Enable Keychain for SSH Connections after macOS Sierra

If you are connecting a lot from via SSH to remote servers, entering passphrases over and over might be a pain. As long as your hardware is secured, you might consider enabling the macOS keychain also for your SSH connections.

Go to ~/.ssh and open or create the config file. Now just enter the following entry to the file.

Host *
    UseKeychain yes

In the case you want to enable the keychain only for a certain server, simply replace * with your hostname such as foo.com.

Prior to macOS Sierra, macOS offered a dialog to enter the passphrase where you were able to select the passphrase to be remembered. For some reason, this dialog was removed. On the other hand, the keychain option has been introduced with macOS 10.12.2.

Preview as PDF Viewer for LaTeX Workshop on Visual Studio Code on macOS

After switching to Visual Studio Code as LaTeX editor, I installed the LaTeX Workshop extension to gain decent support for editing LaTeX files on Code.

After fiddling around with the settings, I still was not able to use Preview on macOS.

First of all, make sure external PDF viewers are enabled in the user settings.

"latex-workshop.view.pdf.viewer": "external"

Furthermore, set Preview es external viewer. The trick here is, don’t think about Preview as a viewer, actually, it is the open command.

Just set up the viewer as you would start preview on a terminal.

open -a preview mybook.pdf
This command used for user settings eventually ends in the following section.
"latex-workshop.view.pdf.external.command": {
    "command": "open",
    "args": [
With these settings, Preview will spawn with the created PDF right out of Visual Studio Code.

WordPress Level Up – Applying Let’s Encrypt to Self-Hosted WordPress

Finally, I found some minutes to set up my website with SSL encryption. The issue here, many hosters demand a fortune for certificates. 

Applying Let’s Encrypt

Let’s Encrypt is a free alternative, providing certificates, accepted by most of the browsers.

While manually installing a certificate can be a real pain, Let’s Encrypt utilizes Certbot to do on your behave. Once installed you can select the sites to protect and let do Certbot its work. There is a crisp description on the Let’s Encrypt page which explains how this actually works.

To be honest, applying SSL certificate using this setup makes it absolutely easy for everybody to do so – as long as you have shell access on your server. After downloading the packages – which are provided for a variety of OS and Web server software – Certbot even takes care of the configuration.  You also can configure the sites in a way, that all HTTP requests are automatically are forwarded to HTTPS.

Once done, the site was already available via HTTPS. Unfortunately, Chrome told me the connection is still not secure.

The help provided did not help much either.

Further investigation eventually showed all images within posts did not use HTTPS even after the base URL of the site was changed in WordPress settings.

The links are not created on the fly – the are actually stored in the text. In the database. At least for internal resources (aka images from your own server), I expected something like relative links or similar. To be honest, I have never looked that much at the WordPress internals.

Altering the Database

To change this quickly, I decided to alter all not secure URLs in the database. As changing the protocol from HTTP to HTTPS is changing base URLs as when changing the domain, you could make use of tools to do so.

I found Misha Rudrastyh’s Query Generator very useful to create all SQL queries for changing the database content.

When moving WordPress websites from one domain to another, this tool is a great time saver. Just generate the queries and run them in MySQL.

In my case, I ended up with the following six statements.

UPDATE wp_options SET option_value = REPLACE(option_value, 'http://www.aheil.de', 'https://www.aheil.de') WHERE option_name = 'home' OR option_name = 'siteurl';
UPDATE wp_posts SET post_content = REPLACE (post_content, 'http://www.aheil.de', 'https://www.aheil.de');
UPDATE wp_postmeta SET meta_value = REPLACE (meta_value, 'http://www.aheil.de','https://www.aheil.de');
UPDATE wp_comments SET comment_content = REPLACE (comment_content, 'http://www.aheil.de', 'https://www.aheil.de');
UPDATE wp_comments SET comment_author_url = REPLACE (comment_author_url, 'http://www.aheil.de','https://www.aheil.de');
UPDATE wp_posts SET guid = REPLACE (guid, 'http://www.aheil.de', 'https://www.aheil.de') WHERE post_type = 'attachment';

Once done the next request already ended up in a valid and secure HTTPS request.

Warning: Do a backup (apply mysqldump) before altering your WordPress database, in case you brick it for whatever reason.


Using certificates issued by Let’s Encrypt you can automatically apply these by using Certbot to secure your website. While doing this I experienced some issues with WordPress as all URLs are stored as plain text in the database. With generated scripts from Misha Rudrastyh’s Query Generator altering the WordPress content to apply HTTPS instead of HTTP is quite easy.

The Open Office Dilemma – Collaboration vs Working Side by Side

During the last 20 years, I worked in quite some companies, studied at universities, was self employed, worked full time remote and travelled a lot to customers. Currently, I do work in an environment where open office is a maxim and fully supported as this environment should encourage collaboration.

The Project Setup

I worked some days from home office but traveled most of the time to the customer. I slept in hotels a lot. When I was in a city where we had an office, usually Friday was “office day” where our team was not at the customer’s site.

We did have shared desks at the office, everybody had an pedestal and took the next free desk.  That was ok. We used the office day a lot to chitchat and to build up relationships with co-workers. We prepared for the week after, installed software, talked to to IT-support, went to lunch. Sometimes during the week we went to the office late so finish something we could not accomplish at the customers site. We stayed there late and had fun. When in the office it almost felt like a hackaton every time. Also managers and the CEOs worked that way. And the hours in the office it felt more like fetching up with your wo-corkers. Sometimes we run out of desks, so we went to a desk together. But this rarely did happen.

On the other side there was the customer’s site. These were just large project areas where a huge amount of workers tried to do things. At that time there were no meeting rooms for most of the projects I was involved. We just did the meetings and hinted down the project goals. As this job was exhausting, I did not care about the office, the project room and the open space. I never thought of “you could be more productive if not interrupted all the time” because he just chased down the project road.

In both cases there was a lot of collaboration. Within the companies offices it was like a family, we helped each other and were happy to see each other. At the customer’s site collaboration was formed due to the urgency of the projects. We where firefighters, stormtroopers and the emergency.  Why did it work that way? The project were ingeniously staffed. If these teams would have used offices, the probably would have moved to the hallway to work together. It was a team thing, though.

Everything worked, because it was a limited situation. Everybody was aware, that the projects will end. The situation will change with the next project. So you do not care that much. Also once you left the project, you are not interested much in its future. Also this sounds harsh, one has to face this.

The Team Room

Once I joined a high performing team in a SMB in the software development field. Their location was a team room, applying scrum , QA, ProductOwners and ScrumMaster did live in the same team room. With twenty people it was a crowded place. While doing pair programming, it was a noisy place as well. The setup was fair, tables were separated side by side. But one did not face the pair in front of the table as they have been separated by partitioning walls. Half of the tales have been empty. For bi-weekly sprints you worked on different places, however everybody had its own desk, drawers and so on. It was a fair environment and you felt home, even if it was noisy all the time.

At one point we had to perform deep thinking tasks that took several days and weeks. Major do overs and architectural changes. At that point some of os moved (still as pairs) to smaller rooms. for a limited time to get these tasks done. This was backed by the team as everybody did know, there tasks will not be done right if one is interrupted all the time. Still, other team members came over or you were sitting from time to time in the team room.

As this was not my preferred environment, it worked. The team room was fine, we delivered an unbelievable amount of output and the team played well together. There were a lot of offsite activities by the team members, and still, some years afterwards we meet every year to see each other.

In terms of collaboration, it was very good, as the team worked as such, but there also were individuals who did “their thing”. We had no phones at all, and did almost not use any e-mail. It was simply not necessary as everybody was colocated.

 The Team Lead in the Team Room Fail

Several years ago, I took part in establishing a new development team for a new product as a team lead. We got an small office with one meeting room, a team room and a separated office for the Product Manager and the CEO. First of all, we kicked the CEO out of this office and away from the neighborhood of the developers. Also my desk, which was placed right in front of the developer desks, was removed. I went to the separated office together with the PM. We had to talk a lot and spent a reasonable time  on the phone. I did a lot of PoCs which needed some deep thinking time. Sometimes I did this work from my home office.

The team on the other hand worked together similar as in the situation above. However, it was much more “civilized”. The team was only a fith of the size and everybody was a specialist in his field. Everybody got a huge amount of time for their work without interruptions. This team performed in an outstanding way and produced an awesome output within few months in a exorbitant rate of quality – after I removed my desk out of the team room.

The Virtual Team

When I joined Microsoft I think in 2004, I joined a overall virtual team. Quarterly meetings in a regional office with our managers and from time to time some events. How could one collaborate this way? To make it clear from the very beginning: This was one of the most freaking awesome teams I have ever been with. E-Mails was on a minimum but chatting was always present. I think my chat log where about a Gigabyte. We hacked technology like insane – – always linked to each other. Coordination with management was on a minimum. We had our goals and did everything to reach and regularly to beat them.

Even though we worked everybody for him- or herself, we collaborated in an outstanding manner. The most impressive memory to this team are our come togethers. They were half party half hackathon, there was no or little welcome and no goodby ceremony. We just met, worked and left with a simple, see you tomorrow – knowing we already talk in the chats half an hour from that point on.

At that point we had this idea of mobile blogging restricted to the size of a SMS. We pitched this idea to an Redmond based product manager who told us, this idea has no potential. A few years later, Twitter emerged. Also I do not remember the PM, I really do hope he regrets this moment, every day since then.

Collaboration in this team was on an unbelievable level. There was a goal for the entire team, not for a single member of it. Management played an overall role in this and still, one of our managers is a good friend of mine today.

The Remote Worker

In 2006, I joined Microsoft Research. At the very beginning as software developer as remote worker.  Over time the team grew. We had members from Russia, Spain, Italy, France, Germany, UK and the US. You know what? Collaboration was on a almost all the time high. We had simple rules for the code, few guidelines, a lot of automation and awesome team members. From time to time we met at conferences or events. On a irregular timebase we met in person in Cambridge, UK as flights were cheap to this location.

We used e-mail, chats and video phone calls. At this time Skype was not used, it was even banned, within Microsoft, so we fought to use it. We used almost every technology available. I was on a kind of 24/7 standby as you knew knew if you get a call from any country in the world. In fact I was once called in the middle of the night with the request to remote setup some demos as they were supposed to presented in front of Bill Gates. I did not kew about this until I got the call. So we fixed it. Another Sunday, I got a call from Redmond. It was my architect, telling me that he is preparing a demo for the next day and I broke the build. So I fixed it. Even I never switched off my phone, this was never really stressful. There were goals we worked on (and usually reached them) and there was a high level of collaboration. Again, the team was almost fully virtual.

The Office Day Fail

Right now, I am in product management role, doing a lot of in-house consultancy regarding enterprise architecture. My employer has an awesome policy of all work must be able to be performed from any place. And the same way we have shared desks and a clean desk policy. So far so good, but than again, there is this 20% home office rate as we do not have desks for all employees at the same time. We have open space offices or 8 open floors. Table groups of four everybody facing each other. The open space is supposed to encourage collaboration. However, everyday I see how many of my co-workers just work side-by-side rather than collaborating. E-Mails and Chats are on a all time high, Mails are written and read during meetings. There are many meetings. The places are crowded, it’s noisy and there are endless interruptions.

There is only little deep thinking you can perform. You are just interrupted that often. The most I was able to sit down 360 seconds before being interrupted and being asked “Do you have five minutes?”. I usually have 20 or more of them after such an interruption.

As there is no barrier as an office, the obstacle to interrupt someone is very low. This in fact does include myself as well. I do interrupt people way to often, which I do regret immediately afterwards.

I love being on the phone or doing Skype calls. I hate it in the office. There are thirty co-workers sitting in your neck. Also I do perform really bad in negotiations in an open space. Behind a door – I do really good I think. I just do not want to bother my co-workers to much. It happened to me that I went to a  toilet to do a Skype call for a negotiation just for having some privacy – and to say things only to be said… behind closed doors.

I don’t know how much I perform in open space in terms of coding and architectural decisions. Creativity drops down to a minimum when being afraid of being interrupted any second. On the other hand I come to the office every morning with new ideas. After sitting just for one or two hours in the evening without being interrupted.

My mails suck. Even though I try to avoid writing e-mails, I happens more than once to me that in the middle of the progress of writing, I was interrupted. Once the interruption was over, and the next interruption just queued up, I accidentally sent the mail. With an unfinished sentence in the middle of the unfinished mail.

When I try to write some code (mostly PoCs or demos nowadays) it takes ages. I either do it before the majority of co-workers arrives or later, when most of them have left.

I take my mandatory home office day. I usually get more intellectual work done during this day than in the rest for the week.

Without exact measurements, I feel like in a disruptive environment, I only perform 25% of what I could achieve otherwise.

If I look at the team, everybody works side by side. Almost no collaboration. Excessive usage of communication tool for remote communication and ticketing systems are utilized rather than collaborating.

Is it Only Me?

I wondered if this only for me. No one seems to have an issue with this. Everybody seems to be happy, beside me. Until a few weeks ago.

Two co-workers told me, that If I want to get something done in code, I should join there every-evening.-coding session. So they set up a Skype conference for one or two hours almost every evening where they actually do the new things.

Another co-worker came by with an awesome presentation. He did an overall comparison of platforms. He showed it to us, and showed us a book he worked through. He did during night hours for the last few weeks.

Actually, these are my top developers. I have to wonder why they have to do this during night hours. When they are not disrupted.

And then I read something here:

If your work environment fosters distractions (commonly known as “open space”), a grand majority your engineers will be stressed to the bone, and probably doing 10% of what they can actually accomplish.

tl;dr Conclusion

Also this is my very personal opinion, I had the best collaboration experience in remote teams – workin remote. Not based on working hours. Working on-site was never that awesome.

Good people will probably always sacrify their free time to fetch up disruption at their work place.

But why does remote work rock that much? In my opinion, you can work when you can perform the best. Who says I work the best at 8 am in the office? Maybe “my creative time” is 11 pm to 2 am.

If you set up an remote working environment,  this might not work out for everybody. There are always individuals not providing sufficient discipline for self-responsible work. However, in my experience, if you set up a remote working team, you usually have only team members in it, capable of providing this kind of work.

This might not work for a given team, but should be considered when creating new ones as already Martin Fouler pointed out in his article.

The fact that you can get a better team by supporting a remote working pattern has become increasingly important during my time in the software business and I expect its importance to keep growing.

Based on my experience, remote first teams can outperform co-located teams due to many aspects.

How to deal with GMAIL Undelivered Mail Returned to Sender

If you run your own mail server, you might end up quite frustrated because the Google relays do reject your mails.

Maybe your mails get rejected by the Google servers with the following message:

Our system has detected that this  message does not meet IPv6 sending guidelines regarding PTR records and authentication. Please review  https://support.google.com/mail/?p=IPv6AuthError for more information.

If you start reading your frustration level might even increase, due to the difficulty to deal with many of the requirements to get your mails to a Google server delivered. If you start digging into the various topics, you might end up even more frustrated as you have more questions as before.

At the very end, you just have to set up a few things to make your mails fully compliant, so even Google’s server do accept them. In addition you will get high quality mails – at least regarding the tech, content is entirely up to you.

I do run a setup of mail, Dovecot, Postfix and SpamAssasin on a Ubuntu server. Therefore, this article will cover the topic on these examples but should be able to be applied to almost any other system – as long as you replace tech X by tech Y.

Testing you Mail

The first issue is how to learn about your mails issues at all. To evaluate your mails, http://www.mail-tester.com turned out to be a perfect platform for me. As you only can evaluate three mails a day for free, you might throw in a few bucks if you in a hurry, or it might simply take some days to you to finish the tests.

How does it work? You get an unique mail address where you send your mail to. Once the mail was received any flaws in the mail will be displayed and explained (which definitely is a huge added value).

10/10 Score at mail-test.com

Believe me or not, I definitely haven’t had a score of 10/10 before.

SPF Record

First make sure, your DNS provides an SPF record. With no or little knowledge, I tried to create one by myself based on Google’s help page about SPF records. Did not work well at all.

I finally ended up with the following SPF entry for my DNS:

v=spf1 mx ip4: -all
  • a is just to indicate that there might be scripts sending mails
  • ip4: depicts the mails server we are talking about in the entry
  • -all means there only this mail server while the mx indicates that only domain’s MXs are allowed to send mail for the domain while all others are prohibited.

It took me a while to figure out the right (or at least something working) based in the SFP record syntax. So why do we do this? The idea behind SPF is simple, once you have published your policy, the receiving server can check if the mail is compliant with your policy. In my case, mails sent from scripts might be fine, as long as they come from my server. If someone sends a mail from server 154.354.32.2 this mail will be probably not sent by me, as it is not compliant with my policy. Google’s server do these checks, and that’s on of the reasons your mails are rejected by them.

Finally the SPF entries doe look like the following at my DNS:

DKIM – DomainKeys Identified Mail

Next, I started with DKIM. Again, if you start reading at dkim.org, you probably end up reading several IETF RFCs and a lot of question. Reading RFCs is always good and highly recommended by me, but actually did not solve my issue.

The good thing about Ubuntu is, there is an package called OpenDKIM which can be installed via

sudo apt-get install opendkim opendkim-tools

I got relatively lost, when i came to configure OpenDKIM and Postfix until I found the Postfix/DKIM site at the Ubuntu documentation.

First of all you need to add the domain to the /etc/opendkim.conf. You might want to exchange my domain aheil.de to your corresponding one.

Domain    aheil.de
KeyFile   /etc/postfix/dkim.key 
Selector   dkim

Now, I had to generate the key file.

opendkim-genkey -t -s dkim -d aheil.de

If you did it the same way as me, the file is probably located in the wrong directory. So move the file to the location provided above.

mv dkim.private /etc/postfix/dkim.key

Now I went to /etc/default/opendkim. Unlike as described in the Ubuntu documentation, I had to add the listening socket – which seems to be a standard one at Ubuntu.


I then went back to /etc/opendkim.conf and added the same port right below the Selector entry.

Domain    aheil.de 
KeyFile   /etc/postfix/dkim.key 
Selector  dkim
Socket    inet:8891@localhost

Now, I went to the /etc/postfix/main.cf file and added the following entries:

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

For some reason, I now ended up with two DKIM entries in my outgoing mails. I had to add no_milters to the receive_override_options line in my /etc/postfix/master.cf. I had to fiddle a little bit with the master.cf until everything worked again.

-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

Wherever you have created the keyfile, there will be an additional dkim.txt file. It will contain something like

dkim._domainkey IN TXT ( "v=DKIM1; k=rsa; t=y; "
 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZFYWrNHupXvZHvWJAo6aGB6sXYf+kpUIJv+BcP6NFiF9GBy26oYZKt6/ngCXmNAIY9+yReY8UxG5GIm/QnInbXWxwDXyD0MHD8HrhHyVa6JVqTncexm29M5Bbp/u0JI4ToOQwIQqpgTr0t9ADP8i76pbelYQ5IQDOwJRJQ2N1iQIDAQAB" ) ; ----- DKIM key dkim for aheil.de

Creating the corresponding DNS entry out of this seemed to be the most challenging part. You need to create an TXT entry similr to dkim._domainkey.aheil.de, of course using your domain. and you simply need the follwowing text in there


No quotes, no brackets, no nothing beside the above. This took me quite a while especially as DNS replication is nothing that works in real time.

For me the entry does now look like the following.

Once this is done, start OpenDKIM and restart Postfix so the changes will apply.

sudo service opendkim start
sudo service postfix restat

So far what does this actually mean? When a mail server receives your mail, it now will be signed with a DKIM key. If you check your mail headers, the will look similar to the following one.

By checking the dkim._domainkey DNS entry created before, the mail receiver now can check if the mail signature is authentic. Any mail server not in possession of the private key will probably not be able to sign the mail though, and could be thought of a spam server.

DMARC – Domain-based Message Authentication, Reporting & Conformance

Finally, it is necessary to create a DMARC record. Once SPF and DKIM are setup as above, you proceed similar as with the DKIM DNS entry.

Again you create a TXT revord for your DNS. This time the record is named _dmarc.domain.TDL, e.g. _dmarc.aheil.de in my case.

I created a relatively simple record:

v=DMARC1; p=none

I.e. p=none: the I do not requests any specific action be taken on mail that fails DMARC authentication and alignment.

At the very end, it looks like this for my DNS:


To get Google accepting mails from your own mail server, only a few steps are necessary. Setting up SPF, DCIM and DKIM are basically all which might be needed if Google rejects mails from your handcrafted mail server. You might want polish your SPF and DMARC records to align your policies with your very personal goals. If you are interested further in e-mail architecture, the book from Kevin Thomas called Email Architecture, Design, and Implementations might be something for your.

Locating unknown Raspberry Pi device in your Network

Just as a quick hint, once you have set up a new Raspberry Pi device (or probably any other device) which you don’t know, simply run the arp command to find out about your neighborhood.


arp -a

will make usage of the ARP protocol and give you some interesting information about some devices in your network.

arp -a

In my very case, I was told, the newly installed Raspberry Pi got the IPv4 address

.NET Core on Mac OS X

After MSFT started to open source .NET Core, it eventually found its way on my Mac OS as well.

The easiest way seams to be installing the .NET Execution Environments using Homebrew based the instruction given at Github.

sudo brew tap aspnet/dnx
sudo brew update
sudo brew install dnvm

Installation von .NET Core via Homebrew

Afte registering dmvm via

source dnvm.sh

one now should be abel to install .NET core using the following dnvm commands

dnvm upgrade -u
sudo dnvm install latest -r coreclr -u

For whatever reason I permanently run into issues such as

Installing to /Users/andreas/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004
find: /Users/andreas/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004/bin/: No such file or directory
chmod: /Users/andreas/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004/bin/dnx: No such file or directory

First of all, I tried tried to update dmvm itself and again run into issueS:

foo@mac-pr:~/.dnx$ dnvm update-self
~/.dnx/dnvm/dnvm.sh doesn't exist. This command assumes you have installed dnvm in the usual location and are trying to update it. If you want to use update-self then dnvm.sh should be sourced from ~/.dnx/dnvm 

Trying so create the missing folders and links manually

sudo mkdir ~/.dnx/dnvm; 
sudo ln -s /usr/local/Cellar/dnvm/1.0.0-dev/bin/dnvm.sh ~/.dnx/dnvm/dnvm.sh

as well as sourcing dnvm.sh directly from the ~/.dnx/dnvm location did not help.

Every time running

dmvm update-self 

ended up in something like

Downloading dnvm.sh from https://raw.githubusercontent.com/aspnet/Home/dev/dnvm.sh 
Warning: Failed to create the file /Users/andreas/.dnx/dnvm/dnvm.sh: 
Warning: Permission denied

As very last attempt, I tried to run all these stuf as su. Unlike on Linux systems, root is not enabled by default on MAC OS though. Therefore it was necessary to enable the root user following these steps.

Now you can run su in any terminal, though.

su on Mac OS

Determining latest version
Latest version is 1.0.0-beta6-12004 
Downloading dnx-mono.1.0.0-beta6-12004 from https://www.myget.org/F/aspnetvnext/api/v2
Download: https://www.myget.org/F/aspnetvnext/api/v2/package/dnx-mono/1.0.0-beta6-12004
######################################################################## 100.0%
Installing to /var/root/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004
Adding /var/root/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004/bin to process PATH
Setting alias 'default' to 'dnx-mono.1.0.0-beta6-12004'

Eventually, you now can run and successfully complete

dnvm install latest -r coreclr -u

and write and run your first .NET application on Mac.

Unfortunately, all bits installed are only available for root once you followed the above instructions.

I do not want to see this web content on Yosemite

For a couple of weeks I now this really annoying message during the start up  of my Yosemite installation.

To view this web content, you need to install the Java Runtime Environment.

If I do follow the instructions of the pop up, I usually land on the Java site.

To view this web content, you need to install the Java Runtime Environment.As I develop on a regular base, I have the latest version of Java already installed (right no it should be version 8u25). Therefore, nothing to do.

I case you thought of installing Apple’s Java version for Mac. That’s  IMHO not the way to solve the issue. You might cure the symptoms, however, you will not fix the root cause for this issue.

To get rid of the message, you need the find the root cause. In my case it was the attempt to try Facebook’s video chat some weeks ago. That was the only one installation I performed since I receive this message. Even though, I disabled the add-on in Firefeox, the message kept showing at start up.

To get finally rid of the message head straight to the terminal and enter

launchctl list

In case you wonder that launchctl does, check the manpage which says

launchctl interfaces with launchd to load, unload daemons/agents and generally control launchd. launchctl supports taking subcommands on the command line, interactively or even redirected from standard input. These commands can be stored in $HOME/.launchd.conf or /etc/launchd.conf to be read at the time launchd starts.

Anyway, you shot not get a list of off all jobs loaded into launchd. There ckeck if you can find com.facebook.videochat.{username}.updater in this list. Wondering what this is? It’s some kind of Facebook-collects-your-data thing. Honestly, I don’t want to know much more about what it does, I just want to get rid of it.

com.facebook.videochat updater

Check out

ls ~/Library/LaunchAgents/ | grep facebook

You should get something like com.facebook.videochat.{username}.plist.
Now run

launchctl unload ~/Library/LaunchAgents/com.facebook.videochat.{username}.plist

followed by

launchctl remove ~/Library/LaunchAgents/com.facebook.videochat.{username}.plist

You might want to run the following command instead

launchctl remove com.facebook.videochat.{username}.updater

You now can delete the property list file

rm ~/Library/LaunchAgents/com.facebook.videochat.{username}.plist

Now check for the FacebookUpdate application  via

ls ~/Library/Internet\ Plug-Ins/ | grep Facebook

Again, you should fine something like FacebookVideoCalling.bundle. Send it to /dev/null via

rm ~/Library/Internet\ Plug-Ins/FacebookVideoCalling.bundle

Now there still something to get rid of by calling

rm -R ~/Library/Application\ Support/Facebook/

Et voiá, your are done. The cause for the message should be gone by now.

To get rid of the JAR file itself use Spotlight to looking for FacebookVideoCalling. You should find something like FacebookVideoCalling_v1.6.jar. Use Finder then to get rid of it.

Finding FacebookVideoCalling_v1.6.jar That is, by the way, the only thing Facebook suggest to uninstall the videochat. Not only, the sort of infect you with the above updater, they also do not provide useful information for uninstalling the stuff.

The fact, Facebook’s add-on installed this nasty updater is quite annoying. Adding a job to the launchd for an Firefox add-on is quite questionable. Even more annoying that this one slipped through the cracks.

Fixing the GPG Crash on Yosemite

Since upgrading to Yosemite, I have trouble running GPGMail with my Mac. When hitting the New Mail button Mail simply crashes.

GPG New MailThere is little I can do, and I almost gave up. The logs don’t help that much, though.

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000

Application Specific Information:
*** Terminating app due to uncaught exception 'NSUnknownKeyException', reason: '[<HeadersEditor 0x7fb0b6584680> valueForUndefinedKey:]: this class is not key value coding-compliant for the key _composeHeaderView.'
abort() called
terminating with uncaught exception of type NSException

However, there is this single thread in the GPG support forum, someone had the exact problem, while support pointed out there is some Yosemite beta of the GPG tools. Just in time,  GPG Suite Beta 4 was released, and it works like a charm.

GPG Suite Beta 4 workingIn case you are looking for the public key, pick it up here.


Fingerprints as Security Token

I am still wondering how people can even think of using fingerprints as security tokens. You spread them all over. It’s like writing down your credit card PIN wherever you are.

Therefore, fingerprints a great for identifying you, however, not for authenticating yourself.

Think about it. These are two absolutely different things.