Have you ever had a sub-select where you really needed to reference a value in the outer query? I know I have! The naive way would be to run the outer query and then loop over the results running the inner query on each one. Luckily, there’s a better way. The Correlated subquery. Check it out! The example given is
SELECT employee_number, name FROM employees AS Bob WHERE salary > ( SELECT AVG(salary) FROM employees WHERE department = Bob.department);
See how the sub-select references the outer query? It’s SQL magic.
This post is about renewing SSL certificates. There’s not a lot of information I want to communicate here, so I’m going to keep it short.
Yesterday the SSL certificate for https://blog.lnx.cx
expired. I don’t know much about SSL, other than I find it more confusing/complicated than most things. I knew that I needed to renew the SSL certificate for the blog, but I did not know what that exactly meant. When I called my cert provider on the phone to renew, they told me that the renewal process begins with submitting a new Certificate Signing Request, or CSR
in crypto parlance. We ended the call shortly thereafter and I set off to get started.
I still had questions though. If I’m “renewing” my SSL certificate, does that mean my existing certificate is involved in some way? When I began reviewing the CSR generation procedure I saw no references to existing certificates. I did a bit of Internet research to try and figure this out.
Eventually I found out that the idea of “renewing” a certificate is a bit of a misnomer. That is, nothing you have carries over with you. The process of “renewing” a certificate is actually the exact same process as getting an initial certificate. I’ll say that again for clarity:
Renewing an SSL certificate is the exact same thing as getting your first SSL certificate.
I hope this helps out other folks who are as confused as I was about the renewal process.
The “git archive” man page states:
git archive behaves differently when given a tree ID versus when given a commit ID or tag ID. In the first case the current time is used as the modification time of each file in the archive.
By using the current time in this case, git-archive is dooming all of our tarballs to have constantly changing SHA256 hashes. A lot of build systems, including Fedora’s Koji, rely on source tarballs maintaining a consistent fingerprint. What is a person to do?
Fix it of course! Below is a Python 2 program I wrote that addresses the issue. The code is well-commented (I hope) so you should be able to follow along. You give it the Unix timestamp you want the files to have, the git ref you want baked into the tar header, and the initial tarball. The result is printed to stdout so just redirect that to wherever you please (or pipe it into gzip). It also has some code in there to deal with tarballs created by the maven-assembly plugin, but it doesn’t surface that on the primitive CLI. I’m leaving that as an exercise for the reader I guess.
Recently I noticed that in my IRC client, when I right-click a URL and select “Open Link In Browser”, the system would open a new browser window (or tab if appropriate) but not pointed to the link I wanted to visit. It would just open the home page.
What gives? Well, I happen to know from experience that in Linux most programs that need to use a “default” type service of which there are many implementations (such as a web-browser) use the xdg-open
command. XDG associates different mime-types to default applications. Step one then is to figure out what’s going on with XDG.
% xdg-mime query default text/html
firefox.desktop firefox.desktop
Here I’m asking XDG what applications are associated with the text/html
mime-type. Seeing two firefox.desktop files was a bit of a surprise. Let’s find out more!
% locate firefox.desktop
/usr/share/applications/firefox.desktop
/usr/share/xfce4/helpers/firefox.desktop
So I open up those two files and the first file looks normal and that file actually belongs to the Firefox package according to rpm -qf
. In the second file, I see
X-XFCE-Commands=%B -remote "openURL(about:blank,new-window)";%B;
X-XFCE-CommandsWithParameter=%B -remote "openURL(%s,new-window)";%B "%s";
That looks strange to me. If I want to open a URL from the command line, I don’t use openURL
. Let’s see what happens if I replace that with
X-XFCE-Commands=%B;
X-XFCE-CommandsWithParameter=%B "%s";
Aha! It works! But why? Well, after a little searching I came across Mozilla Bug 1080319. Looks like the openURL
was a legacy thing and got removed in Firefox 36. And a quick rpm -q firefox
confirms that I’m running that version. Firefox 36.0.1 add support for openURL
back in, but my hack will serve until that version hits Fedora.