SSL upgrades on rubygems and RubyInstaller versions


‘unable to download … ssl error’ .. You get this error when trying to pull updates from ruby gems.

This is a brief explanation of the problem and the workaround.

Background

For those who are not familiar with SSL and certificates, there are many parts that make secure serving of content possible.

SSL certificates are used on the website, which are obtained from a certificate authority (CA) and generated from a private key, along with its respective signature.

Normally and up until a few months ago, private key signatures used SHA-1 as way to provide a digest (or checksum) of the private key without distributing the key itself (remember, needs to remain private).

SHA-1 has been encountered weak and lot of web servers and sites have been upgrading towards SHA-2 (specifically SHA256 or higher) in order to prepare for the browsers changes.

Specific problem with RubyGems

The particular case of RubyGems (the command line tool) is that it requires to bundle inside of its code the trust certificates, which allow RubyGems to establish a connection with the servers even when base operating system is unable to verify the identity of them.

Up until a few months ago, this certificate was provided by one CA, but newer certificate is provided by a different one.

Because of this, existing installations of RubyGems would have to been updated before the switch of the certificate and give enough time for the change to spread (and people to update).

As what normally happens with software, things might get out of sync and coordinate such effort, to the size and usage of rubygems.org is almost impossible.

We had discussed also on IRC, and patches and backports were provided to all major branches of RubyGems: 1.8, 2.0, 2.2 and 2.4

You can find the commits associated with these changes here:

Problem is, only RubyGems 2.4.4 got released, leaving Ruby installation with 1.8, 2.0 and 2.2 in a broken state.

Specially since RubyGems 2.4 is broken on Windows.

Please understand this could happen to anyone. Release multiple versions of any software in a short span of time and be very time sensitive is highly complicated.

Even if we have official releases of any of the versions that correct the issue, it will not be possible install those via RubyGems (chicken-egg problem described before).

Once official releases are out, installation might be simpler. In the meantime, please proceed using the instructions described below.

Installing using update packages (NEW)

Now that RubyGems 1.8.x, 2.0.x and 2.2.x have been released, you can manually update to those versions.

First, download the proper version of RubyGems for your installation (eg. if running version 1.8.28, download 1.8.30).

Note: To find the version of RubyGems you’re using, please run gem --version in the command line.

You can find download links at GitHub under Releases.

Now, locate rubygems-update-X.Y.Z.gem where X.Y.Z will be the matching version for the version of RubyGems you need to update:

  • Running 1.8.x: download 1.8.30
  • Running 2.0.x: donwload 2.0.15
  • Running 2.2.x: download 2.2.3

Please download the file in a directory that you can later point to (eg. the root of your harddrive C:\)

Now, using your Command Prompt:

C:\>gem install --local C:\rubygems-update-1.8.30.gem
C:\>update_rubygems --no-ri --no-rdoc

After this, gem --version should report the new update version.

You can now salefy uninstall rubygems-update gem:

C:\>gem uninstall rubygems-update -x
Removing update_rubygems
Successfully uninstalled rubygems-update-2.2.3

Manual solution to SSL issue

If you have read the above detail that describe the issue, thank you.

Now, you want to manually fix the issue with your installation.

Steps are simple:

  • Step 1: Obtain the new trust certificate
  • Step 2: Locate RubyGems certificate directory in your installation
  • Step 3: Copy new trust certificate
  • Step 4: Profit

Step 1: Obtain the new trust certificate

If you’ve read the previous sections, you will know what this means (and shame on you if you have not).

We need to download AddTrustExternalCARoot-2048.pem.

Use the above link and place/save this file somewhere you can later find easily (eg. your Desktop).

IMPORTANT: File must have .pem as extension. Browsers like Chrome will try to save it as plain text file. Ensure you change the filename to have .pem in it after you have downloaded it.

Step 2: Locate RubyGems certificate directory in your installation

In order for us copy this file, we need to know where to put it.

Depending on where you installed Ruby, the directory will be different.

Take for example the default installation of Ruby 2.1.5, placed in C:\Ruby21

Open a Command Prompt and type in:

C:\>gem which rubygems
C:/Ruby21/lib/ruby/2.1.0/rubygems.rb

Now, let’s locate that directory. From within the same window, enter the path part up to the file extension, but using backslashes instead:

C:\>start C:\Ruby21\lib\ruby\2.1.0\rubygems

This will open a Explorer window inside the directory we indicated.

Step 3: Copy new trust certificate

Now, locate ssl_certs directory and copy the .pem file we obtained from previous step inside.

It will be listed with other files like GeoTrustGlobalCA.pem.

You should be able to install Ruby gems without issues now.

Advertisements

Back to the Basics


From time to time you have to go back from whence you came inorder to get perspective to where you are going. And with all these recent developments in web standard technologies, its useful to do this so as to stay in the current. for example, knowing the deprecated elements such as font , bgcolor, since the introduction of HTML5.

Since being relevant in the future is our main aim, i decided to focus on what i think is core to web development and that is dynamic content. Hence the debate JQuery and Javascript. Which is better? which is more dynamic and which is more relevant in the future.

What is JavaScript?

JavaScript is a scripting language that was designed for use within a web browser. Typically, JavaScript is used for interface interactions. Slideshows and other interactive components are typically done using JavaScript.

JavaScript has many other uses as well. If you are familiar with using the Google email client Gmail, you have experienced the power of JavaScript firsthand. Many of the additional features and functionalities that make Gmail such a popular email solution are created using JavaScript.

The uses of JavaScript don’t stop there, however. JavaScript has also been used for server-side programming, game development, and even creating desktop applications.

Years ago, JavaScript was popular but web developers were not entirely sold on the idea of using it simply because every web browser would render JavaScript content in a different manner. Newer standards now force all web browsers to implement JavaScript uniformly; saving developers time and frustration trying to debug code for a specific web browsing client.

Dynamic content is the hot topic in web development right now. Dynamic content refers to content that constantly changes and adapts to specific users whenever possible. For example, JavaScript can be used to determine if a website visitor is using a computer or a mobile device before deciding whether or not to render the mobile version of the website. It’s these small things behind the scenes that create genuine value in using JavaScript to create dynamic web pages.

What is jQuery?

Before jQuery was developed, web developers created their own custom frameworks in JavaScript. This allowed them to work around specific bugs without wasting time debugging common features. This led to groups of developers creating JavaScript libraries that were open source and free to use.

JQuery is simply a specific library of JavaScript code. There are many other JavaScript code libraries such as MooTools, but jQuery has become the most popular because it is so easy to use and extremely powerful.

While many web developers confuse JavaScript and jQuery as two separate programming languages, it is important for you to realize that they are both JavaScript. The difference is that jQuery has been optimized to perform many common scripting functions and it does so while using fewer lines of code.

So Which One Should You Use?

Professional web developers spend a lot of time debating whether JavaScript or jQuery is appropriate in a given situation. The truth is that there is no correct answer. Either option can be used to create the exact same effects, but often jQuery can do it with fewer lines of code.

As a general rule, jQuery is sufficient for most web development projects. There will be some projects that require traditional JavaScript; however, these are few and far between as of late. Although jQuery maybe the better choice in most scenarios, as a novice web developer you should still take the time to learn both JavaScript and jQuery.

Although using JavaScript exclusively can slow down project completion time significantly, it’s important to realize how JavaScript works and how it affects the Document Object Model (DOM).

Remember that the biggest difference between jQuery and JavaScript is that jQuery has been optimized to work with a variety of browsers automatically. Unfortunately, JavaScript still has some issues with cross-browser compatibility due to poor JavaScript implementation practices on the part of web browser developers.

To see this difference in action, consider the following example that is designed to change the background color of a body tag using jQuery and JavaScript respectively:

jQuery

$ (‘body’) .css (‘background’, ‘#ccc’);

JavaScript

Function changeBachground(color) {

        Document.body.style.background = color;

}

Onload=”changeBackground (‘red’);”

Can you see how in a large, complex web development project it makes more sense to use jQuery? A single line of code accomplishes what it takes four lines of code to accomplish in JavaScript and this doesn’t even account for the extra time you might spend debugging this short piece of code to work across popular web browsers including Internet Explorer, Firefox, Chrome, and Safari.

Is jQuery the answer to all of your scripting needs? For most projects – yes. For those few projects that require the specific functions only available in traditional JavaScript, you can quickly adapt your style to include JavaScript code when needed.

Remember that although 99% of your web development projects will work perfectly fine using jQuery, there will be a small percentage that does require JavaScript. As a result, it would be wise to study both so you can transition between the two as needed to provide a better web development service to your clients.

Adding/Finding the Databases window in Adobe CC


i’m recently updating my jutsu in adobe and i was suprised when i couldnt locate the databases window in my Dreamweaver CC.

These are the steps i followed: (Assuming you have Dreamweaver CC installed)

-Download Adobe Extension Manager(You’ll have to have an adobe login or create one)

https://www.adobe.com/exchange/em_download/

-Install and run the Extension Manager and under the File tab. Click on install.

-Navigate to this directory and install:

C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Configuration\DisabledFeatures

you’ll find this file:

-Deprecated Panel

install and under the windows tab in Dreamweaver. you’ll find the Databases option

How to install moodle in Kali (Debian)


INSTALL REQUIRED PACKAGES that is:
Web Server (Apache highly recommended)
Database Server (MySQL or PostgreSQL recommended)
PHP, PHP-MySQL mod (or mod for your database)
Various PHP modules necessary for Moodle
-apt-get install apache2 php5 mysql-server php5-mysql libapache2-mod-php5 php5-gd php5-curl php5-xmlrpc php5-intl php-mbstring curl libcurl3-dev libcurl3
#(important for postgresql database usage)
-apt-get install php5-pgsql
-apt-get install clamav-base clamav-freshclam clamav(The clamav package will support virus checking on file uploads into Moodle. May have to run it again
to configure properly)

then change php settings by opening this file: php.ini
-vi /etc/php5/apache2/php.ini
then add these lines under Dynamic extensions
(here you are configuring php to communicate properly with mysql)
extension=mysql.so
extension=gd.so

(here you are configuring php to communicate properly with postgresql)

then search and adjust these values accordingly
memory_limit=40M(mine was 128M so i didnt change)
post_max_size = 80M
upload_max_filesize = 80M

SETUP DATABASE(Postgresql recommended)
login to automatic postgres user(its the default user for postgresql)
-sudo su postgres
Log into the PostgreSQL command line client
-psql -U postgres
After some preamble you should see the prompt postgres=#.

Create the user for the Moodle database and assign a password:
-CREATE USER moodleuser WITH PASSWORD ‘moodleuser123’;

Create the database:
postgres=# CREATE DATABASE moodle WITH OWNER moodleuser;

**Character set and encoding
CREATE DATABASE moodle WITH OWNER moodleuser ENCODING ‘UTF8′ LC_COLLATE=’en_US.utf8′ LC_CTYPE=’en_US.utf8’ TEMPLATE=template0;

INSTALLING MOODLE
first create a directory where moodle will be installed
-mkdir /var/www/moodle
-Download moodle from the site:
visit https://download.moodle.org/releases/latest/
or
wget https://download.moodle.org/download.php/stable28/moodle-latest-28.tgz
go to the directory containing the download
– tar xzpf moodle-latest-28.tgz -C /var/www/
make moodledata directory
-mkdir /var/www/moodle/moodledata

Set permissions(www-data is apache in debian)
moodle
-chown -R www-data:www-data /var/www/moodle/moodle/
-chmod -R 0755 /var/www/moodle/moodle/

moodledata
-chown -R www-data:www-data /var/www/moodle/moodledata/
-chmod 0755 /var/www/moodle/moodledata/

(Optional step,though this is what i did;saves time typing the whole path to the moodle directory)
Change Apache to use Moodle as website
Note that the server comes with Apache running and looking at the /var/www directory. But there is nothing in that folder, so one just gets a redirect. Edit as follows to have it point at Moodle instead:
-vi /etc/apache2/sites-available/default

On about line 4, change DocumentRoot “/var/www/moodle/moodle” to
DocumentRoot “/var/www/moodle”
On about line 10, change <Directory “/var/www/moodle/moodle”> to
<Directory “/var/www/moodle/”>

Final Install
(if option above was used,first time install = localhost/install.php)

type : localhost/moodle/moodle in browser

How to install Odoo/Openerp in Kali (Debian)


After clean install
– update and upgrade system

Add user ‘openerp’ and such that it belongs to group’openerp’
–sudo adduser –system –home=/opt/openerp –group openerp.
-sudo su – openerp -s /bin/bash

login in back as root create passwd and add user to sudo
create password for user ‘openerp’as root
-passwd openerp

Add openerp to sudo group
usermod -a -G sudo openerp

Install postgresql
-sudo apt-get install postgresql
-sudo apt-get install pgadmin3
then start service:
– sudo service postgresql start
then log in postgre
-sudo su postgres e.g openerp@openerp-desktop:/$ sudo su postgres
then create user openerp
-createuser openerp
(y for super user)
view table created
-psql -l
select template and add rights
-psql template1
-template1=# alter role openerp with password ‘postgres’;
ALTER ROLE
then exit (Ctrl+D)

Installation of Odoo

METHOD1

log on as root
(-adding the download URL (address) to the aptitude repository sources as root)

-echo “deb http://nightly.odoo.com/7.0/nightly/deb/ ./” >> /etc/apt/sources.list
then update system
-apt-get update
(Note: The OpenERP package itself is not signed, and a cryptographic key is not provided. Therefore, aptitude will warn you that it can not be authenticated, requesting you to install it without verification)
then install openerp

logon back as openerp
-sudo mkdir /var/lib/openerp
-apt-get install openerp
confirm dependancies and without verification
then start apache2
-service apache2 start

Add the following line to the openerp-server.conf/odoo-server.conf file:
logfile = /var/log/openerp/openerp-server.log/(logfile = /var/log/odoo/odoo-server.log)
-vi /etc/openerp/openerp-server.conf

then make the log file
-sudo mkdir /var/log/openerp OR (odoo) depending

Add permissions
add permissions to user ‘openerp’ to the openerp-server configuration file
-sudo chown openerp: /etc/openerp/openerp-server.conf
sudo chmod 640 /etc/openerp/openerp-server.conf

add permissions to openerp,assuming the openerp server is running under user’openerp’,to install addons
-chmod 775 /usr/lib/python2.7/dist-packages/openerp/addons/
-chown root.openerp /usr/lib/python2.7/dist-packages/openerp/addons/

-To start the Odoo server type:
sudo /etc/init.d/openerp start
or
sudo service openerp start

METHOD2:
Download the latest file
-wget http://nightly.odoo.com/7.0/nightly/deb/openerp_7.0.latest_all.deb
Install OpenERP server.
-sudo dpkg -i openerp_6.1-1-1_all.deb
-sudo apt-get install openerp -f
reboot and start server

START APPLICATION BY:
Access the Web Client using http://ip:8069
in case of this error:DataError: new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII
do the following:
sudo -u postgres psql postgres
update pg_database set datallowconn = TRUE where datname = ‘template0’;
\c template0
update pg_database set datistemplate = FALSE where datname = ‘template1’;
drop database template1;
create database template1 with template = template0 encoding = ‘UTF8’;
update pg_database set datistemplate = TRUE where datname = ‘template1’;
\c template1
update pg_database set datallowconn = FALSE where datname = ‘template0’;
(press Ctrl-D to quit from psql)
restart odoo and try again.

login
USN:admin
pwd:123

VMware: How to create a bootable ESXi USB Stick with UNetbootin


Last year we already posted about creating a bootable USB stick. In the last post we used WinImage to create the bootable USB stick to boot ESXi. Some time ago I found a tool which makes it much easier to create a bootable ESXi USB Stick. I am going to use UNetbootin to create bootable USB stick. You can download it here.

1. First connect the USB stick and start UNetbootinimage

 

2. Select Diskimage and browse to the ESXi iso installer

3. Select your USB Drive and press oke

image

image

4. Click YES

image

5. Now you’re ready to start the ESXi installation.

Top 10 Google Android Blogs


Comments

HTC Titan Coming to AT&T on November 20


HTC’s enormous Windows Phone smartphone, the 4.7-inch Titan, will be joining AT&T’s smartphone roster on November 20, the company has announced.

 

The Titan’s 4.7-inch, 800 x 480 pixel screen might be too big for some, but it’s great for multimedia which makes it a selling point for AT&T. The company jokingly says that the Titan’s large screen is “probably bigger than the TV you have at home.”

The rest of the specifications is solid although not groundbreaking: a 1.5 GHz single-core Snapdragon CPU, 512 MB of RAM, 16 GB of storage, an 8-megapixel camera and HSPA+ connectivity. All of that is packed into a case that measures 130.6 x 70.6 x 9.9 mm, which is bearable given the screen size.

The HTC Titan will be available in AT&T’s stores and online on November 20 for $199.99 with a two-year contract.

Google+ Badges Make it Simple for Users to Connect With Brands


Google has unveiled Google+ Badges for brand pages, a widget that lets brands promote their presence on Google’s social network.

Google+ Badges are similar in form and function to Facebook‘s Like Box social plugin. The easily embeddable widget lets users either +1 a webpage or add that page to their Google+ circles. The widget also displays the faces of other users who have +1ed the webpage. It doesn’t have Facebook’s ability to display your friends’ faces first, though.

The launch of Google+ Badges coincides with Monday’s launch of Google+ Brand Pages, finally giving businesses the ability to create a presence on Google’s growing social network.

The Google+ Badge has a few other tricks. “The Google+ badge also contains a snippet of code that connects your website to your Google+ page,” the company said in an email to developers. “In addition to helping us better index your Google+ page, this snippet will help you show more personal recommendations around the web by linking your +1’s on sites, your Google+ page, search and display ads.”

Google also revealed that the badge is a requirement for inclusion in Google Direct Connect, a feature that makes it possible for users to find a Google+ Page from Google Search. Users type in the “+” operator, followed by the name of a brand participating in Direct Connect. The search result will lead users directly to the company’s Google+ brand page.

The widget was a necessary component for Google+, given the success of its Facebook counterpart. While it doesn’t have the same benefits Facebook enjoys with Open Graph, the Google+ Badge gets the job done. Google still has a long, uphill battle to convince both brands and users that its social network is an ideal place to do business.

Firefox 8 Now Officially Available, Includes Built-In Twitter Search


firefox-200
firefox-200

The new version of the Firefox Web browser, Firefox 8 for Windows, Mac and Linux, has officially gone live. The update, which actually became available a couple of days ago via Mozilla’s FTP servers, introduces several new features, including a built-in Twitter search option, better management of add-ons and tabs, plus the usual performance and stability fixes.

Mozilla has also updated Firefox for Android, which offers password management and support for saving bookmarks to the device’s homescreen.

The newly added Twitter search functionality is probably the most immediately useful feature of the updated browser, as it lets you search for topics, @usernames and #hashtags directly from Firefox’s combined search/address bar. At launch, Twitter search is available in the English, Portuguese, Slovenian and Japanese versions of Firefox, with plans to roll out to others languages in future releases.

Other new settings include the ability to load tabs on demand (via the Menu –> Options/Preferences, General Tab), a feature that makes it faster to restore windows with many tabs, and improved add-on management. Previously, third-party developers could install add-ons into your browser without your permission, which is now (thankfully!), no longer the case. Firefox is now disabling add-ons installed by third-parties by default, and you have to pick the ones you want to keep.

Under the hood, Firefox has added support for Cross-Origin Resource Sharing (CORS), which allows developers to load WebGL textures more securely. (WebGL is a web standard that allows sites to display hardware-accelerated 3D graphics without third-party software). The browser continues to support HTML5 markup as well, and Mozilla has listed a number of changes that will affect Web developers here.

On the Android platform, Mozilla is introducing a new “Master Password” feature that allows users to save all their usernames and passwords privately within the app, and says those will remain private even if your phone is lost or stolen. A second Android-only feature involves being able to now save bookmarks to the mobile device’s homescreen for quick access.

Overall, Firefox 8 isn’t a major update for the browser, nor is it introducing any features that seem compelling enough to convince a happy Chrome user to switch back. However, the release is a notable given Mozilla’s earlier promise to ship its technology to users in smaller, more frequent bundles. On its roadmap, Mozilla said it planned to ship Firefox 4, 5, 6 and 7 this calendar year. Here it is October, and Mozilla has already shipped Firefox 8.0. Nice word on the speedy progress, guys.