Capistrano 3 Issues

I decided to give capistrano 3 a try with one of my projects. For the most part, I prefer version 2 to version 3. Mainly this is because I never have a staging server. I only have my development stuff and then I deploy to production. So having to specify the deployment server is just additional work that I always forget.

Anyway, on the new project that I used, I found another reason why I don't like version 3. It no longer automatically makes a link to a shared log file. It makes a new log file in each revision. So what's the big deal? By default, it also only keeps the last five revisions of the code on the server. So when it deletes an older revision, you lose the log. And you can't just search a single log file for something. It's split across five files. For now, I'm going back to capistrano 2 because I'm more familiar with it and it behaves as I expect. I may give capistrano 3 another try, but it'll have to be on something where I have more time so I can test out what other unexpected behavior it has.

Counting Comma-Separated Values in Excel

We have a bunch of spreadsheets where which have cells with values like this, R1, R2, R3, R4 or C45, C87, C22. It would be very helpful to have another column that could tell us how many values on in these cells (4 and 3 in my example). The way to do it is to use this function, which would tell us how many values are in cell H8.

=LEN(H8)-LEN(SUBSTITUTE(H8," ",""))+1

The only drawback is if the cell is empty, it will return a 1. This is not a big deal for us, as we'd just delete the function for rows with an empty cell.

Openssl Update Breaks Pine

There was an openssl update recently that caused people who were using alpine to not be able to send mail. When they tried to send, they got this message:

Trying to connect to mailserver to send in alpine, get this message in alpine

There was an SSL/TLS failure for the server


The reason for the failure was

                                           SSL negotiation failed

This is just an informational message. With the current setup, SSL/TLS will not work. If this error re-occurs
every time you run Alpine, your current setup is not compatible with the configuration of your mail server.
You may want to add the option


to the name of the mail server you are attempting to access. In other words, wherever you see the characters


in your configuration, replace those characters with


Type RETURN to continue.

Turning off tls is not an option.

After reading the openssl update info, I found that one of the changes was that the software was requiring the minimum Diffie-Hellman key size be 768 bits. And that in the future, it would be 1024 bits. So if I could just figure out how to increase the key size, I thought I'd be all set.

One issue I have is that our current mailserver is running the older RHEL5 system. It's up-to-date with patches, so I'm not worried about the security of the system. But I wasn't sure that the version of openssl would even work with systems having the newer version of openssl.

I played around with an RHEL7 system, thinking that this version should have everything set by default. However, this was not the case. I got the same error when trying to send mail through a server running RHEL7. In looking at the logs, I saw these lines:

Jun 16 10:51:04 new sendmail[3301]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1
Jun 16 10:51:04 new sendmail[3301]: ruleset=tls_server, arg1=SOFTWARE,, reject=403 4.7.0 TLS handshake failed.
Jun 16 10:51:04 new sendmail[3301]: t5GFoxp8003299: to=, delay=00:00:05, xdelay=00:00:05, mailer=esmtp, pri=120325, [], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake failed.

The "reason=dh key too small" confirmed that I needed to increase the key size. Having no idea how to do this, I googled around a bit and found the fix.

[~]# cd /etc/pki/tls/certs
[certs]# openssl dhparam -out dh_params.pem 2048
(This command takes a few minutes to run.)

Now I just need to tell sendmail to use those Diffie-Hellman options. I added the following to my /etc/mail/ file.

dnl # Use DH parameters with 2048 bit key

Then ran:

[mail]# make -C /etc/mail
make: Entering directory `/etc/mail'
make: Leaving directory `/etc/mail'
[mail]# /etc/rc.d/init.d/sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

Now, using alpine to remotely read mail worked again. And I could stay up-to-date with openssl.