Strange iTunes 9.2.1 Issue on OSX

I’ve been getting a strange iTunes error on one of my OSX machines recently.

History & Symptoms:
Running OSX 10.5.8. I updated to iTunes 9.2.1 and now I can’t access my iTunes Store account or purchase content.

The error reads, “We could not complete your iTunes Store request. An unknown error occurred.” The error code is: -9812.

The iTunes Store loads fine and I can browse content, but couldn’t log in to my account or purchase any new content.

I can also access iTunes Store with my account on some other computers. So it appears to be localized to just this one.

Possible Issues:
It’s very likely not a DNS issue, though you might be surprised how much trouble a DNS issue could cause.

It’s also unlikely that it’s an issue with your system’s clock or time zone settings — though it doesn’t hurt to double check that they’re correct.

Oddly, it’s more likely that it’s an issue with your Root Certificates.

So, to fix it, go to Verisign and download the latest root certificates. You’ll need to provide a name and email address, but they don’t appear to actually do anything with them — which is why they now think I’m Inigo Montoya.

It’ll download a file called

Decompress the .zip file with whichever suitable method you prefer.

Drill down through the file to get to roots > VeriSign Root Certificates > VeriSign Universal Root CA folder.

Double-click each of the .cer files and add them to the default keychain. You’ll need to provide your credentials.

You’ll need to open each of the newly imported keys in Keychain Access and tell OSX to trust that key for this to work. Double-click the key, expand the Trust object at the top then change the first dropdown menu to “Always Trust”. You’ll also have to provide your credentials again.

Quit Keychain Access and iTunes then reopen iTunes and attempt to sign in to the iTunes Store.

What’s In a Name?

There’s often a debate in my office about what we should name our servers or projects.

Today, I had an engineer become visibly upset, bordering on yelling because I don’t like the method that he likes when it came to picking a name for a server. Maybe it wasn’t so much that I didn’t like it — but perhaps that I didn’t completely agree with his reasoning for using that particular method this time.

There are two distinct concepts about how one should name a server (or project)
1. Use functional names, so we know exactly what a server does and where it is just by looking at its name, or
2. Use a theme-based, pronounceable name

No matter what, we always end up with very committed supporters on each side of the argument.

Functional naming means that you name a server based on an abbreviation of its purpose, maybe its location, and sometimes with a number if it should be part of a cluster or farm. Indeed, functional naming is ideal when you have a large number of very similar or identical servers. For example: web01, web02, db27, db28, etc.

Some security types may object to using functional names because it may give a would-be attacker additional information about what a system’s significance may be. In reality, this isn’t an issue — if somebody can gain access to a system, they’re going to find out what it does on their own. The name of the server isn’t relevant.

Using functional names for unique servers isn’t always as effective. A single-domain environment may be perfectly suited to having its domain controller named simply dc or maybe ns, perhaps even dc1 and dc2 if you need a backup (you do have a backup domain controller, don’t you?).

But what if you have multiple domains? Say, you have a few dozen domains across a few different datacenters? You’re now faced with the task of explicitly identifying every domain controller by its domain or by including an identifier in the server’s name to indicate what domain or datacenter it’s a member of.

Multiple domains accessible and manageable by many people across several organizational units will all need to understand the naming convention so they can mentally decode it.  Having many different servers named “dc1” but in different domains will create a degree of complexity that can increase the risk of damage to systems within each domain.

“Okay, I rebooted antivirus1.”

“In production or in the test environment?”

“Don’t know — I just went to antivirus1 and rebooted it…”

**a flood of production antivirus alerts come pouring in**

The argument gets round to somebody posing the question, “Why not just add an extra character or two or three to each server name?”

This, too, may seem effective on the surface. Certainly, in some deployments, this may be useful. But choosing what letter or other designation to append to a server name can be tricky. Use the physical location? Say, row and rack number? Use a designation for the datacenter it’s housed in? Sure, this is great if you have a large number of servers in a farm, but when it comes to things like virus scanners, domain controllers, and monitoring systems, not so much.

“We rebooted dc1p.”

“Wait! What?!? You rebooted the production domain controller?”

“No, it’s the one at the Philadelphia datacenter. That’s what the ‘p’ is.”

“No, the ‘p’ means it’s production.”

**a flood of production authentication alerts come pouring in**

Obviously, it would be important that everybody completely understood exactly what the naming convention was and how to correctly decode it. But your non-technical users — who may have a legitimate business need to know server names — have no concept, nor do they wish to have any understanding of server locations or often of different environments. But we can all more easily associate a name to an object.

“But why not educate the user?” you may ask. Indeed, why not force them to learn the standard?

For the same reason you don’t require them to memorize your phone number and cubicle location to get support. It simply isn’t realistic to expect people who are not technically-minded to memorize technical concepts much in the same way that it’s not realistic to expect non-neurosurgeons to memorize the names and locations of the structure of the human brain.

“But you’re lowering the bar!” No, I’m not. I’m just not setting unrealistic expectations of other people. Yes, I keep mental maps of every datacenter, row, rack, and server location, but I never expect people to have the same skillset as I do to remember things like that.

Yes, for the Engineer who feels compelled to keep everything nice, neat and numbered in a NET VIEW list, it makes perfect sense to devise a numeric/location-based naming scheme. You may want to call a server because it’s an OSX Xserve, providing utility functions, the first of up to nine similar servers, in the corporate environment, used for testing, on the corporate domain.

Now, try to tell one of your internal, non-IT customers over the phone that they need to go to the web site to validate a website you want to publish before you push it to the production-level system…

“Wow, I have no idea what all that means, but I typed h-t-t-p-colon-forwardslash-forwardslash-mack-you-tell-won-corp-won-bea-test… Is that right? [click] Well… It says Server Not Found… Why does this need to be so difficult? Why is it nobody can understand you technical people?”

Your user base has quite enough things to keep track of without having so much additional complexity presented to them that they simply don’t need to know. Their expertise lies elsewhere.

One may find it would have been better to just use a name that can be spoken and relatively-easily understood by the customer, like or, if they’re on the same domain as the server already, they just need to type “hades”. Done.

“Oh, Hades — like that Greek Mythology stuff — I hated that in school… H-A-D-E-S [click]… site looks great. Please publish it.” And done.  We gave them a name. It’s an obscure name and references some ancient mythology that has nothing at all to do with science and reality, but it’s still a name that your customer has probably heard before. They already have a mental connection of some kind to that name, so you’ll probably spend much less time handholding them through the process.

Note: You could just set up DNS aliases and host headers to do the same thing, but then you’re also getting into the added complexity of updating DNS, creating site aliases, restarting web services — to say nothing of other services that don’t have aliasing capabilities.

Give a server a name and odds increase greatly that it will be easily remembered as useful information instead of noise or jargon consisting of random letters and numbers.

Naming Themes

So, how do we pick names?

Here are a few ideas for server names for your environments:

  • Continents
  • Classical Greco-Roman Mythology (my favorite)
  •  – Planets and their moons
  •  – Constellations
  • Biblical references or characters
  • Science-Fiction
  •  – Star Trek ships, characters (also a favorite)
  •  – Star Wars characters, planets
  •  – Harry Potter characters
  •  – Sci-Fi authors
  •  – Battlestar Galactica
  • States (or provinces)
  •  – Counties
  •  – Cities or Towns
  • Rivers
  • Mountain ranges
  • Fourteeners (very popular in Colorado; also for conference rooms)
  • Ski resorts
  • Islands (also one of my preferences)
  • Island resorts
  • Major world cities
  • Ancient cities (Microsoft had used this for Windows projects codenames)
  • Airports (general or commercial, codes or common names)
  • Auto makers
  • Species of tree, insect or breeds of cats, dogs, etc

I personally very much prefer using names from classical mythology. I’m not Greek, nor am I from Rome. I’m also an atheist. But the stories of Greco-Roman mythology have many corollaries to modern life and the structure of society.

So, for clusters, go nuts with numbers. Absolutely. But for unique servers in your environs, consider some actual names.
Besides, you’ll be exercising your creativity — you might even enjoy the project a bit more.

Times, They’ve Changed

I’m going to babble about cars for a minute…

I rather like small cars. Compact, functional, economical on purchase cost and fuel. They’re a bit hard to find now. Sure, you could get a Smart, which seats two, but the price in the US is about two to three times more than the original European cost. How about a Mini? Well, they aren’t nearly as mini as the originals and the prices are pretty steep.

Seems that it wasn’t long ago that compact cars were much more common.

Spotted this over on some blog that I read — oddly, its name escapes me:

The red one above is called the Clipper. “A family car with the lowest running cost.”

Yup: compact, economical, functional yet with a bit of flare in that it’s a convertible.

Interesting how we’ve gone completely the opposite way over time. Cars, now, it seem are nothing more than the biggest, costliest, most fuel-hungry machines on the road.*

Today, I think the Kia Soul and the Suzuki SX4 Crossover are about the most functional cars in current production. One is a larger version of a hatchback, the other a part time all wheel drive hatchback.

* Yes, I have a truck with a 350 in it that gets 11 MPG. It’s my cargo hauler and my work truck when I need to move servers around.  I also have a motorcycle on which I get about 60 MPG.  Guess which one gets more use.

Intruders, Prowlers, and The Island

This post has nothing at all to do with a television show nor about burglaries and peeping toms.

Instead, it’s just a wee memory about, well, Prowlers, Intruders, and The Island.

Yesterday afternoon, I was in the back yard setting up and airing out the tent for a camping trial with the toddlers next weekend. The kids were exploring the yard and Daisy was working on her garden.

A distant jet engine spooled up — not unusual as we’re under the approaches for three large airports — Centennial, Denver International, and Buckley Air Force base (KAPA, KDEN, and KBKF).

The engine I heard was coming from Buckley.

This one was much louder than I would have expected for the typical kind of traffic leaving that field. This was a strangely familiar sound, evoking a very old memory in my mind.

I knew that sound. I didn’t even need to look up to see it to find out what it was, but I watched just the same.

The engine note by itself told me, it must be a Prowler. Maybe an Intruder… or even the more rare KA6D Tanker. But probably a Prowler.

Within a few seconds, I spotted it. A pale grey outline of a jet from my childhood memory approached head on.

The Prowler and Intruder aren’t the sexiest of aircraft. They aren’t the fastest or even the most maneuverable.

To me, though the sound is distinctive, there are are only three differences that would reveal with certainty which jet this was. Based on the A6 Intruder, the EA6B Prowler has a slightly wider nose (hard to distinguish from the ground), a second canopy for twice the crew (impossible to tell from underneath), and a large pod atop its tail, which gave this one away.

As the Prowler passed overhead, the engine sound grew still louder, tearing through the sky like neverending thunder.

Even my children stopped and looked skyward to watch it pass. They, too, knew there was something different about this jet. Odin pointed and said, “A pane! A pane!” (airplane, airplane)

We watched the Prowler as it climbed skyward and headed over the Rocky Mountains. Its crew of four destined for home.

Home, in this case, is Whidbey Island. Or, as we always called it many years ago: The Island.

On Whidbey Island, just to the North of Oak Harbor, near the main entrance to the air station, there’s a sign welcoming visitors. The sign, for decades, has read, “Please pardon our noise. It is the sound of freedom.”

Freedom is powerful there. Sometimes the sound of freedom is so powerful that you can feel it — almost reach out and touch it.

It seems strange, but growing up on Whidbey Island, that noise was something that to me was a natural part of life. Sometimes, that sound saturated the countryside at 2AM; flight crews practicing touch and go landings in all weather conditions before being sent back out to a carrier.

Sometimes, we couldn’t hear the sound for days or weeks — usually when all of the squadrons were out to sea — things felt misaligned when that sound was gone. Something wrong with the universe, it seemed.

Yet when they returned, their exhaust note seemed almost to sing.

Newcomers to The Island — if not attached to the Navy (or aviation) — often disliked that sound. But the Navy and the natives knew that the sound of those twin engines, neatly tucked into the bellies of Intruders and Prowlers, kept the economy of Whidbey Island running. In a way, it was the pulse of Oak Harbor and Whidbey Island.

While I have been back from time to time, it’s now been about 23 years since I left my childhood home of Whidbey Island. I still remember and very much miss the power, the presence, The Sound of Freedom, in the song sung by the Prowlers.

Tactical Stuff

Seems that everything has gone “Tactical” to some degree.  Here are some serious, some fun.

I’d like to try the Tactical Beer.

The Tactical Tether seems to me to be a good idea.

The Tactical Mug looks awesome.  Want.  (US$280).

Tactical Kilt?  Oh, yeah.  Especially with the Tactical Sporran. Though I prefer Utilikilts ($200 – $300) and Amerikilts ($100).

The Tactical Sandals look kinda cool, but I don’t like those kind. I prefer something a bit more functional in sandals; inexpensive is good, too. Though logic says, if you need tactical footwear, then get some good boots… like the kind that Uncle issues to soldiers.