Musings about Entrepreneurship, Technology and Software Development

Accidental Technologist

Ruby on Rails – Supporting SSL for PostgreSQL on Heroku

For anyone who received this notice from Heroku:

Since 2016, all newly-provisioned Heroku Postgres databases have enforced the use of SSL to keep your data safe. However, one or more of your Postgres databases are running on legacy infrastructure, which does not enforce the use of SSL. In order to update your database to our security standards, and in response to potential impacts caused by Spectre and Meltdown, all databases – including those on legacy infrastructure – will be moved to our new Heroku PGX plans in a set of maintenances starting in March 2018 and concluding by April 2018. 

What Do I Need to Do
In preparation for these maintenances, please check that your applications are using SSL to connect to your Postgres database and enable SSL connections if needed. Instructions on how to perform these steps are available in Dev Center.

If you’re using Rails 4.1+ there is a support article on the Heroku Dev Center, that helps clarify making updates to our database.yml file. This allows customizing some connection behavior to PostgreSQL.

Some parts of the database.yml file that cannot be changed include:

You cannot use the config/database.yml to set any values found in ENV[‘DATABASE_URL’]. This is a list of attributes you cannot change:

  • adapter
  • database
  • username
  • password
  • host
  • port

But, what can be changed include sslmode. 

production:
  sslmode: require (disable|allow|prefer|require)
  pool: 15

I decided it would be helpful to reach out to Heroku to understand their guidance with regard to their notice. Their response:

If you’re using the pg gem, the default sslmode setting (and for libpq, the library that underpins it), is prefer – this means that should the server have SSL support, it will be used when the connection is established. This means there should be no action required, though if you wish, it’s worth a test with spinning up a staging environment with a non-legacy Postgres instance.

It seems if you’re using Ruby on Rails with the pg gem, you should be OK doing nothing but with brownout period scheduled, it’s probably a good idea to test during one of those times.

Heroku Support also indicated setting the environment variable PGSSLMODE would also override the default behavior for sslmode used by libpq.

It seems this is a notice which doesn’t effect a majority of Heroku customers and is a necessary and worthwhile upgrade. Hopefully this helps others as the public information available for this from Heroku is minimal.

Fixing Your Puma-dev SSL Problems on Google Chrome

Ruby on Rails developers have it made in many ways. We rely on and take advantage of great software created by the community.  Puma-dev is just one of those great pieces of software.

Puma-dev has some nice improvements over Pow, which Basecamp had promoted for years but has seemed to stop development.

Puma-dev allows developers to better mirror their local development environment to that of production. Prior to Puma-dev or Pow, developer would have to access their Ruby on Rails applications with something like localhost:3000 in their browsers. It works but having a “real” URL to visit, like mygreatapp.dev is better.

This worked well until a recent update to Google’s Chrome browser:

A lot of (web) developers use a local .dev TLD for their own development. Either by adding records to their /etc/hosts file or by using a system like Laravel Valet, which runs a dnsmasq service on your system to translate *.dev to 127.0.0.1.

In those cases, if you browse to http://site.dev, you’ll be redirect to https://site.dev, the HTTPS variant.

That means your local development machine needs to;

  • Be able to serve HTTPs
  • Have self-signed certificates in place to handle that
  • Have that self-signed certificate added to your local trust store (you can’t dismiss self-signed certificates with HSTS, they need to be ‘trusted’ by your computer)

I’ve faced this myself and Chrome refuses to serve the site, only showing security errors.

When trying to fix this problem I search a lot around the web and came up with very little. There were plenty of acknowledgements that since .dev is now a top-level domain (TLD) and Chrome 63 treats it as such and forces SSL, it looked like moving away from .dev would be needed. 

This was my assumption until I discovered a recent post from Barry Woolgar of Storm demonstrating setting up Puma-dev. He addresses troubleshooting .dev TLD issues specifically:

If your browser complains about an untrusted root certificate, please do the following:

  1. Open Keychain Access
  2. Click the ‘login’ keychain in the left pane, then find the ‘Puma-dev CA’ certificate in the right pane
  3. Double-click it and expand the ‘Trust’ section, and make sure it says ‘Always Trust’
  4. Drag it into the ‘System’ keychain in the left pane
  5. Restart your computer
  6. Try https://my-project.dev again!

Although I didn’t need to restart my Mac, this worked perfectly! I can now serve .dev domains in Chrome and latest Firefox.

ABC Family – Terrible User Experience from a Company Who Should Know Better

Somehow I was added to an email list from ABC Family, specifically Freeform. This is a channel that airs children’s TV shows. Much of their content is terrible but I’m not their target audience.

I have been receiving emails about new programming being added to their lineup. Our daughter is now 18 and outgrew what they have to offer, so when their latest email came in, I decided to unsubscribe.  Here is their message to me:

2018 01 10 14 44 09

This is terrible! This is a terrible experience as a user. Here’s what bothers me:

  1. I’m trying to unsubscribe from their mailing list. The title indicates I am being added to another list, a “Do Not Email list”. What?
  2. They’ve recorded my request. Why? Don’t procrastinate, do it now.
  3. They need up to 10 business days to remove me, add me, or whatever for processing. 10 days? How are they handling my request, carrier pigeon? We’ve all belonged to email lists before, we know how unsubscribing should work..it should happen NOW.

This single interaction with ABC Family has stuck in my mind for a while. It has left a lasting impression.

Leave a positive lasting impression with your customers. If they decide they don’t want to do business with you any longer, don’t burn the bridge..maybe they’ll be back at some other time. Maybe they will recommend you to a friend. If you burn bridges, they will be gone for good.

#

Complacency kills. →

Matthew Dicks explaining so well, what we should all already know and strive to do:

There is always someone better than you. The bar is always higher than you think. When you stop looking for and striving for that higher bar, you are doomed to remain far below it.

Failure to seek out people better than you results in complacency, and complacency is the worst. Complacency produces mediocrity and a false sense of security. It results in an inability to see the scarcity of resources and increasing levels of competition in this world.

It’s true in the field of technology as it is in the rest of our lives. There are always better, smarter developers from whom we can learn. There are better and brighter people in every aspect of our lives, whether it be a better parent, better spouse or better handyman. We can learn from everyone; don’t assume you know the most.

The Best User Experience is the Simple User Experience

Bunn

We recently started using a Bunn coffee maker. The design of the unit is really simple, no fancy controls to figure out. No time to keep resetting after the power goes out. No keeping track of how long we have left until it automatically shuts off. Just fill with water, turn on and in about 1 minute, a fresh pot of coffee. It’s the best morning brewer we’ve ever had.

The simplicity of Bunn is immediately apparent when opening the box. This is what we were greeted by when we opened the box.

The software we create, regardless of platform, should be this simple. Show me how to get started. No long and boring tutorials here, no complicated user on-boarding. I think we can all learn a bit about user experience here from a brick and mortar business.

Fixing Missing Sublime Text 3 Package Manager

I’ve been a big fan and long-time user of Sublime Text 3. Recently, I ran into a problem where Package Control stopped working. When I say, not working, I mean behaving as though I never installed it.

Attempting to install or remove packages was not even an option any longer. All menu items relating to packages was gone..yet by all accounts, Package Control was still installed.

NoPackageManager

This had been working in the past and as far as I could remember, it worked recently. I figured either an update to Sublime Text 3 had broken the Package Control or maybe another package had caused some problems.

I tried reinstalling the Package Control but nothing changed.

After much trial-and-error, I discovered an interesting section in user settings (Preferences -> Settings), name Ignored Packages. What? 

IgnoredPackageManager

I could see the Package Control package was ignored. I removed it from this section and restarted the editor….

YeahPackageManager

Checking Package Control now reveals it’s running as it was before. I have no idea how this happened but I’d venture to guess a bug in a Sublime upgrade at one point.

I hope this fixes this really annoying problem for someone else.

Tip: Save Typing ‘bundle exec’

If you’re a Ruby on Rails developer, you probably type the words ‘bundle exec’ numerous times a day. I finally got tired of it and decided to do something about it.

In the context of keeping it simple, I use the ‘alias’ command and add to my .profile. I know there are more Rails recommended ways of solving this problem via binstubs but I rather not use that approach.

My solution is simple, add an alias to my .profile like this:

alias be='bundle exec '

Keen observers will notice the trailing space after the command. This space allows for alias chaining and can be helpful.

The resulting shortcut allows this:

bundle exec rspec

To this:

be rspec

The ‘alias’ command is super useful and has many applications to help remove repetitive typing tasks.

Installing RMagick on macOS Sierra

I ran into a problem recently on macOS Sierra, trying to install the RMagick ruby gem. I was using ImageMagick 7 installed via HomeBrew, with this error:

Building native extensions. This could take a while...
ERROR: Error installing rmagick:
 ERROR: Failed to build gem native extension.
current directory: /Users/rbazinet/.rvm/gems/[email protected]_admin/gems/rmagick-2.16.0/ext/RMagick
/Users/rbazinet/.rvm/rubies/ruby-2.3.1/bin/ruby -r ./siteconf20170203-49311-bi1omy.rb extconf.rb
checking for gcc... yes
checking for Magick-config... no
checking for pkg-config... yes
checking for outdated ImageMagick version (<= 6.4.9)... no
checking for presence of MagickWand API (ImageMagick version >= 6.9.0)... no
checking for Ruby version >= 1.8.5... yes
checking for stdint.h... yes
checking for sys/types.h... yes
checking for wand/MagickWand.h... no
Can't install RMagick 2.16.0. Can't find MagickWand.h.
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers. Check the mkmf.log file for more details. You may
need configuration options.
Provided configuration options:
 --with-opt-dir
 --with-opt-include
 --without-opt-include=${opt-dir}/include
 --with-opt-lib
 --without-opt-lib=${opt-dir}/lib
 --with-make-prog
 --without-make-prog
 --srcdir=.
 --curdir
 --ruby=/Users/rbazinet/.rvm/rubies/ruby-2.3.1/bin/$(RUBY_BASE_NAME)
To see why this extension failed to compile, please check the mkmf.log which can be found here:
/Users/rbazinet/.rvm/gems/[email protected]_admin/extensions/x86_64-darwin-15/2.3.0/rmagick-2.16.0/mkmf.log
extconf failed, exit code 1

After a bit of trying to install the gem by setting the C_INCLUDE_PATH to the location of the MagickWand.h file, the gem could still not be installed. A Google search revealed the solution. It seems the RMagick gem (v 2.16.0 as of this writing) is not compatible with ImageMagick 7.

The StackOverflow articles points outthe necessary steps to get it to work:

Install version 6 (uninstall existing imagemagick if needed):

brew install [email protected]

Since this is keg-only, you should then force-link it:

brew link --force [email protected]

This installed imagemagick version 6.9.7-4 for me.

Afterwards, the gem then installed successfully. I am including the version numbers for future readers:

This solution worked great and RMagick installed without having to jump through any other hoops. Hope this helps.