SSL upgrades on rubygems and RubyInstaller versions


‘unable to download … ssl error’ .. You get this error when trying to pull updates from ruby gems.

This is a brief explanation of the problem and the workaround.

Background

For those who are not familiar with SSL and certificates, there are many parts that make secure serving of content possible.

SSL certificates are used on the website, which are obtained from a certificate authority (CA) and generated from a private key, along with its respective signature.

Normally and up until a few months ago, private key signatures used SHA-1 as way to provide a digest (or checksum) of the private key without distributing the key itself (remember, needs to remain private).

SHA-1 has been encountered weak and lot of web servers and sites have been upgrading towards SHA-2 (specifically SHA256 or higher) in order to prepare for the browsers changes.

Specific problem with RubyGems

The particular case of RubyGems (the command line tool) is that it requires to bundle inside of its code the trust certificates, which allow RubyGems to establish a connection with the servers even when base operating system is unable to verify the identity of them.

Up until a few months ago, this certificate was provided by one CA, but newer certificate is provided by a different one.

Because of this, existing installations of RubyGems would have to been updated before the switch of the certificate and give enough time for the change to spread (and people to update).

As what normally happens with software, things might get out of sync and coordinate such effort, to the size and usage of rubygems.org is almost impossible.

We had discussed also on IRC, and patches and backports were provided to all major branches of RubyGems: 1.8, 2.0, 2.2 and 2.4

You can find the commits associated with these changes here:

Problem is, only RubyGems 2.4.4 got released, leaving Ruby installation with 1.8, 2.0 and 2.2 in a broken state.

Specially since RubyGems 2.4 is broken on Windows.

Please understand this could happen to anyone. Release multiple versions of any software in a short span of time and be very time sensitive is highly complicated.

Even if we have official releases of any of the versions that correct the issue, it will not be possible install those via RubyGems (chicken-egg problem described before).

Once official releases are out, installation might be simpler. In the meantime, please proceed using the instructions described below.

Installing using update packages (NEW)

Now that RubyGems 1.8.x, 2.0.x and 2.2.x have been released, you can manually update to those versions.

First, download the proper version of RubyGems for your installation (eg. if running version 1.8.28, download 1.8.30).

Note: To find the version of RubyGems you’re using, please run gem --version in the command line.

You can find download links at GitHub under Releases.

Now, locate rubygems-update-X.Y.Z.gem where X.Y.Z will be the matching version for the version of RubyGems you need to update:

  • Running 1.8.x: download 1.8.30
  • Running 2.0.x: donwload 2.0.15
  • Running 2.2.x: download 2.2.3

Please download the file in a directory that you can later point to (eg. the root of your harddrive C:\)

Now, using your Command Prompt:

C:\>gem install --local C:\rubygems-update-1.8.30.gem
C:\>update_rubygems --no-ri --no-rdoc

After this, gem --version should report the new update version.

You can now salefy uninstall rubygems-update gem:

C:\>gem uninstall rubygems-update -x
Removing update_rubygems
Successfully uninstalled rubygems-update-2.2.3

Manual solution to SSL issue

If you have read the above detail that describe the issue, thank you.

Now, you want to manually fix the issue with your installation.

Steps are simple:

  • Step 1: Obtain the new trust certificate
  • Step 2: Locate RubyGems certificate directory in your installation
  • Step 3: Copy new trust certificate
  • Step 4: Profit

Step 1: Obtain the new trust certificate

If you’ve read the previous sections, you will know what this means (and shame on you if you have not).

We need to download AddTrustExternalCARoot-2048.pem.

Use the above link and place/save this file somewhere you can later find easily (eg. your Desktop).

IMPORTANT: File must have .pem as extension. Browsers like Chrome will try to save it as plain text file. Ensure you change the filename to have .pem in it after you have downloaded it.

Step 2: Locate RubyGems certificate directory in your installation

In order for us copy this file, we need to know where to put it.

Depending on where you installed Ruby, the directory will be different.

Take for example the default installation of Ruby 2.1.5, placed in C:\Ruby21

Open a Command Prompt and type in:

C:\>gem which rubygems
C:/Ruby21/lib/ruby/2.1.0/rubygems.rb

Now, let’s locate that directory. From within the same window, enter the path part up to the file extension, but using backslashes instead:

C:\>start C:\Ruby21\lib\ruby\2.1.0\rubygems

This will open a Explorer window inside the directory we indicated.

Step 3: Copy new trust certificate

Now, locate ssl_certs directory and copy the .pem file we obtained from previous step inside.

It will be listed with other files like GeoTrustGlobalCA.pem.

You should be able to install Ruby gems without issues now.

Advertisements

Design meets creativity


Usually when you come across websites and i’m talking about those good websites … they usually have some similarities. edgy features but not edgy enough, catchy and well balanced flow of colours, elligibility and appealing graphics.

However i came across this site and it deserves a special mention. I believe its shows what one can achieve once they attain true mastery. Whoever said building a website ain’t art, is gonna bite their tongue when they see this:

http://chilicongraphic.com/

Whats your take?

Back to the Basics


From time to time you have to go back from whence you came inorder to get perspective to where you are going. And with all these recent developments in web standard technologies, its useful to do this so as to stay in the current. for example, knowing the deprecated elements such as font , bgcolor, since the introduction of HTML5.

Since being relevant in the future is our main aim, i decided to focus on what i think is core to web development and that is dynamic content. Hence the debate JQuery and Javascript. Which is better? which is more dynamic and which is more relevant in the future.

What is JavaScript?

JavaScript is a scripting language that was designed for use within a web browser. Typically, JavaScript is used for interface interactions. Slideshows and other interactive components are typically done using JavaScript.

JavaScript has many other uses as well. If you are familiar with using the Google email client Gmail, you have experienced the power of JavaScript firsthand. Many of the additional features and functionalities that make Gmail such a popular email solution are created using JavaScript.

The uses of JavaScript don’t stop there, however. JavaScript has also been used for server-side programming, game development, and even creating desktop applications.

Years ago, JavaScript was popular but web developers were not entirely sold on the idea of using it simply because every web browser would render JavaScript content in a different manner. Newer standards now force all web browsers to implement JavaScript uniformly; saving developers time and frustration trying to debug code for a specific web browsing client.

Dynamic content is the hot topic in web development right now. Dynamic content refers to content that constantly changes and adapts to specific users whenever possible. For example, JavaScript can be used to determine if a website visitor is using a computer or a mobile device before deciding whether or not to render the mobile version of the website. It’s these small things behind the scenes that create genuine value in using JavaScript to create dynamic web pages.

What is jQuery?

Before jQuery was developed, web developers created their own custom frameworks in JavaScript. This allowed them to work around specific bugs without wasting time debugging common features. This led to groups of developers creating JavaScript libraries that were open source and free to use.

JQuery is simply a specific library of JavaScript code. There are many other JavaScript code libraries such as MooTools, but jQuery has become the most popular because it is so easy to use and extremely powerful.

While many web developers confuse JavaScript and jQuery as two separate programming languages, it is important for you to realize that they are both JavaScript. The difference is that jQuery has been optimized to perform many common scripting functions and it does so while using fewer lines of code.

So Which One Should You Use?

Professional web developers spend a lot of time debating whether JavaScript or jQuery is appropriate in a given situation. The truth is that there is no correct answer. Either option can be used to create the exact same effects, but often jQuery can do it with fewer lines of code.

As a general rule, jQuery is sufficient for most web development projects. There will be some projects that require traditional JavaScript; however, these are few and far between as of late. Although jQuery maybe the better choice in most scenarios, as a novice web developer you should still take the time to learn both JavaScript and jQuery.

Although using JavaScript exclusively can slow down project completion time significantly, it’s important to realize how JavaScript works and how it affects the Document Object Model (DOM).

Remember that the biggest difference between jQuery and JavaScript is that jQuery has been optimized to work with a variety of browsers automatically. Unfortunately, JavaScript still has some issues with cross-browser compatibility due to poor JavaScript implementation practices on the part of web browser developers.

To see this difference in action, consider the following example that is designed to change the background color of a body tag using jQuery and JavaScript respectively:

jQuery

$ (‘body’) .css (‘background’, ‘#ccc’);

JavaScript

Function changeBachground(color) {

        Document.body.style.background = color;

}

Onload=”changeBackground (‘red’);”

Can you see how in a large, complex web development project it makes more sense to use jQuery? A single line of code accomplishes what it takes four lines of code to accomplish in JavaScript and this doesn’t even account for the extra time you might spend debugging this short piece of code to work across popular web browsers including Internet Explorer, Firefox, Chrome, and Safari.

Is jQuery the answer to all of your scripting needs? For most projects – yes. For those few projects that require the specific functions only available in traditional JavaScript, you can quickly adapt your style to include JavaScript code when needed.

Remember that although 99% of your web development projects will work perfectly fine using jQuery, there will be a small percentage that does require JavaScript. As a result, it would be wise to study both so you can transition between the two as needed to provide a better web development service to your clients.