No more HTTP: implementing Let’s Encrypt certificates

Once upon a time, SSL certificates were expensive, and getting them required multiple days of lead time.

Signing authorities have improved in both areas (i.e. cost and turnaround), but Let’s Encrypt has taken it to a whole new level. Their free certificate service moved out of beta earlier this year, and with my one-and-only SSL certificate coming due for renewal, I thought I’d take it for a spin.

Let’s Encrypt issue 90-day certificates (commercial authorities typically offer 12-24 month certs), so their service is designed to be consumed by automatic certificate management software rather than end-users. This means there’s no user-facing front-end – another departure from traditional CAs.

You’d be forgiven for thinking all of this sounds terribly complicated, but with certbot, it couldn’t be much easier (assuming you’re running your own server). You just download and run the certbot-auto script and follow the instructions. In my case, as an Apache user, getting this blog running on HTTPS was as simple as:

$ certbot-auto --apache -d lkrms.org,www.lkrms.org,arms.to,www.arms.to,lukearms.net,www.lukearms.net

This command looked after reconfiguring, testing and reloading Apache. Then I dropped the following into /etc/cron.d/certbot:

42 2,14 * * * root /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade

Now, as my Let’s Encrypt certificates expire (or are revoked), they are automatically renewed. Twice daily.

Suck on that, NSA / metadata retention agencies / ASIO / AFP.

NO DATAS FOR YOU.

Losing my religion (part 1)

I’ve been reliably informed that “losing my religion” means something else entirely, but it should be taken literally here. And if I lose my mind along the way, consider it a tribute to R.E.M.’s intended meaning.

Also: tribes are great. I don’t have anything against tribes. I’m just looking for a new one is all.

Last month, I came to the realisation that after 3 decades of committed involvement in Christian churches–my entire adult life and most of my childhood–it was time to leave the tribe.

Over the years, I’ve preached, been on music teams, done beach missions, led youth groups, attended conferences, and done heaps of other Jesus-related stuff, so this is no small thing. Reaching the point where I no longer consider myself a Christian represents a pretty major transition. (An “epic fall from grace,” you might say, if you’re a Christian.)

I’m not writing about my “unconversion” with a particular agenda. Many others have shared similar stories, and I’m not delusional enough to believe I have an Edgy New Angle on quitting the church that definitely deserves to go viral. I’m simply trying to straighten out my thoughts. I’d also like to avoid explaining myself hundreds of times.

So, what does it mean to “leave the tribe”? Some of my Christian friends have tried to comfort themselves with the notion that this is only about taxonomy–that I’ll be calling myself something different but carrying on as I always have. I’m sorry to disappoint, but I’m not going to be rebranding myself as a “Jesus-follower” and living up to anyone’s expectations of such a person.

What I believe (or don’t) about spiritual things will be between me and a handful of others. Although I currently consider this to be more “identity crisis” than “crisis of faith,” I won’t be keeping you posted on how I’m tracking in the faith department. This is partly because I expect my spirituality to be a moving target (the more I learn, the less certain I am), and partly because I can’t see a good reason for you to know.

I’ll simply be another person trying to live a compassionate, wholesome, and balanced life. Please don’t assume that I’m an atheist, an off-brand Christian, or something in-between–I have no interest in the expectations or baggage of any religious (or irreligious) monicker.

I’m hopeful that I’ll be able to continue many friendships with people of faith, but I realise that some friendships won’t be the same anymore, and others won’t survive this change at all. There will no doubt be moments of grief as the reality of this hits home, but I’m sure the pain will pass.

Becoming progressive

Over the last 10 years, I’ve slowly but surely transitioned from “conservative straight white Christian male” to “progressive pro-diversity anti-patriarchy straight white Christian male.”

At first it was only my politics that changed, but my faith was gradually overhauled too. Although my theology remained conservative (mostly), I became less dogmatic and accepted the legitimacy of alternative views in many areas.

There were several critical moments at which I consciously chose to remain among conservative Christians. I believed it was important to challenge the idea that conservative morality could only be expressed through conservative politics, so I resigned myself to bringing that challenge from within. It was uncomfortable and multiple friendships evaporated, but I pressed on anyway.

Late last year, I become increasingly discouraged with the collective resistance of my fellow Christians to critical thinking, genuine compassion, and real-world action.

I was constantly locking horns with Christians, mostly online but also offline. The battle for Just A Little Bit Of Progress was unrelenting and mostly unrewarded (despite quiet encouragement from a few like-minded friends). My patience was waning, my ability to engage respectfully with bigots was slipping, and my mental health was suffering.

At first I thought it might just be my local church, so I disconnected for a few months and sporadically tried a few others. None of them felt right, all of them would have struggled to have an open conversation about issues that I consider important, and honestly, the weeks I stayed home were more beneficial.

Eventually, I accepted the reality of the situation: I just don’t belong in the Christian tribe anymore. That’s not to say there aren’t Christian individuals with whom I share common views / hopes / dreams. But, ironically perhaps, I’ve lost confidence in institutional Christianity as a vehicle for outcomes that align with the words of Jesus.

You might be wondering if I’m still “following Jesus”. My answer is no, because it’s a phrase that comes with baggage. All I can confirm is that my “Christian worldview” hasn’t been discarded. (But it’s under ongoing review.)

To my Christian friends: I’m sorry to disappoint you, but I’m not sorry to have made this change. I already feel more authentic, more healthy, and more useful.

Welcome to Luke 2.0. The old has gone, the new has come.

Installing Homebrew on El Capitan when SSL won’t give you a handshake

This is a tech post for tech people who like to tech out their Macs using Homebrew.

(With apologies to those who have no clue what I’m talking about.)

If you’re trying to do a clean install of Homebrew using the instructions on http://brew.sh, you’ll probably you might get this error:

curl: (35) Server aborted the SSL handshake

Apparently something is currently broken about accessing GitHub-hosted raw content via https://raw.githubusercontent.com. It’s probably nothing do with your curl version.

Here’s an alternate install command that worked for me:

/usr/bin/ruby -e "$(curl -fsSL https://github.com/Homebrew/install/raw/master/install)"

You’re welcome.

UPDATE: it’s possible I was experiencing this issue due to intermittent problems with Telstra’s network.

Confessions of a sexist feminist

I have zero qualifications to write about feminism.

I’m a privileged white male, comfortably inhabiting a man’s world. I enjoy the benefits of winning the chromosome lottery 32-ish years ago, and I’m often blind to the ease with which opportunity, recognition, and remuneration fall into my lap, just because I’m a man.

I’m not being sarcastic. There are no mind games here.

I accept that simply having a penis makes my life easier in ways I might never understand. I accept that the challenges I face as a man don’t compare with the daily realities of women in pretty much every society on earth.

So why am I writing my first piece on feminism?

It would certainly be easier to remain on the sidelines, cheering feminist women on, rather than adopting their cause as my own. Women feminists, after all, know exactly what they’re fighting for. I’ve never experienced the reality of casual sexism or blatant misogyny. What could I say or do that would actually help? Won’t I somehow be guilty of mansplaining if I try to speak up?

It’s worth noting that as an amateur feminist (and a male human), the sexism in me is not yet dead. Patriarchal patterns of thinking and behaviour I’ve inherited or absorbed have not yet been eliminated. My eyes have not yet been opened to every form of sexism as it exists around me, and I will never understand it as well as women do, because I’ll never be able to experience it as they do. So it’s almost inevitable that I’ll be complicit in sexism without realising. Even this post might contain accidental sexism.

But as I acknowledge my imperfect feminism, thanking several women for opening my eyes more and more every day (you know who you are), I’d suggest that I’m not alone.

Are you a quiet male feminist too? Are you hesitant to be “out and proud” because professional feminists might point out the flaws and inconsistencies in your feminism? Are you afraid that your words might be too feeble, or that they might be misunderstood and used against you?

I ask because I’m no longer convinced that these are good enough excuses for merely shaking our heads while SO MANY women around us are underpaid, undervalued, abused, harassed, assaulted and killed–usually by men. Do we really think it’s okay to abandon women in their fight for basic rights and survival, just to minimise our risk of hurt feelings?

Men, it’s our duty to be active feminists. Not because women are dependent on us–far from it–but because our sexism is responsible for making feminism necessary in the first place.

Uncomfortable as it may be, we need to take a back seat. We need to educate ourselves about the ways we’re limiting, demeaning, and damaging women. We need to listen when they tell us how to clean up our act. And we need to actively call out men who fail to grasp the value and importance of women.

Here’s my personal “Male Feminist Charter”. Will you join me in committing to this?

  • I will respect women and fight for them to be seen by other men as equals in every way, especially when no women are watching.
  • I will value the opinions and contributions of women. I will see women as assets in every workplace, community, and family. I will do everything in my power to open doors that are currently closed to women.
  • I will listen and learn and change when women point out sexism in my words and actions.

Safe Schools: I’m a Christian and I love it

Even Donald Trump is calling himself an “evangelical Christian” these days, so it might not mean much to make the same claim, but I’ll do it anyway. I’m a Bible-believing, not-conservative-but-still-evangelical God-bothering type, and I’m here to say: the Safe Schools Coalition has my full support, and I hope it will still be around when my kids are in Year 7 or thereabouts.

The majority of my Christian friends have petitioned the government to review the Safe Schools program (or opposed it in some other way), insisting that it’s more than an anti-bullying program. There’s widespread concern (1) that it’s a vehicle for gay activism and recruitment, (2) that it “normalises” LGBTI desires and behaviours, and (3) that it is coercing children to doubt their own sexuality.

To each of these concerns, I say this:

  1. “It’s gay activism!” First, you can’t “catch the gay”. Second, it’s horrific to treat LGBTI people like they have a contagious disease. Third, please check out the Safe Schools curriculum for yourself rather than letting douchecanoes like Lyle Shelton from the Australian ‘Christian’ Lobby tell you what to think. (Bear in mind that each school, in consultation with its community, adapts the curriculum to suit its own students.)

  2. “It normalises being gay and being trans!” It’s an anti-bullying program. Of course it’s aiming to “normalise” LGBTI people. They are, after all, normal people, with much more to offer the world than the particulars of their sexuality, which is only one part of their identity. Failing to “normalise” the targets of bullying would be a pretty fundamental failure for a program like this, given bullying relies on a sense of “us vs. them”.

  3. “It forces straight kids to reconsider their sexuality!” Again, you can’t “catch the gay,” and coercion is not the same thing as teaching a group of children to genuinely empathise with people who are, say, same-sex attracted, or experiencing transsexual desires, or living with two mums. Obviously some kids who are already wrestling with the possibility of being LGBTI will feel empowered to open up about it in a safe environment, i.e. a “Safe School” that actively puts the issue on the table for respectful discussion. This is a Good Thing, not coercion or recruitment. (And if you’re going to make egregious claims like these, do back them up with evidence.)

To Christian parents who believe gay sex is wrong, and want to encourage their children to believe likewise: no-one is trying to control what you teach at home, nor is Safe Schools content aimed at vulnerable infants. Talk to your kids about this stuff. Start early. But most of all, teach them to follow Jesus in showing radical love, especially to minorities and outcasts, and model that love yourself. (Side note: do you really want to be kept out of the loop if your own child is LGBTI?)

I’m an Australian Christian and I support the Safe Schools Coalition. Also, Cory Bernardi’s homophobic witchhunt review should be dumped (along with Cory himself, preferably).

App update notes

App update notes

Ben Brooks on The Brooks Review:

Stop wasting my time, stop wasting everyone’s time. If you want to write something cutesy, put it on your blog. Release notes should be clear, concise, well structured, and helpful.

Once upon a time, I thought it was great when creative/hilarious release notes appeared in my App Store updates tab. Now, I’m with Ben. Make them useful.

On failure. And starting.

When you’re as prone to failure as I am, it’s easier to stop trying than to press on.

It might not look like you’ve given up – with practice one can appear remarkably confident, busy and purposeful while avoiding a meaningful existence – but in truth, the pressure to be creative, decisive and generally winning can be utterly immobilising when your lack of prior success is staring back at you from every direction. Soon, your lack of purpose creates even more failure, which adds its voice to the failure that went before, insisting that your good intentions and well-made plans will amount to nothing.

I don’t share this for sympathy or encouragement. I wouldn’t be writing it at all if remembering my successes were enough to shake the sense that my career trajectory plateaued shortly after high school; that I’m a disappointing husband and father; that I’ve failed to complete more projects than I can count [including some I’ve attempted on this blog].

Are my standards for “success” too high? Yes.

Does it all stem from my weird childhood? A lot of it does, yep.

Are there successes I can be happy about? Sure.

Do I follow enough blogs about productivity and being a winner? Hell yes.

Am I taking enough happy pills? My GP thinks so.

But still, in too many moments, week after week, month after month, I struggle just to start – even on the smallest of jobs and ideas – if my Ghosts of Failures Past lurk nearby.

I’ve put together a few words for the aforementioned ghosts. I’m planning to repeat them all year [language warning for my mum]:

Hello, Failure Ghost. I know why you’re here, but it’s 2016, so now would be a great time for you to kindly FUCK RIGHT OFF.

Here’s to a year of starting.

Thank goodness it’s only February.

Developing for painfully slow Internet

Developing for painfully slow Internet

I’ve meaning to link to this piece for a while, but in my new role as a web developer, it takes on additional significance. Even for developers who aren’t targeting “third-world” users, the reality is that sometimes Internet links are slow, and building websites and web-based products that function admirably when bandwidth is severely limited should be one of our priorities. Click through for some good ideas on how to do this.

Fujifilm X70: still not a Ricoh GR

Last October, I wrote:

The Ricoh GR is my favourite pocket camera so far, but that’s mostly because it actually fits in my pocket. Ricoh’s cleverness with its controls and custom options is a nice bonus, but a similarly compact and inexpensive offering from Fujifilm would be difficult to resist. I certainly won’t be breaking up with my Fujifilm X-T1’s and Fujinon lenses anytime soon, but for now they’ll be paired with a very capable little Ricoh.

Imagine my surprise when a few days ago, Fujifilm announced the upcoming FUJIFILM X70, a new breed of fixed-lens camera that matches the Ricoh GR II spec-for-spec (if you exclude the X70’s flip screen, aesthetic appeal, and Fujifilm processing engine).

It’s great to see Fujifilm work towards a more pocketable big-sensor-fast-lens camera, but I still prefer the Ricoh GR. Here’s why:

  • The X70 is still too big. Side-by-side comparison photos are few and far between, but from what I’ve seen, the X70 is significantly wider and higher than the GR, and MUCH deeper (even before you account for the non-retractable lens). This is understandable given Fujifilm’s commitment to X-series dials and flip screens, but for me, it represents the difference between a “pocket camera” and a “can’t-be-bothered-taking-it-with-me camera”.
  • The Ricoh has snap focus. See my earlier review for details.
  • The GR II is significantly cheaper (USD$560 vs. USD$700). Not that this alone would tip the scales–I’d expect to pay more for a Fujifilm on its brand alone–but it’s a factor.

The GR has other advantages too–e.g. native DNG shooting–but neither this nor the X70’s superior autofocus have any bearing on pocketability (or image quality). Hopefully Fujifilm will eventually release (yet another) X-series camera with a retractable lens, fewer dials and a smaller footprint.

Meanwhile, thank goodness for Ricoh!