The arguments being made at the Supreme Court over the precise meaning of the ACA's wording remind me of so many arguments made by 5 year old children. "When I said we could have ice cream tomorrow, I DID NOT MEAN EXACTLY AT MIDNIGHT". The meaning of the law was clear at the time; no reasonable person would construe it to mean that subsidies applied only to state run exchanges, and not to the federal ones. To argue otherwise is simple sophistry. If the Supreme Court accepts these arguments, then they will have sunk to a new low.
Wednesday, March 4, 2015
Wednesday, February 25, 2015
Why Obama should support the Keystone XL pipeline
Keystone XL is a horrible project in many respects, and it has become of outsized importance to both sides of the political spectrum. As much as I hate the environmental consequences of tar sands oil, I think that Obama should support the pipeline with certain conditions. Much like buying carbon offsets, Keystone XL should be passed if and only if it is accompanied by other legislation that more than makes up for its environmental costs. These could take the form of stricter limits on coal, higher fuel efficiency standards for cars and planes, carbon taxes, infrastructure spending on greener cities, etc. If the Republicans really want Keystone, then they need to support something that will more than make up for its effects. While passing Keystone would be a heavy symbolic loss for the left and gain for the right, if it were offset by even more impactful environmental legislation... well I'd be ok with that. Lose the battle to win the war.
Sunday, February 22, 2015
What I want from a Smart Watch
I want a smart watch that can act as a key. That is, I approach a locked door and the door unlocks. I sit in my car, and push "start". I surf the web (on my computer), and my passwords are automatically entered (because my computer is talking to my watch).
I want a smart watch that can be biometrically locked and unlocked. Unlocked via finger print reader, retina scan, or via a sub-dural RFID or NFC chip.
I want a smart watch that is geo-location aware, and can serve up appropriate bar codes, like when I'm at the YMCA entrance counter.
Of course, I want to be able to buy things with it too.
I want a smart watch that can double as a bluetooth headset. When I receive a call, I can pull off my watch. The band snaps straight. One end of the band has a speaker, the other a mic. Or maybe it just has a speaker phone.
The primary input mechanism for this watch is speech.
In addition to a camera, the watch should have a little LED flash light. I use my phone's all the time, and it would be great to use the watch instead.
A pico projector would be nice, but that might be asking for too much.
Wireless charging, of course.
Waterproof.
Bluetooth music streaming.
I want a smart watch that can be biometrically locked and unlocked. Unlocked via finger print reader, retina scan, or via a sub-dural RFID or NFC chip.
I want a smart watch that is geo-location aware, and can serve up appropriate bar codes, like when I'm at the YMCA entrance counter.
Of course, I want to be able to buy things with it too.
I want a smart watch that can double as a bluetooth headset. When I receive a call, I can pull off my watch. The band snaps straight. One end of the band has a speaker, the other a mic. Or maybe it just has a speaker phone.
The primary input mechanism for this watch is speech.
In addition to a camera, the watch should have a little LED flash light. I use my phone's all the time, and it would be great to use the watch instead.
A pico projector would be nice, but that might be asking for too much.
Wireless charging, of course.
Waterproof.
Bluetooth music streaming.
Thursday, November 13, 2014
On anger and arguments
When I start to feel angry at my wife and I see an argument brewing, I often stop to ask myself "what is the cost of the argument, and is it worth the cost?" Generally, when I look at it this way, I discover it's not. So often, the underlying issue is something trivial, and the damage done by the argument can be enormous, especially if it escalates.
Sometimes I try to think of some way of addressing an issue without turning it into an argument. For example, the other day I noticed that my wife had not cleaned the pans she had used to cook her breakfast, leaving them for me to deal with (again). I thought about confronting her directly, but whenever that happens, she immediately twists it to be about something she had done for me, making me into an ungrateful dick. So instead, I took a sideways tack. As I was cleaning the kitchen I looked over at the pans and said "didn't I just clean those yesterday?" Somehow, that got the point across without it becoming an argument.
Sometimes I try to think of some way of addressing an issue without turning it into an argument. For example, the other day I noticed that my wife had not cleaned the pans she had used to cook her breakfast, leaving them for me to deal with (again). I thought about confronting her directly, but whenever that happens, she immediately twists it to be about something she had done for me, making me into an ungrateful dick. So instead, I took a sideways tack. As I was cleaning the kitchen I looked over at the pans and said "didn't I just clean those yesterday?" Somehow, that got the point across without it becoming an argument.
Wednesday, September 10, 2014
Determining keyboard modifiers (like Shift-Click) on a Wicket AjaxLink
If you want to determine if a user issued, say, a shift-click on an AjaxLink in Wicket 6, here's how you do it:
1) Add pass the keyboard state from javascript to the onClick function,via DynamicExtraParameters
2) Get the passed value in the onClick callback via the RequestParameters
Here's some sample code:
add(new AjaxLink("my-link") {
@Override
protected void updateAjaxAttributes(AjaxRequestAttributes attributes) {
super.updateAjaxAttributes(attributes);
attributes.getDynamicExtraParameters()
.add("return {shiftKey: attrs.event.shiftKey};");
}
@Override
public void onClick(AjaxRequestTarget target) {
boolean shiftKey =
RequestCycle.get().getRequest().getRequestParameters().
getParameterValue("shiftKey").toBoolean();
if (shiftKey) {
....
}
}
};
1) Add pass the keyboard state from javascript to the onClick function,via DynamicExtraParameters
2) Get the passed value in the onClick callback via the RequestParameters
Here's some sample code:
add(new AjaxLink("my-link") {
@Override
protected void updateAjaxAttributes(AjaxRequestAttributes attributes) {
super.updateAjaxAttributes(attributes);
attributes.getDynamicExtraParameters()
.add("return {shiftKey: attrs.event.shiftKey};");
}
@Override
public void onClick(AjaxRequestTarget target) {
boolean shiftKey =
RequestCycle.get().getRequest().getRequestParameters().
getParameterValue("shiftKey").toBoolean();
if (shiftKey) {
....
}
}
};
Wednesday, October 16, 2013
The Tea Party's Beer Hall Putsch
Every revolution has it's seminal events: The Beer Hall Putsch in the Nazi's rise to power, or the Tennis Court Oath in the case of the French Revolution. When the history of the Tea Party is told, the Debt Ceiling Crisis will be one of these events. Like the Beer Hall Putsch, the clash will end in failure for the revolutionary party, and like the Beer Hall Putsch, the failure will be used as a spring board for Ted Cruz.
This has been Ted Cruz's strategy all along. He didn't really expect to get Obama to cave. It was always more likely that the Debt Ceiling Crisis would end in a useful failure. Boehner will bring a senate bill to a vote which will pass with votes from all Democrats, and a few turncoat Republicans. The battle lines will be drawn. The Tea Party will go after the turncoat Republicans, including Boehner. Tea Party challengers run to the right of the turncoat Republicans in 2014. The remaining Republicans align themselves with the Tea Party out of fear. If the plan succeeds, Ted Cruz emerges as speaker of the house, with an eye on the White House.
The revolutionary event that the Tea Party is supposed to bring to mind is, obviously, the Boston Tea Party. That itself leads credence to Krugman's assertion that this is a revolutionary movement. They are trying to overthrow the government, one way or another, and they don't care how much damage they cause in the process. They think of themselves as American heroes. I think they are traitors, and Ted Cruz is their demagogue.
This has been Ted Cruz's strategy all along. He didn't really expect to get Obama to cave. It was always more likely that the Debt Ceiling Crisis would end in a useful failure. Boehner will bring a senate bill to a vote which will pass with votes from all Democrats, and a few turncoat Republicans. The battle lines will be drawn. The Tea Party will go after the turncoat Republicans, including Boehner. Tea Party challengers run to the right of the turncoat Republicans in 2014. The remaining Republicans align themselves with the Tea Party out of fear. If the plan succeeds, Ted Cruz emerges as speaker of the house, with an eye on the White House.
The revolutionary event that the Tea Party is supposed to bring to mind is, obviously, the Boston Tea Party. That itself leads credence to Krugman's assertion that this is a revolutionary movement. They are trying to overthrow the government, one way or another, and they don't care how much damage they cause in the process. They think of themselves as American heroes. I think they are traitors, and Ted Cruz is their demagogue.
Thursday, May 2, 2013
Wicket + SSL + Nginx
I just fought a battle with technology, getting Wicket + SSL + NGINX to play well together, so I thought I'd document the procedure for the next poor soul who needs to do this.
My goal is to use NGINX as a proxy in front of wicket, where NGINX is responsible for https decryption. Thus NGINX is responsible for decrypting the data and passing it along to Wicket.
Configuring NGINX to serve up HTTPS is pretty easy. I'll just describe that briefly here.
Get an SSL cert from godaddy, download the zip file for "apache", concatenate the key, crt, and gd_bundle.crt into a single file, let's say: cert.pem, then set up something like the following in the /etc/nginx/nginx.conf file:
# HTTPS server
#
server {
listen 443;
server_name www.ggrocer.com;
ssl on;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://www.ggrocer.com;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// http://;
}
}
upstream www.ggrocer.com {
server 127.0.0.1:9090;
}
The X-Forwarded-For may not be needed for this case, but the X-Forwarded-Proto is. This tells NGINX to add the HTTP header X-Forwarded-Proto to the http request that is forwarded to Wicket.
The proxy_redirect is also important. I spent hours trying to figure out why, when viewing a non-secure page under HTTPS, the browser was going into a redirect loop. What happened was this: if @RequireHTTP is not set on a page and the request is HTTPS, then wicket forces a redirect to HTTP. NGINX then rewrites the LOCATION in the HTTP Response to the browser to be HTTPS. Rinse and repeat. Via the proxy_redirect setting, it's possible to prevent NGINX from rewriting the redirect URL.
With this configured, NGINX will listen to https traffic on port 443, decrypt it, and pass it on to my app, which is listening on 9090.
In the Wicket App, pages (and components) can be marked as requiring HTTPS via the annotation:
@RequireHTTP
on the page class. This is well documented elsewhere.
The following bits were not well documented however.
To get Wicket to honor the X-Forwarded-Proto header (i.e. to recognize that the request was HTTPS, even though it was already decrypted by the time it hit Jetty, two things are required:
1) In your Wicket Application's init method, add:
getFilterFactoryManager().addXForwardedRequestWrapperFactory(null);
2) To tell wicket attribute to use the "X-Forwarded-Proto" parameter, add a protocolHeader init-param to your web.xml like the following:
<filter>
<filter-name>wicket.ggrocer</filter-name>
<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
<init-param>
<param-name>applicationClassName</param-name>
<param-value>com.ggrocer.site.GGrocerApp</param-value>
</init-param>
<init-param>
<param-name>protocolHeader</param-name>
<param-value>X-Forwarded-Proto</param-value>
</init-param>
</filter>
My goal is to use NGINX as a proxy in front of wicket, where NGINX is responsible for https decryption. Thus NGINX is responsible for decrypting the data and passing it along to Wicket.
Configuring NGINX to serve up HTTPS is pretty easy. I'll just describe that briefly here.
Get an SSL cert from godaddy, download the zip file for "apache", concatenate the key, crt, and gd_bundle.crt into a single file, let's say: cert.pem, then set up something like the following in the /etc/nginx/nginx.conf file:
# HTTPS server
#
server {
listen 443;
server_name www.ggrocer.com;
ssl on;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://www.ggrocer.com;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// http://;
}
}
upstream www.ggrocer.com {
server 127.0.0.1:9090;
}
The X-Forwarded-For may not be needed for this case, but the X-Forwarded-Proto is. This tells NGINX to add the HTTP header X-Forwarded-Proto to the http request that is forwarded to Wicket.
The proxy_redirect is also important. I spent hours trying to figure out why, when viewing a non-secure page under HTTPS, the browser was going into a redirect loop. What happened was this: if @RequireHTTP is not set on a page and the request is HTTPS, then wicket forces a redirect to HTTP. NGINX then rewrites the LOCATION in the HTTP Response to the browser to be HTTPS. Rinse and repeat. Via the proxy_redirect setting, it's possible to prevent NGINX from rewriting the redirect URL.
With this configured, NGINX will listen to https traffic on port 443, decrypt it, and pass it on to my app, which is listening on 9090.
In the Wicket App, pages (and components) can be marked as requiring HTTPS via the annotation:
@RequireHTTP
on the page class. This is well documented elsewhere.
The following bits were not well documented however.
To get Wicket to honor the X-Forwarded-Proto header (i.e. to recognize that the request was HTTPS, even though it was already decrypted by the time it hit Jetty, two things are required:
1) In your Wicket Application's init method, add:
getFilterFactoryManager().addXForwardedRequestWrapperFactory(null);
2) To tell wicket attribute to use the "X-Forwarded-Proto" parameter, add a protocolHeader init-param to your web.xml like the following:
<filter>
<filter-name>wicket.ggrocer</filter-name>
<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
<init-param>
<param-name>applicationClassName</param-name>
<param-value>com.ggrocer.site.GGrocerApp</param-value>
</init-param>
<init-param>
<param-name>protocolHeader</param-name>
<param-value>X-Forwarded-Proto</param-value>
</init-param>
</filter>
Subscribe to:
Posts (Atom)