SSL历险记

我得承认我是个SSL重度依赖者，上网总会下意识地把URL里的http后随手加个s——我打URL时从来都是从不厌其烦手动写上协议名称的，发送表单——尤其是用户名密码什么的——看到目的URL不是https的总觉得像被人剥光了一样，家里机器时不时地打开着就为了用putty做个tunnel，方便在公司访问一些没SSL支持又敏感的站点、服务etc.。
可惜啊，今天被彻底地打击了，竟然有人会想到这么明目张胆地强奸下SSL。
我得感谢firefox这些不鸟Internet设置里那些CA证书的应用程序，类似的程序还包括thunderbird以及伟大的，那个，SUN
JRE。早晨来到公司，就发现没有关掉的ff里跳出N多错误提示框说mail.google.com、www.google.com、api.delicious.com这些站点的证书有问题。刚开始还觉得是firefox受不了这一夜的孤独又出问题了。可是因为装了那个Perspectives扩展，这种情况下看证书也比较方便，就顺手看了看，结果被……不知道"雷"这个动词适合不适合这个情景……证书的颁发机构是一个很陌生又很熟悉的名字：说陌生是因为长这么大没见过这个CA，说熟悉是因为每个工作日都能看到这个名字。"咦？难道经济危机时做CA有助于增加收入么？"于是，先ping下这几个域名，确认一下DNS没被f*ck掉，check；然后请出openssl
s_client，确认一下ff没有脑残能把证书都搞错，check。那接下来就是标准国骂了：谁（TMD）动了我的SSL会话？！
为了鄙视下Windows + IE组合，我当然得拿出来最新最NB的IE8试试。结果，果然没问题，所以理论上我刚看到的那个山寨CA肯定已经存在于这鸟Windows
XP里了，理论上我还得查一下internet属性来确认一下，当然最后也很明了：我是在域控的关怀和照料下茁壮成长的，所以这鸟XP里出现几个我不认识的山寨CA，还真没法让我吃惊。
好在大部分应用程序还都是靠谱的，看到这种山寨CA还都是会报错说未知CA的。不过这么一折腾，所有本地跑来测试的java程序都没法跟外网服务器建立SSL连接了。还好我比较有前瞻性，早就着手验证这事儿，赶紧发的信给大家说了下怎么让JRE容忍这几个山寨CA。
我在想一个情景：一个恶意站点，因为一直脑残，用的是伪造的、自认证之类的SSL证书，所以无人问津；某个同事不幸地点了别人发的一个URL，正是这个脑残恶意站点，本来这种情况下是会提示证书错误的，结果现在因为根CA被篡改成某山寨CA，而且这山寨CA还是受信的，那这下子连证书错误都不会提示了，IE很高兴……当然也许这SSL篡改程序还没脑残到这程度吧，哪天试验下。
好吧，既然这样，上班时间咱就不看Gmail和Google
Reader了。既然（有可能）人家觉得员工看这些是浪费时间，我就发挥前辈徒手造解放大卡的精神闷头干活吧。

Let there be job cuts

So there has been another round of job cuts here, again. This is the
second one I've survived, and it's said to be the 3rd or the 4th,
depending on who is telling the story.
No idea if this is connected to the ongoing crisis. Don't we all use cash, uh?
That just reminds me of one line I should append to my last entry:
what good can you get from a company whose office somewhere does not
even have enough toilets?
That's one bloody toilet with a single closet for over thirty men! Nuts?!?!

Strings

What good could you get from a programmer who even cannot avoid
viruses/malwares?
What good could you get from a country whose people endure the most
messy road traffic?

Only some texts

Long time no blog, again.

There's simply no exciting things for me over this long period after returning from Germany. Ah, yes, except one thing: I'm now engaged, after 5 years:)

I'm back to Mylyn , and am developing the habit relying on it to organize my daily work. My company hosts an internal portal site using Share Point. Well, I'd say that I would like to use it if I'm someone who does not need to use anything other than the Microsoft Office suite, but I'm a poor coder, which means I don't make a living using Microsoft Office but my IDE. I've been using Eclipse for 5 years also, meaning that I already had it in my last computer when I met my girlfriend (who has just been promoted lol). I'd tried other alternatives and eclipse still remains to be the best choice for me ever. I like the whole ecosystem built on the eclipse platform; there are not only plug-ins for developers, but a lot of decent desktop/RIA applications, either public available or proprietary.

I should suggest my friends and colleagues to give Mylyn a try. It really helps. And I'm also trying Tasktop Pro for Eclipse, which is available as a 30-day free trial and is at the price of 99.00 USD or 149.00 USD depending on the type of the license. There are simply more features in this Pro edition, such as integrations with Outlook, Gmail and Google Calendar, making them task repositories. I think I'll buy one; the price is reasonable and it worths. One thing to mention is that seems key developers of the Mylyn project also work for Tasktop; I often see them in the Mylyn newsgroup. To me, Mylyn is the first Eclipse plug-in offered by eclipse.org that is not about development but is for development.

Well, and I tried developing a connector for TeamTrack, which is used by my company for tracking defects and something else. Having been googling and reading for 2 hours, I finally found the web service APIs that TeamTrack provides, yet I don't think the operations it exposes can meet the need to build a complete connector. And also it seems one even needs to be familiar with the database tables to perform queries via TeamTrack's web service! I currently have no technical information available so finally I decided to give up making such a connector, but to use the generic web connector to parse HTML pages with regular expressions... This is only one of the basic differences between proprietary products and their open source alternatives.

Moreover, there's a bug with the Mylyn generic web connector and it fails to authenticate via HTTP Basic authentication method, whoa. It's said to be a code migration/integration problem so I guess it's easy to deal with, though.

Honestly, Office 2007 is good; I can use Visual Studio 2008 with VSTO to make a few simple add-ons for my Outlook. I'd agree there's more value out of Microsoft's products, because everyone can see that Microsoft's products are engineered to be able to work with each other; this is something other companies need some years to develop.

再见，波恩

西下的夕阳，透过舷窗，把阳光洒在前排座椅的靠背上。舷窗的玻璃就好像三棱镜一样，在我的面前描出一条虹。从来没有看到过阳光以接近水平的角度照在自己面前，也从来没有离开家这么久过。
当起飞前飞机缓缓地驶在杜塞尔多夫机场的跑道上时，离别的感觉再次涌上心头。也许因为我自己就是个随遇而安的人吧，无论在哪里呆久了，都会有种家的感觉，或者是，错觉。直到现在，我还记得在波恩的那个Hotel Domicil的每一天，既有第一次走进自己那间超袖珍房间时的惊讶，第一宿的凌晨被早班公车闹醒时的无奈，也有听着音乐啜着咖啡看着天窗被雨水冲拭的惬意，周日阳光下昏昏欲睡的慵懒。
波恩，昔日西德的首都，莱茵河畔的明珠，今天却宁静得像一个小镇。比较现代一些的产业，比如金融和IT，渐渐地聚拢在法兰克福、慕尼黑这些地方，波恩仿佛卸下重担一般，摇身变为朴素的欧洲小城。这个城市真的是很宁静。来到这里之前，我只知道那夏季午后的天津，在人们或闭门不出或瞌睡连连的时候，阳光孤单地照在柏油路上，反射出一种不自然的冷清，却不是宁静。而在波恩，即使是周六集市时的广场，也是安详到让我感觉费解。在其他的城市都铆足劲头想变成繁忙的国际大都市的时候，这种宁静尤其难得，而且几乎掩盖了这次行程的第一站——繁忙喧嚣的伦敦——给我留下的所有印象。
最后一周因为实在受不了临街房间的喧闹，换到了内院的房间。清晨醒来的时候，揉醒睡眼走下楼梯后的第一件事，就是掀开窗帘推开窗子。楼下就是酒店的后院。在宁静的清晨，除了偶尔的一两声鸟鸣人语，其余的时候只能听到风吹过层叠的树叶时擦出的柔顺的沙沙声。在晨曦中把自己拾掇完毕，就可以开心地走去享受丰盛的早餐。每天早晨的这顿饭，其丰盛和美味是毋庸赘述的，我最享受的，却还是坐在窗边端着咖啡发呆的时间。通常这种享受都是很短暂的，因为毕竟不是来旅游的，每天还有不少工作要做，但就是这种轻松惬意的感觉，让我觉得可以轻松瓦解这一天即将纷至沓来的劳顿。
现代的商业化的旅行可以留给人们的只是无穷无尽的照片和乏味的纪念品，若干年以后，凭借这些线索，我们是可以拾起当时的欢快和新鲜，仅此而已。我相信，真正去生活在一个地方，是截然不同的另外一回事。
当不期而遇的太阳雨冲刷着屋顶大块的玻璃时，伴着悠扬的音乐，我忘记了拍下阳光下雨水的舞蹈。当徜徉在夜晚的大街上，感受着吹拂而过的有些萧瑟的微风时，我不知是该拍下黑乎乎的街道，还是该拍下吹面不寒的夜风。当我蜷缩在矮脚沙发里，晒着和煦的阳光几乎要打起瞌睡的时候，我不知是该拍下这暖意，还是该拍下这恍惚间匆匆流过的时间。
临行前，整理了一下在波恩拍下的所有照片。比起在伦敦拍的那些照片，在波恩拍摄的照片明显少很多。我突然感觉到一些无奈，还有一些空虚。那些实实在在的感受，我是无法记录的，也无法带走。它们就像天边飞舞的浮云，一旦飘散，再也无法聚拢。时间终会冲淡这一切感受，我永远无从逃避。
舷窗外的夕阳已经看不到了，只有橘红色的云彩描绘着它落下的痕迹。没有飞到这三万英尺的高度，我永远不可能看到这景致，就像没有去过波恩，我永远不可能理解一个城市的宁静。
再见，波恩。

离开

新的一周开始了，离回家的日子越来越近了。
突然有种奇怪的感觉。回家了，可以找回以前熟悉的日子，过有些单调却亲切的生活，却丢掉了这里的日子，丢掉了异国情调，蓝天白云青草地。就是这样说不清楚的感觉。
又或者说，无论离开那里，都会是同一种感觉吧。
今天是周日，本来打算去教堂和波恩大学转转，结果QA同事们要加班测试，虽然我不是QA，不过support总还是要做的，即使我远不如公司里那些牛人了解这个庞杂的系统。
吃过早点回到屋里，静候组织调遣。随意地缩在沙发里晒太阳，腿放在桌子上，架着笔记本，Dido的Thank
You从打开的pandora适时地飘出来，那种说不出的无限慵懒一瞬间涌满全身。这种不曾拥有过的惬意，也只有在这种情境下才可能滋生。没有紧张，没有焦虑，就像阳光下的向日葵，带着一副什么都不在乎的表情在微风里摇摆。
组织的决定自然是加班，否则今天肯定出去逛了。其实加班也无所谓，我基本上是没事干的，就帮着查了查一个协议方面的问题。工作也是在酒店里做。4个人进到吸烟区——因为负责测试的QA
lead嗜烟如命——找椅子坐下，就是简单的办公室了。吸烟区其实是个不错的地方，房顶是玻璃的，丝毫不阻碍阳光晒进来，坐在里面就像进到花房一样，舒坦得像小花小草一样。
给同事——一QA MM——推荐了Thank You，结果该MM一下午放了大概20来次这首歌…小资的感觉看来人人都喜欢啊。
吃过晚饭和2个中国同事去附近转转。周日是比较安静的，或者也可以说比较无聊。商店基本都停业了，即使营业也是关门很早。转了一会儿突然那个QA
MM发现了家哈根达斯，而且还没打烊，于是乎伊很大手笔地请我们吃哈根达斯。我们三个人还把手里的冰淇淋举在一起拍了张照片——感觉很像三个火枪手举剑的动作，虽说照片的主角是冰淇淋吧。
周日夜晚的波恩静得很安详，和同事随意地走着，有种熟悉的感觉从心底淡淡地飘忽出来。这种感觉，只有在大四和全班同学通宵K歌后走在清晨的路上时出现过。说不出这是种什么样的感觉，只是心境和环境是一样的：离开，安静的大街，熟识的人。
My tea's gone cold, I'm wondering why. I got out of bed at all...

马上就回家咯～

从出国前就一直没说过这次出差，后来天天都忙的要命——工作日忙工作，周末忙着转，一个多月了，一句都不提，连自己都对不起了。
这次出差真是破了我无数个第一次了：第一次有护照，第一次有签证，第一次同时有俩签证，第一次坐飞机，第一次坐英航，第一次盘旋着降落，第一次做外国人…不嫌贫的话还有无数个第一次。
总的计划是弄伦敦呆仨礼拜，然后在德国再整一个礼拜，滚蛋回家。结果仨礼拜在伦敦是挨过来了，在波恩倒是意外地多呆了一周。好了，已经订了这周四的机票了，这就要回家了，哇哈哈～
最大的收获莫过于锻炼了口语了，现在咱这口语，在伦敦和德国人用中文谈笑风生啊～
在伦敦的第二天早晨，走在大街上，第一感觉就是：外国人真多啊！我知道其实在这儿老子是外国人。
次大的收获就是一堆照片：已经4、5G了，在科隆大教堂还录了会儿视频，不为图像，就为管风琴和唱诗。要是我一个人去的大教堂，我真会跟着2个多小时走完一遍礼拜了——谁让咱礼拜日去的乜。总的来说还是在德国比较舒坦，中国公司又来了两个同事，也有熟人了，不像在伦敦，孤家寡人的，也没交通费预算——从酒店房间到公司办公室全程不过5分钟，周末观光全靠两条腿，真把这辈子的路都走完了。不过波恩比起伦敦来说就清静很多了，周末尤其是这样，静的出奇，公交车和有轨电车的班次都少了很多，真是适合人类居住的地方，德国的环境尤其好，太好了，简直…伦敦整体环境跟这儿就不是一个档次的。当然了，伦敦人家是首都，首都那么大个儿，脏点儿乱点儿就那意思了。气温也正好，都跟春天似的，伦敦比波恩还更凉快一些，比较让人不适应的就是天黑的太晚了，波恩这里9点来钟给人感觉就跟下午似的；伦敦更让人崩溃，晚上10点多了天还有点儿亮，想早睡觉只能关窗户。波恩哪里都好，就是周日的时候基本绝大部分的商店都不营业，即使营业，关门也很早，所以想买啥就都要在周六解决掉，比如礼品啥的…
昨天跟同事去这里的一个中餐馆去吃饭，吃到扶墙。在伦敦那里，被很多中餐馆吓着了，味道，那叫一个走畸。昨天那个中餐馆味道可真好，很中国，本来我这么久吃西餐都从来都没怀念中餐的，在那儿一吃都开始想回家了——而且还是自助餐。
真是享受这里的生活呀～但愿以后还有机会来欧洲出差，唉，贪。
睡觉去了。又是新的一天了。

Going to the UK

by air next Monday.
The UK is actually my first stop. I'll stay there up to maybe 20 days
or so, and then will move on to Germany. Everything regarding this
trip has been in such a hurry that I feel right like I'm dreaming.
Everything, the passport application, Schengen visa application and
the UK visa application, as well as other miscellaneous affairs and
exceptions.
I'm now packaging. The plane leaves at 11:35 a.m. that day, but I was
told I'd better be at the airport 3 hour earlier. Counting in the 2 or
3 hours by highway, that means I'll leave home before dawn.
Wish there will be no other exceptions.

Lyrics of Bryan Adams' (Everything I Do) I Do It For You

I remembered this song while I was young and was a middle school pupil.

Look into my eyes - you will see
What you mean to me
Search your heart - search your soul
And when you find me there you'll search no more

Don't tell me it's not worth tryin' for
You can't tell me it's not worth dyin' for
You know it's true
Everything I do - I do it for you

Look into your heart - you will find
There's nothin' there to hide
Take me as I am - take my life
I would give it all - I would sacrifice

Don't tell me it's not worth fightin' for
I can't help it - there's nothin' I want more
Ya know it's true
Everything I do - I do it for you

There's no love - like your love
And no other - could give more love
There's nowhere - unless you're there
All the time - all the way

Oh - you can't tell me it's not worth tryin' for
I can't help it - there's nothin' I want more
I would fight for you - I'd lie for you
Walk the wire for you - ya I'd die for you

Ya know it's true
Everything I do - I do it for you

Only 1 of These 8 "Girls" is Really a Girl

Long time no blog, and I really feel embarrassed to paste a picture full of girls.
This is actually from a Japanese magazine showing autumn schoolwear for girls in the year 2007. Surprisingly, only 1 of these 8 "girls" is really a girl...