Let's Encrypt is for encryption!

… and not for validating a website's identity!

Seriously, I love Let's Encrypt and the idea of providing free TLS certificates (e.g. for HTTPS) and to automatically renew them. In my opinion, there is no reason not to use it when you just want to secure your traffic using TLS encryption.

I often heard that Let's Encrypt provides "false security" because everyone who owns a domain can create as many certificates as they want, even if your intentions are bad. And the lock symbol in the browser's address bar makes people think that the site is trustworthy.

Yeeeessss… I see the point, but that's not a problem of Let's Encrypt! The purpose of Let's Encrypt is to bring TLS (and thus HTTPS) to the masses! Let's Encrypt allows you to encrypt your traffic using TLS - no more, no less. The purpose is not to prove a website is trustworthy! If you really want to prove that you are a trustworthy and really existing organization, you need a higher validation level. Also domain-validated certificates existed long before Let's Encrypt - Let's Encrypt's certificates are nothing else than automatically validated domain-validated certificates.

Just keep using Let's Encrypt. There is no reason not to do so. Don't let people tell you Let's Encrypt's certificates are no real certificates. If you just want to encrypt traffic using TLS, you're fine.

Published on 2022-07-27, 19:50 +0000

vMotion stops at 21% - part 2

This happened to me again on a similar server (vMotion fails at 21% with error 195887371). Now I can confirm that the reboot solved the problem.

The strange thing is that it was possible to migrate VMs to the server, but not away from the server.

Published on 2022-07-13, 19:09 +0000

MS Office activation window keeps popping up - part 2

As an addition to an earlier article, there is another thing that might go wrong when you install MS Office when there is already a preinstalled evaluation version of Office.

Removing the previously mentioned registry key did solve the problem until some Office update brought up the activation window again. The registry key was not back again, so this had to be something different.

I found an article which provided the solution:

Open an elevated command prompt and change to directory C:\Program Files (x86)\Microsoft Office\Office16 (or C:\Program Files\Microsoft Office\Office16 for 64 bit Office).

Execute the following command:

cscript .\OSPP.VBS /dstatus

You get an output like this (yellow lines by me):

Output of ospp.vbs

The upper part of the output is the Office license installed by me, the lower part the evaluation license which causes the activation window to appear. It states that the evaluation license is expired and gives you the last 5 characters of the product key.

You can now remove the evaluation license (replace khgm9 by your evaluation license key) using these characters:

cscript .\OSPP.VBS /unpkey:khgm9

This finally did the trick.

Published on 2022-07-02, 15:00 +0000

Information terminal in Wiesbaden: CMOS checksum error

Saw this on an information terminal in a MediaMarkt in Wiesbaden (click to view larger version):

CMOS checksum error on information terminal

The boot sequence is halted because of a CMOS checksum error. The most common reason for this is an empty CMOS battery. This leads to a loss of the BIOS settings (like time settings and boot order) and the need to load the default settings.

Published on 2022-06-15, 14:43 +0000

Mapping COM ports on IGEL thin clients

I like thin clients by IGEL. The hardware is robust and the operating system is very flexible and intuitive.

But what is very confusing is how the COM ports work on different models. We wanted to map them into Citrix sessions, but we had to create different configurations for different models:

  • On the M340C, we simply had to pass COM1 as COM1.
  • On the UD9 BT, we had to pass COM2 as COM1. I don't really understand why.
  • On the M350C, we had to pass USB COM1 as COM1. I guess that's because the COM port isn't really a COM port, it's just a COM to USB adapter, directly attached to the mainboard.

One might ask why we need COM ports, when there is USB: We have a software which supports only serial barcode scanners on Citrix.

Published on 2022-06-11, 10:49 +0000