A collection of computer systems and programming tips that you may find useful.
Brought to you by Craic Computing LLC, a bioinformatics consulting company.

Thursday, August 26, 2010

Printing Colored Text in UNIX Terminals from Ruby

Outputting text in color in a UNIX console/Xterminal is kind of old school - some might say obsolete - but once in a while it is very useful. One example is the Red/Green coloring of test results. You don't get a lot of options but enough to highlight relevant text.

The cryptic escape codes are explained in this Wiki page.

This Ruby script outputs fore and background colors and a couple of the other useful modifiers.

puts "\033[1mForeground Colors...\033[0m\n"
puts " \033[30mBlack (30)\033[0m\n"
puts " \033[31mRed (31)\033[0m\n"
puts " \033[32mGreen (32)\033[0m\n"
puts " \033[33mYellow (33)\033[0m\n"
puts " \033[34mBlue (34)\033[0m\n"
puts " \033[35mMagenta (35)\033[0m\n"
puts " \033[36mCyan (36)\033[0m\n"
puts " \033[37mWhite (37)\033[0m\n"
puts ''

puts "\033[1mBackground Colors...\033[0m\n"
puts " \033[40m\033[37mBlack (40), White Text\033[0m\n"
puts " \033[41mRed (41)\033[0m\n"
puts " \033[42mGreen (42)\033[0m\n"
puts " \033[43mYellow (43)\033[0m\n"
puts " \033[44mBlue (44)\033[0m\n"
puts " \033[45mMagenta (45)\033[0m\n"
puts " \033[46mCyan (46)\033[0m\n"
puts " \033[47mWhite (47)\033[0m\n"
puts ''
puts "\033[1mModifiers...\033[0m\n"
puts " Reset (0)"
puts " \033[1mBold (1)\033[0m\n"
puts " \033[4mUnderlined (4)\033[0m\n"
Note that the exact colors will vary between different terminals. So try it and see.

The script will show you enough to create your own colored terminal output. But what if you sometimes want your output to go to a terminal (TTY) and other times to a file? In the latter, all the escape codes will give you garbage characters when you view the file. The trick here is to test whether our not your script is writing to a TTY with 'STDOUT.tty?'. If so then add the escape codes, if not then leave them out.


Wednesday, August 11, 2010

SSL Certificates and Apache2

The process of generating a new or renewal SSL certificate for a web site can appear quite daunting given the terminology involved. In reality it is pretty simple. Here are the steps I used for renewing a Wildcard SSL cert, using rapidssl.com as the vendor.

A wildcard certificate costs more than an single fully qualified domain name, but it lets me secure any FQDN under my main domain.

The basics steps are:
1: Generate a Key
2: Generate a CSR (Certificate Signing Request)
3: Send that the vendor and give them some money
4: Receive an SSL Certificate back via email
5: Paste that into a file on your host
6: Restart Apache and verify operation

In Detail, here are my specific steps:

1: Start the new or renewal certificate process on the vendor's web site

2: Create a SSL Key
You should only need to do this once and then you can reuse it multiple times.
Create a directory in which to create and save your SSL files. For the purposes of this tutorial I'm using 'example.com as the domain. You can put the key into any file but give it one that makes sense, i.e. example.com.key
# openssl genrsa 1024 > example.com.key
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
If you want to protect the key with a passphrase then add the -des3 option to the command. If you do then you need to enter the passphrase whenever your server starts up. if you do NOT then set the permissions on your files correctly (see below).

3: Create a CSR (Certificate Signing Request)
This process will ask you several questions, of which the MOST IMPORTANT is the COMMON NAME. This the Domain Name that you want the certificate for. For a single domain this might be www.example.com. For a Wildcard certificate use an asterisk in the name like *.example.com.

The prompt from the openssl program is unclear when it asks for YOUR name - it wants the domain name. Clear on that, right?

It also asks for a challenge password - with rapidssl.com this wasn't used, so don't worry about it. Enter the other info as appropriate for your organization.
# openssl req -new -key ./example.com.key > example.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Washington
Locality Name (eg, city) []:Seattle
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Craic Computing LLC
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:*.example.com
Email Address []:youraddress@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

4: Send the CSR to your Vendor
Cut and paste the contents of the file in full into the Vendor's web form. With rapidssl.com there is a phone verification process that you have to go through after they receive it. Basically an automated call comes through and you have to enter a confirmation code that they put on their web site. Plus you need to do the whole credit card and contact information thing on their site. It all ends with several emails back from them, one of which includes the Certificate.

5: Paste the certificate into a file on your host
Once again, choose an appropriate name, e.g. example.com.crt
Verify the contents of the certificate file with:
# openssl x509 -text -in example.com.crt
You will see all sorts of information.

# chmod 400 example.com.key
# chmod a-w example.com.crt

7: Setup Apache2
Modify your configuration files so that Apache knows where to find the certificate. In my case I'm using something like this:
<VirtualHost *:443>
ServerName www.example.com
ServerAlias *.example.com
DocumentRoot "/path/to/my/site"
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /mnt/ssl_certs/example.com.crt
SSLCertificateKeyFile /mnt/ssl_certs/example.com.key
You can put the certificate and key in any files you want, you just need to tell Apache where they. Your Apache configuration might be different from this.

Restart apache!

8: Test it out
Go to the site in your browser. You should see a lock icon. Click on that and view the certificate details. It should all be good.



Friday, August 6, 2010

Maximum Fixnum value in Ruby

The Maximum Fixnum value that can be represented in Ruby is calculated as: (2**(0.size * 8 -2) -1)

Archive of Tips