ssl certificate errors on mac os x 20. Sep 2011
If you try to download something from Github via https with wget on Mac OS X you might receive one of the following errors:
ERROR: The certificate of `github.com' is not trusted.
ERROR: The certificate of `nodeload.github.com' is not trusted.
ERROR: The certificate of `raw.github.com' is not trusted.
The reason is that the default certificate directory is hard coded in wget as /etc/ssl/certs which corresponds to the Linux directory layout and doesn’t exist on Mac OS X. I’m actually quite suprised by this because I installed wget via MacPorts so I would have expected it to have been patched for my plattform.
So, where do you get root certificates from?
You could use the certificates from the default curl installation on Mac OS X, but they are hopelessly outdated (Yes Apple, I’m looking at you!):
$ head -n 5 /usr/share/curl/curl-ca-bundle.crt
##
## $Id: ca-bundle.crt,v 1.2 2003/03/24 11:06:57 bagder Exp $
##
## ca-bundle.crt -- Bundle of CA Root Certificates
## Last Modified: Thu Mar 2 09:32:46 CET 2000
The version from the curl website is a lot fresher:
$ curl -s http://curl.haxx.se/ca/cacert.pem | head -n 4
##
## ca-bundle.crt -- Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Fri Sep 2 23:34:57 2011
Interestingly the version from MacPorts is the freshest:
$ head -n 4 /opt/local/share/curl/curl-ca-bundle.crt
##
## lib/ca-bundle.crt -- Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Tue Sep 20 00:13:05 2011
You don’t need to install curl to get the certificates, there is a separate bundle:
$ sudo port install curl-ca-bundle
Using MacPorts also has the advantage, that your root certificates get upgraded automatically when you upgrade your outdated ports.
After you installed the root certificates you need to tell wget where to look.
You can use a parameter:
$ wget --ca-certificate=/opt/local/share/curl/curl-ca-bundle.crt \
https://www.domain.com/path/to/your/file
Or you can add an option to your ~/.wgetrc:
CA_CERTIFICATE=/opt/local/share/curl/curl-ca-bundle.crt
The latter is of course much more meaningful, because it saves you from manually applying the lengthy parameter on every https download.
acoustic feedback in the terminal 19. Sep 2011
If you compile larger programs on the command line of Mac OS X it can take quite a while and you will probably not want to stare at the Terminal until compilation is finished. To give you an acoustic feedback you can create some aliases:
alias success='afplay /System/Library/Sounds/Glass.aiff'
alias failure='afplay /System/Library/Sounds/Basso.aiff'
alias exitsound='if [ $? -eq 0 ]; then success; else failure; fi'
I like to put them in ~/.bash_aliases and source them from ~/.bashrc put that’s just a matter of taste. Now you can enjoy the full glory of the alert sounds while doing stuff in the Terminal!
sudo port install something; exitsound
./configure && make; exitsound
Have fun!
spotify on mac os x via ssh 13. Sep 2011
Mit despotify wird jedes unixoide System zur drahtlosen Jukebox!
Angenehmerweise gibt es despotify unter Mac OS X als Port:
$ sudo port install despotify
$ despotify
Have fun!
safari 5.1 user agent changed 19. Aug 2011
If you are using Glimmerblocker and Little Snitch together with Safari 5.1 you need to be aware that Safari 5.1 uses a different user agent so you have to include WebProcess and possibly PluginProcess in your PAC file. I have created updated versions of the PAC rule and the PAC script. For more information see the Glimmerblocker wiki.
sending an sms in skype for mac 24. Jun 2011
If you want to send an SMS to an unregistered contact in Skype it may not be completely obvious how to do so. There is no “New SMS…” menu item, instead you have to launch the dial pad by pressing ⌘2 or clicking on the dial pad icon in the main window title bar, enter the phone number and click on the SMS button. Surely feasible after you find out how it works, but not quite intuitive in my eyes.
