Thursday, September 4, 2014

TLS All the Things!

Let's say you have a website associated with a Google Apps for Your Domain (though okay, it's Google Apps for Work now) registration, and served off of App Engine. Great! Now let's say you want to enable that website for HTTPS. Great...ish.

There's an article that walks you through the some of the steps, though it actually points you to another article halfway through. But following the steps in those article presupposes that you already have a certificate that you want to use, and that's hardly ever going to be the case for folks who just want to set things up for the first time.

I just went through the process for Sheryl's business, and used to obtain the certificate. (I actually tried using StartSSL first, but ended up requesting a certificate with a 4096 bit key that I couldn't use with App Engine. And their UI is just awful.) Using was mostly painless, and a great deal at $16/year, but there are a few things that aren't entirely obvious that I wanted to point out.

  • You need to kick off the process by generating a certificate signing request (CSR).'s help page on the topic will walk you through the steps, but it presupposes that you're comfortable with the command line and have OpenSSL installed. If you're not comfortable with that, read up on it a bit first. (Okay, chances are if you're the admin of an App Engine website, you're comfortable on the command line.)
  • Make sure you enter when openssl asks for "Common Name (eg, YOUR name)".
  • The myserver.key file that's generated when you create your CSR is the "Unencrypted PEM encoded RSA private key" that gets uploaded via the Google Admin interface once you have a signed certificate. Keep that file somewhere safe—you'll need it later!
  • It's easiest to go through the email-based domain verification flow. will verify by sending a mail to, which probably doesn't exist. I enabled a catch-all address on my Google Apps domain so that mail sent there would be delivered to my real GMail account. You could probably work around this by creating a Google Group in your domain with the address admin, too. If you go that route, just make sure it can receive mail from outside your domain, and that your real account is a member of the Google Group.
  • Once everything's verified, you can download both your site's signed certificate and's intermediate certificate. You'll need both. Open them up in a text editor and, without changing any of the signed data, paste the intermediate certificate immediately following the site's certificate, and save the new, combined certificates to a separate file. This is the file that's referred to as the "PEM encoded X.509 certificate" that gets uploaded via the Google Admin interface. (Along with the myserver.key file, mentioned previously.)
Those are the gotchas I remember. The rest of the process was just dealing with the disjointed billing and admin interfaces across three Google products—Google Apps for Work, Google Cloud, and App Engine. The help center article will walk you through that, for the most part.

The end result,, might not do much when it comes to improving the site's Google ranking, but it's never too early (and in many cases, it's effectively too late) to TLS All the Things!

Tuesday, March 11, 2014

Great moments in thesis statements

The spring of 1942 was a perilous time for Americans, caught, as they were, in a new war.David Denby, apparently just writing down the first thing that pops in his head.

Wednesday, March 5, 2014


We just finished rewatching The Increasingly Poor Decisions of Todd Margaret. The first series (there are two series, of six episodes each) aired in America on IFC before Portlandia really caught on, and I don’t remember there being much marketing or Internet buzz about it. (Folks from Britain—was it any bigger over there?) The show’s a textbook example of pure farce, and watching it got me thinking about the work of David O. Russell.

While he’s risen to prominence with his last three films—The Fighter, Silver Linings Playbook [really? that’s what you named your move?], and American Hustle—Russell has four other full-length movies under his belt: Spanking the Monkey, Flirting with Disaster, Three Kings, and I ♥ Huckabees. I’ve written (10 years ago?!) plenty about my affection for Huckabees, and I love Three Kings as well, but watching Todd Margaret brought to mind Flirting with Disaster, since that movie is another example of how entertaining a farce can be.

Then I hit on what my objection to Silver Linings Playbook and American Hustle boils down to: Russell still thinks he’s directing farces, and his actors behave like they’re appearing in farces. That’s a fundamental problem when Russell’s actually making dramas.

If you’re going to make a drama, commit to it: Russell’s probably the most successful at doing this with The Fighter. I’m a little foggy on the details of that movie, so it wasn’t a memorable drama, but I didn’t walk out of it fundamentally confused as to what motivated the outlandish behavior of major characters, which I can’t say about the more recent Russell films. So in that sense, it’s was a success.

And if you’re going to make a farce, make a farce. Russell has the skills to do it well. But I’d imagine it’s hard to move away from the mainstream success he’s found with his recent movies—is there a modern audience for farces? How about a shot-for-shot remake of Flirting with Disaster, but recast with Bradley Cooper and Jennifer Lawrence as leads? (Christian Bale could be in it, too.)

Monday, December 2, 2013

Red Letter Content

I'm incredibly proud to announce that my wife, +Sheryl Posnick, has started her own company, Red Letter Content. If you ever find yourself in need of editorial services, keep RLC in mind!

Sunday, March 6, 2011

(Re-)Enabling Twitter -> Facebook Posting

(Most of this is courtesy of @byoogle's comment on a Facebook update I wrote looking for help. So thanks, Brian—I know that nowadays you're all about ensuring that as much information as possible flows into Facebook...)

So let's say you have a Twitter account, and you have a Facebook account. And maybe you have a slightly different set of followers on each, and you want to push out the same status updates to both sets of people (because all your status updates are of the utmost interest to all). And also maybe Facebook has a history of deleting accounts due to bugs in their codebase, and you like the idea of having your online history in more that one place. So ideally, you'd set things up so that all your tweets automatically became Facebook status updates.

Good news, if it's 2009: you can do that pretty easily. Unfortunately, a year or so ago, Facebook stopped third party applications (or at least the official Twitter Facebook application) from updating your actual Facebook status line. They changed things around so that the Twitter app could only create new posts on your wall, with the origin of the post set to the Twitter app. That's mostly fine, although there's definitely a distinction there: in your news stream, Twitter posts from various sources tended to be clustered together, with only the first one visible by default. And there are folks who would block all updates from their news stream if the source was Twitter (though the extra choice for users is a good thing).

Sometime around February 7, this Twitter -> Facebook posting stopped working for just about everyone I know. My random guess is that something in the Facebook API changed, adding in an extra hoop that the Twitter app needed to jump through to get posts working again. (I have some sympathy for Facebook here, as I know what it's like to support a public API, and things do come up that necessitate changes...) There might have been some public announcement about this, and instructions elsewhere on the Internet about re-enabling this integration, but Googling around just led to a bunch of articles that talked about the previous setup, not any that talked about fixing things after the latest change.

As mentioned at the top, my old manager @byoogle came through with some steps that got things working again. Because I'm seeing a bunch of other people I know asking the same question, I'm going to republish them here:

  1. Uninstall the Twitter Facebook app if you were previously using it, by disconnecting your accounts at
  2. Reinstall the Twitter Facebook app from the same page, going through the authorization flow one more time.
  3. Make a test/dummy tweet (this might not strictly be necessary, but I did notice that the first tweet I made didn't flow through).
  4. On the page, ensure that the "Allow Twitter to post updates to: Facebook Profile" box is checked.
  5. Try tweeting again. It may take a few more minutes, but this one should end up on your Facebook wall.
Hopefully this helps some folks. Note that while the integration is working for me, in that tweets are now showing up on my Facebook wall, I am not 100% sure that they're making it into the Facebook news stream, which is how most people end up reading Facebook content. Maybe my own Twitter posts are just being hidden from my own news stream, and others will be visible.

Thursday, July 1, 2010

End of an Era (and an Error)

I'm definitely not tearing up over the announcement that Microsoft is killing the Kin after four months on the market (and I've got to assume that the rumors that only 500 devices sold during that span of time can't be true). But the word that the Sidekick line is being officially discontinued compels me to pause for reflection. Yes, Danger's been owned by Microsoft for a few years now and has pretty much done nothing worth mentioning (in that I'm not going to mention the Kin again), but the old-school Sidekicks were great phones. Not particularly well made phones—in my 5 years as a Sidekick user, I probably went through 4 warranty replacements on the SK1 and 3 on the SK2—but great for their time.

The keyboard was a masterpiece, and I could easily touch type on it while walking down the street. Many of the early 34 entries were compose on it. I guess many folks feel the same way about their Blackberry keyboards, but they never did it for me (plus I had a weird corporate Blackberry with a compressed keyboard). The G1's keyboard should have been as good, but a poorly placed ridge in the trackball area really killed its usefulness.

Speaking of the G1, I suppose it's Android, and not the Kin, that is the true heir to the Sidekick legacy, with Andy Rubin's influence and all. I've been a happy Nexus One user since December, and I'll hopefully find some time to write about my Android experience soon enough.

Monday, June 14, 2010


Oh, hi.

For a blog that stretches back to 2003, 34 hasn't had too many content-free "sorry for the lack of blogging" meta posts (as much as I admire things that are content-free and meta). And maybe this won't be that sort of post (though it pretty much is).

I haven't been blogging here because, well, I've been sharing with the masses in other ways. There's Twitter, of course, which certainly is a convenient way of sharing random thoughts that, back in the day, might have been blogéd. So I'm not going to use 34 to say anything that would be more effective in 140 characters. There are a bunch of ways to share links, and I guess I've settled on Google Reader for the time being (though at the moment it's not behaving like it should, so scratch that). And in any case, part of my job description includes blogging, and when there's a backlog of posts you need to write for work, it's hard to get motivated to blog when you're not being paid.

But I'm on my first day at home of six weeks of paternity leave (thank you, Google!) and while Zach requires most of my attention most of the time, I think I'll be able to devote some of my attention some of the time to blogging. Just to get this out of the way: I don't intend for this to become a parenting blog—I'm going to try to relegate that sort of thing to Twitter. But I see myself blogging some about cooking, maybe a few things about technology, and if I could get through my four-issue backlog, we might just see the return of TWitNY.

And maybe some guest bloggers? Let's see whom or wham I could track down.

Thursday, June 11, 2009

What we blog and what we tweet has been confused

Because some of the Posnicks still care about blogging (instead of, say, Twitter), I wanted to point everyone to Sheryl's new running playlist blog, Finest Runsongs.

Friday, March 13, 2009

What is suck it, Ken Jennings?

Sheryl raised an intriguing question tonight when she asked whether we liked Larissa Kelly more than Obama. The answer, we decided, was yes.

She's back on the Jeopardy Tournament of Champions after ten long months, and the Posnick household was in a tizzy. Alex laid off on the lechery tonight but, and pardon the spoiler alert, it looks like he'll be getting another chance in the finals.

Oh, and she got the question about Google right. It's like she knows me!

Thursday, February 26, 2009

The streak lives

Looking back on my blog's archives, I'm surprised and impressed to see that I've managed to post at least once per month, every month, since March of 2003. I have a few posts saved in draft that I have trouble motivating myself to finish, but I do want to get something up for February 2009. I don't want to resort to writing a script to automatically convert each of my tweets into a blog entry. That would be cheating.

Of course what I'm going to do instead, which is respond to a personal email with a blog entry, is probably cheating too.

Our friends Haley and Gabe came over sometime last month for dinner, and I made a chestnut soup and shepherd's pie. The soup was mostly just this recipe from the Minimalist and was a good way to use a packet of vacuum-sealed chestnuts from Trader Joe's leftover from Thanksgiving.

The shepherd's pie was something special, and something that I need to make again. It's a little too fussy for an everyday dinner, but it's more time consuming than difficult to prepare. Haley recently wrote me to ask for the recipe, so here's what I can recall doing. Don't worry too much about the proportions of the ingredients, and since the four of us finished it all in one sitting, I guess it makes four servings.

You'll need:

  • A solid 12" skillet. I used a cast-iron one, but I can't recommend buying cast iron unless you're prepared to take care of it properly.
  • Around a pound and a half of ground lamb. I'd go with lamb over beef here.
  • 6 normal sized carrots. I used multi-colored carrots from a bag I bought (at Trader Joe's), but I haven't seen them there again.
  • A cup or so of peas. Frozen peas are your best bet, even if you don't get them from Trader Joe's.
  • Some pearl onions. I got them in a vacuum pack from... did I mentioned there's a Trader Joe's down the street from my apartment?
  • 6 big, preferably starchy, potatoes.
  • Around a pint of chicken broth (Trader Joe's low-sodium chicken broth all the way).
  • Seasonings.
So the basic idea is to brown the ground meat in the pan, adding a small amount of salt and pepper and bit of cumin for flavor. When the lamb's given up a decent amount of fat and juices take out the lamb and put in a bowl lined with paper towels.

(Peel and) halve your pearl onions, peel and chop the carrots into good sized carrot pieces, and add both of those ingredients along with the frozen peas into the pan. There should be enough fat to handle the vegetables, but add some olive oil if need be. Sauté until the carrots are fairly soft, and things start to brown up.

Add the lamb back to the pan along with maybe half a cup of chicken broth–you don't want it too soupy though.

Although I didn't mention it before, it turns out that while you were doing all the previous steps you had a big pot of salted water boiling, and you added the potatoes to the pot (peels on or off). Actually, since I think you really need at least thirty minutes of constant boiling to get potatoes soft enough to mash, you should have done this part first. Once the potatoes are cooked through (slip a knife through them to test), take them out of the water and place them in a large mixing bowl. Gabe will not tolerate lactose, so I mashed them with chicken stock instead of milk to smooth them out, and they tasted great. Add salt and pepper to taste while mashing.

So now you have a bowl of hopefully enough mashed potatoes to cover the pan full of the meat and veg. Use a spatula-type thing to thickly coat the top of the mixture all the way across with mashed potatoes. It's like frosting a meat cake. Definitely try to get a complete coat, so that the steam from the chicken stock doesn't escape and instead helps all the veg finish cooking while it's in the oven.

And into the oven it will go, at say 375 degree for around 30 minutes. The deciding factor as to when it's done is basically the color of the potatoes on the top–cook it as long as you're willing to wait while making sure that the potatoes get golden without burning.

And then eat. You might want to take a picture of it first, which I unfortunately neglected to do.

But seriously, Trader Joe's.