Get rid of Heartbleed in Mavericks for Ruby development

For the past three weeks I was AFK so I got the news about the heartbleed bug but didn’t get to do anything about it. Today I finally got back and decided to start by fixing it on my development machine. Here are the steps I followed in case you want to do the same.

First you need to make sure you are using versions 1.0.1 through 1.0.1f from openssl toolkit. You can check the version by running.

openssl version

In my case I got a 0.9x version that comes by default with Mavericks so I wasn’t affected but hey why not update to the latest version? The easy way to do this is through homebrew

brew update
brew upgrade
brew install openssl

After installed double check you have the latest version (OpenSSL 1.0.1g at the time of writing the post). Because I had the Apple version I need to force the link for it to work. What this is going to do is just point to the openssl version installed in the /usr/local/bin path that brew uses.

brew link --force openssl

Now you should get the right version but we better make sure our Ruby installations are using it. If you are using rbenv like me you can iterate through the different ruby versions by running rbenv shell x.x.x (where x.x.x is the name of the version). Then you run the following command

ruby -ropenssl -e "puts OpenSSL::OPENSSL_VERSION"

Again in my case they had all been compiled using the 0.9x version of openssl so I just re installed all of them but the system one (which I don’t really use). This can be accomplished quite easily if you have rbenv and ruby-build installed. All you need to do is run the following commands for each version you want to recompile.

rbenv uninstall x.x.x
rbenv install x.x.x

Installing version 2.2.0-dev was no problem but for some reason version 2.1.1 was giving me a make error and the only way I got it to work was to add the –with-readline-dir option pointing to the libreadline.so

RUBY_CONFIGURE_OPTS=--with-readline-dir="/usr/lib/libreadline.so" rbenv install 2.1.1

References

1. https://www.ruby-lang.org/en/news/2014/04/10/severe-openssl-vulnerability/

Configure Mutt with Gmail in OS X

I moved from having an open Gmail tab on my browser to use mutt. I simply want to give it a try because I love being on the terminal and the solarized theme.

In order to get everything setup I followded Steve Losh’s blog post so I’m not going to repeat everything that he already explained so well and in such detail. The few things I will cover in this post are related to the issues that I had while running through his tutorial and how I fixed them in case you are going through the same.

How I use email

My email setup is almost the same as Steve’s except for one thing. I do send mail from different addresses, this is because I have a personal account and one that I’m required to use at work.

  • I have a gmail account where I forward everything from all my other
    accounts but I never send email from this account.
  • Even tough I never send email from that account I do keep a copy of my
    sent files in it.
  • My personal account from which I send email is contact@mauromorales.com
  • My work account from which I also send email is mmorales@las.ch

In order to make this work for me I added two macros to handle those accounts
from which I send mail.

macro index \e1 ":set from=contact@mauromorales.com\n:set sendmail='/usr/local/bin/msmtp -a mauromorales' status_format=\"-%r-contact@mauromorales.com: %f [Msgs:%?M?%M/?%m%?n? New:%n?%?o? Old:%o?%?d? Del:%d?%?F? Flag:%F?%?t? Tag:%t?%?p? Post:%p?%?b? Inc:%b?%?l? %l?]---(%s/%S)-%>-(%P)---\"\n" "Switch to contact@mauromorales.com"
macro index \e2 ":set from=mmorales@las.ch\n:set sendmail='/usr/local/bin/msmtp -a las' status_format=\"-%r-mmorales@las.ch: %f [Msgs:%?M?%M/?%m%?n? New:%n?%?o? Old:%o?%?d? Del:%d?%?F? Flag:%F?%?t? Tag:%t?%?p? Post:%p?%?b? Inc:%b?%?l? %l?]---(%s/%S)-%>-(%P)---\"\n" "Switch to mmorales@las.ch"

All I have to do is do Esc 1 or Esc 2 to choose the address I want to send mail from

credit

And because the email is not being sent from the mail gmail account I do
need to save a copy of the sent mails. All you need to do is to make sure
you have the following option in you .muttrc

set copy=yes

Issues I encountered and how I solved them

Certificate

ERROR: Server SSL fingerprint ‘keykeykey’ for hostname ‘example.com’ does not match configured fingerprint. > Please verify and set ‘cert_fingerprint’ accordingly if not set yet.

Install curl-ca-bundle

brew install curl-ca-bundle

And add the following to your .offlinemaprc

ssl=true
sslcacertfile = /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt

credit

Mutt’s sidebar was not working

I found out that mutt needs to be compiled with this option. There is already a pull request but it wasn’t accepted.

No worries, all you need to do is add the following code to Library/Formula/mutt.rb

['with-sidebar-patch', 'https://raw.github.com/nedos/mutt-sidebar-patch/master/mutt-sidebar.patch'],

Then re-install mutt with this option

brew install mutt --with-sidebar-patch

Special characters

I get mail in Spanish, German and French and all of them have special characters. In order to make this work I just had to export the LANG variable in my .zshrc.

export LANG=en_US.UTF-8

Photo Credit: LiveTheChaos via Compfight cc

PaulPaulito

There isn’t much to say about this site but the fact they are some sort of
scam. Avoid PaulPaulito.com unless you are interested in loosing some money.

Back in November 2013 I applied for PaulPaulito.com’s Gold Subscription. I was
thinking about getting a LPI certification and they seemed like a good choice.

The quality of their videos didn’t really impressed me but I like to learn at
my own pace and the fact that you could also do practice tests seemed quite
attractive to me.

I had no issues signing up for their service and started viewing their videos.
Some on my computer and others on my iPad, which would have been a good
experience if it wasn’t for the fact that their system doesn’t handle having
multiple sessions open. I didn’t really need to have multiple sessions working
but them checking and asking if I wanted to close my session on my previous
devise before being able to log in, was really annoying.

As soon as I felt a bit confident, I wanted to see one of their preparation
exams. To my surprise the link was taking me to a 404 page. Being a developer
myself I know sometimes this kind of embarrassing errors can happen so I just
wrote a friendly email for them fix or send me the correct link but after their
three business days timeline, I didn’t get any reply.

Businesses not caring makes me barking mad, specially when they already took
money from you so I wrote a not so friendly email and opened a ticket in their
system asking for a refund and threatened to end my subscription before next
month if I didn’t get a reply, which I was forced to do because.

I still want to get better at administrating and setting up a Linux box so
I enrolled in O’Reilley’s School of Technology. I’ve only done one of their
courses so far and will try to write a review in the near future.

Photo Credit: smiscandlon via Compfight cc

Why Vim?

Vim is a text editor that has been designed for productivity, if you care at least a bit about your work you will care about productivity and this is the main reason to give this awesome text editor a try. 

When I started coding I was using Notepad. A bit of PHP here and some SQL there. I knew so little about what I was doing that I really didn’t need much. As time passed by and I started doing more complex things I saw the need for a tool that would help me be more efficient in my job. That’s when I found out about IDEs. I started using Adobe’s Dreamweaver for my PHP code, soon after I adopted Netbeans from the Java community which could also handle my Ruby needs and I also used Toad for Oracle to work on my PL/SQL scripts.

Depending on the project I was working on, I needed to change the tool I was using to write my code and that started to become really annoying. All of these tools had their advantages and disadvantages but the mayor drag was that each of them had an idea of how things should work so I had to learn their way if I wanted to get the most out of it. This wasn’t very productive, I needed a way to standardise the process without loosing agility.

Like if that wasn’t a bummer enough  I started noticing that each of these tools was resource consuming. Specially because I rarely had a computer that could handle all of them running at the same time without crashing (I’m looking at you Netbeans, your RAM consumption is just ridiculous, or at least it used to be).

Around the same time I decided to get rid of Windows once and for all. This forced me to consider new text editing tools since the majority of them didn’t have a native version for Linux. One thing I had noticed was that whenever I was configuring a box, tutorials always encouraged me to use this “vi thing” to edit files.

At first it seemed like something really cheap and without much power; boy was I wrong. After investigating enough about it I realised how simple but powerful at the same time Vim was. It is minimalistic, which I like because it gets rid of all the crap that just distracts you and you don’t really use.

I don’t think a blog post is enough to talk about all the great aspects about Vim. There are entire blogs teaching about it, but here I list the main reasons why I think it excels:

  1. Customisation – from a color scheme to any plugin under the sun (if you can’t find it you can build it). This is very important to me because I get to choose the things that are I need and help me be productive. Hell you can make customise it to have everything you miss about your favourite IDE.
  2. Low foot print – I can run Vim from the command line in my laptop or on the server. It won’t make things slow or break, no matter what I’m doing. As a matter of fact if you have a Linux server it will probably already be installed (vi at least) no matter how minimal your setup it.
  3. No need for a mouse – I’m a keyboard guy. I hate the mouse because it’s such a slow interface to control the machine. Vim allows me to edit code, read documentation, read a database, run commands and much more without having to move my hands away from the keyboard.
  4. It’s been out since forever – people still use it and keep developing it. This tells me it’s an effective tool and that it won’t disappear tomorrow or drop support for something I care about out of the nothing (and even if it does I’d still have the freedom to maintain it myself if I wanted to).

You won’t need to google about it too long without reading about the “negative” aspects about it, mainly about its steep learning curve. I think this is just an excuse, yes it will take time but it won’t be much if you immerse yourself in it plus you will get a great ROI. This tool isn’t for everyone but like I said before, if you care about productivity and speed, you should check it out.

Photo Credit: heipei via Compfight cc