TortoiseHG and wildcard certificates

Having resolved recent SSL certificate issues with Mercurial/TortoiseHG, I now encountered a similar issue with the wildcard certificate for * where getting a clone would result in a "SSL: Server certificate verify failed" error.

One way around this issue is to add the fingerprint for this certificate to your configuration. Currently for * this is 00:d5:88:35:29:b9:7f:03:92:60:c2:04:e4:b7:01:f0:07:53:15:a8 and one way to get this from a Unix command line is with openssl s_client -connect < /dev/null 2> /dev/null | openssl x509 -in cert-code -fingerprint -noout -in /dev/stdin | tr "[:upper:]" "[:lower:]". This corresponds with Chrome's certificate view's thumbprint field, you just need to add colons.

Right click in Explorer, select TortoiseHG » Global Settings and then click Edit File and add the following:

[hostfingerprints] = 00:d5:88:35:29:b9:7f:03:92:60:c2:04:e4:b7:01:f0:07:53:15:a8

This should make Mercurial/TortoiseHG work, at least until the certificate expires and you need to update it with the latest fingerprint.

TortoiseHG and non-standard SSL certificates

For my own development I use Mercurial and TortoiseHG for my version control system. I also use, at the moment, a CAcert certificate to use HTTPS with my repositories. I am not sure what changed when, but apparently the certificates now get verified. So this causes obvious problems trying to push or pull due to "SSL: Server certificate verify failed" errors.

To make this work on a Windows 7 machine with TortoiseHG in stalled, first download the CAcert root PEM certificate and place it some permanent directory. Next open the TortoiseHG global settings (right click somewhere in Explorer and select TortoiseHG » Global Settings). In the window that opens click the Edit File button. If it does not exist yet create a section similar to this:

cacerts = C:\path\to\cacert-root.pem

Press Save and OK and any push and pull action with HTTPS URLs should work as they ought to.

Unbound unable to read root zone

After upgrading various ports on my FreeBSD system and days later a full world and kernel, a reboot showed me that unbound didn't start. The system reported that:

error: reading root hints
/usr/local/etc/unbound/named.cache 88: Empty line was returned

It turns out that from ldns 1.6.13 to 1.6.14 there is an API change that caused problems for unbound. After upgrading ldns you also need to recompile unbound to pick up on these changes. If you do not, you will run into the problem above.

JetBrains IntelliJ IDEA and Monokai

I'm a fan of the Monokai colour scheme for my source code editing and thus set up it whenever I can in the IDEs I use.

For JetBrains' IntelliJ IDEA I use Long Cao's Monokai colour scheme. Grab the XML file and drop it, on Windows, in your %HOMEPATH%.IntelliJIdea11configcolors directory. Restart IDEA and the Monokai colour scheme ought to be present in the dropdown box under File » Settings » Editor » Colors & Fonts » Scheme Name.

Setting up Eclipse 4.2 as I like it

Download Eclipse 4.2 Classic 64-bits version from the Eclipse website. Extract the contents to a location, such as C:Eclipse. Adjust the eclipse.ini in that directory according to my post in order to pin it to the taskbar.

Next, within Eclipse, go to Window » Preferences » Install/Update » Available Software Sites » Add... and add the following URL under something like "4.2-M builds": After adding you can hit Reload to reload the information from the website. Exit all windows through pressing OK. Then follow up by going to Help » Check for Updates and you will most likely get an Eclipse SDK update right away. Accept the licensing terms and wait until it downloaded and installed everything and restart Eclipse.

Go to Help » Install New Software... » Work with, select the Juno entry and from the resulting list of software select General Purpose Tools » Marketplace Client followed by Next » Next, accept the license and Finish. Restart Eclipse when done. Now under Help is an entry called the Eclipse Marketplace.

Open the Eclipse Marketplace and search for and install the following: "code recommenders", "MercurialEclipse", "mylyn" (not selecting the Bugzilla connector). It might ask if it is OK to install unsigned content, acknowledge it.

Sublime Text with 80 and 120 column rulers

For many programming languages we still like to use either 80 or 120 columns in our editors to ensure it fits easily on print, as well as to use it as an aid for ensuring concise code.

In Sublime Text you can set vertical rulers for this by going to Preferences » User File Preferences and add rulers 80 120 and save the file.

For Sublime Text 2 it's under Preferences » Settings — User, but the configuration file is now in JSON format, so you need to add "rulers": [80, 120] and maybe you need to append a comma at the end if you have more configuration directives following it.

Addition 2013: in Sublime Text 3 it is still under Preferences » Settings — User and the file is still in JSON, so simply add "rulers": [80, 120], like in the example for Sublime Text 2.

PyCharm and external lint tools

PyCharm already has a number of features present in various tools to lint/check your source code with, but offers a way to hook up external tools. Under File > Settings is a section called IDE Settings. One of the headings here is called External Tools. Select this heading and then press the Add... button on the right hand pane to configure a new external tool.

In the Edit Tool window that now appeared fill in a name, e.g. PEP8 and a group name Lint and add a description. Next point the Program to the location of the pep8.exe executable, e.g. C:Python27Scriptspep8.exe. For Parameters you need to use $FilePath and Working directory should be filled in by default. Once done, you can close it by pressing the OK button.

Now, pyflakes has no .exe or .bat file to accompany it. You will need to add a pyflakes.bat in your Scripts directory inside Python with the following contents:

@echo off
rem Use python to execute the python script having the same name as this batch
rem file, but without any extension, located in the same directory as this
rem batch file
python "%~dpn0" %*

Within PyCharm you follow largely the same settings as for pep8, however make sure to point to the batch file of pyflakes under Program. Close the external tools configuration windows by clicking OK twice. Under the menu heading Tools you should see an submenu heading Lint which, in turn, should contain two menu items: PEP8 and Pyflakes.

Now open a Python file, go to Tools > Lint > PEP8 and you should get output like the following in your Run (4) window:

D:\Python26\Scripts\pep8.exe D:\pprojects\babel\babel\tests\
D:\pprojects\babel\babel\tests\ E302 expected 2 blank lines, found 1

Process finished with exit code 1

Character encoding in mailcap for mutt and w3m

I use mutt on my FreeBSD system to read my mail. To read HTML mail I simply use a .mailcap file with an entry such as

text/html; w3m -dump %s; nametemplate=%s.html; copiousoutput

This in effect dumps the HTML using w3m to a text file in order to safely display it. The problem that I had is that, because some emails that I receive are from a Japanese translators list, they are in Shift_JIS. When dumped w3m doesn't properly detect the Shift_JIS encoding and as such the resulting output becomes garbled.

When I looked at the attachments in the mail with mutt's 'v' command I saw that mutt at least knows the encoding of the attachment, so I figured that there should be a way of using this information with my mailcap. Turns out that there is indeed a way to do so, namely the charset variable. It turns out the mailcap format is a full RFC. RFC 1524 to be exact. Mutt furthermore uses the Content-Type headers to pull any specific settings into mailcap variables. So a Content-Type: text/html; charset=shift_jis means that %{charset} in the mailcap file will be expanded to shift_jis. We can use this with w3m's -I flag to set a proper encoding prior to dumping.

text/html; w3m -I %{charset} -dump %s; nametemplate=%s.html; copiousoutput

As such you can be relatively sure that the dumped text will be in the appropriate encoding. Of course it depends on a properly set Content-Type header, but if you cannot depend on that one you need to dig out the recovery tools already.

src.conf on FreeBSD 7 for the average installation

If we consider common available technology and the average use of a FreeBSD installation as desktop or server then I think these are sensible defaults for /etc/src.conf under FreeBSD 7.


How many of you run ATM to your FreeBSD box?


Do you really need a full installation of BIND on your machine? In most cases you simply need a caching, recursive resolver. For this just install unbound (found in ports/dns/unbound). Do note that I did not specify WITHOUT_BIND_UTILS so tools like dig and nslookup will still be installed. Only if you need an authoratative nameserver might you want BIND. On the other hand, you might prefer to install NSD (ports/dns/nsd).


Most systems will probably not use Bluetooth at all.


Do you even use ISDN?


Most people I know use either ipfw or pf, so little need for ipf.


You seriously still use IPX? Even NetWare is IP-native nowadays.


I would hope most systems are using some sort of LDAP lookup nowadays. NIS seriously doesn't scale.


Given the ease of configuring Postfix, why would one want to bother with the archaic syntax of Sendmail? It has served faithfully for many, many years, but its design and configuration are archaic.