Security should be concern #1 on the internet

I was recently reading hackernews when I came across a link to something called EveryoneAPI.  Supposedly a service that converts phone numbers into business intelligence.  So, out of curiosity I tried to visit the link, only to be presented with a blank page.  Odd.

So I went back to the hacker news page for it and visited the comments section.  On there were a bunch of people complaining about the same thing.  I almost laughed out loud when someone (apparently, supposedly someone that has something to do with EveryoneAPI) said that it had to be ad blocking software that people were using as an extension to their web browser and that they should "simply disable it" so that we could access their site.

One of the most important things to remember about online security is that if something was installed (by you or others) to keep you safe, the last thing you want to do is to disable it.  As we all know, there are some really nasty things out on the internet (virus', trojans, and even worse, ransomware).  The last thing you want is take advice such as this, which puts you in a position of being vulnerable to such things.  It is better to just take your mouse and close the window.

Your security on the internet is paramount.  This not only applies to you, but your computer as well.  Here are some guidelines that you really should follow:

1.  Make sure that you have a router between your computers and the internet.  The last thing you want to do is put your computer directly onto the internet for others to be able to get directly to.
2.  Make sure that you have the appropriate security setup on the router when installing it:

• Change the default administrator password
• Make sure that if is a wireless router, and you are using the wireless portion, that you turn on encryption at the strongest level (WPA2).
• When setting up the encryption, be sure to choose a very strong, unguessable password.  If you are like me and use products such as LastPas for credentials storage, the application has a built-in password generator.  Make sure to include all character sets, require every character type and set the password length to a high number (I try not to use anything less than 15 myself)

3.  Never, ever put any trust in a pop-up security alert.  Do not click them, just close the page and leave.
4.  Don't click on links in emails from people you do not know.  They are more than likely phishing.  Most financial institutions and credible businesses will not email you and ask you to provide them with your personal information.   Report any such emails as spam in your email system and move on.
5.  DO NOT open any email attachments sent to you from people you do not know.   This is also a very bad thing and could lead to your computer being infected or worse, taken over.
6.  Browsers such as Firefox and Chrome have extensions to prevent Phishing, called phishing blockers.  Pick one, install it and let it do its job.
7.   STOP or DO NOT use Internet Explorer (IE).  That browser is absolutely awful and you should stop using it immediately.  People who write virus' and other such malware love IE because of the ease with which it propagates their malicious code.  Firefox or Chrome are so much better and they are free.
8.  Use strong passwords anywhere you need to create an account (see note in #2 about creating strong passwords).
9.  Strong passwords don't make it easy to remember, so use something like LastPass (which is FREE) to remember the sites, logins and passowrds that you have.
10.  I know that some people will tell you to enable auto-updates on whatever type of system you are on, but I will just say to make sure you keep your software updated.  I do not use auto-updating myself as I am not always in a position to allow major updates to "just happen".
11.  If you are running on Windows, please be sure and use anti-virus software.  There are free options out there, just find one and use it.   As for Linux and OSx, I leave it up to you.

Ok, now that I have gone over some of the most prevalent security rules for you and your computer on the internet, go forth and surf safely and securely. 

Oh look.... my blog

Yes, its true.  I have completely neglected this blog over the past couple of months.  It is by no fault of my own, but instead I place the blame on the reason, "I was working".  Work has been quite busy, keeping me virtually chained, working on sprint stories. 

Don't get me wrong, I love my job, I am just giving a reason for the neglect that I have provided my readers.  The good news, as that all that hard work has provided me with some content which I plan on posting.  Hopefully I can get a post up here very soon so that I can quench your thirst for geek knowledge. 

Till then, keep coding!

Online Learning For The Self Taught

To begin with, I am a self taught person.  I spend most of my downtime trying to learn or read about something new.  I am always of the mind that I don't know everything and that there is always something that I could be learning.  If you ask my wife, she will tell you that whenever I go someplace, I typically have a book with me, or have my nose in a website trying to learn something.  You should never, ever stop learning.  It keeps your brain young and you on the cutting edge (if that is where you yearn to be).  For my field (I am a Systems Engineer), there are so many changes every day, you can never truly keep up.

Now don't get me wrong, I am not slamming or advising against a formal education.  If you have the opportunity afforded to you to go to college, by all means, go.  You will not regret it and it will benefit you in the long run.  There are some organizations where they require a college degree or they won't even look at you as a candidate (yes, I have run into these).  But, if you are like me and you either don't have the chance, or were not able to finish college, then you will need to seek your knowledge elsewhere, and today that is the online world. 

Online learning takes many shapes.  You can find tutorials on a large number of sites, usually blogs, that will guide you step by step through a particular task or in learning a programming language.  Then there is a slightly older technology called a CBT (Computer Based Training).  You won't run into this much online, but you may find it at large companies that have an internal training department.  You sign up and take courses from their internal learning website.  Its one way, they feed you the information and you write it down.  There may even be a quiz or two. 

Then we get to one of the latest things, the MOOC(Massive Open Online Course) or also referred to as Open Courseware.  This is a system that has now been employed by universities and websites alike, allowing people to take their courses either for free, or for a fee.  Some of these even offer a certificate as proof of passing the course.  

You will find that there are many universities that you have heard of that have MOOC available to the public, but also some you may not have.  A couple of names that stand out are MIT, Stanford, Yale, Johns Hopkins, Harvard, Duke, and the list goes on.   You may find that while the colleges have a page on their site to inform you about their open courseware, their site actually links to something like Coursera, or EDX.

When I first started looking for online resources to learn from, I came across some of the typical "Hey, come here and take our course on ", only to find out that it was either misleading and only gave a very small, a lot to be desired intro, or they got you to a point and they hit you up for money to continue the course.  That really burned when I ran into that.  There are still those today, believe it or not.   I am big into Data Science, and discovered a site called dataquest.io.  I started off with the first lesson or two, but was soon prompted to sign up for their premium service if I wanted to continue.  I was disappointed as there was some aspects of the site that I was interested in, but I just don't have extra funds to pump into something like that at the moment.  I have to keep things on the cheap.  So if you are interested in something like that and have the funds, but all means, check it out.  

So in my further quest, I decided to try and find if anyone had compiled a degree curriculum or syllabus, listing the courses needed to fulfill that degree, with links to said courses.  It took me a bit of searching, but I finally found a couple of links to what I was looking for.  

The first one I found was that of a Bachelor's level curriculum in Computer Science.  This was great, exactly what I was looking for.  What was better, was that that page was already updated to include a link to their Intensive Bachelor's level curriculum in Computer Science.  This was fantastic.  I looked through both lists and was amazed to find such a complete curriculum list, compiled and with links.  

While I was blown away by what I had found, I wanted more.  I still have an interest in Data Science.  There has to be something out there to satisfy that need, and there was.  I bring you, the curriculum for the Open Source Masters in Data Science.  This filled a void, and a big one.  This had an awesome set of courses and links to books as well.  

As you can see, I was able to find 3 different resource that provided me a full curriculum, with links to courses.  All that's left now is to take the courses.  Ah, to have that much time available.  If you do, that's awesome, have at it.  I, unfortunately, only have so much time, but I do my best.

In all of my perusing of the internet learning resources, I have come across a few and made some notes on them.  I provide those for you below, with some of my comments on each.  

Online Learning Sites

http://www.codeschool.com

- All free

- Beginner learning tracks

- git (source control), web dev, iOS, misc electives, ruby, javascript

- Also has screencasts giving overview or tutorial on specific topics  (ie:  they have a 4 part screen cast on docker)

https://www.coursera.org

- Computer related

- courses are free to take
 - You can get a certificate for some courses, but that costs money

https://www.edx.org/

- A large number of courses in a bunch of different categories

- free

- all link to free courses at schools that have the courses online

http://ocw.mit.edu

- Tons of courses

- Free

- Not always current teachings, but within a few years.  Material still quite valid.

http://alison.com

- large array of courses

- math

- languages

- computer science

- web development

- all free

https://www.khanacademy.org/

- tons of courses

- all free

- great for kids

http://oedb.org/

- 10K free, online courses

https://www.open2study.com

- Lots of topics

- Degree related studies

- Free

http://academicearth.org/

- Lots of topics

- Free

http://www.openculture.com/

- Lots of courses

- Free

- Large array of topics

https://www.udacity.com/

- Free

- All technology based

https://www.udemy.com/

- Costs $$

- Technology based

https://degreed.com/

- Free

- Each topic shows places on the web to learn

http://www.codecademy.com/

- Laern to code

- Free

- A few different tracks

http://online.stanford.edu/courses

- College

- Free online courses

https://www.class-central.com/

- Free

- Online Educational courses in a variety of topics

http://tech.co/60-free-computer-science-college-courses-you-can-take-online-in-2015-2015-01

- Course software offered by from multiple online sources

http://www.opsschool.org/en/latest/

- DevOps approach

- Free

https://dataquest.io/

- Learn data science in your browser

- Misleading initially.  You can only take a few 'missions' for free, but then are required to pay a subscription of $35 or more a month to continue.

http://datasciencemasters.org/

- Online curriculum

- Lists where to take courses

- Lists resources for online learning

- Also lists book price, if available

Well, that is the list which I have compiled thus far.  Its not complete by any stretch, but instead is meant more as a taste of what you can find via your favorite search engine.  There are so very many sites that you can find, hopefully you will find the courses that are right for you and further your knowledge.  

So go forth, and learn ( and have fun doing it ).  Master your craft and be the best that you can be.

Not to be all cheezy, but I leave you with a quote from the movie "Drumline":

"And if you don't have the honor and discipline to learn you craft... then quite frankly Devon, you don't deserve to be here."   - Dr. Lee to Devon Miles

Passwords.... Passwords Everywhere

The online world has grown so incredibly much over the past 20 years that its mind boggling.  I remember when all I had to remember was several passwords.   Of course back then there were BBS's still in existence and the internet was an amazing playground just waiting to be explored and getting bigger every day.

Today the number of passwords that you need to remember is astronomical.  Because of that, password security is something that people get extremely lax on.   You hear jokes about people using 'password' as their password, or things like '123456', 'secret', or some other easy to remember word, phrase or date.  In fact, they do an annual survey of the worst passwords of that year.  I hate to say it, but its ignorance of password security that causes people accounts to so easily get hacked.  Now and again I get an email from a friend with a link in it, or directing me to "check this out".  Its usually something out of character for that person. I am extremely skeptical and security minded, so I tend to be wary of things.  I will inform the person and usually they confirm that their account was accessed illegally and that they just changed their password.

One of the biggest complaints I hear is "Sure I can create harder passwords, but how will I remember them?".    I can completely sympathize with that thought, but these days there are applications to assist you with that.  There are password managers that you can use to store your passwords in so you don't have to remember all of them.  You just need to ensure the password to use that application is secure and that you remember it.  And that is what I would like to talk about in this post, because there are far to many easily brute forced passwords out there.  All a person would need is a really detailed set of dictionary files to work off of and they could successfully get into one or more accounts in a system.

There are generally two types of applications:  desktop and browser based.  The application that you choose is up to you, but I recommend trying a couple out and finding one you like and sticking with it.

One of the more popular applications is LastPass.  LastPass runs as an extension to your browser and is available for all 3 major OS's (Linux, Windows and Mac) and all browser (Opera, Chrome, Firefox, Safari and *cough* *cough* IE).  I use LastPass (almost) exclusively and love it!  As you surf to a new site and log in (or create a login), LastPass will offer to create an entry for the site in its database (if it doesn't already have it).  If there is an entry, it compares it to see if it has changed (and offers to update the entry if it has).   LastPass is quite handy and because of it I have the option in my browser to save passwords, turned off.  Of course that is something you shouldn't do anyway.   One really handy option in LastPass (and other softwares as well) is the option to generate secure passwords.  LastPass will generate them and if you click the button to accept it, it will populate it into the form field(s) and then save a generic entry for that site.  So handy!  Oh, and LastPass is FREE!

If you are on a Mac, 1Password is comparable to LastPass.  The only difference is that 1Password costs about $35,  but it is well worth the money.  It has a browser extension just like LastPass, but also has the added nicety of also being its own application on the Mac.  This allows you to store more than just website passwords.  May be you have some company secrets you don't want getting out, or a list of combinations to you safes (mind you I am being totally hypothetical here).  Either way, you have options.

Moving on, another popular application is KeePass.   This application is a standalone application by default, but does have plugins that you can install to give it more functionality, such as browser integration.

One thing that all of these applications have in common though, is that the data itself is encrypted.  That way nobody can just access your stored information without proper access.  For all of these applications you need to supply a password to use them (which you setup after you initially install them.  Some application (like KeePass) have the added benefit of allowing you to specify a key (ssh key for example) for added security.  This key would need to be present and the correct password also entered, providing a form of 2-factor authentication.  This is nice because the key would not have to reside on the machine  You could store the key and database file(s) on a thumb drive (for instance), and keep them with you at all time.

Another option for keeping things a bit more available is if you have a DropBox account, or a similar service, you could store your databases in your dropbox account and access them when you need to.  DropBox's site claims that your data, no matter what you store, is stored with AES256 bit encryption.  Even though the database files that go along with the KeePass application are already encrypted, the extra encryption certainly doesn't hurt.

All-in-all, my recommendation is to try something out and see if you like it.  If not, move on to the next one.  Examine the features and see what is important to you from a security standpoint.  I personally use a combination of LastPass for my internet, 1Password on my work laptop (company provided) and KeePass on my home laptop.

Feel free to Google search password managers and explore what is out there.  It is always better to be safe than sorry.   Password security is no joke.  What's nice is that these applications make the task of having harder, more difficult to crack passwords a bit more palatable.  Especially when they are doing the storing / remembering of logins.  

OSx 10.10.1 Annoyances

If you have had a Mac for any length of time, you are probably used to upgrading to the latest version of the OS when they release it.   Of course within the past couple of years we have all learned that we even have to be wary of Apple and its releases, as they have not been perfect by any stretch.  

My work is holding off on the latest release due to incompatibilities with some pieces of software.  This didn't stop me though, and this was because:  1. I had already upgraded, and 2. Luckily it turns out I didn't use the software in question.  Yay!

But, I have noticed that there are a couple of things in the new release that I find particularly annoying, especially since the modified behavior that I had either previously set specifically, or that was already a default action(and I preferred).

The first one is the setting in System Preferences for automatic display brightness adjustment.  I find this setting annoying as I don't like my computer deciding how bright my screen is supposed to be.  Also, having the screen brighter certainly drains a bit more of the battery.  My eyes are adjusted to having it set lower, and I like it that way.  Plus, when you have a headache(or migraine as I tend to get), the last thing you want is a brighter screen.  

With the 10.10.1 release, the update turned on automatic brightness adjustment.  It took me about an hour to actually notice it.   But if you want it off (like me), go to System Preferences -> Displays and uncheck the box next to "Automatically adjust brightness".  

The other setting that really irked me was that after updating to 10.10.1, I noticed that the default behavior of the machine when you close the lid had changed.  For the longest time the action was to put the computer to sleep when you shut the lid.  After updating, the default action was to hibernate.  As people have probably experienced, hibernate is a royal pain, mostly because when you open your laptop, you have to press the power button and then wait for it to restore.  On a Mac, when you sleep it, you simply open the top and the display comes alive almost right away (within a couple of seconds typically) and you can then log in and get right to work.  Pretty much almost no waiting.  Hibernate is a sloth to come back in comparison to sleep.  

I had to do a little digging to figure out how to fix this.  What you need to is open up your command line terminal and enter the following to make sleep the default when the lid is closed:

  sudo pmset -a lidwake 1

After that, if you shut the lid, it should simply sleep.  Now, some people are probably saying, "Why not just specifically tell it to sleep?".  The reason is to save time.  Instead of taking the time to go to the menus and click sleep, you can simply shut the top of your laptop and have it automatically do it for you.  

Again, these are my annoyances with OSx 10.10.1.  If you are not bothered by them, then continue on.  Otherwise, I hope this helped to fix them for you.

Problem Found With Autoenv

When I first posted about virtualenv a few months ago, I was in the middle of learning to use and configure it.  Since then, I have created a script to create my basic project structure (including creating bitbucket and/or github projects) that also initialized git for you.  All in all, I wanted to be able to run the script and have it setup everything so that I could just start my coding.

As I was using my script though, it did what I created it to, but unfortunately I started to notice that after it was run, my environment would "activate" (quotes used on purpose) when I changed to the project directory, but not really.

Early on I gravitated towards using autoenv to auto-activate my environment when I simply cd'd into the project directory structure.  While this is a really cool tool, it is supposed to source $project_dir/bin/activate to activate the environment.  Unfortunately though, when I do a "which python" after changing to a project's directory, the system python path is provided when it should be referencing the python in the projects environment.

In the testing that I have done, this seems to be a bug with autoenv.  Thankfully though, its not the type of bug that is a project killer, just an annoyance.  For the time being, I plan on adding a sourcing of the activate file to the .env file in each project, as doing so seems to be a valid workaround.  I am also researching this to see if anyone has reported it to the developer.  If not, I will open an issue with them.

One note though, is that once activated via my work around above, you will need to deactivate the environment when you are done and exit the projects directory structure.  This can be done by running the 'deactivate' command.

Passwords In Your Bash History

This is one of those things that is utterly annoying because you can only get mad at yourself.  At work, I have my ssh key populated on a lot of our systems, but there are also plenty of systems where it is not residing as of yet.  When I really get working on something, and working in a quicker than usual manner, there will be times I ssh to a system and don't realize that it "just connected".  The problem is that my fingers are acting way ahead of what I am seeing and have already typed my password and hit enter. 

Well, the problem is that your going to get an error because you password is not typically a command.  Its at that point that you will realize that you messed up and that password is now residing in your bash history. 

Initial searches will show that you can simply edit your history file and remove the offending line(s).  Sure, but I don't want to have to go through all that if I don't have to.  So, digging further you will find that you can simply do this (assuming that you did not type anything else after typing your password and hitting enter):

    history -d $((HISTCMD-1))

This works because the above command adds a line to the history file and you want the previous entry, which is your beloved password.  It will promptly remove it from the history, saving you the worry of having it in there.  The HISTCMD returns the latest command number in the history (reflecting the command you are entering currently to display it).

Now, if you continued typing in commands and figured you would get back to removing it, there is another way you can do this.  First, type 'history' and hit enter.   If your like me, you have your history sett to be thousands of lines, so you may want to pipe it through less or more to halt the scrolling off of your screen, like so:

    history | less

The output will look similar to the following (just more lines):

    757  ls
    758  ls -lart
    759  cat .bashrc
    760  exit
    761  clear

The line number is to the left and the command that was entered is on the right.

Find the line number with your password and issue the following:

    history -d

replacing with the offending number from the history output.

Another example is, say you want to remove all occurrences of a command from your history (and this could work for your password as well).  Simply run the following:

    history | grep "clear" | awk '{print $1}'

That will output the line numbers in your history.  You then just type them each into a 'history -d' to remove them.  Yes, that's tedious, but that is where shell scripting comes in really handy.  Write a script to do it for you.  For instance the shell script could:

- take a single word command as input (to search for)
- find all occurrences of that command in the history and save the line numbers (to an array)
- cycle over the array and run each number through a 'history -d', removing it.

There are a bunch of possibilities.  Of course, you can also add a bit of configuration to your history, reducing occurrences.  In your .bashrc, you can set the HISTCONTROL variable with options that tell the history how to act. 

In my .bashrc you will find the line:

    export HISTCONTROL=ignoredups:ignorespace

What that does is tell history to not record a command that is already in the history, and to ignore a leading space.  That last one is VERY useful when you want to do something but not have any record of it in your history.  You simply hit a space before typing your command and that command will not end up in your history.

Hopefully this helps someone out there keep their passwords secret and not in their history file. 

You Should Really Enable Two Factor Authentication

To your standard user, when you access a website you create a login and password combination for verification of your id.  The login name (also referred to as a username) is typically either a unique name or an email address.

At first thought, one would think that creating a login and having a user set their password should be sufficient security, even considering that a lot of sites have a minimum set of standards for their passwords (ie:  Length, types of characters required, frequency of those characters, etc).  Unfortunately this is incredibly far from the truth.

As we all know, the number of logins and password combinations that the average user has created could be anywhere from a dozen or two, all the way up into what some consider an astronomical number (depending on the number of sites they have accounts on).  The problem most people run into is that they don't want to have to remember all of those passwords, so they use one common password across all of their sites.  While this is great for them, the problem is, is that once an intruder has your password on one site, they will save it for use elsewhere as a 'just-in-case'.

You can now see the inherent vulnerability in this.  Sorry for the digression, but I felt it necessary to get across my point for the need for another, added layer of security that is very difficult to circumvent.  Two Factor Authentication.

 To quickly sum up the gist of what Two Factor Auth is (referred to after this as TFA), it is an added layer of security on an account, typically by way of login verification.  This verification is usually in the form of either an sms (text message) with a code that the application will then prompt you for (and not continue the login unless the correct code is entered), or via an application produced verification code.  The later, application produced verification code, is used by things like Facebook, where the application on your phone will have an option for a security code.  It will display a code that has been synced with the Facebook servers.

What happens when you login is:

• You log in to the application on your computer using your login and password
• You are then prompted for the security code. 
• You then grab your phone, open the application, click to the security code page in the app and enter the code in to the waiting box in the browser.

If all was entered correctly you are granted access to the application.  What's nice is that the potential intruders may have been able to steal your credentials from the Facebook servers (hypothetically of course), but they would not have your phone with the verification code.  So, even if they try, they will not be able to gain access to your account.

There are a number of sites today that offer TFA in order to protect their users, and the number grows every day.  There is even another page that list sites and the links to the page on each site to enable TFA.  Lifehacker also put up a page on TFA that gives a nice overview of how some of the bigger names have implemented it.  I just hope that those that do not currently offer it are smart enough to know of the benefits and actually implement it before it is too late. 

If you do not yet use TFA, please look into doing so.  While it does add a little bit of action on your part to implement it and use it, that little bit of time is well worth not having your personal and private information stolen and sold.  It is all of our responsibilities to make sure we protect ourselves, not assume that someone is going to do it for us. 

Remove Offending Host Key From known_hosts File

If you are managing a whole mess of servers, you may have occasions where the host key associated with a host or hosts, changes.  This is typically due to re-installation.  None the less, when you attempt to ssh to a host for whom you previously had an entry for in your ~/.ssh/known_hosts file, you will see a message similar to the following

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

Please contact your system administrator.

Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.

Offending key in /home/user/.ssh/known_hosts:811

RSA host key for has changed and you have requested strict checking.

Now, if I were accessing something over the internet via ssh and not on my corporate network, I would definitely need to be suspicious of this message.  You don't want to take chances with your security so always be sure.  But, if you are on your own corporate network and get this, check with your System Administrators, but the machine might have been re-installed.

So, looking at the above output, you will see a lot of information.  Most of it doesn't matter.  What does mater for the sake of removing the key in question is the line that reads:

  Offending key in /home/user/.ssh/known_hosts:811

That line tells you exactly what line in the known_hosts file contains the entry you want to remove.  So, whether you are on Mac, Linux or Unix, this should work just the same. What you want to do is grab that number after the colon above, and run the following command:

  sed -i "811 d" /home/user/.ssh/known_hosts

The -i tells sed to run in interactive mode.  Inside the double quotes you have the line number (grabbed from the output) and then a d (which stands for delete the entry, which it will at the line number you provide).  The only other thing on there is the full path to the known_hosts file.  If your not sure of where it is, it was on the line above the offending key line, in the above output.

Now, you could easily put this into a quick bash script that takes 1 field of input (the line number) and then calls the command as shown.  Either way, I hoped this helps with this common problem.


**Update: Thanks to a comment below from Attila-Mihaly Balazs, for letting me know that you can also use:

  ssh-keygen -f "/home/user/.ssh/known_hosts -R offending-hosts-name

That will remove the entry for the offending host who's key has gone stale, with the added benefit of a back up of the known_hosts file, saved with a .old extension, just before the entries removal.  

If you find you do not need the backup, you can simply delete it.

git Error: Unable to find remote helper for https

At my work, my group is (currently) pretty rooted in svn for all of our repository work.  The rest of the company has migrated to using git, but because we are responsible for all of the companies systems, time to switch is not exactly a commodity.

I do use git myself and like it, but when you use it on your own system, you don't always experience all the issues you could (especially since you probably performed all of the necessary pre-installation steps).

On my work desktop I was recently trying to clone a repository using https and received the following error:

  Cloning into gitflow...
  fatal: Unable to find remote helper for 'https'

I was momentarily puzzled by this, knowing I had seen it before, but couldn't remembered what the issue was.  I remembered that git uses curl for cloning via https so I quickly checked and found it already installed.  So, turn to the Google's.  That quick search enlightened me to the fact that the curl-devel package was not installed.

Explanation:  While it says that git uses curl for its https cloning, its actually the development libraries that it makes use of.

So, I needed to do the following since I didn't have them on their when I built git:

• Install the curl-devel package
• Find the source code I downloaded and built git from and do the following:
• ./configure
• make
• sudo make install

After doing all of that, git successfully downloads the repository using https.  Do know that the make does take several minutes to run as there is a lot to build.