fighting for truth, justice, and a kick-butt lotus notes experience.


Detlev Poettgen


Saying Goodby to Facebook

 20 März 2018 14:27:27
Facebook is using us.
It is actively giving away our information. It is creating an echo chamber in the name of connection. It surfaces the divisive and destroys the real reason we began using social media in the first place – human connection.

It is a cancer.


I have had a Facebook account since 2009, but I never used it much. I never used WhatsApp.
I have always been sceptical about the company Facebook and did not want to let a company like Facebook participate in my business and especially my private life.
Facebook (Facebook, Messenger, Instagram and WhatsApp) lives off the data and sells the data that I and my "friends" feed it with.

Facebook probably knows more about each user than any other service, agency or organization. Probably more about the user himself than close real persons.  
Facebook knows your habits, where you live, your social environment, with whom you communicate how often, what you like, which websites you visit,...

If you still think after the current events, what is Facebook supposed to do with my last holiday selfie, is naive. Facebook actively uses the data and passes it on to third parties. What can be done with this data is being drastically demonstrated to us.

Today I made the long overdue decision for myself to delete the content as much as I can, clean up my profile and put the account into sleep mode.
You can still find me there, but I will no longer actively "play" there.

If you want to connect with me, you can find me here:

Twitter, Xing, LinkedIn and IBM Watson Workspace

Or just by phone or mail.

New IBM Notes Client Slipstream for macOS High Sierra

 15 März 2018 20:52:13
This week IBM released a new install package of the IBM Notes Client for macOS 10.10.13 aka High Sierra.

Notes 9.0.1 64-bit was released in 2015 and then revised on 9 March 2018 to address an OS X 10.13 install issue.

You can download the client via IBM Passport Advantage. Just search for the Part Number:
Passport Advantage 
Part Number
IBM NOTES 9.0.1 MAC 64 BIT English CNQY7EN  Revised 3/9/2018
IBM Notes 9.0.1 Mac 64 BIT Simplified Chinese and Traditional Chinese CNQY8ML  Revised 3/9/2018
IBM Notes 9.0.1 Mac 64 BIT Japanese and Korean  CNQY9ML  Revised 3/9/2018
IBM Notes 9.0.1 Mac 64 BIT French, Brazilian Portuguese and Spanish CNQZ0ML  Revised 3/9/2018
IBM Notes 9.0.1 Mac 64 BIT Italian and German CNQZ1ML  Revised 3/9/2018
IBM Notes 9.0.1 Mac 64 BIT Danish and Dutch CNQZ2ML  Revised 3/9/2018
IBM Notes 9.0.1 Mac 64 BIT Finnish, Norwegian and Swedish CNQZ3ML  Revised 3/9/2018
IBM Notes 9.0.1 Mac 64 BIT Polish and Russian CNQZ4ML  Revised 3/9/2018
IBM Notes 9.0.1 Mac 64 BIT Portuguese and Turkish CNQZ5ML  Revised 3/9/2018

After installing the new client you should install the latest Interims Fix( IF14 or greater ) on top.

Let’s Encrypt now supports Wildcard Certificates and LE4D will support it too

 13 März 2018 18:32:57
 Today Let's Encrypt starts to issue official wildcard certificates for free.

Image:Let’s Encrypt now supports Wildcard Certificates and LE4D will support it too

We’re pleased to announce that ACMEv2 and wildcard certificate support is live!
With today’s new features we’re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates.

Wildcard certificates allow you to secure all subdomains of a domain with a single certificate. Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases.

Wildcard certificates are only available via ACMEv2. In order to use ACMEv2 for wildcard or non-wildcard certificates you’ll need a client that has been updated to support ACMEv2. It is our intent to transition all clients and subscribers to ACMEv2, though we have not set an end-of-life date for our ACMEv1 API yet.
Additionally, wildcard domains must be validated using the DNS-01 challenge type. This means that you’ll need to modify DNS TXT records in order to demonstrate control over a domain for the purpose of obtaining a wildcard certificate.

via Let's Encrypt Community announcement

We already extended our existing midpoints Let's Encrypt 4 Domino (LE4D) client to support the ACMEv2 API.

The plan is to release midpoints Let's Encrypt 4 Domino v2 in the next few weeks, after we will have finished some final tests.

So yes - LE4D v2 will support wildcard certificates!

But you should have one already in mind. To use wildcard certificates - ACMEv2 will do the validation using a DNS-01 challenge. That will require to add a DNS TXT record to your public DNS zone.
A fully automatic solution will not work with all used DNS servers.

But we will explain this in more detail, when we will release LE4D v2. Stay tuned

IBM Traveler available

 7 März 2018 22:53:07
Today IBM released a new Traveler version called (Build: 201803022309_20).

Image:IBM Traveler available

IBM Traveler is a maintenance release that provides APAR fixes for the IBM Traveler server.

IBM Traveler includes a database schema update for MS SQL Server deployments.
It is only necessary to run verifyIndexes.sql to update the schema to latest level. Otherwise no action is required unless upgrading from a version prior to If you use auto schema updates (default behavior) there is no action required.

APAR # Abstract
LO93281 Modify an encrypted event from mobile device may corrupt event body.
LO93380 Support 32 bit Domino 9.0.1 Server.
LO93412 One index may cause performance problems on MS SQL Server.
LO93440 Incorrect default ACL for R6MemoMap.nsf
LO93455 Incorrect error code used for network error.
LO93466 Set $RFSaveInfo field on Reply/Forward from mobile device.
LO93491 Name used for time zone on mobile device does not match value used by Notes Client.
LO93522 Improve handling of very small in-line mime images.
LO93529 Web Administrator interface may show Verse for iOS device as not supporting data wipe.
LO93547 Not authorized message logged during network outage.
LO93596 Device may be missing e-mail if user has another device with a smaller filter window.
LO93599 Handle unexpected list format in notes.ini file.
LO93645 Event may not show on user's device when user was removed then re-invited to the event.
LO93660 Yellow status message displayed for Replicas table missing a Primary Key.
LO93663 Mail in sent folder may be missing content when configured to save with no attachments.
LO93706 Add NTS_JAVA_PARMS_EXT notes.ini parameter to allow for values larger than 256 characters.
LO93709 Attachment with DBCS characters in the file name may not display on mobile device.
LO93720 Update APNS Certificates, new expiration data March 30,2019.

You can download the update as usual on IBM FixCentral.

An IBM Traveler full installation package will be available by March 16, 2018 on Passport Advantage.

iOS 11.3 Contact Containerization - It simply works

 5 März 2018 17:54:11
Last month I published a blog post regarding the new iOS 11.3 Enterprise features. I received a few questions regarding the Contact Containerization:

Second new feature: Contact Containerization

Prevent contacts in managed accounts, like your IBM Traveler mail account, from being used in unmanaged apps like WhatsApp or other accounts.
Contacts now obey existing managed data restrictions.

That will be a huge improvement. Contacts will then finally be part of the managed / unmanaged definition and handling on the device.
You can use the native Apple Mail, Calendar and Contacts app and the unmanaged WhatsApp App for example will not be able to get access to your synced contacts via your managed ActiveSync (Traveler or Exchange) account.

There is no new iOS 11.3 restriction for Contacts in the Configuration Documentation from Apple mentioned. But starting with iOS 11.3 the Contacts will be part of the already existing Managed-Open-In restriction.
As a result you should already be able to test it by your own by using your existing MDM solution and a device already upgraded to iOS 11.3 Beta.

Image:iOS 11.3 Contact Containerization - It simply works

I made same tests this week with the current iOS 11.3 BETA and it works great. I did the tests with our own MDM solution mobile.profiler v7.0, which we released in October 2017.

I installed a managed ActiveSync mail account via MDM. The mail account had only 2 contact entries.

I used the myContacts Backup third party app for testing. When starting the app for the first time, it asks for permissions to access the contacts stored in the Apple native Contacts app.

During the test I installed the app first manually and opened the app. Without any restrictions enforced by the MDM the third party app can access my two contact entries from my ActiveSync account:

Image:iOS 11.3 Contact Containerization - It simply works

Then I pushed a set of restrictions via MDM to the device and enabled the Managed-Open-In control of iOS:

Image:iOS 11.3 Contact Containerization - It simply works

As a result the third party app no longer could access the contacts of my managed ActiveSync account.

After that I deleted the app on the device and pushed & installed the app via MDM as managed.

Image:iOS 11.3 Contact Containerization - It simply works
As a result the now managed third party app can access the contacts of my ActiveSync account.

To sum it up briefly:

With iOS 11.3, Apple finally offers the possibility to control access to contacts of company mail accounts using the native Apple Mail App via Managed Open-In restrictions.

In this way, the native iOS MDM interface can be used, for example, to prevent WhatsApp from accessing the company contacts of the managed ActiveSync account.

Apple Watch durchgespielt #dontbreakthechain

 2 Februar 2018 22:21:01
1.000 Move Goal done!!!

Image:Apple Watch durchgespielt #dontbreakthechain

Sieht so aus als hätte ich die Apple Watch durchgespielt ;-)

Image:Apple Watch durchgespielt #dontbreakthechain


Vielen Dank an vowe für's motivieren!

iOS 11.3 Beta includes two new important MDM Feature - Update Control - Contact Containerization

 1 Februar 2018 15:49:58
It looks like Apples upcoming iOS 11.3 release will bring (beside others) two long missed MDM functions:

First new feature: Update Control

A new restriction "enforcedSoftwareUpdateDelay" allows an administrator to configure how many days an update will be delayed.
With the restriction in place, users of the managed devices won't even see the update until the specified number of days has elapsed. You can delay updates for up to 90 days.

The device must be supervised!

Second new feature: Contact Containerization

Prevent contacts in managed accounts, like your IBM Traveler mail account, from being used in unmanaged apps like WhatsApp or other accounts.
Contacts now obey existing managed data restrictions.

That will be a huge improvement. Contacts will then finally be part of the managed / unmanaged definition and handling on the device.
You can use the native Apple Mail, Calendar and Contacts app and the unmanaged WhatsApp App for example will not be able to get access to your synced contacts via your managed ActiveSync (Traveler or Exchange) account.

A few more new MDM features can be found here

I hope that Apple will ship these features in final release. At the moment they are part of the current beta.

IBM Champion 2018 - Thank you so much

 12 Januar 2018 18:32:32
Today I received a mail from Libby Ingrassia / IBM with the fantastic news, that I am appointed to be an IBM Champion 2018.
Image:IBM Champion 2018 - Thank you so much

I am honoured and moved being part of the Champions community for the third year in a row.
It is an amazing list of people and I can be part of it.

I want to thank all who voted for me. Thank you so much.

What really makes me happy, is that Ulrich Krause a.k.a. Eknori is IBM Champion again - for the 7th time! Congrats Ulrich

I would like to thank the midpoints team, IBM, our partners and most important our customers. Without you we would not have achieved this.

So I am motivated again to blog a little bit more in the future :-)

IBM Verse for iOS App will support Apple CallKit in upcoming release

 8 Januar 2018 15:57:21
IBM just published additional FAQ entries at the Knowledge Center, which are explaining a new feature of the upcoming IBM Verse for iOS app version 9.4.7.

IBM will integrate the Apple CallKit Extension!

CallKit can solve an old issue many of my customers are worried about:

If a call comes in, your users would like to see the name of the caller and not only the phone number.  By default Apple searches the Apple own Contacts app for a matching caller name. If an entry matching the phone number is found, the Apple Phone app will display the name from the contact entry. So if you want to see the name of a caller, you will have to store the name and phone number in the Apple Contact app.  But in this case third party apps like WhatsUp will have access to this data.

Since iOS 9 Apple provides an extension called CallKit, which can solve this issue.

When receiving a phone call, iOS first checks Apple Contacts for a contact with the incoming phone number. If a match is not found, iOS then consults the so called Call Directory database, which can be populated by third party apps that have implemented the Call Directory App Extension.

Sync with Apple Contacts creates an IBM Verse group in Apple Contacts and creates an Apple Contact in that group for each of the user’s IBM Verse People. IBM Verse populates as much data as possible for the person into the corresponding Apple Contact (User added photo, company, department, email addresses, phone numbers, etc.). Once this information is in Apple Contacts, any iOS app (developed by Apple or by third party developers) with access to the user’s Apple Contacts will be able to read and write over the Apple Contacts. This behavior allows iOS apps to automatically associate a piece of data such as a phone number or email address with a Contact. For example, the Messages app can associate a phone number that sent the user an SMS message with an Apple Contact and therefore show their picture next to the message in Messages. Disabling Sync with Apple Contacts will delete the Apple Contacts associated with IBM Verse People, and will therefore sever the connection from other apps to those Apple Contacts.

Sync with Apple Contacts involves directly syncing data with the Contacts application, while the Call Directory Extension is a separate data container. For the Call Directory Extension, iOS specifically requires a list of key-value pairs, where the keys are distinct phone numbers (no duplicates) and the values are the caller names for each phone numbers. For each phone number in a user’s IBM Verse People, the phone number and corresponding name are sent to the IBM Verse Call Directory Extension. A key difference between Sync with Apple Contacts and the Call Directory Extension is that these pairs of phone numbers and names are only visible to iOS; they are not visible to third party apps.

Check out the following IBM FAQ notes:

- How can I integrate my IBM Verse People with iOS Call Identification (Caller ID)?

- How do I enable or disable the IBM Verse Call Directory Extension?

- What's the difference between IBM Verse Sync with Apple Contacts and the IBM Verse Call Directory Extension?

- What format do I use for IBM Verse People's phone numbers to integrate with Caller ID using the Call Directory Extension?

IBM Verse for iOS v9.4.7 should be available in the next few days.

Apple Support Note regarding speculative execution vulnerabilities in ARM-based and Intel CPUs

 5 Januar 2018 12:31:03
Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems.  
All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.
Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown.

In the coming days we plan to release mitigations in Safari to help defend against Spectre.

We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.

Read the complete Apple Support Note here

What should you do at the moment?

- Keep your devices up-to-date and install the latest updates!
- Get your apps from the Apple AppStore.
- No Jailbreaks - No Rooting!