Sections
WordPress ‘SS-HeLL’
I was somewhat sidetracked this week in attempting to set up SSL support for the blog, something that’s been on the backlog for a while and is undeniably a good thing and clearly signalled as such last year by Google. What I found was that adding basic SSL support to the setup was relatively straightforward. Percolating it through properly to all the material published here over the last two years almost was a whole different matter and as yet incomplete. I’ve left both http and https access enabled for now while I try to work through the remaining https issues. I thought it would be useful to outline the process I followed in case it helps anyone.
1. Setting up Apache
SSL support actually comes standard in the Ubuntu 14.04 Apache web server package being used to support the blog. You need to enable the corresponding module using a2enmod
followed by an Apache restart to recognise the change as follows:
$ sudo a2enmod ssl $ sudo service apache2 restart
At this point, you should be all set to follow the standard DigitalOcean recipe for creating an SSL certificate on Apache. How I did that is covered in the next section.
2. Installing an SSL certificate
Namecheap are a competitively priced SSL certificate provider that offer neat integrated chat support that I used during the process to resolve a couple of issues. They offer approx £6/yr “PositiveSSL” certificate signed by Comodo which are ideal for securing a personal blog. In order to get started you need to first create a private key and certificate signing request (CSR) using openssl
as shown below. You get asked a bunch of questions to populate the CSR. One of them is country name. I found out the hard way that ‘UK’ creates an invalid CSR. You need ‘GB’ instead:
$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out malm.teqy.net.csr Country Name (2 letter code) [AU]:GB
Once you have a valid CSR you submit it to Namecheap in a web form and then follow their Domain Control Validation (DCV) process. It takes you about an hour to get a bundle of certs which you need to scp
over to your target instance and then configure accordingly in the location you want the certs to reside:
$ scp malm_teqy_net.zip <user>@malm.teqy.net:/home/<user>
Now you need to configure Apache default-ssl.conf using this recipe. In particular you need to ensure these lines are added and uncommented within /etc/apache2/sites-available/default-ssl.conf
and that you follow up by running the a2ensite
command and restarting Apache:
SSLCertificateFile "/etc/apache2/ssl/malm_teqy_net.crt" SSLCertificateKeyFile "/etc/apache2/ssl/malm.teqy.net.key" SSLCACertificateFile "/etc/apache2/ssl/malm_teqy_net.ca-bundle" $ sudo a2ensite default-ssl.conf $ sudo service apache2 reload
3. Getting WordPress working with SSL
Getting to this point was reasonably ok. However, more work lay ahead to ensure WordPress (WP) behaved properly in SSL land:
- Switch off WP Super Cache module to ensure that isn’t interfering with proceedings.
- Modify WP
/var/www/html/wp-config.php
to ensure admin is always behind https which requires enabling this:
define('FORCE_SSL_ADMIN', true);
- Custom WP permalinks used in this blog don’t work out of the box with SSL. I used this recipe to get them to work modifying
/etc/apache2/sites-available/default-ssl.conf
and then restarting Apache to enable the fix:<Directory /var/www/html/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all Require all granted </Directory>
- Blog permalinks were now working but mostly displaying ‘insecure content’. Using the handy whynopadlock.com checker, the root cause was identified and fixed by installing and activating the WP ‘insecure content fixer’ plugin. Now, finally, we have green padlocks in place working across the https-enabled site!
- However a key usability problem remains. Most of the pages are showing between two to five broken image links. It turns out that my approach of linking to external images in my posts introduces problems in some cases where those links don’t exist under https. The solution to this lies in bringing them in from the cold into the blog media library. I used the ‘image teleporter’ WP plugin to import images from external links to my local setup so they don’t appear broken in SSL context. However, that went disastrously wrong with the first attempt ending up filling my media library with nearly 2000 duplicate images before I stopped and uninstalled the module. I did eventually manage to manually fix up about 5 or 6 of my most recent blog posts before running out of steam. They should now all work under SSL.
4. Next Steps
Right now it’s possible to navigate to the blog entry page either with or without https. https does basically work and is now fully enabled for admin access. However I haven’t switched off http yet because I still need to work out how to fix up potentially hundreds of broken external image links that aren’t available in the https version. It seems likely that I’ll need to develop a script-based approach for recursing the content, identifying the problem links and importing the corresponding images rather than (shudder) doing it by hand.
This whole exercise has highlighted one of the fundamental issues involved in maintaining your own site. Namely that there’s often a lot of work involved that isn’t to do with publication per se but relates to system administration. Certificate installation, for instance, is probably second nature to many who work in devops land. However, unless you’re doing that sort of stuff everyday you’re going to be slowed down trying to get your head around script locations and the arcane DSLs (domain specific languages) involved.
Manufacturers and Devices
- It’s a common refrain that Apple has historically operated as a hardware company that develops software to sell their products. They have now announced an Executive Team change that underscores the importance of hardware to the future of the company with the elevation of Johny Srouji:
“In nearly eight years at Apple as vice president of Hardware Technologies, Johny Srouji has built one of the world’s strongest and most innovative teams of silicon and technology engineers, overseeing breakthrough custom silicon and hardware technologies including batteries, application processors, storage controllers, sensors silicon, display silicon and other chipsets across Apple’s entire product line. Educated at Technion, Israel’s Institute of Technology, Johny joined Apple in 2008 to lead development of the A4, the first Apple-designed system on a chip.”
Apps and Services
- In advance of the purported launch of Facebook’s digital assistant service M (for Moneypenny) they’ve announced a partnership with Uber within Messenger:
Uber’s integration with Facebook is fairly straightforward. Over the next few days, Facebook will be updating its app so that existing Uber users can connect their accounts to Messenger and request rides from inside conversations in the app. New users can sign up for Uber from within Messenger, a potential boon to Uber’s growth prospects. (As an incentive to try ordering an Uber car through Messenger, the first ride up to $20 will be free for each customer.)
- How WhatsApp is being used in India as a free marketing and sales tool by small businesses. Another good example of how technology can often be used in ways the designers hadn’t thought of.
- Quartz on why Apple Pay will “never match Alipay” in terms of popularity in China because it isn’t tied to a messaging platform:
Both Alipay and WeChat Payments benefit from social features and other perks that come from being tied into their already popular shopping and chat apps. For this reason, Apple Pay is unlikely to achieve the same scale as its Chinese competitors.
- Umeng data from China outlines average app retention rates for the first week and it makes for pretty grim reading if you’re an app developer:
the majority of mobile applications launched in China struggle to retain users. In fact, most apps don’t engage users for more than a week,
Artificial Intelligence
- Boston Dynamics terrifying take on Santa Claus and his sleigh:
- Fascinating Quartz post about how Spotify’s popular Discover recommendation service (which has 75 million users) works to yield what many consider to be spookily good results. There’s a combination of natural language processing (NLP) and deep learning neural nets going on under the hood. It’s not enough to stop this correspondent from giving up on the service after six years though citing growing content gaps though the Beatles-shaped one has been filled:
On one side, we’ve built a model of all the music we know about, that is powered by all the curatorial actions of people on Spotify adding to playlists. On the other side, we have our impression of what your music taste is. Every Monday morning, we take these two things, do a little magic filtering, and try to find things that other users have been playlisting around the music you’ve been jamming on, but that we think are either brand new to you or relatively new.”
Security
- A VC on GigaOM reviews the prospects for companies such as DarkTrace who are applying unstructured machine learning to address cyber security problems. In short, they look good particularly at this time of year:
There is another consideration that might resonate at this time of year. Algorithms don’t need to take a holiday, so they can keep on working while some of their human masters are taking a well-deserved break!
- How to detect and disconnect WiFi cameras in that AirBnB you’re staying in.
Cloud and DevOps
- RedHat are “poised to disrupt the infrastructure software industry“ apparently. Hope somebody told Amazon. Where RedHat are likely to remain strong is in operating as ‘Linux swamp guides’ for increasingly stressed IT departments. Particularly those that still don’t feel comfortable going off the Microsoft piste.
For those that do not know, Red Hat is essentially an open source outside IT department for internal IT departments. They are the internal IT’s contact for support within Linux with the customer paying Red Hat an annual fee for that service.
- GitLab 8.3 has been released and among other goodies has full Atlassian Jira integration. Meanwhile GigaOM look at Atlassian’s ambitions for the collaborative enterprise where they are increasingly finding themselves rubbing up against Slack.
“Our mission, ultimately, is to have every employee inside of every company using Atlassian products every day,” says Atlassian President Jay Simons. “And when you consider that there’s more than 800 million knowledge workers around the world, that’s a pretty big ambition and it’ll take a while to get there.”
- This fascinating wide-ranging interview with Stephanie von Friedeburg, the CIO of the World Bank is well worth reading. She espouses a surprising degree of common sense and introduces a new (at least to me) term – CYOD (choose your own device):
“I just thought you can’t outrun the internet. It makes no sense for us to spend the money to build and maintain an app where there’s probably applications out there that solve the problems,” she said.
- Relatedly, InfoQ ran a series of articles on DevOps in the Enterprise. It includes an interview with Intel IT’s DevOps Chief Architect.
IoT and wearables
- Raspberry Pi Sense Hat Christmas projects include a neat marble maze demo:
Marble Maze fun – great for escaping awkward Xmas conversations with your in-laws: 'Are you still making pies?' :-/ pic.twitter.com/yPnO4m4WOj
— Dan Fisher (@R2_Dan2) December 23, 2015
- By all means ‘ask the fridge’ but what if it can’t talk back? Here’s a glimpse into an API foobar future foretold that techno-utopians tend to skip past:
“I have a Samsung RF4289HARS refrigerator. The Google calendar app on it has been working perfectly since I purchased the refrigerator August 2012. However, with the latest changes in Google Calendar API, I can no longer sign in to my calendar. I receive a message stating ” Please check your email in Google Calendar website”. I can sign in fine on my home PC and have no problem seeing the calendar on my phone. Perhaps this is a Samsung issue, but I thought I would try here first. Has anyone else experienced this problem and what was the solution?”
“Sounds like your fridge needs a software update to use the new API version.”
- The Breitling Exospace B55 sounds like the sort of “notiwatch” you might find handy when flying your biplane to avoid having to fiddle around for your phone. Breitling tout it as follows:
[a] “multifunction electronic chronograph [which] also receives notifications of the smartphone’s incoming emails, messages (SMS, WhatsApp) or phone calls (with caller’s name or number) as well as reminders of upcoming appointments.” This means the small LCD screen will display names and info when you get a message.
- Wired on why wearables increasingly won’t be a defined ‘thing’ (category) moving forward, just what you already wear:
here’s what we learned in 2015: The most exciting wearables won’t look like computers. They won’t look like anything. Look down at whatever you’re wearing now. That’s the future of wearables.
The Falcon has Landed
- We’ve covered the remarkable technology and smart business behind Space X’s reusable Falcon 9 rocket earlier this year in this blog. A key milestone has now been passed with the successful landing of a Falcon 9. Its all to common to hear people throw around words like ‘historic’ for situations that don’t warrant it. This is different. It’s a really big deal and arguably the modern-day equivalent of the Wright Brothers first flight just over 100 years ago. Elon Musk has demonstrated how the present-day cost model for spaceflight could be totally disrupted:
It’s currently costing NASA $70m and change to deliver astronauts to the International Space Station and cargo can cost $10,000 a pound to get into orbit. The vast bulk of that cost is the rocket itself, which usually is destroyed in the launch.
- Though of course it remains to be proved Falcon really is reusable:
The rocket will now be taken back to SpaceX headquarters and examined piece by piece. The hardware will be tested by x-rays and ultrasound to look for imperfections and may be fuelled up for a few static burns, if it is safe.
Landing from helo https://t.co/dYomRtG0Xs
— SpaceX (@SpaceX) December 22, 2015
11 satellites deployed to target orbit and Falcon has landed back at Cape Canaveral. Headed to LZ-1. Welcome back, baby!
— Elon Musk (@elonmusk) December 22, 2015
Software Engineering
- Robin Wilson’s top five new Python modules for 2015 includes one which I’d not come across before but seems utterly indispensible particularly if you find yourself developing command line tools in Python. It’s called tqdm and gives you progress bar wings. Once you’ve pip installed, it, here’s an example I cooked up to show how it works:
from tqdm import tqdm def factorial(n): if n <= 2: return n else: return factorial(n-1) * factorial(n-2) for item in tqdm(range(35)): factorial(item)
Work and Management
- HBR on the major factors that attract the best contractors makes for interesting reading and underline the serious challenges most workplaces have in persuading them to join full time:
Top 5 Complaints of External Talent on Client Organizations
1. Organizations are too slow in making decisions
2. Organizations are too complex
3. Internal staff don’t work hard enough
4. It’s difficult to assess senior leaders
5. Sponsorship is insufficient, buy-in is weak and inconsistent
- Contractors are an increasingly important fixture of the modern organisation and often the norm in certain high demand tech disciplines (eg. devops, data science, UX design). Finding and managing this ‘Agile Talent’ is an increasingly important responsibility:
Accenture estimates that 20 to 30% of FTE’s are what we term agile talent (contractors, gigsters consultants, and other externals sought for their particular expertise); Deloitte estimates 30 to 40%. Our data suggests an even higher percentage in the future — over 50% of global companies surveyed plan to increase their use of agile talent.
- Permanent staff meanwhile need to keep careful watch on how ‘collaborative’ their productive new silo-less organisation really is. The collaboration buzzword is very much en vogue of course but the reality, as HBR point out here, is often more more prosaic and typically centres around a few stressed super-connector producer individuals doing the heavy lifting for a larger group of passive consumers.
the distribution of collaborative work is often extremely lopsided. In most cases, 20% to 35% of value-added collaborations come from only 3% to 5% of employees.
On Skepticism
- Benedict Evans found himself in hot water with some of the Silicon Valley crowd for daring to suggest that there’s ‘nothing’ there:
You move to SF for tech and spend all your money on rent. Well, there’s nothing else here. Maybe I’ll crack and go run in circles
— Benedict Evans (@BenedictEvans) December 21, 2015
- Rather than accede to criticism, he seems to have responded with vim:
'SF is all about challenge, diversity, difference, change, new opinions!'.
-'I don't think SF is that great'
'Shut up! Burn him! Burn him!'— Benedict Evans (@BenedictEvans) December 21, 2015
- Evans would probably agree with Bret Easton Ellis’ sharp riposte on a ‘reputation economy’ built on an ultimately enervating ‘cult of likeability’. Trying to do things to please everyone is bound to make you less interesting:
Ultimately, the reputation economy is about making money. It urges us to conform to the blandness of corporate culture and makes us react defensively by varnishing our imperfect self so we can sell and be sold things. Who wants to share a ride or a house or a doctor with someone who doesn’t have a good online reputation? The reputation economy depends on everyone maintaining a reverentially conservative, imminently practical attitude: Keep your mouth shut and your skirt long, be modest and don’t have an opinion. The reputation economy is yet another example of the blanding of culture, and yet the enforcing of groupthink has only increased anxiety and paranoia, because the people who embrace the reputation economy are, of course, the most scared. What happens if they lose what has become their most valuable asset? The embrace of the reputation economy is an ominous reminder of how economically desperate people are and that the only tools they have to raise themselves up the economic ladder are their sparklingly upbeat reputations — which only adds to their ceaseless worry over their need to be liked.
- How the Mast brothers “fooled the world into buying crappy hipster chocolate for $10 a bar” by growing beards and talking about authenticity and artisanal products. Goat milk chocolate ftw. Seems like a straightforward example of ‘cupcake fascism’ in action:
We are now living in what I call The Age of Bullshit, or the Anthropobollockscene for short, wherein humanity’s powers of bullshit have irreversibly changed the planet for the worse. In the anthropobollockscene, men with pointless hats will sell you the sweatshop-produced goods you know and love for twice the price. In the anthropobollockscene, you will eat “Japanese tapas” at an “English gastropub,” and Instagram it. In the anthropobollockscene, you think you are happy.
- Nature on five enduring science myths that won’t die:
Myth 1: Screening saves lives for all types of cancer
Myth 2: Antioxidants are good and free radicals are bad
Myth 3: Humans have exceptionally large brains
Myth 4: Individuals learn best when taught in their preferred learning style
Myth 5: The human population is growing exponentially (and we’re doomed)
- Richard Thaler is the co-author of Nudge and a Professor of Behavioural Science and Economics. In this Google tech talk he outlines the flaws of the conventional ‘rational’ model used to predict economic outcomes. Human beings are subject to bias, blunder and downright poor choice selection. Accounting for that is vital to build a better model:
Culture and Society
- Your identity is a construct and may be getting in the way of developing a true Weltanschauung:
These identity categories that we seem so fond of, which we believe make us more real, or more authentic human beings, are actually weighing us down. They limit us, make us immobile, and prevent us from moving forward as a united human race.
the country’s transition to something resembling democracy has come faster than anyone dared expect. For that, Myanmar wins the prize.