RGB is used for screens (e.g. television, monitors, phones). Screens work by combining different light colors (red, green or blue) into one color we can actually see.

CMYK is used in print often. Instead of sending out light, paper must reflect light to give it color. If you check your own printer you’ll see there are three colors: cyan, magenta and yellow. Again, these three colors can be combined to *absorb* colors, and thus reflect the color you want.

The problem is that not all web browsers are capable of handling JPEGs that use the CMYK colorspace. Internet Explorer is the most notorious one. Internet Explorer users will see an ‘image not found’-error – or red cross – instead.

If you’re using thoughtbot’s Paperclip, the solution is easy.
By adding some custom ImageMagick `convert` options you can make sure that all generated thumbnails are in the RGB colorspace.

has_attached_file :avatar

would become:

has_attached_file :avatar 
   :convert_options => { :all => '-strip -colorspace RGB'}

Easy right?

If you have a lot of CMYK images already, you don’t have to delete them, you can easily reprocess them when you made the above change:

User.find_each { |user| user.avatar.reprocess! }

Let’s dive in directly:

class Archive
  @queue = :file_serve
 
  def self.perform(repo_id, branch = 'master')
    repo = Repository.find(repo_id)
    repo.create_archive(branch)
  end
end
 
Resque.enqueue(Archive, @repo.id)

This example was taken from the Resque README. It works great, but there’s a problem: you hard-code the queue to use. For an app I’m currently working on this is unwanted behaviour.

So, how do you make Resque pick the right queue based on the data you feed it?

In the following example I’ll show you how to pick the right queue based on the user that requests the job.

class StreamWorker  
  def self.enqueue(resource)
    Resque::Job.create(select_queue(resource), self, resource.id)
  end    
 
  def self.select_queue(resource)
    resource.user.use_priority_queue? ? :stream_high : :stream_low
  end
 
  def self.perform(resource_id)
    resource = Resource.find_by_id(resource_id)
    return false if resource.nil?
    resource.process!
  end
end

Instead of using Resque’s convenience method Resque.enqueue we create a Resque::Job ourselves. The select_queue determines which queue is used.

Creating a StreamWorker job in the right queue is as easy as running:

StreamWorker.enqueue(@resource)

In case you’re wondering, the User#use_priority_queue? method returns a boolean based on the role the user has.

Happy queueing!

I’ll assume you have a standard Debian system with the apache2 package installed and ready.

The first step is to generate a key. You must choose a passphrase here. We’ll remove that later on for easier Apache2 restarts

openssl genrsa -des3 -out server.key 4096

Next, you need to generate a Certificate Sign Request or CSR. Some things to consider:

• Enter the Fully Qualified Domain Name in the Common Name field. For this blog that’d be ‘blog.kabisa.nl’.
• There’s no need to set a challenge password.

openssl req -new -key server.key -out server.csr

Next, sign the request with your key.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Then, create an insecure version of your key. This will remove the pass phrase. If you don’t do this apache will ask for the pass phrase when it loads the key.

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

A good place to keep your key and certificate is /etc/apache2/ssl. Make sure you chmod 600 it for the root user.

Okay, setup your VirtualHosts. This example is for a Passenger-powered example app.

<VirtualHost *:80>
  ServerName example.com

  Redirect permanent / https://example.com/
</VirtualHost>

<VirtualHost *:443>
  ServerAdmin support@example.com
  ServerName example.com

  # SSL Engine Switch
  SSLEngine on

  # SSL Cipher Suite:
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

  # Server Certificate
  SSLCertificateFile /etc/apache2/ssl/server.crt

  # Server Private Key
  SSLCertificateKeyFile /etc/apache2/ssl/server.key

  # Set header to indentify https requests for Mongrel
  RequestHeader set X-Forwarded-Proto "https"

  BrowserMatch ".*MSIE.*" \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0

  DocumentRoot /var/rails/example/current/public
  <Directory "/var/rails/example/current/public">
    AllowOverride all
    Allow from all
    Options -MultiViews
  </Directory>
 </VirtualHost>

There is a file name /etc/apache2/ports.conf that configures which ports apache listen on. Make it look like this:

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

All set. Now restart apache2 and you should be good to go.

• Heroku – What is Heroku and how does it compare to Amazon EC2 and Kabisa’s Hosting
• Jeweler + Gemcutter – How to use Jeweler to manage your gem and push it to gemcutter

Ariejan and other Kabisa people are available for private and public talks! Mail to info at kabisa.nl

After configuring a new IP address for the clone, I booted up the system. Nice, but I ran into a problem:

Configuring network interfaces...SIOCSIFADDR: No such device
eth0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFBRDADDR: No such device
eth0: ERROR while getting interface flags: No such device
eth0: ERROR while getting interface flags: No such device
Failed to bring up eth0.

After some investigation I found that the MAC address for eth0 is stored on disk in /etc/udev/rules.d/z25_persistent-net.rules. That makes sense, because the whole file system was cloned. But, I swapped the virtual network card, and I’d expect is to work. It didn’t.

The solution is quite easy. Empty /etc/udev/rules.d/z25_persistent-net.rules. Then shutdown and start your VPS. You must do a full shutdown, a reboot won’t work.

For the lazy folk out there, here’s how to quickly empty the file:

echo "" > /etc/udev/rules.d/z25_persistent-net.rules

After you have started your VPS back up again, you should be able to ping out over the network. If you peek in /etc/udev/rules.d/z25_persistent-net.rules you should see a line that contains the MAC address for your virtual network device.

doc = Hpricot(open("https://www.cert.org/blogs/vuls/rss.xml")) # => /usr/lib/ruby/1.8/net/http.rb:590:in `connect': certificate verify failed (OpenSSL::SSL::SSLError)

or

warning: peer certificate won't be verified in this SSL session

The solution is to make sure ruby has access to the right set of root certificates.

The easiest way to get hold of those root certificates is by downloading this file cacert.pem (details) (updated weekly by the developers of CURL, based on the Mozilla browser). Download this file and store it somewhere in your app.

If you’re really keen on security, don’t trust the guys from CURL and download the different root certificates from their providers manually. However, in most cases, the file from CURL will suffice.

Then, in your ruby code, setup the connection like this and you’ll have a validated SSL connection:

#! /usr/bin/env ruby
require 'net/https'
require 'uri'
 
uri = URI.parse(ARGV[0] || 'https://localhost/')
http = Net::HTTP.new(uri.host, uri.port)
if uri.scheme == "https"  # enable SSL/TLS
  http.use_ssl = true
  # Only needed for ruby 1.8.6
  # http.enable_post_connection_check = true
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
  http.ca_file = File.join(File.dirname(__FILE__), "cacert.pem")
end
http.start {
  http.request_get(uri.path) {|res|
    print res.body
  }
}