Extrins, Intrexes, and the Wonderful World of Being Semi-social

Are you an extrovert or an introvert? If you’ve ever done a Myers-Briggs test, you are familiar with the questions: Do you prefer being in a crowd when you are stressed, or would you rather retreat? Do you have lots of friends, or just a few, very deep ones? Do you prefer a loud party of 100 or an intimate gathering of 4?

While in parts of the business world the Myers-Briggs Type Indicator is almost a religion, it was originally meant as a tool to explain that different people think differently, and that these differences of manner shouldn’t be read as differences of attitude. It’s not that a Perceiver is indecisive – it’s that a P needs data to form an opinion. It’s not that a J is impatient, it’s that until the thing is finished, it may well not exist to her.

The I vs. E dimension, introversion vs. extroversion, is something many people easily identify with, much more so than the other three. In fact, while all other ones require explanation just for anyone to understand what they mean, with this dimension it’s the other way around: people identify first, and then they usually need to be explained what the dimensions mean.

The problem with this dimension is that many people that aren’t on the ends of the spectrum don’t quite know what to make of the classification. They feel neither introverted nor extroverted, but they don’t particularly identify with other “zeros”. What’s going on?

Primary human emotions are few and powerful. Research tells us there are six of them: happiness, sadness, fear, anger, surprise and disgust. They are very distinct and come from different places in our brain, having evolved out of reactions to external influencers. Fear, for instance, is an emotion meant to deal with threats. Disgust is supposed to prevent us from doing things (usually: eating them) that could be dangerous for us. Surprise is the way we deal with the unexpected and opens us up for new information.

(more…)

Hiking Green Mountain

Green Mountain trailI bought my house in Lakewood in great location. To my West, the mountains in a series of ascending peaks, including the giant tower of Creation Rock in Red Rocks Park. To my South, the beautiful Bear Creek Lake Park (also: a handful to say) with the public beach and water skis on Soda Lake. To my North, of course, the big hulking mesa known as Green Mountain.

It’s been a while I’ve lived here, but I never hiked up Green Mountain. Much of it was simply because it was too cold or snowy, but finally it’s warmed up and it was time to try hit the summit. I packed a protein bar and carried a giant jug of water (you’ll need both) and set out to conquer my first Colorado mountain (that didn’t have a ski lift).

The first pleasant surprise is the trail system. Trails cross the mountain everywhere, they are superbly maintained, and the place is teeming with hikers, bikers, and occasionally horse riders. Google Maps, which I used for orienting, only has a small subset of the trails available, so make sure you get a better map from the City of Lakewood site or at the parking lot.

I am lucky and don’t have to drive at all. I just walk from my front door and I am on the trails nine minutes later. If you have to park, though, there are several pretty spacious lots, that though fill up relatively quickly on a warm weekend. The main entrance is on W Alameda Parkway on the East side, while the quickest way to the top is on the West side, across the mountain from CO 470 (Rooney Road Trailhead). 

(more…)

Skribi Esperanton Askie (Sen Ĉapelitaj Literoj)

Jen ofta problemo: vi volas skribi ion en Esperanto komputile, sed vi ne havas Esperantan klavaron. Vi nur havas vian nacian klavaron, oer kiu vi scipovas tajpi viajn naciajn literojn kaj la aldonajn anglajn. Kion fari?

Ĉar mi ja estas komputilisto, mi emis konsideri la teorian aspekton de ĉi tiu demando. Unue, konsideru ke ĉiuj modernaj komputiloj minimume komprenas la Unikodan literaron. Ĉar tiu inkluzivas la Esperantajn (ĉapelitajn) literojn, se vi scipovas kiel enmeti ilin, la komputilo aŭ retejo probable konservos ilin.

La problemo plej ofte estas via klavaro, kiu ne enhavas  capelitajn literojn aŭ manieron aldoni ilin (aŭ ian ajn Unikodaĵon). Kion fari?

La unuaj 127 koderoj de Unikodo estas specialaj. Ili estas nomataj Askiaj literoj, devene de Usona mallongigo ASCII (American Standard Code for Information Interchange – Usona Norma Kodo por Informada Interŝanĝo). Krom kelkaj apartaj simboloj kiel la punkto, komo, ‘@’ kotopo. tiu kodo enhavas la anglan Latinan alfabeton majuskle kaj minuskle. Tio estas dufoje 27 literojn.

El 27 literojn, Esperanto uzas 23 – ni ne uzas Q, W, X, Y. Aldone, Esperanto havas ses ĉapelitajn literojn, Ĉ, Ĝ, Ĥ, Ĵ, Ŝ, Ŭ. Do. Esperanto bezonas 29 literojn sume, tio estas du pli ol la angla Latina alfabeto provizoras.

Kiam modemulo volas enŝovi pli grandan piedon en malpli grandan ŝuon, li aŭ ŝi scias, ke kaj la ŝuo disfalos frue kaj la piedo doloros ege. Kiam komputilisto volas enŝovi pli grandan literprovizon en malpli grandan kodon, oni devas elpensi manieron kiu malpleje dolorigas kaj pleje facilas.

Estas kelkaj facilaj elektoj. Ekzemple, utilas ke la kvin vokaloj restu senŝanĝaj. Kiel eble plej multaj konsonantoj ne ŝanĝu – sed io ajn ja devas ŝanĝi.

Jen la strategioj, kiujn ni povas uzi kaj la resultaj kodigoj.

1. Simpligu La Esperantan Alfabeton

Multaj homoj ne ŝatas uzi la literon Ĥo, kiu estas la plej malofte uzata en la Esperanta alfabeto. Fakte, en plimulto da okazoj, oni havas apartan version de vorto, kiu ne enhavas tiun literon. Ekz. konsideru ĥoro, ankaŭ skribite koruso.

Oni diras ke “multaj” ne scipovas prononci la literon, do ĝi malestigu. Ĉu tio veras aŭ ne ne gravas, ĉar ni simple volas malestigi kiom eble plej multaj literoj por faciligi rekodigon.

Alia litero kies utileco estas dubinda estas Ŭo. Ĝi estas duonvokalo kaj ege pli ofteca en la Esperanta ol Ĥo. Tamen, ĝin oni prononcas kiel Uo, kaj la nura diferenco inter vorto kun Uo kaj Ŭo estas, kiam tiuj literoj estas en la antaŭlasta silabo, kie la akcento ŝanĝiĝas. Laŭro ne prononciĝas same ol lauro.

2. Elektu Memoreblan Kodigon

Se vi volas esti komprenata, endas ke vi ne ŝanĝu la alfabeton multe. Kie vi devas ŝanĝi ĝin, uzu facile memoreblan anstataŭigon. Ekzemple, se vi volus anstataŭigi la literon Lo, vi povus uzi la ciferon 1. Eĉ ekzistas alfabeta anstataŭigo. kiu uzas renversitajn ciferojn por kelkaj literoj – 7 estas Lo, 4 estas A, 3 estas E, kotopo.

Kaze de la ĉapelitaj literoj, oni konsideru la aliajn latinigojn de lingvoj. La ĉina, ekzemple, uzas la literon Qo por la sono de la Esperanta Ĉo. kaj la Xo por la Esperanta Ĵo. 

3. Uzu Simbolojn Anstataŭ Literojn

Ĉar ni havas 26 literojn sed bezonas 28, se ni forigas Ĥon, ni nur bezonas unu aldonan literon. Ni povas selekti du simbolojn (majuskla kaj minuskla) por la lasta litero.

Logike, oni uzus la latinan Wo por Esperanta Ŭo, kaj latinan Yo por Esperanta Jo. Tiel, ni povas uzi Jo por alia litero, ekzemple Ĝo (kies prononco oni skribas Jo en kelkaj lingvoj, kiel la angla kaj la ĉina rekodigo.). Fakte, se ni aldonas la rekodigojn el numero 2, ni havas ĉiujn literojn krom Ŝo. Ŝon oni skribas “sh” en la angla kaj ĉina rekodigo, do oni ne trovas unuliteran rekodigon.

Feliĉe, ekzistas simbolo, kiu memorigas la literon Ŝo, t.e. $, la dolaro. Oni povas elekti alian simbolon (ekz. ‘/’, sed ja ne gravas kiun) kaj ni finos la novan alfabeton:

Simbolema Rekodigo

A B C Ĉ D E F G Ĝ H Ĥ I J Ĵ K L M N O P R S Ŝ T U Ŭ V Z
 A   $,/ 

La avantaĝo de ĉi tiu rekodigo estas ke, krom por Ĥo, oni facile povas aŭtomate re-rekodigi ĝin al Esperanto. La malavantaĝo estas, ke estas iom malfacile legi vorton, kiu entenas simbolojn.

3. Malestigu Aldonan Literon

Se oni malestigas la plej facile malestigeblan literon (krom Ĥo), t.e. Ŭon, oni gajnas aldonan literon. Ĉi-kaze, rekodigo devus uzi la nove akiritan literon por alia sono. Ĉar la nova litero estas Wo, oni dovas trovi malnovan literon, kies sono povus skribiĝi W. La litero, kies sonon ni devas reprezenti, estas Ŝo. Ni simple povus diri, ke W estas la nova skribmaniero de Ŝo:

Woŝa Rekodigo

A B C Ĉ D E F G Ĝ H Ĥ I J Ĵ K L M N O P R S Ŝ T U Ŭ V Z
 A  

La avantaĝo de ĉi tiu rekodigo estas, ke vortoj ĉiam aspektas kiel vortoj. La malavantaĝo, ke estas iom ĝene legi Won kiel Ŝon. Tamen, ĉar Wo ne estas litero en la Esperanta alfabeto, oni alkutimiĝas pli rapide ol penseble.

Aldona samtipa rekodigo okazas, kiam oni uzas la sonojn de la Germana alfabeto. En la Germana, la litero Wo prononciĝas Vo, kaj Vo ofte prononciĝas Fo. So oni uzas tiujn valorojn kaj aldone rekodigas Ŝon al Fo (ĉar en la malnovgermana alfabeto, So skribiĝis simile al minuskla Fo), oni havas novan rekodigon.

Germanema Rekodigo

A B C Ĉ D E F G Ĝ H Ĥ I J Ĵ K L M N O P R S Ŝ T U Ŭ V Z
 A  

La avantaĝo estas por Germanoj, kiuj facile legas tiun rekodigon.

4. Akceptu Minimuman Nombron Da Duliteraj Simboloj

Se vi konsideras la antaŭon,  ni vere nur bezonas aldonan simbolon por Ŝo. Oni povus simple decidi, ke oni uzu diliteran simbolon por tiu escepto. La nura problemo estas, ke ne ĉiam eblas scii, ĉu la literoj So kaj Ho unu apud la alia estas la litero Ŝo en la rekodigo, aŭ simple kunmetaĵo. Ĉu “pasharo” estas haro kiu pasas, aŭ aro da paŝoj?

Oni povas uzi malpli oftan duliterumadon, kiel ekzemple la poleca “sz”. Ĉar estas ege malmultaj radikoj, kiuj komenciĝas je Zo, la literparo sz estus tre malofte aparta kaj plej ofte rekodigo de Ŝo.

Duliterema Rekodigo

A B C Ĉ D E F G Ĝ H Ĥ I J Ĵ K L M N O P R S Ŝ T U Ŭ V Z
 A   SH/SZ 

5. Resonigu Esperantajn Literojn

Amiko demandis, kial ajn la esperanta havas literon Ĉo, kiam ĝia sono simple estas To kaj Ŝo. Nu, mi diris, en la Esperanta ekzistas garantio ke ĉiu skribaĵo havas nur unu prononcaĵon, sed ne male. Tamen, kiam oni devas ŝpari, oni povus malestigi tiujn literojn, kiuj povas skribiĝi per aliaj. Estas tri el ili (aldone Ŭo): Co, kiu estas To + So, Ĉo, kiu estas To + Ŝo, kaj fine Ĝo, kiu estas Do + Ĵo.

Ĉar ni ne plu bezonas Ĝon, ni povas uzi Jon por Ĵo. La litero Ĝo, do, skribiĝas nove “DJ”.

Unusona Rekodigo

A B C Ĉ D E F G Ĝ H Ĥ I J Ĵ K L M N O P R S Ŝ T U Ŭ V Z
 A TS  TX  DJ   

Rimarku, ke ĉi-kaze mi uzis Xon por Ŝo kaj decidis tute ne uzi Qon. 

6. Prifajfu Simplecon Kaj Uzu la Ho-, Xo, Aŭ Apostrof-Sistemon

Evidente, ekde kiam Esperanto unue estiĝis, oni devis konsideri la maleblecon uzi ĉapelitajn literojn. Zamenhof sugestis la Ho-sistemon, kie oni uzas la literon Ho post ĉiu senĉapela litero por indiki ĉapelitan. Ĉar tio kreas multajn konfliktojn (konsideru la kazon de pasharo supre), oni sugesti uzi Xon aŭ apostrofon anstataŭe. Multaj laŭregulemaj Esperantistoj insistas, ke nur la Ho sistemo estas Fundamenta kaj do ĝi estas la sola, kiu uzeblas.

Malfeliĉe, la Ho, Xo, kaj Apostrof-sistemoj ne facile legeblas, ĉar en ili la longeco de vortoj tute ŝanĝíĝas. Konsideru ĉi tiun lastan vorton, “ŝanĝiĝas.” En la Ho sistemo, ĝi estas “shanghighas.” Mi konsideras tion malfacile legeblan.

7. Ekzemploj

Ekzistas fama pangramo en la Esperanta: “Laŭ Ludoviko Zamenhof bongustas freŝa ĉeĥa manĝaĵo kun spicoj.” Ĝi entenas ĉiujn literojn de la Esperanta alfabeto (plurajn plurfoje, kelkajn nur unufoje). Se oni rekodigas tion uzante la metofojn spurajn, oni havas:

Originale: Laŭ Ludoviko Zamenhof bongustas freŝa ĉeĥa manĝaĵo kun spicoj.

Xo-sistemo: Laux Ludoviko Zamenhof bongustas fresxa cxehxa mangxajxo kun spicoj.

Ho-sistemo: Lauh Ludoviko Zamenhof bongustas fresha chehha manghajho kun spicoj.

Apo-sistemo: Lau’ Ludoviko Zamenhof bongustas fres’a c’eh’a mang’aj’o kun spicoj.

Simbola Rekodigo: Law Ludoviko Zamenhof bongustas fre/a qeha manjaxo kun spicoy.

Woŝa Rekodigo: Lau Ludoviko Zamenhof bongustas frewa qeha manjaxo kun spicoy.

Germanema Rekodigo: Lau Ludowiko Zamenhov bongustas vrefa qeha manjaxo kun spicoy.

Duliterema Rekodigo (sh): Lau Ludoviko Zamenhof bongustas fresha qeha manjaxo kun spicoy.

Duliterema Rekodigo (sz): Lau Ludoviko Zamenhof bongustas fresza qeha manjaxo kun spicoy.

Unusona Rekodigo: Lau Ludoviko Zamenhof bongustas frexa txeha mandjajo kun spitsoy.

Kiun vi preferas? Mi konfesas, ke el tiuj, la Sz rekodigo ŝajnas plej legebla al mi. Sed mi volus scii, kion vi opinias!

Lies with Numbers

zoom cbr600rr 01 Clara is back to life! After standing in the back of the garage in San Diego for years, blocked by flooring, and then in a storage unit in Denver for months, she finally is legit in Colorado and the weather is cooperating. All hail the Girl!

One of the first things I did was familiarize myself with motorcycle riding rules in the state. I knew that California is fond of bikes and the lobby there (formerly: here) has worked hard on making motorcycle riding safer and more expedient, resulting in changes to the rules of the road. Motorcycle riders can ride on any HOV lane (unless expressly forbidden), can ride in staggered formation (one rider to the right, one rider to the left on a single lane), and most importantly, can share lanes with other vehicles.

Lane splitting is one of those things that people have strong feelings about. Car drivers generally hate the motorcycles that come out of nowhere to their left and right, while motorcycle riders know the most dangerous thing to them (us) is drivers not noticing us (well, short of alcohol, a no-no if there ever has been one on a bike). Driving between cars, I can say from experience, is much safer than driving next to a car, because the latter case opens up the possibility of the car changing lanes into you. Also much safer: when you move between standing cars at a traffic light. You are safe between cars, but being the last vehicle in line is hugely unsafe, because drivers notice the car ahead of you before they notice you.

In any case, I went to the web site and found there are only three sections, each with minimal information. Helmets are not mandatory for anyone over 18, but eye protection is required. (Frankly, anyone who rides a motorcycle without glasses, goggles, or a visor should be sent for urgent mental health checks.) Lane sharing is illegal, full stop (grumble). Bike passengers have to have foot rests available and have to use them (something tells me someone’s feet got caught in a wheel at 80 mph…). And finally, no towing of bikes while riding, in a vicious attempt to single-handedly destroy the Funny or Die Darwin Awards Category.

I am a little unhappy about the lane sharing agreement. At the very least, I would have wanted to be able to ride between cars to the front of a line, considering that my reaction time on the bike is a lot faster than a typical car. But I can live with all of it. What struck me as very odd and very wrong was this quote:

In 2006, 65% of fatally injured motorcycle riders were not wearing a helmet in states without all-rider helmet laws, compared with only 13% in states with all-rider helmet laws. (NHTSA, 2007)

(more…)

My Favorite Moments of Surfing

The snow falling in the mountains is now measured in feet, not inches and the temperatures are so low (-10F) that I had to move my remaining boards into the utility closet, where the furnace will keep them warm. For now, it appears, I have to cut back on my surfing sessions while still not being able to drive up the mountains to snowboard (because of the feet of snow that block the freeway). A good time to reminisce!

I took up surfing late. I mean, I didn’t live in SoCal until 2009, but even then I waited years before I tried it out. Surfing, from the outside, looks boring: most of the time, surfers are just sitting in the water waiting for waves. Not exactly the most appealing thing for a hyper person like me.

One day I realized UCSD had cheap surf lessons and I decided to give it a try. Even if I didn’t like it, I’d still meet new people that were trying to have fun, how bad could it be? 

Turns out the lessons were not so hot. Or they were too hot: in my ignorance, I had bought a 7mm wetsuit on sale and showed up on the rare fogless day at La Jolla Shores. To make things worse, Day One was on land. I think I may have overheated several times and had to jump in the water (much to everyone’s amusement) to just cool off.

Surfing is really hard, probably the hardest sport I ever tried. Yet I stuck with it, because it is much more of an experience than anything else I’ve ever done. Here some of my favorite moments in the five years of surfing:

1. Boop

I had just finished the beginners’ class and was a total noob. Not a kook, because the class had taught me proper etiquette and rules of engagement – which meant that I barely got a wave an hour to even try. To make up for the boredom, I had put an MP3 player in a plastic bag and listened to music through underwater headphones. 

I was just sitting there, bopping up and down at Scripp’s, praying nobody would take the next wave. I hadn’t paddled in maybe 15 minutes and was bored. Once in a while, I would turn around to see how far it was to shore and how embarrassing it would be to paddle back.

(more…)

Pebble Is Dead – What Now?

The last we all heard of Pebble, they had funded a successful KickStarter campaign to get the new version of their smartwatches out. They had the Pebble 2, Pebble Time 2, Pebble Round 2 in the pipeline. I was waiting for my Pebble Time 2 to arrive any second – the Pebble 2 had already been shipped.

Yesterday, I received not one but three updates. As Pebble put it, “due to various factors […] Pebble is no longer able to operate as an independent entity.” So they shut down operations. While Pebble gear is still available on Amazon and other sites, Pebble itself is not selling any more inventory, nor updating their products. Software is not going to be updated, either, and after a while the Pebble app is going to die, when the first OS incompatibility hits, best guess about a year from now.

What happened? Fitbit apparently agreed to buy out the developers, and not much else. Refunds are being processed: they were supposed to be done by March of 2017, but now they are saying December 16. That probably means a cash infusion from Fitbit before the deal can get fully consummated.

I cannot tell from the release what the driving force behind this decision was. Likely culprits:

  • The smartwatch segment is growing much more slowly than expected; even Apple admits it sells only about 2 million units a quarter, which completely crimped the market
  • There may have been problems developing the new models; in particular, the timing of the pledges required Pebble to get shipped units out by the end of the year. Maybe it was the impending deadline and the realization there were problems with the new devices that could not be addressed in a reasonable amount of time
  • As usual in the USA, a lawsuit may have prompted this; wearable devices have a way of causing skin rashes and similar ailments, and the Pebble is definitely not immune to that. Heck, even I developed more than one wrist rash after not taking off the watch for more than a day. This might explain why the blog article is adamant about the fact that only “certain assets” of Pebble were bought, pre-empting a lawsuit against the acquirer
  • There may have been some personal event going on, like a dissatisfied CEO or the like. 

(more…)

L’America: How Could Trump Be Elected?

I know, I know… I’ve heard this from all my friends and readers: How is it possible that Donald Trump would get elected President of the Greatest Nation in the World? (OK, the part about the Greatest Nation in the World is my addition.)

There is a technical reason: despite getting more than two million votes more than Donald Trump, Hillary Clinton didn’t have her votes distributed in a geographically diverse enough way. America is a federation, and as such the constituent states have a say in government. In theory, the winner of the presidential election would need a majority of both states and people, but that could easily lead to a situation where (like in this year’s case) the majority of the states doesn’t want the same as the majority of the people.

To make elections easier and faster, the Constitution settled on a numerical formula that is a brilliant compromise: each state gets as many votes in the election of the president as it has Senators and Members of the House. The Senate is composed of two Senators per state (so that part translates to one vote per state), while each state has a number of Members of the House proportional to its population (so theoretically, that should translate to a majority of the people).

The Constitution settled on another odd compromise: each state would send voters (called electors) to Washington, and these electors decide who’s going to be president and who vice-president. Over time, the electors were specifically selected for allegiance to one particular candidate, and some states even punish those electors that don’t vote for the presidential candidate for whom they were sent.

So, it could happen that a narrow win in three states sent Donald Trump into the White House, while he didn’t have a majority of the vote. The formula chosen favors Republicans in general, because central states were drawn to be of manageable size, and so a lot of the rural states in the middle of the country have small to tiny populations. Wyoming, for instance (a gorgeous place!) has only 1.5% of the population of the most populous state, California. In fact, the USA has 31 cities that have more inhabitants than all of Wyoming, but have none of the electors (3) that Wyoming has.

After this civics lesson, the political angle. Hillary Clinton was reviled. Part of it was that the media wanted to make the contest more interesting by tearing down the front runner. Part of it was blatant misogyny. Part of it seems to have been manipulation by foreign powers, especially Russia, which seems to have fed information to WikiLeaks. it didn’t help that the founder of WikiLeaks had an ax to grind with Ms Clinton – maybe a remnant of the days he had to hide in the Ecuadorian embassy in London.

(more…)

What’s Wrong With Elections These Days?

Elections are a simple affair. You go into a booth with a ballot, whether paper or virtual, you punch a series of fields, and you walk out. At the end of the period, the votes are tallied and then – surprise!

In fact, surprise has been the element of the past many elections. Upsets are common, and catastrophic changes more frequent than you would expect. It seems that the new age of polling and constant feedback has made elections less predictable, not more.

Two particularly surprising elections in 2016 were the Brexit vote in Great Britain and the American Presidential election. In both cases, polling had indicated a likely victory of the eventual loser: I was with the most pessimistic of number crunchers, Nate Silver, and saw Hillary Clinton’s probability of winning go from the initial 75% to 0% over the course of hours.

Also in both cases, the victory was won by lopsided participation rates. In both cases, older people got their way because younger people didn’t vote. Older people were turned on by a celebration of nostalgia, of the good old days that Brexit and Donald Trump would bring back. Younger people, of course, didn’t know what the old folk were talking about, having learned how awful those days were in school.

Everything has been discussed, the results dissected, the consequences of non-voting deplored. It seems, though, that the two pillars of the voting process that have stood since antiquity have not been thoroughly questioned. Which is a real problem, because those two pillars are precisely what makes young people consistently not show up.

(more…)

L’America: This Presidential Election, Though…

I’ve been making you wait forever, and yet I’ve been fielding questions and listening to comments for an entire year. Now, two weeks or so before the election, it’s time to weigh in.

What’s the deal with the Presidential election? From an alien’s perspective, it’s a really odd deal: on one side, there is a mix of Berlusconi, Netanyahu, and Putin; on the other, a combination of Merkel, Thatcher, and Nicola Sturgeon. How could Americans possibly have a hard time choosing?

Well, first of all, you smug aliens, Berlusconi, Netanyahu, and Putin ran their countries for longer than you’d like to admit. Also, while Hillary Clinton is sort of a blend of the three women rulers above, she has some of the good and some of the bad qualities of each. For instance, she is not inspiring as The Iron Lady and isn’t as fresh-faced as Sturgeon.

Regardless, America seems to have come to its senses again and Hillary Clinton is on its way to becoming the next President of the United States. I congratulate her in advance and believe she is the right choice. Most of my friends and readers think so, too. So, why was the contest so tight for such a long time?

America, you need to know, is a very odd place in this respect. The media are not held accountable for the things they say in the name of freedom of speech. That same freedom of speech applies in other countries, too, but in America, it is used by media corporations to mean they can “spin” anything the way that is most convenient to them.

“Hillary Clinton has no real competition, because the Obama years were largely successful economically and scandal-free. She is a continuation of those years, so she should be sailing to an easy victory” is absolutely not what glues viewers to TV screens and doesn’t lure advertisers. So news media corporations need a story that makes it more suspenseful, like when you watch a TV show and it all builds up to a great reveal – right after the commercials.

(more…)

SSL Certificates with Let’s Encrypt

You probably noticed a microscopic difference when accessing the site: suddenly, when you type in mrgazz.com, you get redirected to the secure site, https://www.mrgazz.com. Why, and how?

First the why: Google announced it was going to prioritize search results according to the security of the site. That makes a lot of sense: “secure” sites have a modicum of respectability and require extra work compared to plain HTTP sites. You have to set up a secure server, which means you have to do more than simply point a DNS name to an IP address. 

If you think it’s unfair that HTTP sites get downvoted, it’s an argument that makes sense. At the very least, sites that have been running on HTTP for years should not be suddenly penalized because someone else abuses HTTP. But Google does what Google wants, and frankly the number of search hits this site gets is not a hot priority.

Setting up SSL on a web server is not tragic. In essence, you need a server certificate, you install it according to the instructions of the server, and you set up a separate web server instance that responds to secure requests. It’s a bit of a pain, especially if you only have a single web site to transition, but it’s not a huge stumbling block.

First, getting the certificate. What’s that? It’s a document (file) that certifies that you are who you say you are. When you connect to www.mrgazz.com using SSL, the web server presents this certificate (the public version of it) to your client (the browser), and the browser verifies it. Technically, the browser has a list of trusted authorities that are allowed to certify my certificate, and if one of those authorities says I am good, then your browser agrees. 

Which also means that you have to get an authority to certify you. For the longest time, this meant you had to fill out a form and pay money for a certificate to be issued. Certificates would last a year or so, then you’d have to go and renew. This was a double pain point: on one side, a whole year is a lot of time and lots of mischief can happen during that period. Ideally, certificates should last shorter. On the other hand, if you forgot to buy your new certificate, all browsers that connected to your site would suddenly sound alarm bells and tell the user that your site was fishy. They would also generally make it really hard to connect.

Let’s Encrypt is a new project that has a completely different approach. Instead of making the web site owner fill out a form and make a payment, Let’s encrypt matches who you are and who you say you are by running software on the web server. You install the Let’s Encrypt client on the machine that runs the web server, then the software tries to connect to itself using the DNS name. If it succeeds, then it knows you are who you say you are. It then issues a certificate.

The most amazing thing about Let’s Encrypt is not the approach, no matter how amazing it is and how wonderful it is not to have to pay $10 a year. What’s really special is how easy it is to set up on the standard web servers on the Internet. If you run a latest-version Debian or Ubuntu, installing Let’s Encrypt is as simple as:

sudo apt-get install python-letsencrypt-<webserver>

[Note: until recently you had to download an archive and install manually, which I really, really, really didn’t like, because I had no idea what that package would so. Having a package file from the default repository makes me feel much better!]

Running the software for the first time is also completely braindead:

sudo letsencrypt --<webserver>

In my case (as in many), the webserver is apache:

sudo letsencrypt --apache

But letsencrypt comes in a variety of styles for the most common web servers on the Internet.

From the command prompt, you get into an interactive series of dialogs where you essentially confirm which ones of your available sites you want to convert to SSL, and whether you want to allow access to both HTTP and HTTPS or only to HTTPS.

Magically, letsencrypt will write new site rules to make your new SSL connection available. I tried it both with sites that had no SSL configuration at all, as well as this site, which ran a mix of secure and insecure sites, now all converted to secure. letsencrypt figured out how to change the configuration for both types and restarted everything, so that there was the absolute minimum downtime.

This is where I found the absolutely only downside of letsencrypt, and it’s really not its fault. You can access this site, like many web sites on the Internet, under both mrgazz.com and www.mrgazz.com. The former is what geeks call the domain name, while the latter is the server name. If you want to know the difference, you must educate yourself on the Domain Name System and the beauty of A records and CNAMES. That’s beyond the scope of this article. 

Suffice to say that letsencrypt refuses to generate certificates for domain names and will issue them only for server names. That means you cannot have https://mrgazz.com, because letsencrypt will not issue a certificate for that server.

You could go about it two ways, just as outlined in the dialog that letsencrypt presents: you could have https://www.mrgazz.com run independently of http://mrgazz.com. That is, users could connect to either independently. In that case, you don’t have to do anything. 

If instead you want all traffic to your site to go to the SSL version, you need to do a little extra configuration: in the Apache configuration file, you will see this section:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mrgazz.com 
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

What this does is to take the requests sent to the insecure version and redirect them to the secure version. THe problem here is that it does so only for www.mrgazz.com, so you have to add mrgazz.com. Also, the rule redirects to SERVER_NAME, which would redirect to mrgazz.com. You need to change that, so that it always redirects to www.mrgazz.com. In the end, you get this section:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mrgazz.com [OR] 
RewriteCond %{SERVER_NAME} =mrgazz.com 
RewriteRule ^ https://www.mrgazz.com%{REQUEST_URI} [END,QSA,R=permanent]

Notice the [OR} at the end of the line. Once you reboot the server, everything is just as you wanted.

Extra points:

  • letsencrypt configures your secure web server almost flawlessly. When you check the configuration from a security perspective, you get an A rating for security.
  • letsencrypt security certificates can run multiple web server names from a single web server. You can put as many secure sites as you want on your web server, letsencrypt will configure them all correctly.