So you think you can’t draw?

I just saw the video here:

I am not an artist. Anything but. My general opinion was that my “art” can make a good torture weapon. And while watching the above video, came up with this:

Not great, but definitely better than anything I’ve tried before. Great, in my opinion, for a first attempt of five minutes in all.

The message towards the end struck a chord. What else am I too afraid to try?

Relevant tweet I came across this morning:

A poem from reddit

When reading comments from AskReddit post What “Truth” are people not ready to face?,¬† I found this poem.

Whatever space or place you be –
Whatever life you’ve known –
What’s true for you is not for me:
To each, my friend, their own.

No matter wisdom, age, or youth,
Or how you choose to test –
You’ll never really find the truth.

Except that mine’s the best. [ source ]

Although we each have thoughts and views,
On matters known by all;
Your battered claims do seem to lose,
And clatter as they fall.

Your mind and method’s all askew,
We’ve known this all along.
I’d love to think akin to you,
But then we’d both be wrong. [ source ]

Perhaps it’s best to call a truce
In times so tense and taut,
When words fly forth, all fast and loose,
But don’t say what they “ought.”

Thoughts will leap and jump and freeze,
And catch in open air.
Although some speak and aim to please –
Most want their views laid bare. [ source ]

You’re free to wave your flag of white,
And bend to what I’ve said.
Just end your doubt and say I’m right,
And lend me your sweet head.

If I would wound I’d use a knife,
For words, have no complaint.
Don’t seek the silent end to strife:
The weak man wants restraint. [ source ]

I sense, my friend, you’ve seen it fit
To skirt around the topic.
Bellig’rent chomping at the bit
Has made your speech myopic.

Indeed, our words can breed disdain
And serve as life’s cruel sword.
But those same phrases, when contained,
Can be a peace accord. [ source ]

But men of you and I, alike,
Shant use their sword for peace.
War and fighting, talent not take,
Throw one stone, I must, at least.

Words, they are but fickle things
With power, only true.
To tatter every nation’s flag,
Harmony, words do eschew. [ source ]

He speaks of flags, you speak of chomps;
Is this the fruit of labors lost?
For all your circumstance and pomp,
You’ve merely served to self accost.

I won’t buy in: you’re not so trite
As that which you pretend to be,
And nor is she. (Or is it he?)
Regardless, I am right. [ source ]

On magic numbers, and tripping in the dark.

I have a habit of showing off. To anyone who has been around me for a while, this shouldn’t be a surprise. So when I tweaked and tuned my mobile to my usage patterns, people asked about it when they noticed crazy things and I gave many a short tour.

To any experienced android enthusiast, my customizations would be elementary. Rooted stock android on a Moto G 1st gen, Xposed, plus a bunch of nice Xposed mods ( special mention to Gravitybox ) , Greenify (Donation pack with extra goodies like patched GCM) , Nova Launcher (Prime) , Tasker, carefully selected themes and apps all make it look and behave very different from stock android. Giving up my warranty on day 1 was totally worth it. I spent few weeks making my mobile a very personal device.

One particular feature I love showing off is a simple gravitybox tweak, timed torch bound to volume down long press. There’s a dark unlit path I use regularly, which takes approximately 120 seconds for me to cross, and the torch is set to switch off 120 seconds after activation. Practically everyone found it cool. But there was one person who said it is stupid. There’s a CS professor who also happens to be a good programmer ( No, one does not imply the other. ) who said I should instead use ambient light sensors or GPS to detect when I crossed that patch and then switch off the torch. He says he is forced to use magic numbers in server monitoring scripts but that is sub optimal. He was concerned I would trip in the dark if I walk slowly and the light goes off sooner. I had to explain my device had a shitty ambient light sensor and the GPS resolution is often not very fine and takes time, so I will probably achieve similar results with added battery drain.

Today, the light went off when I was in the middle of the path. It has been doing that consistently for the past few days, probably because I walk slower these days. Time to tweak the timeout, and to consider the ambient light sensors more seriously. Unfortunately, I won’t be able to cook up an app anytime soon, since there are more important tasks that keep me busy. Another idea added to my ever growing list of nice-to-have-awesome-features-that-not-many-need.

You can haz time?

To anyone reading this who has the time and likes me enough to invest their time for me, please cook up an xposed mod or a tasker plugin and I’ll take you out for lunch/dinner. It should take a couple of days at most, but beware, I’ve a reputation for underestimating time lines. Following my rule of thumb and multiplying initial gut feeling by 3-5, 6-10 days is a pretty safe bet.

Twenty Questions, and more

Have you heard of the game Twenty Questions? I played it today with a bunch of faculty and students over dinner, thanks to Student Teacher Interaction Council (STIC). STIC organized a dinner today and I popped in for a while.

We were a group of about 20 and played two rounds. Prof. Turbo Majumder was the answerer for the first round and I volunteered for the second. And I have chosen Paul Graham of Hacker News and Y combinator fame. It turned out many people at the table were not aware of him.

Had I never encountered a reference to YC,HN or him anywhere, I would have missed a lot. That made me think, how many people whose ideas or works I am/would be interested in am I missing?

Many things I had studied a couple of years ago when they were state of art are considered mediocre today, things are constantly changing at a faster pace than I can assimilate them. Sherlock Holmes wouldn’t have been able to become as famous as the books depict, or I doubt even survive decently in today’s world. As we automate most things, the jobs that will be available will end up demanding increasingly better skill set, the barrier to employment is raising steadily.

Will we reach a point where we have automated everything and the tasks that are not yet automated require skill that an average person can not acquire in their lifetime? What would happen to the average populace then? Will it happen in my lifetime? The thought is both scary and exciting.

I know not if it will happen in my lifetime, but I know one thing. I do not want to be an average person if and when that happens.

If you are planning to start your own startup, go read his essays on startups. If you are interested in programming and can code in atleast one language, read about lisp and then his essays on lisp. I follow HN, Reddit & Twitter, and recommend you do too.

On completing my first online course

If you’re around me long enough, you’ll know that I love exploring, tinkering and learning stuff. With the advent of MOOCs, I suddenly had access to a lot of courses that present subtopics in a structured way. I tried many times previously, but due to various valid and invalid reasons, I couldn’t complete any courses.

Today, I completed my first online course. By completing I mean following through the course schedule and doing assignments on time. It was Cryptography-1 by Dan Boneh from Stanford on Coursera, and it was good. I used to read a lot on crypto but never did a structured course. Due to my own reasons, I couldn’t take up a crypto course at my university, now I’ve done the first part of a two part course that is structured and is reasonably detailed.

If you are interested in cryptography, and are a beginner, do check it out. The course will repeat next month, and you can take it for free. Actually, if you are an average internet user, I believe you should understand how security in the modern digital world is engineered and implemented. In my first year at IITD, I was made to work hands-on on carpentry, sheet metal work, casting, forging, black¬† smithy, welding, and lathe machining. That taught me to appreciate the work. I’ll certainly remember how challenging and physically straining the work was if I ever have to bargain with a carpenter or welder, for instance. Similarly, if someone studies the crypto primitives and tries to understand the basis of modern digital security, they will be able to appreciate the inner workings and would respect the engineers and computing devices.

My thanks to Prof. Dan Boneh, for the excellent course, and Stanford university and Coursera for making it possible.

Aside: I never recommend anything unless I try it myself. When people ask me to recommend someone to program their stuff, I decline unless I have worked directly or have reviewed the work of someone in that field. I never recommend a software or a particular technology unless I get my hands dirty with it. Considering that most freshers at IIT Delhi are not familiar with Linux, and will need to be familiar with it for their study here, I have considered recommending Introduction to Linux by The Linux Foundation on Edx. Though I should trust LF on all matters linux implicitly, owing to my habit, I’m trying the course. Just started it and if time permits, I should be done by tomorrow and will post a follow up recommending it.

Update: Took me much longer than expected to finish the course since I was busy and lazy (a terrible combination btw). It covers just the absolute basics, but I’d still recommend it. Takes not more than a few hours to go through it all; and after completing it, you’ll at least know how to find your way around.

Pentadactyl – My secret firefox superpower

I always hated having to move my hands off keyboard to get things done. I love key bindings. After having tried many extensions, I stumbled upon vimperator. It was simply awesome, all I wanted and some more. Unfortunately, it was a bit buggy and I had to abandon it. I missed it for long, until recently, I stumbled upon its fork, pentadactyl, almost by accident.

Pentadactyl uses vim key bindings in firefox, gets GUI rid of all clutter, gives me an extremely powerful scripting interface, and works without a glitch. Everything is customizable, as it should be. I was a fan of vim since long. The composable commands, scripting interface, and a vast collection of plugins made it my favorite editor. I am obsessed with vim. I emulate it everywhere I can. tmux for terminal session management, vimpc for music, and pentadactyl in firefox, vi emulation in eclipse, the list goes on.

For those of my friends who marveled at my firefox use, navigating everywhere with lightning speed, using a command line interface or succinct key bindings for all operations, for those of you obsessed with the simplicity and power of vim, here’s my secret superpower. Pentadactyl. If you are a regular vim user, it should take you just a few minutes to get the ball rolling, you can thank me later.

I’ve started building my .pentadactylrc file very recently. Any tips are most welcome.

On a semi related side note, if you do any serious programming, you need to learn how to use a decent editor. I prefer vim, but emacs is perfectly fine too. If you are thinking of notepad, get away from me before I hit you hard.

Blame the browser, not OCSP

Let us talk about OCSP. If you do a little background reading, you’ll discover that almost all implementations do a soft-fail by default, and soft-fail is worse than not having OCSP at all, since it gives a sense of false security. Adam Langley from google discusses the absurdity of soft-fail in this blog post nicely. However, I refuse to accept his claim that CRLset is a good idea and that chrome does it better. Firefox allows me to enable OCSP hard-fail, something that I can not do in Chrome, and hence I abandoned chrome.

What if the browser enabled OCSP by default, and in case of a failure, prompts the user with a warning that says something like “I am not absolutely sure that the connection can be trusted.”, provides a link “More Details” that shows the technical details, and allows the user to choose if he/she wants to proceed. Or highlight the address bar in yellow or something for failed OCSP. Or show a unobtrusive notification .

OCSP is not the magic bullet, agreed. It is a convoluted solution to the revocation problem that demands compromise in one way or other. But if browsers had adopted it in better ways instead of defaulting to soft-fail, the web would have been a much secure place. And I believe compromising a lot of security for little convenience is a bad gamble.

People talk of single point of failure if OCSP hard-fail is enabled, that OCSP servers would be overloaded, and stuff. A compromise between soft-fail and hard-fail as default should work, and I’m sure we can come up with solutions to mitigate the SPOF if enough thought is given to it.

On a related note, I hope OCSP stapling gets more widely adopted. It solves many issues with current implementations, avoids the absurdities of soft-fail and SPOF concerns of hard-fail. Coupling it with a warning notification of the sort discussed above in major browsers will increase its adoption rates.

This post was triggered by a OCSP hard-fail notification for few minutes ago. I get a OCSP failure very very rarely. I suggest you switch to firefox and enable it for better security. To enable OCSP hard-fail on Firefox, go to Preferences > Advanced > Certificates > Validation and tick both the options.

Related articles: