Getting the AWS CLI to accept Cloudflare WARP’s root certificate

When we moved to Cloudflare WARP at CleverTap, everything worked as expected, except for the AWS CLI:

SSL validation failed for [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)

The problem with Cloudflare WARP is that it’s the equivalent of Charle’s Proxy – presenting its own certificate for everything. While this works for almost everything, it doesn’t work for tools that use a well known and publicly trusted CA bundle.

Moreover, AWS’ CLI v2 is built with Python, which apparently doesn’t even have access to macOS’ Keychain. So, although that Cloudflare WARP certificate is installed in Keychain, tools from JetBrains and AWS’ very own CLI will refuse to work.

The solution? Download a .crt from Cloudflare’s documentation, convert it to a .pem (using Keychain), and then add it to your CA bundle (in my case, the default one installed by Homebrew).

Preparing the certificate

Download the certificate from here. Next, open it up in Keychain:

Right click on that entry, to see the Export option:

Export it as a PEM:

Hit Save.

Installing the certificate

And now to the tricky part. The CA bundle that AWS uses for its CLI is a mystery. However, it does allow one to override that, by using an environment variable. So, we want that CLI to trust the usual set of root certificates, along with Cloudflare’s. OpenSSL installs a decent set of trusted root certificates, which we can append to:

$ cat Cloudflare.pem >> /Users/jude/bin/Homebrew/etc/openssl/cert.pem

All that’s remaining is to tell the AWS CLI to use it:

$ export AWS_CA_BUNDLE=/Users/jude/bin/Homebrew/etc/openssl/cert.pem

And voila! It starts working magically!

LetsTuneup: A music chart with Arjit Singh in the lead

LetsTuneup has grown tremendously, and with it, we’ve introduced new features too. We identified that a few of our users couldn’t use the app to it’s full extent because they didn’t have music on their devices.

We’ve solved that. Users can now pick their favourite artists, powered by a location aware scoring algorithm, which recommends popular artists in their area.

Leading the recommendation list in Mumbai is Arjit Singh, followed by Eminem, Linkin Park, Coldplay and Pink Floyd. Honey Singh is #11 on the chart, and some nostalgic users love Akon, making him #28.

Arjit Singh in the lead, with Eminem, Linking Park, Coldplay and Pink Floyd following close
Arjit Singh in the lead, with Eminem, Linkin Park, Coldplay and Pink Floyd following close

Stay tuned and look forward to our next big feature, very soon.

US toy giant threatens to sue Matchbox

TL;DR: A giant American toy company threatens to sue Matchbox. Having no resources at hand, Matchbox is forced to change it’s name to Tuneup.

On the 14th of March, I received an email from Apple (via the giant toy company) with the following content:

The developer of the reported application is using the registered
Matchbox trademark in the description of the application without
authorization from the right holder. Also he is offering services by
unlawfully using the registered trademark which is causing bad
influence for the Matchbox brand values. Furthermore, this application is
not authorized from the right holder. This is a trademark infringement
causing damages to our client xxxxxxxx, the right holder for the
Matchbox intellectual property. I would kindly ask you to proceed and
remove the infringement/application from all stores worldwide.

This company, had the trademark for Matchbox registered under the following classification codes: US 001 002 003 005 021 022 023 026 029 036 037 038 039 041. Each and every G & S description was related to toy products, fabrication, stationery products, and manufacturing processes.

Looking up these classification codes on the United States Patent and Trademark Office’s website, absolutely none of them are for computer software, or anything that even crosses paths with Matchbox.


The million dollar question: If there was absolutely no case for “confusingly similar”, why did Matchbox change it’s name?

It’s simple really. Big guys always bully the small ones. They threatened to sue us if we didn’t stop using it. Even after proving to them that it wasn’t even remotely infringing to their use of Matchbox, they wouldn’t budge. Had I fought them legally, I would’ve won. Easy peasy. However, due to the lack of resources, I had no choice but to change it’s name.

If I had to call Matchbox anything other than Matchbox, I’d call it Tuneup. “Tuneup” is imagined by Joelle Fernandes, the co-founder of Let’s Tuneup.

Why Matchbox, and how it connects people through music

There’s no doubt that music defines us. It influences our moods, for example, making us happy by releasing a chemical named dopamine. It can affect what we wear, what we eat, and perhaps even who we enjoy being together with. It affects our thought process too (it’s well known that ambient noise can improve productivity).

In a study conducted amongst couples who were eighteen years old, it’s been found to predict personality traits. According to the same study, it’s what we’re most likely to discuss about when we meet somebody new, within the first few weeks. Psychologically, men and women who listen to similar music tend to be better communicators, and have longer lasting relationships.

It’s probably one of the most important things in our lives. If I were to place music on Maslow’s hierarchy of needs, I’d place it at the physiological stage. It’s a fundamental part of our society. Even the Hollywood movie directors (e.g. the scene from Interstellar) would agree.

Why not extend this to the social discovery apps we use today? None of them base their core on this. One of the most popular apps for social discovery, Tinder, uses Facebook page likes and interests, to match people together.

This is why Matchbox was created. It bridges the gap between “truly anonymous“, and “hey there“. The app shows you the top ten artists that are common between you and the person you’re looking at, giving you a fair knowledge of what that person would be like:

Matchbox showing the top 10 artists
Matchbox showing the top 10 artists

You’re more likely to be at ease knowing that the opposite person is a little similar to you. Matchbox was crafted with the sole intention that music is the key that connects us, and binds us together. It has evolved for over 9 months, before being made available to the world.

As it stands right now, Matchbox has a hundred active users, and is growing slowly.

Go ahead and test drive the app, and see for yourself how Matchbox re-defines the social discovery platform.

Download on the App StoreGet it on Google Play

Discover – my second iOS app

iTunes Genius is a great feature. However, it lacks music discovery outside your own music library. Sure, you can always do a Google search for similar tunes, but let’s face it – who has time to do this anymore?

There weren’t any great music discovery apps on the App Store either. All of them either looked ugly, or had to be opened by the user. The content wasn’t available readily.

Then I thought of Discover. I wrote this app keeping in mind that the app would never have to be opened by the user, to see any content. Instead, why not present it in the Today screen itself? This way, the widget can refresh it’s content quickly and present it, in a beautiful manner.

Unobtrusive. Simply genius, isn’t it?

How can this be made any better? Provide buttons which directly search the iTunes Store or YouTube for the song recommended. This way, it’s easy for the user to try out new songs, with zero effort. Eureka! The effort of typing on the device is now gone!

I’ve submitted the app on the App Store for review, and I hope it will be accepted and published soon. Here’s a sneak peak of it:

Highlights of Discover
Highlights of Discover

Discover took a total of one month to complete. Although it was a simple app, I couldn’t give it much time day to day.

I love what it’s turned into. There’s so much that I’ve learned about iOS – auto layout, GCD, and the language itself.

0f > Float.MIN_VALUE = false!

Turns out that this is the expected behaviour from the java doc:
A constant holding the smallest positive nonzero value of type float, 2-149.

So now, how do I get the smallest negative value that a float can hold?

Just came across the most weirdest thing ever in Java – 0f > Float.MIN_VALUE returns false!

Similarly, anything less than 0, (say -10 for example) is surprisingly not greater than Float.MIN_VALUE.

However, 0 > Integer.MIN_VALUE returns true!

Want to try it out?

public class E {
    public static void main(String[] args) {
        System.out.println("1f > Float.MIN_VALUE: " + (1f > Float.MIN_VALUE));
        System.out.println("0f > Float.MIN_VALUE: " + (0f > Float.MIN_VALUE));
        System.out.println("-1f > Float.MIN_VALUE: " + (-1f > Float.MIN_VALUE));
        System.out.println("0f < Float.MIN_VALUE: " + (0f < Float.MIN_VALUE));
        System.out.println("0f == Float.MIN_VALUE: " + (0f == Float.MIN_VALUE));


1f > Float.MIN_VALUE: true
0f > Float.MIN_VALUE: false
-1f > Float.MIN_VALUE: false
0f < Float.MIN_VALUE: true
0f == Float.MIN_VALUE: false

A Usable Mac: Yosemite + Reduced Transparency + Lucida Grande

I updated to OS X 10.10 after a day it was released – only to be stunned by the really, really ugly looking UI. @francispereira dubs this new update as “Polio infected”. There’s transparency where it should never have been in the first place, and the font smoothing engine is gone haywire with the new system default font, Helvetica.

Let’s fix it:

Drop the transparency

Open System Preferences(type sys in Spotlight). Open the Accessibility settings(second last row, extreme right). Check the checkbox that says “Reduce transparency”.

Revert the system default font to Lucida Grande(the font used in OS X 10.9 and earlier)

Download this app which I found here. Uncompress the downloaded file, then right click on the extracted app, and click on Open. Then click on the Patch and Install button in the dialog box that appears. It will then prompt you for your system password, as it copies Lucida Grande from /System/Library/Fonts to /Library/Fonts, and then patches it to be the system default font.

Next, log out and log back in to see a more usable Mac.

Seriously Tim, you ought to check yourself before you wreck yourself.

Evidently, SEED is just a kid in the corporate world

Despite several efforts to contact SEED Infotech regarding their mishap for the past two days, they do not respond. E-mails, twitter updates, facebook posts being deleted from their end, says everything: SEED Infotech is lazy. They cannot afford to sponsor an event such as this one. What’s more, today’s challenge makes no sense whatsoever! SEED tried to put up a memorial contest to pay their respects to Dennis Richie, the creator of the C. They called it a “mega-event in January“, I call it a “mega-flop in January“.

The day they came to The Wilson College, they seemed to be disorganized. They didn’t seem to know what they were doing themselves.

SEED has put down the level of computing. SEED has brought their level from zero to nil, well, to top it all off, they had an insane web programmer, who didn’t know what he was doing. Notice the actual link of the page, followed by what it’s supposed to be:

Clearly, they do not have the potential to host such an event, and must be never allowed to.

They haven’t even once shown a sign of improvement, answers incorrect, questions incorrect, what more is there to it? This proves SEED’s incompetence in hosting an event, which surprising should be pretty easy enough to pull off correctly.

Last but not the least, @SEEDInfotech, your just a kid in the corporate world. Congratulations on winning this title.

As Francis Pereira says, “good talent is always hard to find“, and SEED does not have such talent.

Import your Nokia S40 Contacts to Google or the like

Nokia S40 phones’ can’t sync with Google or any other good online web services. So if you wanted to export your contacts from your phone and import them into your GMail contacts/other contact management, how would you accomplish this?

It’s a little complicated, but easy once you do it for the first time.

From your Nokia S40 phone:
Take a backup of only your contacts, and transfer this backup file to your computer, running GNU/Linux(if anyone can replicate this process on Windows, drop a comment).

On your desktop:
The NBF file is a simple zipped file. Unzip this zip file, and navigate your way to the contacts folder:

$ unzip Backup000.NBF
$ cd predefhiddenfolder/backup/WIP/32/contacts/

If the above specified path does not exist, then look for the directory contacts in the extracted directory.
The contacts are stored in the most popular vcard format, all the contacts you have are in a separate vcard for each contact. Let’s combine all of these into one single vcard file:

$ cat *.vcf > ~/Desktop/phone-contacts.vcf

Now you can import this file into any contact management application that supports the vcard format.

For GMail:
Navigate to Contacts(it’s located a the top left corner), then under More actions, click on Import. Choose the newly created combined vcard file(located on your desktop) and click on Import.

To clean up things, in the Contacts view in GMail, again select More actions, and click on Find & merge duplicates…, this will ensure that you don’t have duplicate contacts, and clean up your contacts as well.

If someone accomplishes this in Windows, please leave a comment on doing so.

liferea and gmail

I bet that mail client of yours just lies there doing nothing, when its sole purpose is to inform you the minute you get a new e-mail. Well, that client just takes up more memory, to just do that, doesn’t it? What if you could just check new mail via an RSS feed?

liferea to the rescue! It’s a simple, easy, and powerful RSS client, which can manage many feeds and provides notification via libnotify. Setting up gmail as a new feed is very easy. Follow your distribution specific install guide here.
Launch liferea from the menu, and click on “New Subscription”. The Feed Source for gmail’s RSS feed to your inbox is Click on OK, then a little while later, it will ask for your login credentials.

Username: example
Password: ******

Do not include And your all set to receive mail updates. Look in the Tools -> Preferences to tune liferea.
You can also add your facebook notifications feed as well.

comparison sheet | plug computers

A lot of these plug computers are in the market. Which one is right for you? Here’s a comparison sheet to help you decide which one should you be looking for:

Plug Computer Processor Memory JTAG WiFi Network USB SATA Price
Ionics Cumulus KW 1.2Ghz 512MB NAND, 512MB DDR2 Yes Yes 1 Ethernet 1 2
Seagate Dockstar KW 1.2Ghz 256MB NAND, 128MB RAM Make One No 1 Ethernet 3 0 $30
Pogo Plug Pro No Yes 1 Ethernet 4 0 $99
Open RD Client Sheeva 1.2Ghz 512MB NAND, 512MB DDR2 Yes No 2 Ports 7 2 $250
Beagle Board TI 600Mhz 256MB NAND, 128MB RAM Yes No 1 Ethernet 1 0 $150
Guru Plug KW 1.2Ghz Yes No 2 Ports 2 1 $99
Guru Plug Server KW 1.2Ghz 512MB NAND, 512MB DDR2 Yes 2 Ports 3 1 $129
Marvell Sheeva Plug KW 1.2Ghz 512MB NAND, 512MB DDR2 Yes No 1 Ethernet 1 0 $99

If anyone can fill in the missing values, please leave a comment