Week 51

Published on Author malmLeave a comment

WordPress ‘SS-HeLL’

I was somewhat sidetracked this week in attempting to set up SSL support for the blog, something that’s been on the backlog for a while and is undeniably a good thing and clearly signalled as such last year by Google.  What I found was that adding basic SSL support to the setup was relatively straightforward.  Percolating it through properly to all the material published here over the last two years almost was a whole different matter and as yet incomplete. I’ve left both http and https access enabled for now while I try to work through the remaining https issues.  I thought it would be useful to outline the process I followed in case it helps anyone.

1. Setting up Apache

SSL support actually comes standard in the Ubuntu 14.04 Apache web server package being used to support the blog. You need to enable the corresponding module using a2enmod followed by an Apache restart to recognise the change as follows:

$ sudo a2enmod ssl
$ sudo service apache2 restart

At this point, you should be all set to follow the standard DigitalOcean recipe for creating an SSL certificate on Apache. How I did that is covered in the next section.

2. Installing an SSL certificate

Namecheap are a competitively priced SSL certificate provider that offer neat integrated chat support that I used during the process to resolve a couple of issues.  They offer approx £6/yr “PositiveSSL” certificate signed by Comodo which are ideal for securing a personal blog.  In order to get started you need to first create a private key and certificate signing request (CSR) using openssl as shown below. You get asked a bunch of questions to populate the CSR.  One of them is country name.  I found out the hard way that ‘UK’ creates an invalid CSR.  You need ‘GB’ instead:

$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out malm.teqy.net.csr

Country Name (2 letter code) [AU]:GB

Once you have a valid CSR you submit it to Namecheap in a web form and then follow their Domain Control Validation (DCV) process.  It takes you about an hour to get a bundle of certs which you need to scp over to your target instance and then configure accordingly in the location you want the certs to reside:

$ scp malm_teqy_net.zip <user>@malm.teqy.net:/home/<user>

Now you need to configure Apache default-ssl.conf using this recipe. In particular you need to ensure these lines are added and uncommented within /etc/apache2/sites-available/default-ssl.conf and that you follow up by running the a2ensite command and restarting Apache:

SSLCertificateFile    "/etc/apache2/ssl/malm_teqy_net.crt"
SSLCertificateKeyFile  "/etc/apache2/ssl/malm.teqy.net.key"
SSLCACertificateFile "/etc/apache2/ssl/malm_teqy_net.ca-bundle"

$ sudo a2ensite default-ssl.conf
$ sudo service apache2 reload

 3. Getting WordPress working with SSL

Getting to this point was reasonably ok.  However, more work lay ahead to ensure WordPress (WP) behaved properly in SSL land:

    • Switch off WP Super Cache module to ensure that isn’t interfering with proceedings.
    • Modify WP /var/www/html/wp-config.php to ensure admin is always behind https which requires enabling this:
      define('FORCE_SSL_ADMIN', true);
    • Custom WP permalinks used in this blog don’t work out of the box with SSL. I used this recipe to get them to work modifying /etc/apache2/sites-available/default-ssl.conf and then restarting Apache to enable the fix:
      <Directory /var/www/html/>
           Options Indexes FollowSymLinks MultiViews
           AllowOverride All
           Order allow,deny
           allow from all
           Require all granted
      </Directory>
      
    • However a key usability problem remains.  Most of the pages are showing between two to five broken image links.  It turns out that my approach of linking to external images in my posts introduces problems in some cases where those links don’t exist under https. The solution to this lies in bringing them in from the cold into the blog media library.  I used the ‘image teleporter’ WP plugin to import images from external links to my local setup so they don’t appear broken in SSL context. However, that went disastrously wrong with the first attempt ending up filling my media library with nearly 2000 duplicate images before I stopped and uninstalled the module.  I did eventually manage to manually fix up about 5 or 6 of my most recent blog posts before running out of steam. They should now all work under SSL.

4. Next Steps

Right now it’s possible to navigate to the blog entry page either with or without https.  https does basically work and is now fully enabled for admin access.  However I haven’t switched off http yet because I still need to work out how to fix up potentially hundreds of broken external image links that aren’t available in the https version.  It seems likely that I’ll need to develop a script-based approach for recursing the content, identifying the problem links and importing the corresponding images rather than (shudder) doing it by hand.

This whole exercise has highlighted one of the fundamental issues involved in maintaining your own site. Namely that there’s often a lot of work involved that isn’t to do with publication per se but relates to system administration. Certificate installation, for instance, is probably second nature to many who work in devops land. However, unless you’re doing that sort of stuff everyday you’re going to be slowed down trying to get your head around script locations and the arcane DSLs (domain specific languages) involved.

Manufacturers and Devices

  • It’s a common refrain that Apple has historically operated as a hardware company that develops software to sell their products. They have now announced an Executive Team change that underscores the importance of hardware to the future of the company with the elevation of Johny Srouji:

“In nearly eight years at Apple as vice president of Hardware Technologies, Johny Srouji has built one of the world’s strongest and most innovative teams of silicon and technology engineers, overseeing breakthrough custom silicon and hardware technologies including batteries, application processors, storage controllers, sensors silicon, display silicon and other chipsets across Apple’s entire product line. Educated at Technion, Israel’s Institute of Technology, Johny joined Apple in 2008 to lead development of the A4, the first Apple-designed system on a chip.”

Apps and Services

Uber’s integration with Facebook is fairly straightforward. Over the next few days, Facebook will be updating its app so that existing Uber users can connect their accounts to Messenger and request rides from inside conversations in the app. New users can sign up for Uber from within Messenger, a potential boon to Uber’s growth prospects. (As an incentive to try ordering an Uber car through Messenger, the first ride up to $20 will be free for each customer.)

17messaging-web-articleLarge

Both Alipay and WeChat Payments benefit from social features and other perks that come from being tied into their already popular shopping and chat apps. For this reason, Apple Pay is unlikely to achieve the same scale as its Chinese competitors.

atlas_Nk8bQwhBl@2x

the majority of mobile applications launched in China struggle to retain users. In fact, most apps don’t engage users for more than a week,

202089

Artificial Intelligence

  • Boston Dynamics terrifying take on Santa Claus and his sleigh:

On one side, we’ve built a model of all the music we know about, that is powered by all the curatorial actions of people on Spotify adding to playlists. On the other side, we have our impression of what your music taste is. Every Monday morning, we take these two things, do a little magic filtering, and try to find things that other users have been playlisting around the music you’ve been jamming on, but that we think are either brand new to you or relatively new.”

Security

There is another consideration that might resonate at this time of year. Algorithms don’t need to take a holiday, so they can keep on working while some of their human masters are taking a well-deserved break!

Cloud and DevOps

For those that do not know, Red Hat is essentially an open source outside IT department for internal IT departments. They are the internal IT’s contact for support within Linux with the customer paying Red Hat an annual fee for that service.

_images/logo_redhat.png

dt151220

“Our mission, ultimately, is to have every employee inside of every company using Atlassian products every day,” says Atlassian President Jay Simons. “And when you consider that there’s more than 800 million knowledge workers around the world, that’s a pretty big ambition and it’ll take a while to get there.”

“I just thought you can’t outrun the internet. It makes no sense for us to spend the money to build and maintain an app where there’s probably applications out there that solve the problems,” she said.

IoT and wearables

“I have a Samsung RF4289HARS refrigerator.  The Google calendar app on it has been working perfectly since I purchased the refrigerator August 2012.  However, with the latest changes in Google Calendar API, I can no longer sign in to my calendar.  I receive a message stating ” Please check your email in Google Calendar website”.  I can sign in fine on my home PC and have no problem seeing the calendar on my phone.  Perhaps this is a Samsung issue, but I thought I would try here first.  Has anyone else experienced this problem and what was the solution?”

“Sounds like your fridge needs a software update to use the new API version.”

  • The Breitling Exospace B55 sounds like the sort of “notiwatch” you might find handy when flying your biplane to avoid having to fiddle around for your phone.  Breitling tout it as follows:

[a] “multifunction electronic chronograph [which] also receives notifications of the smartphone’s incoming emails, messages (SMS, WhatsApp) or phone calls (with caller’s name or number) as well as reminders of upcoming appointments.” This means the small LCD screen will display names and info when you get a message.

here’s what we learned in 2015: The most exciting wearables won’t look like computers. They won’t look like anything. Look down at whatever you’re wearing now. That’s the future of wearables.

The Falcon has Landed

It’s currently costing NASA $70m and change to deliver astronauts to the International Space Station and cargo can cost $10,000 a pound to get into orbit. The vast bulk of that cost is the rocket itself, which usually is destroyed in the launch.

  • Though of course it remains to be proved Falcon really is reusable:

The rocket will now be taken back to SpaceX headquarters and examined piece by piece. The hardware will be tested by x-rays and ultrasound to look for imperfections and may be fuelled up for a few static burns, if it is safe.

Software Engineering

  • Robin Wilson’s top five new Python modules for 2015 includes one which I’d not come across before but seems utterly indispensible particularly if you find yourself developing command line tools in Python.  It’s called tqdm and gives you progress bar wings.  Once you’ve pip installed, it, here’s an example I cooked up to show how it works:
from tqdm import tqdm 

def factorial(n):
   if n <= 2:
       return n
   else:
       return factorial(n-1) * factorial(n-2)
 
for item in tqdm(range(35)):
   factorial(item)

Work and Management

Top 5 Complaints of External Talent on Client Organizations
1. Organizations are too slow in making decisions
2. Organizations are too complex
3. Internal staff don’t work hard enough
4. It’s difficult to assess senior leaders
5. Sponsorship is insufficient, buy-in is weak and inconsistent

  • Contractors are an increasingly important fixture of the modern organisation and often the norm in certain high demand tech disciplines (eg. devops, data science, UX design).  Finding and managing this ‘Agile Talent’ is an increasingly important responsibility:

Accenture estimates that 20 to 30% of FTE’s are what we term agile talent (contractors, gigsters consultants, and other externals sought for their particular expertise); Deloitte estimates 30 to 40%. Our data suggests an even higher percentage in the future — over 50% of global companies surveyed plan to increase their use of agile talent.

  • Permanent staff meanwhile need to keep careful watch on how ‘collaborative’ their productive new silo-less organisation really is. The collaboration buzzword is very much en vogue of course but the reality, as HBR point out here, is often more more prosaic and typically centres around a few stressed super-connector producer individuals doing the heavy lifting for a larger group of passive consumers.

the distribution of collaborative work is often extremely lopsided. In most cases, 20% to 35% of value-added collaborations come from only 3% to 5% of employees.

On Skepticism

  • Rather than accede to criticism, he seems to have responded with vim:

Ultimately, the reputation economy is about making money. It urges us to conform to the blandness of corporate culture and makes us react defensively by varnishing our imperfect self so we can sell and be sold things. Who wants to share a ride or a house or a doctor with someone who doesn’t have a good online reputation? The reputation economy depends on everyone maintaining a reverentially conservative, imminently practical attitude: Keep your mouth shut and your skirt long, be modest and don’t have an opinion. The reputation economy is yet another example of the blanding of culture, and yet the enforcing of groupthink has only increased anxiety and paranoia, because the people who embrace the reputation economy are, of course, the most scared. What happens if they lose what has become their most valuable asset? The embrace of the reputation economy is an ominous reminder of how economically desperate people are and that the only tools they have to raise themselves up the economic ladder are their sparklingly upbeat reputations — which only adds to their ceaseless worry over their need to be liked.

We are now living in what I call The Age of Bullshit, or the Anthropobollockscene for short, wherein humanity’s powers of bullshit have irreversibly changed the planet for the worse. In the anthropobollockscene, men with pointless hats will sell you the sweatshop-produced goods you know and love for twice the price. In the anthropobollockscene, you will eat “Japanese tapas” at an “English gastropub,” and Instagram it. In the anthropobollockscene, you think you are happy.

GoatMilkChocolate

Myth 1: Screening saves lives for all types of cancer

Myth 2: Antioxidants are good and free radicals are bad

Myth 3: Humans have exceptionally large brains

Myth 4: Individuals learn best when taught in their preferred learning style

Myth 5: The human population is growing exponentially (and we’re doomed)

  • Richard Thaler is the co-author of Nudge and a Professor of Behavioural Science and Economics.  In this Google tech talk he outlines the flaws of the conventional ‘rational’ model used to predict economic outcomes.  Human beings are subject to bias, blunder and downright poor choice selection.  Accounting for that is vital to build a better model:

Culture and Society

  • Your identity is a construct and may be getting in the way of developing a true Weltanschauung:

These identity categories that we seem so fond of, which we believe make us more real, or more authentic human beings, are actually weighing us down. They limit us, make us immobile, and prevent us from moving forward as a united human race.

the country’s transition to something resembling democracy has come faster than anyone dared expect. For that, Myanmar wins the prize.