Brian Racer anveo

How to set up stress-free SSL on an OS X development machine

One of the best ways to reduce complexity (read: stress) in web development is to minimize the differences between your development and production environments. After being frustrated by attempts to unify the approach to SSL on my local machine and in production, I searched for a workflow that would make the protocol invisible to me between all environments.

Most workflows make the following compromises:

Use HTTPS in production but HTTP locally. This is annoying because it makes the environments inconsistent, and the protocol choices leak up into the stack. For example, your web application needs to understand the underlying protocol when using the secure flag for cookies. If you don't get this right, your HTTP development server won't be able to read the cookies it writes, or worse, your HTTPS production server could pass sensitive cookies over an insecure connection.
Use production SSL certificates locally. This is annoying

B-cycle Widget

B-cycle is a bike sharing service that operates in several American cities. More information at their website. This widget allows you to use the station ID in a widget to get the current count of bikes and docks available to show on your Dashing dashboard.

Demo

A demo repository is available on GitHub and here is a live Dashboard on Heroku.

Sorry, RSA, I'm just not buying it

I want to be extremely clear about three things. First, this is my personal opinion – insert full standard disclaimer. Second, this is not a condemnation of everyone at RSA, present and past. I assume most of them are pretty okay, and that the problem is confined to a few specific points in the company. However, “unknown problem people making major decisions at RSA” is a bit unwieldy, so I will just say RSA. Third, I'm not calling for a total boycott on RSA. I work almost literally across the street from them and I don’t want to get beat up by roving gangs of cryptographers at the local Chipotle.

RSA's denial published last night is utter codswallop that denies pretty much everything in the world except the actual allegations put forth by Reuters and hinted at for months by [other sources](http://li

How to setup your own CA with OpenSSL

For educational reasons I've decided to create my own CA. Here is what I learned.

First things first

Lets get some context first.

Basecamp was under network attack

The attack detailed below has stopped (for the time being) and almost all network access for almost all customers have been restored. We're keeping this post and the timeline intact for posterity. Unless the attack resumes, we'll post a complete postmortem within 48 hours (so before Wednesday, March 26 at 11:00am central time).

Criminals have laid siege to our networks using what's called a distributed denial-of-service attack (DDoS) starting at 8:46 central time, March 24 2014. The goal is to make Basecamp, and the rest of our services, unavailable by flooding the network with bogus requests, so nothing legitimate can come through. This attack was launched together with a blackmail attempt that sought to have us pay to avoid this assault.

Note that this attack targets the network link between our servers and the internet. All the data is safe and sound, but nobody is able to get to it as long as the attack is being successfully executed. This is like a bunch of people

	/* Flatten das boostrap */
	.well, .navbar-inner, .popover, .btn, .tooltip, input, select, textarea, pre, .progress, .modal, .add-on, .alert, .table-bordered, .nav>.active>a, .dropdown-menu, .tooltip-inner, .badge, .label, .img-polaroid {
	-moz-box-shadow: none !important;
	-webkit-box-shadow: none !important;
	box-shadow: none !important;
	-webkit-border-radius: 0px !important;
	-moz-border-radius: 0px !important;
	border-radius: 0px !important;
	border-collapse: collapse !important;
	background-image: none !important;

	# Basically the nginx configuration I use at konklone.com.
	# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
	#
	# To provide feedback, please tweet at @konklone or email [email protected].
	# Comments on gists don't notify the author.
	#
	# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
	# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

	server {

	require "active_record"

	namespace :db do

	db_config = YAML::load(File.open('config/database.yml'))
	db_config_admin = db_config.merge({'database' => 'postgres', 'schema_search_path' => 'public'})

	desc "Create the database"
	task :create do
	ActiveRecord::Base.establish_connection(db_config_admin)

	ZIP,LAT,LNG
	00601,18.180555, -66.749961
	00602,18.361945, -67.175597
	00603,18.455183, -67.119887
	00606,18.158345, -66.932911
	00610,18.295366, -67.125135
	00612,18.402253, -66.711397
	00616,18.420412, -66.671979
	00617,18.445147, -66.559696

	/**
	* Calculates the physical display size for android devices
	* e.g 4,95 for Nexus 5 or 7,02 for Nexus 7
	*
	* IMPORTANT: this requires https://github.com/dbankier/HasMenu
	*
	* @return {Number} size as inches
	*/
	function getPhysicalSize(){
	// some infos we need