Jacob Elder

Who doesn’t love namedropping a great thinker in casual conversation? These are some that I continually find useful.

As a self-taught programmer with no college degree, I started with dynamic languages: Perl, JavaScript, PHP, Ruby. I viewed the statically typed languages (and the programmers who could wield them) with reverence and awe. C, C++, Java, these were “real” languages that required big brains, and I should stay in my dynamically typed playpen. But as I matured, my understanding shifted: dynamic languages require hubris, require belief that you can keep an entire complicated codebase in your head with perfect recall. Statically typed languages, it turns out, invite humility.

With a static type system, each step in a program’s lifecycle can be a little contract with itself. Break that contract and the language will tell you exactly how. These languages can provide immediate feedback to the developer about a program’s correctness before it is even run. Bridging the gap between all of the existing dynamic code (and the developers who wrote it) and the statically typed utopia lies so-called gradual type systems such as TypeScript.

Smarter people than I have explored the meanings of “strong typing” and “strict typing” and “soundness,” and I won’t repeat or try to improve on any of that in this article. What interests me is the ability to “shift left” by using types, and where gradual typing can get in the way.

One of the things I really like about Rust is its match expressions. Plenty of other languages like Ruby, Python, and Haskell have similar features, but it’s painfully absent in popular languages like JavaScript. There, we have only switch...case. That statement is not exhaustive, and matching on anything other than scalar values requires casting to string and may yield counterintuitive results.

Two interests defined 2023 for me: large language models, and plants. So I thought, why not combine them?

This is not a post about using LLMs to write SQL. It’s about using LLMs to teach SQL.

In my teens and early 20s I was obsessed with the history of computing and the internet. I still am, but other obsessions have reduced the relative weight of this interest. It was during those years that I made a regular pilgrimage to the MIT Flea Market. I bought many of the components for my first computers there. I also found this important piece of computing history, a full set of 4.3 BSD manuals, Virtual VAX-11 Version from April, 1986.

Everything in this list is something we have actually used and would recommend to other new parents.

Over the past few months I’ve been dealing with some champagne problems like, “How are we going to process all this data for so many customers?” (please pardon the humblebrag). The answer to problems like that is almost always to introduce a queing system of some sort.

For someone coming from a strong background in Ruby, transitioning to JavaScript was not without hardship. In particular, the callback-centric, highly asynchronous style had me pining for the ability to block. The new-ish Promise pattern improves the situation, but it still has a learning curve. After working with it, specifically the great Bluebird promise library, I can tell you it’s not as complicated as it sounds.

I wrote a NATO phonetic alphabet trainer and notebook called niner.codes.

If you’re using CircleCI’s experimental “Ubuntu 14.04 Trusty” container, you may have already noticed that both Postgres 9.4 and Postgres 9.5 are already running. It’s not officially supported, so without some tweaks, will only be able to access the 9.4 instance. These changes to your circle.yml will force Rails to use the new version.

I had already been a vegetarian for nine months on the day I was born, but I have few early memories of people preparing and eating food around me. Once, as a toddler, I was scolded by my father for dropping food on the floor, when in fact I was actually just eating like a brontosaurus (which implies not using hands, obviously). For snacks, my parents would provide tofu that had been frozen and thawed to give it an interesting texture, or popcorn with nutritional yeast if we were being fancy and using multiple ingredients.

A few days ago, in a fit of pre-launch, late-night frustration, I issued the following 140-character missive.

Another way Octopress (and Jekyll) differs from Blogger is that we now have each post in its own directory. I can’t say I fully understand this, though it does look cleaner. It would make sense if there were also an easy way to have images for each post live in that same directory. Regardlss, this breaks all inbound links. Here’s the 404 page I created to solve this problem. If the original URL ended with .html, it suggests a link to the possible new URL.

As it turns out, getting your Octopress-hosted blog up and running on CloudFront is pretty easy. The only problem I ran into is that Octopress wants every post and page to be a directory with an index.html, but CloudFront only recognizes default objects at the root, not for subdirectories. The solution to that is to create a CloudFront distribution using a Custom Origin, which points to the example.s3-website-us-east-1.amazonaws.com URL rather than the S3 bucket itself. This way you end up using S3’s much more functional default object support. As of this writing, this blog is served by CloudFront.

I just submitted a pair of pull requests which add explicit support for Amazon S3 to the awesome Octopress blogging platform. This is something I’ve been meaning to do for ages. There will be a followup post about some less-than-awesome things I discovered about the S3 ecosystem.

I’m on S3 now. Goodbye Blogger.

The nice folks at New Relic have added an under-hyped feature to RPM which allows for the tracking of the time a given request spent in the server's work queue before processing began. This information in crucial in determining when you need to add more workers. It only requires that your front-end add an X-Request-Start header containing the epoch time in microseconds when the request was received. They offer a patch for NginX and a one-line config change for Apache.

At LocaModa, most of our APIs are eventually consumed by ActionScript 3 applications run on large outdoor screens or in users' web browsers. Flash's cross-domain request protection incurres some round-trip latency, which essentially means wasted screen time, which is money, and I'd like to share one way we optimize for this.

I'm sure you love renewing SSL certificates almost as much as I do. Nothing beats the satisfaction of... slogging through a bunch of complicated commands you haven't typed in years just to maintain status quo. Right.

Having had an opportunity to take better notes on this process for my employer, I present to you a few brief commands to make renewing your SSL certificates almost painless.

1. First, check your expiration date.
   
   

   openssl s_client -connect host01.example.com:443 < /dev/null 2> /dev/null |\
      sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\
      openssl x509 -enddate

I’ve been wanting to use this trick forever. Here’s how to quickly, effortlessly, and I should add, destructively, convert all tables in a given database to UTF8.

Unlike Spirit and Opportunity, Sojourner could not directly communicate with Earth and had to rely on the lander to transmit messages about its health and travels. So when contact with the lander, which was designed to last one month, was lost after three months, ground controllers were not sure what became of Sojourner.

Now, it seems the rover kept moving, apparently trying to reach its companion. "The rover was programmed so that if it didn't get commands from the lander, it would assume it somehow got out of radio contact behind a ridge or rock," Parker told New Scientist. "So it would drive to the lander as best it could and keep trying to re-establish contact", circling it as it got close, he says.

When it was last seen, the rover was 13 metres away from the Pathfinder lander. Now, it appears to be about 6 metres away, according to the new MRO images. "I think the simplest explanation is it started to drive back, got about half way, and stopped for whatever reason - it may have thought it got there," says Parker. "The other possibility is it drove around and around for who knows how long and simply failed at that location."

I have made available a completely unofficial but functional MacOS Leopard build of git and the excellent GitNub viewer. To install, pretend I'm a trustworthy individual and run:

curl http://jelder.s3.amazonaws.com/git-1.6.1-leopard.tar.gz | sudo tar xvzf - -C /

This will put git in /usr/local/bin/git (with other support files in /usr/local/libexec and /usr/local/share). The nub script in /usr/local/bin/nub will launch GitNub from the current directory.

Most of my Mint's value for us users comes from knowing how our money is getting spent, but one critical part of that use case is missing: a workflow for rapid categorization.

Mint needs a really slick way to let me sit down once a month and quickly categorize all of my uncatagorized transactions. I should be presented with a queue of transactions from unknown merchants and some method for applying labels, splitting bills, etc. Ideally, I should be able to keep my hands on the keyboard for this, and it should take like 5 minutes a month or less.

This can be done manually now, of course, but it's far from efficient. The ajax stuff in the transactions tab has improved but it's still too chunky and slow on a modern MacBook Pro and Firefox 3.0. The experience should be less hunt-pick-wait and more next-next-next.

With more complete vendor preference profiles for each user, Mint should be able to monetize via more focused opportunities. Good luck guys! Mint is great but it's not complete!

Possibly the best thing about git is that you can start from an existing directory. This makes it amazing for tracking configuration files.

cd /etc/ldap ; git init ; git add . ; git commit -m "got some config religion"

Too bad one can't use GitHub for this, but remote backups and batch config changes get really elegant with kind of setup.

People who work with me know I treat version control like a sacrament. "If it's not in Subversion, it never happened." My desktop is a Subversion checkout. It has tags.

But Subversion, despite having a superior name, is losing favor to Git. I really like some of Git's philosophical decisions, so I'm diving in. I have one open source side project these days (flashpolicyd) and I have just migrated it to GitHub.

http://github.com/jelder/flashpolicyd/

Here we go...

It's practically 2009 and too many of us still use a jumble of letters and numbers as passwords. A New Year's resolution to keep: here's an ultra-short tutorial on never typing your password into a remote host again. First, the MacOS client version.

1. Create a key and encrypt the private side with a strong passphrase: ssh-keygen -t dsa
2. Add it to your Keychain: ssh-add -K .ssh/id_dsa
3. Establish trust: cat .ssh/id_dsa.pub | ssh some.remote.net tee -a .ssh/authorized_keys (or email that file to someone who can do this for you)
4. Now go disable passwords for SSH on that remote server by adding PasswordAuthentication no to /etc/sshd_config and restarting the SSH server. You are now immune to SSH brute force attacks.

Repeat steps 3 and 4 for every remote machine you use, but make sure you have a secure backup of that private key!

I practically never use Linux from the console any more, so I won't contribute a tutorial for that today. PuTTY and Pagent make this pretty damn easy on Windows. No more excuses!

That solves the shell session password issue. For the rest, the solution isn't so neat and tidy. sudo apt-get install pwgen to create super strong (but somewhat memorable) passwords for local accounts and websites. Turn on FileVault or FireFox's master password and let software deal with authentication for you.

• flashpolicyd
• flashpolicy-benchmark

I've gotten some compliments on my Mad World custom iPhone ringtone. It always puts me in a calm mood before dealing with whomever is calling, so I thought I'd share it and a few others I made.

• Mad World
• Amok Time (All unironic use is prohibited)
• MGMT - Kids
• MGMT - Time to Pretend

Update: The proper name for that track is probably "Amok Time," nerds.

Two problems which have been bothering me forever have finally been solved. One (and this should have been obvious) is revealing the total system memory on BSD-like systems from the command line. There is no equivalent of Linux's free -m. The closest approximation is sysctl hw.physmem. This lead to a revelation that one of my OpenBSD firewalls had been provisioned with several gigabytes more than it would ever, ever need. Yay!

A good friend of mine has gone to great lengths in refining the pathway between his brain and his computer. That is to say, he's serious about keyboard design.

I'm not quite ready to invest in an ergonomic (and scary looking) keyboard-as-cereal-bowl, or the ultimate extreme, hacking up my own Dvorak variant.What I am willing to do, however, is repurpose my utterly useless Caps Lock.

Thanks to inspiration from Bill in 2006 and lots of experiments since, I am now able to publish my findings on the subject. VIM users' most frequently used key is probably Escape. For me that means moving my ring finger about three inches diagonally away from the home row, maybe a few hundred times an hour. Plus, the top row is frequently smaller than the other rows. It's actually designed to be hard to hit without effort. Caps Lock, meanwhile, is both enormous and well within pinky range on the home row.

For Windows, it's a registry hack which I've written about before. Create a file called CapsLockEscape.reg and paste this text into it, save it, and double-click. You'll have to log out and log back in (or reboot) for it to take affect.

Windows Registry Editor Version 5.00

Weekend Project time. Here's how to build a VPN using just SSH and two Ubuntu machines. At least one of these machines should have a static IP or DNS, and they should both be the default gateway for their respective sites.

A quine is a computer program which produces its own source code when executed. My brother is learning Python and we've been talking about quines a lot lately. I have a feeling that I'm cheating here, but I present for posterity my own crazy short Perl quine.

I really like this: