Friday, December 19, 2008

Redeem the Time

As we close the year 2008 and come near to that time of New Year's Resolutions, here is an idea for you. If you are as unlucky as myself to have to commute every day to work, then redeem the time. I have at various times while driving to/from work listened to: sermons, lectures on philosophy, home brewing podcasts, audio books, plays, TV shows, and more. It is much more interesting than listening to the radio, and it's possible with a $30 MP3 player.

"How do you find great sources?" you may ask. Here are some tips:

  • My county library system has an online audiobook library. I can checkout and download audiobooks for free. There are WMA books, but surprisingly there are also some MP3 books!
  • Check out Project Guetenberg, in addition to the computer read books they also have human read books, and some of them are excellent quality. In particular I can recommend the renditions of Sherlock Holmes, they are absolutely wonderful...and free!
  • Find some podcasts you like. There are excellent podcasts on all sorts of topics. I have picked up podcasts on Ruby, home brewing, technology news, science, business news, and more. There are also some TV shows like 60 Minutes that have a podcast replay of the entire show commercial free. A site I like for managing podcast subscriptions is PodNova. They have a downloadable aggregator that works on Linux.

So why not listen to some of those books you always wanted to read? Jane Austen, F. Scott Fitzgerald, J.R.R. Tolkien, Lewis Carroll, Jules Verne, Charles Dickens, Mark Twain, Fyodor Dostoevsky, Voltaire...they're all here. Listen to the Bible read to you. Fiction or Non-fiction, be creative, learn a new language, or a new subject. It's easy and free.

Wednesday, December 3, 2008

All Your HTTPS Packets Are Belong To Us

Occasionally, I have to work on a restricted network, whether I'm connected via VPN to a remote desktop, or directly to a network.

I'm also in the position, at times, when I need to retrieve something from my company e-mail account, and for whatever reason (productivity drain or virus infections from pointy haired users) the network proxy automatically blocks access to any sites with the word "mail" in their domain name.

One of the easiest ways to get around this is to just use HTTPS, because all your traffic to the remote server is immediately encrypted before it is sent on the network. Only the remote server can decrypt your packets, and if anyone intercepts them, then they look like garbage. The information in your encrypted packets includes the domain name of the server, because with HTTP 1.1 the domain name is sent as an HTTP header. So the automatic proxy filter is out of luck, and I am free to access my e-mail account. (Proxies could of course block by IP address, but that just causes a mess.)

It turns out that some network proxies will automatically generate fake SSL certificates for every secure site that you access. (This is probably old news to network administrators.) The certificates look legit, they include the correct name of the site, but the issuing authority is the proxy device on the network. I can't say that this is shocking to me, I always knew it was possible, I just hadn't encountered it in the real world.

I suppose that normally the network administrator would have installed the proper root certificate on every machine on the network, but in my case I pulled up a site with a certificate that matched the site I was accessing, but was issued from an authority that I don't trust (i.e. the network proxy). Hmm...

Any normal user wouldn't have understood what was going on, but I was immediately suspicious that my machine had been compromised by some virus, or that the remote site had been compromised for phishing purposes. I'm glad that neither situation was true, but I'm left yet again with my confidential information compromised in the name of security.

Think that your credit card number, SSN, personal information, etc. is safe because your using a secure connection. Think again. The network administration team is reading everything that you send to the secure site. The classic man-in-the-middle attack. As always, the weakest link in the chain will be a human being, and now more human beings have access to your information.

It's a brave new world.

Tuesday, November 4, 2008

Clojure: a LISP that has a chance

Clojure is an interesting new language. Here's the executive summary:

Clojure is a dynamic programming language that targets the Java Virtual Machine. It is designed to be a general-purpose language, combining the approachability and interactive development of a scripting language with an efficient and robust infrastructure for multithreaded programming. Clojure is a compiled language - it compiles directly to JVM bytecode, yet remains completely dynamic. Every feature supported by Clojure is supported at runtime. Clojure provides easy access to the Java frameworks, with optional type hints and type inference, to ensure that calls to Java can avoid reflection.

Clojure is a dialect of Lisp, and shares with Lisp the code-as-data philosophy and a powerful macro system. Clojure is predominantly a functional programming language, and features a rich set of immutable, persistent data structures. When mutable state is needed, Clojure offers a software transactional memory system and reactive Agent system that ensure clean, correct, multithreaded designs. —

Each of the key features is exciting to me, a functional LISP that integrates closely with the JVM and has baked-in concurrency. What's more, I think Clojure has a chance at making it big. Here's why:

  • Unique Vision. I don't think any new language can survive for long, unless it has a unique vision. Clojure's unique vision is to bring together a mix of performant, immutable data stuctures, baked-in concurrency, functional style, and close integration with the JVM.
  • JVM Integration. Rich Hickey had the incredible foresight to see the JVM as a platform to be embraced closely. This means that not only can you leverage 100% of existing Java code, but your Clojure code compiles to Java bytecode and benefits from the HotSpot JVM's dynamic optimizations. Compare that to a "from scratch" language that takes years to get a diverse set of libraries and an optimized implementation.
  • Benevolent Dictator. I have always thought that a new LISP (or any new language for that matter) needs a Benevolent Dictator. The BD is the friendly face of the community and sets the tone for how people treat each other. But more importantly the BD is a dictator who has a strong vision for the language, and will say "no" to feature requests that don't line up with his vision. This is Rich Hickey, friendly and open to suggestion, but not afraid to say "no."

If any of this sounds interesting to you, then check out the homepage. The quickest and easiest way to get involved in the community is to join the Google Group. Also, if you're into IRC, then check out #clojure on

I am excited about the future of Clojure, and have really enjoyed working with it so far.

Monday, November 3, 2008

Migrating from to

I won't go into all of the details about why I switched my blogging platform from to, but the biggest reason is that Blogger will host a custom domain for free, whereas WordPress charges $10/year. Yes, $10/year is peanuts, and you're free to host your custom domain with them, but I like free.

The Switch

I had existing posts, and I decided that I wanted existing links to work so that if someone went to they would not get a 404 or a redirect or a jump page with an "oops-this-site-has-moved-click-here-to-go-to-the-real-site" link. Instead I opted for existing links going to a page that includes the original content, plus a little message that says "You're viewing a 'classic' blog entry. Check out the latest entries." This can be done with the Blogger missing files host.

My next problem was that my missing files host would have to be a server somewhere that I had to pay for (hmm...not free). Instead I decided to use the Google Sites service for my Google hosted domain. I created a site and created a structure to exactly mirror my existing links. I went into my Google Apps for Your Domain control panel and added a domain mapping for my new Google Site. Then I was able to test each post by replacing "" to "" in the URL in the browser bar.

I wouldn't have gone through this whole process if I had hundreds of posts. However, for the small number of posts that I had, this was an ideal solution.