chhotii

I am frustrated. Either I'm confused, or people stop reading new updated RFCs as soon as they think they understand something.

I'm trying to set up Postfix on a server to handle outgoing mail using SMTP. For now, at least, I am trying to send mail from one user, for one purpose, using one MUA, via code that I'm writing myself. I don't need lots of compatibility with all the various whatevers out there. My priorities are 1) maximum security and 2) minimum sysadmin dicking around required by me. Simplicity furthers both these goals.

The how-to says to punch holes in the firewall for 3 different ports: 25, 587, and 465. Why so many ports? For outgoing mail, it appears that the options are 587 and 465. Why both? If I can get one working for my one little purpose and leave the other one closed, that's simpler, and therefore better. So which port to enable, 587 or 465?

As I understand it, here's what these two ports do:

* port 587 has the client connect via cleartext. The user-authentication conversation happens in cleartext. The server may indicate that STARTTLS is an option. At some point the client may issue the STARTTLS command, and then the TLS handshake happens, and then everything is encrypted from then on out. There's a couple of criticisms of this: one, that the user-authentication conversation happens in cleartext, and thus can be spied on— ok, sure the credentials are somehow obfuscated, but still, you're leaking more info than is totally necessary— and secondly, a man-in-the-middle attack could suppress the STARTTLS command.

* on port 465 the TLS handshake happens immediately upon connection and thus everything is encrypted.

It sounds to me like port 465 would be better, ideally, but one has to go along with whatever is standard, and everyone thinks that port 587 is standard?— However, I've read RFC 8314. RFC seems to be saying, the port 465 approach is better, y'all are encouraged to do things that way going forward; but systems should have port 587 available for the next several years so that clients have some way to do encrypted SMTP just in case they don't yet do the port 465 thing.

In response to a Stack Overflow question about choosing between 465 and 587, this guy's interpretation of what RFC 8314 seems to agree with mine. He describes the recommendation to use port 587 as "outdated". He refers to port 465 as one of the "recommended secure ports". He says that "[a]lthough RFC 8314 certainly allows the continued use of explicit TLS with port 587 and the STARTTLS command" (emphasis mine; note allows not requires or recommends) he then points out a problem with the port 587 and STARTTLS approach.

However, this answer, which seems clear and sensible and in agreement with the RFC, is generally ignored (only one up-vote) and criticized. The one comment on this answer basically says "you're wrong" and claims that the use of port 465 for SMTPS "is not a practice that follows the RFCs". No, in fact, RFC 8314, section 3.3, if you read it, says "It is desirable to migrate core protocols used by MUA software to Implicit TLS over time" and does say "...servers SHOULD implement... Implicit TLS on port 465". But all over the Internet, lots and lots of "experts" say "port 587 is the right port for STMP, including secure SMTP, and port 465 is just this crazy non-standard thing that ISPs do for backward compatibility".

This seems to be because in the past, port 465 was assigned for some other reason, and then deprecated. Since knowing that such-and-such has been deprecated is a way to show off that one is an expert, the message "465 has been deprecated!" gets amplified over and over, drowning out the "let's go in this direction now!" message of RFC 8314.

So why wasn't a different port chosen for SMTPS, once port 465 had acquired that taint of being deprecated? There are a lot of numbers.

It occurred to me today that as the weather gets more and more unpleasantly hot, riding the bicycle becomes a much more attractive option for outdoor exercise compared to jogging, because on the bicycle one generates one's own brisk cooling breeze.

I SHOULD do some YouTube yoga classes, and/or weights, and/or various floor exercises from the exercise books I have. I am so tired of being cooped up in the apartment, though, and so tired of rounds of tedious little tasks. COVID-19 lockdown has gone on long enough that biking to the far end of the parking lot feels like an adventure to distant yonder and a refreshing change of scene.

Bicycle! Yippee bicycle!

Do you wear a mask when you go out? Or do you just never go out? Or, at the other extreme, do you think the fuss is overblown? I wear a mask when I go out.

An actual mask? Or a bandana? Or scarf or other make-do item? Sometimes a real mask; sometimes a large dinner napkin folded like a bandana.

How many masks do you have? 3 or 4 actual masks, which more or less suck because I'm experimenting with mask-making concepts, so far not very successfully. About 6 dinner napkins, ranging in color from more or less what I'm willing to be seen wearing in public.

Do you buy masks, sew your own, or do you have a friendly person who will sew them for you? I sew. My passion is sewing bags and things out of recycled denim. Making masks, on the other hand, is not my idea of fun. But it's what one does these days if one has a sewing machine. As far a buying masks... there are really pretty designer masks out there, but I'm pinching pennies these days; and I haven't seen the cheap procedure masks in stores in like forever.

Rectangular mask or fitted style? I've been making the rectangular mask style. Now that I have a printer, I should try making something like the Craft Passion fitted style mask; that should fit better. There's a refinement to that, the Jesse mask, which I should try making.

Elastic, paracord, shoelace, t-shirt yarn, or fabric tie? T-shirt yarn for the win!!! Paracord SUCKS. Elastic seems like it would be yucky and irritating. I had a ton of cheap plain new shoelaces from Dharma and before all this happened I was like "what am I going to do with all these shoelaces?" but as soon as the universe presented the answer to that question... I don't know where I stashed the shoelaces. But the t-shirt yarn works great and we have a zillion old t-shirts. The fabric ties have a nice neat tailored look but I can't summon up the shits to bother with all that fussy sewing.

Behind the ears or around the head? Tie around the head.

Nose bridge? Haven't tried making a nose bridge in a mask yet. Surprisingly, I've had minimal problems with my glasses fogging up.

Polypro liner? Haven't tried using polypro liner. How's the breathability?

Filter pocket? No. My curmudgeonly feeling is that if you think you're going to cut down your risk significantly by adding features to your homemade mask you're kidding yourself. Any mask is better than no mask but beyond that... You cannot think that putting a filter in your mask obviates the need for social distancing. So, not bothering to figure out filters. N.B., if I worked in healthcare with patients, I'd be in a different place with all this, and sure as heck into more high-tech masks.

This article in the New Yorker hits the nail on the head: why, in spite of the fact that I hate commuting, I always chose to go into the office so much of the time; my beef with colleagues who spent too much time claiming they were working from home; why volunteering for Arisia at a high level, with the lack of a shared workspace and schedule most of the time, did not do a very good job of replacing the social aspect of having a real job, and was often so frustrating; and-- most timely for now-- why distance learning is such a poor substitute for going to school, and why I'm kind of glad to not have a job when it's all work from home all the time.

Once upon a time there was a kid who wanted a dragon for a pet.

She had seen young dragons in the pet store. After school one day, she had gone to CVS to buy candy, and then walking home she had gone the wrong way on Harvard Street entirely by accident and discovered the pet store. It didn't look like much from the outside: it was pretty much windowless, with the remaining windows covered over with posters. The sign above the door was old and had letters falling off, so it advertised "EVER THING YO NEED FOR YOUR OG - C T - BIR FISH". Inside was faintly dusty and musty, with grimy-looking curling floor tiles, and a jumbled maze of wire-frame pet cages-- some containing various critters and some not-- and a wall of cloudy fish tanks at the back. Between the massive peg board display of cat toys and the bins of dog biscuits was a cage standing alone, lined with old towels and... tin foil?

She peered inside. Curled up together was a litter of tiny baby dragons sleeping. They were beautiful: shiny shimmery green and purple scales with golden edges. In the back there was even one large deep maroon egg that had not hatched yet. As she looked, one little dragon woke up, looked up at her with its huge, deep black eyes, and hissed at her, then yawned and tucked its head back under its bat-like wing. She was charmed.

Back home she spent her entire allotted 20 minutes of computer time (all the Parental Controls would give her until her mother gave her more, which her mother was likely to do if she did her homework (or her mother had work to do, or otherwise just wanted to be left alone)) looking up "how to care for pet dragon". It seemed doable. She couldn't wait for her mother to get home so she could beg her mother to buy one!

Mom came home with a big paper bag of take-out food-- good, because this meant restaurant food, and no waiting; but potentially bad, because this was a sure sign that Mom had a ton of work to do on the computer and wouldn't want to go to the pet store that evening. Over dinner the kid was so excited about the pet dragon idea, she was nearly bursting. "Mom! Mom! Mom! Let's get a pet dragon. They have some at the pet store. They are soooo cute!"

Mom's hand with the chopsticks and the trail of hanging udon noodles stopped mid-air. Mom's body suddenly seemed weirdly stiff somehow.

"A pet... dragon. A pet. A pet dragon...." Mom said, and then stopped, and stared at the kid.

"Pleeease mom? I'll take care of it!"

"Listen, kiddo. A pet is a lot of responsibility. And a dragon? I've never had a dragon. I don't know what's involved. What do you feed a dragon? How big is it going to grow?"

"I read up on it, mom! It's not all that different from having a cat. Not much more work at all."

"And besides, kiddo... the condo association has rules. You can have a cat or a dog or something little and not exotic that stays in a cage forever, that's allowed. But anything weird or exotic, you have to apply for approval from the condo board. I don't think they will approve of a dragon."

They lived in a huge condo complex: a cluster of tall buildings made of grey brick, in the brutalist style from the 1960's. A lot of people who spoke foreign languages were moving in and out all the time. And there were a lot of rules. Mom was always fuming that she had been kicked out of the tennis complex for going onto the tennis court too early, or fretting that they were going to have to move their bicycles out of their parking spot because they didn't have the approved type of fencing for chaining up the bicycles there, or worrying that they were going to get into trouble for having too much clutter on their balcony. The kid didn't care about tennis and thus had never had any trouble with the supposedly strict condo rules. She thought her mom was being paranoid about getting into trouble with the condo association.

"Well, listen, kiddo," Mom finally said. "There's a condo board meeting on Tuesday night. If you really want to do this, let's go to the condo meeting together and we can ask."

On Tuesday evening they went to the function room: a huge, carpeted room with armchairs and bookcases all around, and a bar with barstools (but never actually a bartender or people drinking) in the back. The kiddo had come there many times to play hide-and-seek when they had first moved in, before that got boring. This evening the function room had a huge table in the middle, and rows of hard chairs set out, and people-- stuffy boring-looking old people. The kid and the mom sat in the rows of chairs, not at the table: that was for the board members. The meeting was extremely boring. The stuffy old people went on and on about how much money they had spent on landscaping, and fixing the heating system. On and on and on. Then someone else in the chairs complained at the people at the table about stuff falling on her car. She seemed quite irate and it was almost a fight and yet it still was really boring. The kid was supposed to do her homework during the meeting, but that was boring too. Even her mom was bored, she could tell. The mom looked at her phone the whole time-- first Twitter (letting the kid peek whenever there was a good cat picture) and then the one stupid boring puzzle game she had on the phone. She must've been really bored to resort to that. Why didn't her mother get some decent games on her phone? The kid could not fathom.

Finally it was time for them to talk. The mom shyly rose her hand, and in a nervous squeak, asked "um, how do we go about seeking approval for an exotic pet?"

Old guy at the head of the table folded his hands together, and looked skeptically at them over his glasses. "What type of animal?"

"Umm, we would like to get a dragon."

Old guy at the table snorted and looked at the other people at the table. Everyone at the table looked at each other. They all either looked angry or very, very amused.

Old guy coughed. "I don't think we are going to grant approval for that. Dragons are a fire hazard. We have exceptionally liberal pet policies for a large condo association, we would let you have as many dogs as you want, but dragons, no. I doubt there's a condo anywhere that allows dragons."

The mom and the kid escaped the meeting as fast as possible after that, and went back to their apartment. The kid was sad and mad. The mom said, "I dunno, kiddo. Maybe after my job ends we will move back into the house. At the house there's nobody to tell us that we can't have a dragon. But here it's not allowed."

The kid didn't like the idea of living in the house, in a boring suburb far away from their friends and all the cool stuff. But maybe it would be worth it to have a dragon.

"So, when is your job going to end?"

"I don't know... three years maybe? At least."

------------------------------------------------

The next day the kid went back to the pet store, and looked again at the litter of baby dragons. So cute! So shiny! She asked the pet store owner if she could hold one...

Who needs pie crust?

We have lots of oatmeal and almost no white flour on hand. I wanted something like a custard pie today. So I found this: https://www.allrecipes.com/recipe/240103/oatmeal-pie-crust/ and made pumpkin pie with an oatmeal crust. It was fabulous! And way quicker than real pie crust.

Vic still prefers real pie crust. I told them that from now on, the deal is, if they want real pie crust instead of the oatmeal stuff, they have to help.

Baitcon is usually the best 4 days of my year.

Not surprised about the news about Baitcon this year?... was expecting this. In shock; numb; despairing; quietly enraged about the entire state of the world.

This calls for polishing off the bottle of wine tonight, and buying several boxes of brownie mix (if available) when I next go to the grocery store.

I made sourdough bread for the first time. I made bread without the use of a bread machine for the first time in decades. In spite of having no idea what I was doing it turned out fabulous!

At first I was following this recipe, or trying to: https://www.kingarthurflour.com/recipes/naturally-leavened-sourdough-bread-recipe

But then I realized at some point that it was going to take 3 more hours and I didn't want to stay up 3+ more hours, so I punched down the dough, covered it with plastic, and stuck it in the fridge. In the morning I got it out of the fridge. I didn't know where we would be in the whole rising process once it came back to room temp. After a bit I jump-started that process by heating the oven to "wicked hot summer day in Abu Dhabi" temperature, hot enough to hyperactivate the yeast but not too hot for the yeast to live, put the dough in a covered pot, and put it in the oven. When I was at a stopping point with my morning programming adventures, I took out the dough, tried to shape it into loaves, heated the oven, and baked it. In the end, very little correlation between what the recipe says and what I did with regards to time spent rising, number of foldings, etc.

It's bread. It rose. It tastes like bread.

I do not understand why so many of the beginner-level sourdough recipes on https://www.kingarthurflour.com/ call for using some yeast from a packet. They say, just in case, so you can be sure it rises, if you're new at this and you're not sure it's going to work. But then they also call for such teeny itty bitty quantities of starter. After feeding the yeast for a couple of days, what I do not have is a shortage of starter. Every time you feed the starter, you have 200 grams more starter. A big problem when one has starter is "what do I do with all this starter???" There are solutions to this problem (employed so far: make pizza, add to pancake batter) but eventually you just can't take any more baked goods. I liked this recipe because it called for no commercial yeast and lots of starter. If you had 200 gm starter at time t0, and fed the starter 100 gm flour and 100 gm water, then you have 400 gm starter at t1, no problem; and how can that possibly not rise? Starter that's been sitting on the counter and fed regularly for a couple of days has so much rising potential, it keeps threatening to climb out of the jar.

Even though I put the whole jar of starter in the bread dough that doesn't mean I'm out of starter. The previous day's pre-feeding discard went into a container in the fridge, so we can start a new round of pigging out on baked goods at a later date.

Thanks so much to rmd for her fabulous starter!

I gather that bleach is one of those items that has sold out all over the place and is hard to get these days.

I have, like, 3 jugs of bleach. I am never ever going to use all this bleach. If anyone needs bleach, I could drop it off somewhere Boston-ish. Let me know!

I have social anxiety when talking to people. It's worse when they are strangers; it's worse when the interaction is such that they are judging me; and it's worse when it's not in-person, but rather over some electronic telecommunications medium, such as phone, Skype, or teleconferencing, as there's always some limitation in the signal— either I can't see their face, or the video is not in synch with the audio, or the audio requires more concentration to comprehend, or at least I can't see the whole room and, for example, figure out that it's the cat that's distracting them, it's not that I'm being so boring.

Plus, my social anxiety is very much heightened when I'm on the spot to think through something technical or logically complex or mathematical. Someone must've humiliated me for not being able to reason mathematically on the spot as a child, and now someone looking at me while I do math or the like unnerves me. Pardon me if I've told this story before, but I survived being teaching fellow for a discrete math class by working out the homework problems I was going to present in section ahead of time, in detail, in my notebook. Obviously, duh, I was really good at doing discrete math; that's why I was TF. I knew, cold, how to do all the kinds of math problems we covered in that class. But while standing at the whiteboard with people looking at me, I couldn't count on myself knowing the answer to 2 times 3. Oh look, it says 6 on my notebook; I'll copy that to the whiteboard.

Interviewing for a software job, and having a coding challenge be part of that, is the perfect storm of all of these factors. It's strangers, they are judging me (OH BOY ARE THEY JUDGING ME— IS THIS PERSON WORTH $120,000 PER YEAR???), it's technical, it's over teleconferencing. Before the epidemic the final round of interview would be in-person but now all rounds are teleconferencing.

I did well with the in-interview coding challenges for the hospital job, and for the initial screen for the e-commerce job, because those coding challenges were so straightforward and algorithmically un-challenging that I required no brain to do them. I just relied on my coding habits. I'm going to iterate through this list; I'm going to make a HashMap to keep track of these things... Oh look, I've thrown the usual ingredients into the pan and it works.

Since I didn't have to brain with my brain at all while doing the straightforward programming exercises, that freed up my brain to generate speech, which was good and earned me points. It was emphasized to me by a couple of different people before the disastrous interviews that it was important to talk about my thought process while I was doing the coding challenges. It's not about whether you get the "right" answer so much; they want to see how you think. Apparently my thought processes work— I do have a history of producing software that works— but it's not all verbal. So, verbalizing what I'm thinking while I'm programming can be challenging, an additional cognitive burden on top of the cognitive burden of actually doing the coding.

So, when I got the not-obviously-straightforward coding challenge, I was doing three things at once: trying to visualize a solution— actually come up with an algorithm, which is not a verbal process; speaking, making a running commentary on what I was thinking; and, at the same time, listening to and judging what I was saying. Too much cognitive load and I buckled. I got distracted by the fact that one of the knee-jerk things I said ("I'll make a HashMap to keep track of things!") was a dead end and probably idiotic. Programming requires building a Jenga stack of abstractions in my head and when I get flustered, the whole stack comes crashing down. If nobody is witnessing my passing spell of befuddlement, and there's no more than the usual amount of time pressure (like, nobody's going to notice whether I finish this today or tomorrow), I can go back to the basics— what am I trying to do here? What are the building blocks already in place?— and re-build the delicate structure of abstractions in my head. During an interview, when I'm already highly anxious, this provokes a panic attack.

I don't know how to get any job that requires writing code in Java or Python or JavaScript or Swift or C++. I have in the past been paid money to write code that actually works. I haven't lost that ability. But I can't prove that I can do that if I can't code my way out of a paper bag during an interview. And, now that I've had one disastrously embarrassing experience with failing spectacularly at a coding interview, I'm even more anxious if I have an interview. I knew I would have this problem with interviewing for any new job that is coding-heavy, but after I smashed it in some previous technical interviews and on-line assessments, I had gotten pretty sanguine. But now I can't imagine not having a panic attack because I'm afraid I'm going to fuck it up by having a panic attack.

I think I need to practice coding while someone is watching me, and verbalizing what I'm doing while I'm working on figuring something out. If I can get into the habit of talking about what I'm doing while I'm coding, hopefully it won't impose any cognitive load to do so during an interview. And if I'm used to it, and it's not weird, perhaps I can just think about the problem at hand, not the OMG SOMEONE IS JUDGING ME. Like, isn't this how actors avoid stage fright— just practicing so much that they can utterly dissociate and still perform, because it has become automated?

So: I am looking for people who can Zoom with me, and look at a screen share of whatever exercise I'm doing next on HackerRank, and heckle me while I code. Unfortunately, people who know how to code are likely to be employed, and thus too busy to heckle me. Looking to maybe trade favors for time spent heckling?

What else am I to do? It seems that this trial by fire is required to get any job that would let me touch the Java compiler or Python interpreter or, gasp, the relational database connection. If I'm considered too much of a dumb-ass to be trusted with those tools, what could I do that would earn money? Work retail at Home Depot?