El Capitan and the evils of OpenSSL

Posted on 2015-11-03 by docwhat

Are you having trouble with SSL on El Capitan (OS X 10.11)?

Me too.

Here are the things I know about it right now:

OS X’s OpenSSL is ancient (0.9.8-ish).
SecureTransport (OS X’s replacement for OpenSSL) may fall back to using
OpenSSL if the environment variable SSL_CERT_FILE is set.
Lots of places are “cross-signing” their intermediate certs to upgrade from
SHA-1 to SHA-2 for security reasons.
OS X’s OpenSSL cannot handle the intermediate cross-signing and report that
it cannot verify certificates. SecureTransport handles this just fine.
HomeBrew applications usually don’t support
SecureTransport and instead use HomeBrew’s OpenSSL.
/usr/bin/curl uses SecureTransport directly, unless you set
SSL_CERT_FILE (see above).

Normally, the above is just fine assuming you don’t set the SSL_CERT_FILE
environment variable.

Continue reading →

Spread your knowledge

Posted on 2015-04-01 by docwhat

Copyright gdstream from https://www.flickr.com/photos/gdsteam/14084163713/

I found myself trying to figure out how to disable something called NeoComplete (previously known as NeoComplCache) when editing markdown in Vim.

It was colliding with my Markdown stuff pretty badly and had really bad suggestions anyway (I mean, I’m writing text, not code… so no surprise) and I was getting annoyed of turning it off by hand.

Continue reading →

Chef, Puppet, Heat, Juju, Docker, etc.

Posted on 2015-02-04 by docwhat

Someone emailed me with this question:

I am interested in learning different orchestration mechanisms and would like
to understand how they differ.

What are the differences between Chef, Puppet, Heat/HOT, Juju, and Docker?

Continue reading →

Setting your environment in test-kitchen

Posted on 2014-10-15 (last updated 2015-03-07) by docwhat

When using test-kitchen it may be necessary to set the
environment of your nodes.

You can do with by changing your .kitchen.yml file. In my example, I’ll show
it at the root, but they can be set on a per-suite level as well, which is
handy to test different environments.

For chef-solo:

Continue reading →

Unindenting HEREDOCs in Ruby

Posted on 2014-07-29 (last updated 2014-08-14) by docwhat

This is just a bit of code I wanted to save.

When using HEREDOCs in Ruby, the <<- operator is handy to keep everything indented in the source. But it doesn’t help with the content of the HEREDOC.

e.g.

Continue reading →

How to rename a Chef node

Posted on 2014-04-28 by docwhat

In Chef the node_name is for human usage. By default it is set to the fqdn. Which is annoying for typing.

In my network, all hosts have the same domain name. However, we knife bootstraped the system without setting the node name (e.g. the -N flag).

Continue reading →

Tracebacks in bash

Posted on 2013-06-29 (last updated 2014-02-21) by docwhat

I don’t like to write programs in bash. It’s not a very pretty language. But it has one advantage over a lot of other languages:

It’s on your system. Every Unix-like system has /bin/bash; Redhat, Ubuntu, and even OS X.

But bash is still a lousy language.

This is where bash tracebacks come in…
Continue reading →

Busting cached 301 redirects in Chrome.

Posted on 2013-04-18 (last updated 2014-02-21) by docwhat

The Chrome browser caches HTTP 301 permanent redirects very aggressively. This is normally a good thing, unless you’re the one setting up the 301 and you make a mistake…

There is no obvious place in chrome to refresh that cache, but there is a nifty trick.

Go to the URL:

view-source:http://cached-url/

This causes Chrome to recheck the page and will update any cached 301 rules.

Ciao! Continue reading →

40days – Simple isn’t easy

Posted on 2013-02-28 (last updated 2014-02-21) by docwhat

I wrote a simple one-page web application called 40days. It shows you what the date is for 40 days in the future. I say “simple” but really, simple isn’t easy. It never is.

I wrote 40days because my orthodontist would schedule my appointments 40 days apart and it was a hassle for me and secretary to figure out exactly what date that was.

It’s written with coffeescript and scss and is licensed under the MIT LICENSE.

This actually was harder than I thought. I created a really crappy-but-works version quickly. But I always forget that polishing things is so hard.
Continue reading →

Re: All https, all the time

Posted on 2013-02-26 (last updated 2014-08-13) by docwhat

Will Norris posted a blog post titled All https, all the time.

It’s a good article and I recommend you read it. docwhat.org is now only using https.

Continue reading →

The Doctor What

Some men are discovered; others are found out

El Capitan and the evils of OpenSSL

Spread your knowledge

Chef, Puppet, Heat, Juju, Docker, etc.

Setting your environment in test-kitchen

Unindenting HEREDOCs in Ruby

How to rename a Chef node

Tracebacks in bash

Busting cached 301 redirects in Chrome.

40days – Simple isn’t easy

Re: All https, all the time