Kevin Henrikson

I’ve had my MacBook Pro for just over two months now. Bottom line it just works. Need to print something hit print, it just *finds* the printer in the office. No missing drivers or needing to search those slow windows shares. It finds the printer and just prints. A co-worker who also *switched* recently joked how now he can view those YouTube links people send around without crashing his Linux box since it had an incompatible audio driver. Mac OS X is a great OS, and for all those long time Mac fans who obsess about how ‘it just works’… They are right.

So in the past two months I’ve spoke at a couple conferences, which gave me a chance to test the MacBook in the *wild*.

A couple tips from the road:

– Remember you VGA -> DVI adaptor. (I forgot this on the first trip, but luckily a colleague lent me his.)
– Buy an extra battery or two. (More on this in a minute)
– Pick a wireless option (more on this…)
– Make sure to carry a USB stick for sharing files

So this gets me to the meat of this post. THERE IS NO WAY TO USE AIRPLANE POWER WITH YOUR MAC BOOK. Ok well there is a few hacks which include power inverters and shutting off one core to save power…. Let’s get real, nobody wants to make these sorts of hacks. The new MacBook Pro power supplies SUCK a full 85W of power. Most airplane power is only 65W at best. Apple has locked up the rights to the new MagSafe adaptor so there are no 3rd party adaptors for the common EmPower ports found in business class in many North American airlines. Fortunately my current job doesn’t involve much travel, in fact only one international trip so far. Unlike my last job which included monthly crossings of the Atlantic. So while the power shortage with my MacBook has been an annoyance it’s not as bad as it could be. Purchasing a 2nd/3rd battery will give you enough juice to flay back and forth between the coasts. It’s just a tragedy that Apple hasn’t found or allowed 3rd parties the rights to make life of the modern road warrior a possibility.

Moving on… Up until Tuesday of this week the only option I had for Internet access outside the office/house was my T-Mobile WiFi account. This will put you with in arms distance of WiFi at any airport or major city. Every Starbucks is wired with WiFi so that makes it pretty easy to pick up a connection. Let’s you exercise two vices at once. Coffee and Internet… Happiness. Well on Tuesday that all changed when my new Novatel V640 EVDO card for the Verizon network. Obviously not as fast as WiFi but the ability to once again get back on EVDO is very nice. This was the biggest thing I missed from my Thinkpad days when on the road or outside the office.

My next trip should be pretty nice now that I’ve got a USB charger for my Nokia E61 and I’ve got my EVDO connection back.

Now if Apple could just figure out to make those batteries last longer and get me some power on the plane all would be perfect.

One of the first accessories I purchase when I get a new phone is a USB charger. Ever since I got my Nokia E61 I’ve been searching for a USB charger. USB chargers are usally much smaller than the standard charger that comes with your phone. It also frees you to charge your phone remotely since I’ve always got my laptop with me. Well last week I found a USB charger for the E61.

Momax USB Charger For Nokia E61
yesasia.com $16.99

Just got mine today and it works great!

Went to search for some OSCON related blog posts and what do I get

Why don’t they put this on the search bar itself BEFORE I search? Bad user experience.

Well my MacBook Pro arrived. Couldn’t find a binary version of wget for MacOSX 10.4.6 so decided to build it for myself. wget makes easy work of downloading HTTP/FTP items. I needed this to grab some of the certs when trying to get Gmail’s POP over SSL to work on my Nokia E61.

Here’s the copy of wget I built on Mac OS X 10.4.6

Connecting to Gmail’s POP (POPS) server always caused a certificate warning on my Nokia E61 Symbian based phone. The solution is to add Google’s Gmail root SSL certificate to the phone. First check the SSL cert that gmail is advertising.


host1:~ kevin$ openssl s_client -connect pop.gmail.com:995 -showcerts
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC3TCCAkagAwIBAgIDBZIAMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUxMTE1MjEyMjQ0WhcNMDcxMTE2MjEyMjQ0
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMP8LCYiLGJ/
RihwcOi1V/zHVTw0Gfu+mI141Vjuuj2DtQoav8emwlXbu8gZoKP9GeMWpX1Vo9qN
4gkslIToHmDnIwGjcaEAfpdhSR9g54Kf5Y7BEXVyco6mTIlpe9vsbV0dmB1FvLP2
1N09dkUJfi7V0fjb8mcn3QYu6+6QNoxPAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTdASsopgao1m8hcEg0cDZhucltljA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAln3/pVqYnUXA1TVGzOqX
LFhohGxpuNkr1UJnQmYxmZeB07uPBYRX8c0JXEKs29TmAHRsLhmp8kF36F11Dxgi
Xm/Y8I9zgWHoMj7SL3Ve/u8K8K7XcUyUuaWmldLQAREafpFy+f+KYHGuAVh8hjy6
XyPlMCqj+PNp8QXjgOcgO68=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 891 bytes and written 332 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 19B1FF1A50B6ABCDBB1FEDA198E5C69BC6EA76D1786ECEA5CB845DC2D9BBD6EC
Session-ID-ctx:
Master-Key: B1AF3801F0742D2EDB52B010EA2497B3D2AA7D38D65313D57CA0BCD67C59C902938E9F274B09BE95026441F313688179
Key-Arg : None
Start Time: 1150697367
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---


From this we see the root certificate is from Equifax. This certificate can be found in common root cert bundles but is not shipped by default on Nokia/Synbian phones. For reference here’s the Equifax root certificate.


-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----


The next step is to convert the Equifax certs to a format Symbian will accet. Start with putting it in a .pem file.

equifax.pem

Using openssl it can be converted to der format.


openssl x509 -outform DER -in equifax.pem -out equifax.der


equifax.der

The final step is to transfer these certificates to your phone. USB, IR, or Bluetooth will all work for this purpose. You’ll be prompted to add the certificate to your phone. Accepting this will permantly save the cert on your phone for future. Try connecting to gmail to ensure the certificate prompt/warning is no longer displayed.

ref ref2