Why do I use Signal?

Why do I use Signal?

Signal, if you haven’t already heard of it, is an encrypted messaging app for both Android and iOS. My experience with Signal doesn’t extend into the iOS realm, but the experience won’t be that different, with the exception of iMessage being thrown into the mix.

There are many good articles about what Signal does, and how it does it. You can start by reading the app’s own page here: https://signal.org. There is no real point, I don’t think, to rewrite something that someone else has already written, probably in a much more elegant way.

Why do I use Signal? I like my communications to be encrypted. Not because I’m worried about law enforcement intercepting what I’m sending to my friends. Not because I’m worried about people stealing my phone and hacking into my SMSes. I like my comms to be encrypted because of all the companies profiting from knowing information about me. I don’t know if a regular SMS is being scanned for keywords by my telco, and that information is being sold to advertisers. But if you switch to an encrypted messaging app, there’s no way for them to do that.

When I talk to people, I often get the question of “How is it different from Whatsapp?”, and while in a broad way it does very much the same thing, there are two differences that sets it apart.

The first is that it replaces your standard SMS app, and only needs your mobile number to work. It will send a regular, unencrypted SMS to your buddies who don’t have Signal, and seamlessly switch to encrypted comms when they finally listen to you and install Signal too. You don’t need to remember how you communicate with whom. It’s all there in the one app. And, as a bit of a cherry on top, the company is a not-for-profit run by privacy wonks.

The second is that it’s not owned by Facebook. Even though Facebook can’t necessarily read what’s in the messages that are sent with Whatsapp, it does give them a map of who is communicating with whom. And the less Facebook knows about me, the happier I am.

Touching briefly on the iMessage thing, it’s, to me, much the same as Whatsapp, but maybe slightly worse. Unless Apple have devised some new cryptographic methods for messaging, they must have access to the encryption keys used for messages if you can recover the messages from iCloud to a new device without access to the old device. This is bad, and means they could potentially read the messages too.

Download Signal today and give it a go: https://signal.org/

Less Tech.

Less Tech.

I really like numbers. I like graphs. I like plots. I like tables. I like SQL queries. It was pretty predictable that I’d like having a Fitbit on my wrist. No surprise that I’d find myself poring over the graphs in the app, checking my resting heart-rate (56-58 bpm when I’ve not had any red wine for a couple of days, 61-63 bpm when I have, FYI), my active hours, how many steps I’ve done and when, and probably because I can be a bit* competitive at times, how my steps stack up against my Fitbit friends steps.

But – what did I have the Fitbit for? I had it to help me keep track of my exercise (check) and improve my fitness levels. It just didn’t help improve my fitness. It didn’t push me to do more steps. It didn’t motivate me to run. It didn’t really help me improve at all. So it’s gone.

When I stopped wearing it, I felt quite a bit of relief, which I didn’t expect. I thought I’d miss it. Miss having those graphs, and tables of information to sift through. But instead, I felt liberated. When I go for a walk, I’m going because I want to. Because it feels nice. Because it’s good for me. Not so that I can compete against other people, who most likely aren’t competing back. To be completely honest, there have been a couple of times I’ve gone for a walk and thought that it’d be nice to have the steps recorded because it would have added a decent chunk to my tally, but then I quickly realise that it’s not important. It’s important that I’m moving – it’s not important that I’m winning.

Anxiety levels: slightly lower than they were before.
Plan: figure out what to get rid of next.

SQL Server Management Studio – as another user

SQL Server Management Studio – as another user

Skip skip skip all the preamble junk…

My work, amongst many other things, involves managing a small herd of Microsoft SQL servers and a series of small web-apps. When I work from home, from my non-domain-joined machine, I want to be able to run the SQL Server Management Studio (SSMS). I could RDP (or whatever) in to a machine on the domain, but it feels neater to just run it from the local PC where I’m working.

I’d tried this before, but because of two (or maybe one and a half) little hurdles and bits of weirdness, I couldn’t get it going until today.

The half hurdle is that the executable for SSMS is a lot like smss.exe. But very different. Don’t try to launch smss.exe this way.

The full hurdle is what stumped me for longest. When SSMS starts, it will still show your local computer/domain name and local username in the login section. This is ok. Just connect anyway.

SSMS 17 (and maybe earlier versions) adds the path to the executable to the PATH environmental variable, so you don’t need to worry about including the whole path to the executable when you run the command I’m about to show.

Just get on with it…less jibber-jabber.

Here’s the deal.

Create a shortcut pointing to the following:

runas /netonly /user:domain\username ssms

You’ll be promted for your password when it starts.

Let’s Encrypt Wildcards and IIS

Let’s Encrypt Wildcards and IIS


Late last year, Let’s Encrypt, that wonderful semi-automated free SSL certificate service, announced that they would be adding support for wildcard certificates. A standard SSL certificate only covers the specific domains and sub-domains it was issued for, and needs to be modified or adjusted to allow more sub-domains. While it’s not a big deal to make these changes, a wildcard SSL certificate is a really simple way of covering yourself for all the different sub-domains you might have, and might want down the track.

Getting the wildcard certificate (or even a “normal” certificate) from Let’s Encrypt can seem daunting at first, but with the right information, it goes smoothly most of the time.

This post is going to cover how to get a hold of a wildcard SSL certificate from Let’s Encrypt, and then how to get that SSL certificate into your Windows box to use with IIS. I’m going to gloss over the parts where the pfx file is being copied from Linux to Windows, assuming that you know how to use ssh/scp/pscp to move files about.

Ready? Right. Onwards.


You’ll need to have access to:

  • A linux machine, where you are a sudoer (or root) (I did this with an Ubuntu 16.04LTS box).
  • Your public DNS zone for the domain you’re trying to get the certificate for.
  • Your IIS box.


I’m going to assume you have SSH access to your Linux machine, and that you know how to use it. Also that you know how to add TXT record to your public DNS zone.

You’ll need to move your freshly minted pfx file from the Linux machine to the Windows machine. I use PuTTY and pscp to move files to and from Linux boxes from Windows. I think you should too.

I’m also assuming you know how to change which SSL certificate a binding is using in IIS.

Let’s do this:

Most of this will be done in the Linux machine, so connect to it with PuTTY.

Download certbot-auto by running the command

wget https://dl.eff.org/certbot-auto

Then make it executable by running

chmod u+x certbot-auto

Certbot-auto is a glorious script that makes everything happen pretty much automatically. It will grab all the required dependencies, it’ll request the certificate for you, tell you what to put in your TXT record, then put the certificate in a sensible spot for you.

Let’s request that certificate for your favourite domain, *.example.com.

sudo ./certbot-auto certonly -d *.example.com --manual --preferred-challenges dns-01

As it’s your first time running certbot-auto, it will probably download and install a bunch of apt packages. Once it’s done, it will request the certificate, and assuming everything has gone well, prompt you to create the TXT record for your domain.

TXT Record

Now is the time to create the TXT record with the string provided by certbot for _acme-challenge.example.com. If you’re unsure how to do this, as your hosting provider to help. Or a friendly friend.

Once you’ve set it up, it’s time to hit Enter to finish certbot’s job. Wait for that to happen, then it’s time to move on to exporting the keys into a format Windows can handle.


Your newly minted SSL certificate will be found in the following directory:


together with a README file, and three other files. That live folder is locked down, so you can only get to it as root. You can either switch to root, or you can sudo the following command from your home folder (I recommend the latter, but do the former).

So, from your home directory, run the following command:

sudo openssl pkcs12 -export -out example.com.pfx -inkey /etc/letsencrypt/live/example.com/privkey.pem -in /etc/letsencrypt/live/example.com/fullchain.pem

Enter a password when prompted, and you will have generated a PKCS #12 archive of the SSL certificate. This format is very easy to import into IIS in the next step.

Importing the key into IIS

The final two steps are to import the key into IIS, then change the binding to the newly imported certificate. I’m doing this in IIS7 on Server 2008R2, but shouldn’t be too different in newer versions.

Copy the file from your Linux box to the Windows server (most likely with PSCP), then start up the IIS manager.

Open the Server Certificates feature, then click on “Import…” under actions in the top right hand corner. Find the file, enter the password you picked, and you’re done. Change the bindings for the sites you would like to use this new SSL certificate, and you’re done.

Bonus – Installing Certificate into UniFi

sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore path-to-your-exported-pfx -srcstoretype PKCS12

Pi Hole Update

Pi Hole Update

A while ago I wrote a guide on how to configure a Pi Hole on an Orange Pi tiny computer.  See here: Filtering Ads and Stuff

This was a bit of a mistake. The Orange Pi wasn’t reliable, and failed on Friday, just about two months since it went in.

I’ve since rebuilt it on a Raspberry Pi and I imagine that it will be significantly more reliable if the other ones I have around the house are anything to go by.

Pictured is the Pi 3 in a Lego (inspired) case, currently running Pi Hole and Squeezelite.

Squeezelite is a distributed music playing system, which I will post about soon.

Riding + Technology

Riding + Technology

I love information. Or maybe it’s that I, more specifically, love data. For a information/data-phile like me, having a device in your pocket (and on your wrist) that can collect, collate, and visualise the information for you is pretty amazing. With that information I can track improvement, decline, progress, and stagnation.

I like it.

I have been using Strava for a long time to collect information about my running and cycling. You get a cool summary for the month, comparing you against the previous month. You can track your heart-rate, average and top speeds, amongst many other things. Recently I’ve linked Strava to a service called Relive, which gives you cool little videos of your logged activities.

Those things are all very cool.

Add, now, to this a video camera, and I can get a really good visual representation of the whole ride, too. And if something interesting happens along the way, I have that information.

Below is my first video, which is the descent from around Cleland along Long Ride and Winter Track to Waterfall Gully Road. I got rid of all the sound because the thrum of my knobbly tires is exhausting. You can add your own soundtrack by playing your favourite song while watching the video. ¯\_(ツ)_/¯