Roku, 4K TV's

Darren Duke   |   December 19 2016 09:30:56 AM   |    misc    |   Comments [0]

Next Blogs

Previous Blogs