DSA deprecated for OpenSSL 7.0

OpenSSL might be on it’s last legs now that a implementation in Rust would appear to outperform the C++ implementation of the venerable OpenSSL over almost all benchmarks (not sure about the support for hardware acceleration provided by OpenSSL extensions, but even lowend Zend processors support AESNI acceleleraition. Seems likely that Rust will replace C++ in the near future (and perhaps even golang). while working with blockchain industry last year, I found Go much easier to build than the Parity alternative mainstream Ethereum client. Sure I wans’t the only that came to that conclusion! Also Objectice C seems to be on the road perdition.

I’d love to I was a genius for leaving that out (DSA), but even back then I came to the conclusion that Google used RSA/2048 excusively for https. My sole configuration was to allow a 4096 bit key. Since OpenPGP is not a great way to transmit files as the 7-bit clean Bate64 encoding results in a 33% increase in data, it’s really only useful for short messages. Perhaps protecting keys to larger files protected by symmetric encryption?

Most importantly, I offer NouveauPG open source on my GitHub. I’ve had limited luck with porting “cross platform” OSS vesions of Cocoa/Next Step, especially when the GUI is involved.

SSL Fixed

Namecheap support was able to make the DNS method work for me. Amazon claims it can take up to 72 hours before you can start to ask questions, unless of course you further lock yourself into their DNS service. I’m way behind now, but I’ve learned a lot about https validation. There used to be this game called Federation on AOL. It was text based, so back when you had slow dial up and pricey data connections there was an advantage. Just recently shutdown one of the issues cited was the complexity of SSL. Now I have developed software that fully implements the algorithms (RSA 2048 for NouveauPG in fact I chose that because that’s what google uses and I figured they knew what they were doing.) and I find the process time consuming and complex. There’s not really a lot of difference between signatures you really want the cheapest one you can get away with (all browsers will take) sometime there is some PCI compliance things you might need to pay more for but they’re all pretty much the same. I think it’s funny the company NameCheap uses Comodo has changed it’s name to Sectigo. Now I understand consulting companies changing their names all the time, but a security company. As hard as it is to be a small company now that the largest companies pretty much run America, it’s a little bit reassuring that brand value and good will is not what it used to be.

SSL Update

Lost two full days trying to get SSL setup. Partially my fault, have a lot balls in the air, and it’s also needlessly complex. Like using Pycharm you get a bit accustomed to underscores, nope. On the other hand NameCheap could provide some sort of error other than just processing. This experienced convinced me that I needed a staging server, if I want to develop websites with SSL. I setup DNS validation with NameCheap and after full day still processing. I actually used Python console to compare the two strings, nope still processing.

I guess the only way is the http method is to setup nginx (might be something better to use now the NGINXPlus is coming upon us). I use Ubuntu 18.04 LTS for all servers since I’m at 3.6 in Python. One of the great things about Unix is even installing the exact same software, on a different distribution, your server directory might be somewhere completely different! Well in Ubuntu 18.04 LTS it’s on /var/www/html. I now think the best method is to create the .well-known and pki-validations, a test text file. Make sure it doesn’t 404, then start the method hope for the best. I will contact support tomorrow and try to get this DNS figured out.

I can’t image using HTTP validation on a production node. I checked the strings and values with Python console (Python was useful for this kind of stuff even before it started taking over the world) I know it takes time to propagate but Namecheap is literally my DNS provider.

More SSL config protips

While spending far too much time configuring SSL with Linode and load balancer which is only $10. Here is an easy tip there are about three ridiculous methods that work inconsistently. Using NameCheap, Amazon is far worse you won’t even end up with an IP, just a hostname to an EBS to system admin productivity is making use of this wasted time. It would seem the most straightforward method is HTTP.

It would seem the best way would be to create a NodeBalancer, add a small node, install nginx, find the nginx data folder such as /var/www/html/ add the invisible folder .known-host. And then another folder called pki-validation where you include about 90 characters idntifying you. The best technique seems to be create a NodeBalancer so you have an IP setup that HTTP file in the requested folder, and direct all traffic toward that special file as quickly as possible (and you don’t get the file until you choose this method.

I find the lack of speed in DNS method particularly annoying because NameCheap is the DNS provider. Amazon sucks just as much. The quickest way for everything to workseems to be getting that file in ridiculous folder as  quick as possible. If you switch methods you pay more for no better service.

So I have it ready for both DNS and HTTP mode, when you switch the values don’t switch. I think I might need a new provider. I can’t imagine GoDaddy being any better.

Nokia 8110 Review

UPDATE This phone quit after me after a month. Good while it lasted. 🙂

After a substantial review of the “bananaphone” Chinese phonetic market Matrix clone which promised days of standby battery. I personally prefer to conduct business over chat, and my iMessages always come across wrong thought it would be perfect for me.

Has all the greatest and latest Google Apps, (Nav, the gmail sucks but it’s there). A-GPS, TETHERING. Only downside is e-mail if only we had this thing called Blackberry… Seems to be loader than iPhone tone – retro Nokia tones.


  • Rapidly Decreasing Battery Life (practically unusable after one moth, I mean I only have tried one batter but this silent failure sucks.
  • Can barely check, much less read, forget about writing one.

Maybe one day


HTTPS Contretemps

You’ve probably noticed that this page is not secured with HTTPS/SSL. I hopefully will rectify that soon but I’d like to point out some issues I’ve had with it.

  • SSL is pretty much required, I guess, for a serious web presence these days. (The legendary Flask microframework being the most notable exception.)
  • My understanding is that the SSL/TLS/HTTPS infrastructure depends on an IP address, so as the laws of nature dictate, if you have something working it will eventually break and due to the nature of https infrastructure it takes literally days of waiting for confirmations, receiving certificates, and what not pretty much compel you to use some sort of virtual load balancer to terminate your SSL connections if you don’t want days of downtime.
  • It’s kind of embarrassing to an extent that http://nouveaupg.com is not setup for using SSL even though it’s really an online manual. Still, my first priority when I get it back hosted on AWS (I mean it is hosted on AWS @ but there is cached DNS pointing to the old server. Hopefully this doesn’t cause my many irate reviews) is to get https working there.
  • My newer project https://picoevent.io is written in Django (I’m actually hosting on Linode after becoming increasingly frustrated with AWS. Very easy to setup SSL to the load balancer, I have this configuration I’m trying where I have a Linode 4096 where I run the master DB and another Linode 2048 which is a slave DB and also runs the NGINX/uwsgi/Python stack.

This is the key part of your nginx config, you want to open port 80 on your software load balancer so potential visitors don’t get an error if they visit http://picoevent.io, so you do a 301 redirect to port 443 on the load balancer.

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

server_name _;

if ($http_x_forwarded_proto = 'http') {
   	return 301 https://$host$request_uri;

Working on some awesome new stuff with Python 3.6

So after investigating every single possible angle in software to make a living over the years, I have decided to try out the open source model. Really excited with the ambitious Django projects everyone has been pursuing. Something that started out during a tech boom to meet the needs of a dying industry (newspaper) that couldn’t hire help, we now have this interesting beast that could hypothetically lead to some really niche SaaS offerings. If executed well of course. And that’s where my new project comes in. At the very least I am leveling up my Python. The tooling is amazing compared to when I left webdev for greener pastures back in 2010. Most people would’t even use a debugger to develop in PHP. I mean there were a couple, but it was sort of like JavaScript is now. At the same time Apple’s new iPhone came out with DTrace profiling tools which were extremely useful back when mobile hardware was severely constrained.

Electrians’ Calculator released

I’m not one to go chasing trends but I think this is a niche that can be better served. (The same as I think with NouveauPG)

Only includes the most important features so far, but I believe this will eventually become the best electricians’ calculator for iOS. Everything takes time. Free for now.

Get it on the App Store