Great Jargon LOL

Something I do in my day job a lot is read. I read tons of documents from peer reviewed publications, a bit less from periodicals like IEEE S&P, ACM Communications etc, and finally I get sucked into reading some vendor white papers / marketing crap. The density and value of the information in these documents decreases in the order that I’ve listed them while the amount of useless jargon increases.

I write a tech-report or a proposal every once in a while myself and I’ve found that the things I read have a significant impact on how I write. Similarly I’ll get asked to “provide comments” on a document prepared by someone else from time to time. This may sound strange but in reading something written by one of my peers I get a glimpse of what they’ve been reading too,

This past week I was asked to give someone feedback on a paper that’s still in draft form. I had very few issues with this paper technically. It had some pretty crazy punctuation and there were gramatical errors but it’s just a draft so I made note of them in my comments.

Now I’m no Shakespeare. I’ve made the same mistakes that I was commenting on for this document and that’s why we ask other people to read these things before we send them out into the community … But there are some things that I cannot excuse.

Toward the end of the document the author was noticeably fatigued and he started using jargon. I was about to make a note of how this jargon was meaningless and that the sentence could stand on its own without said jargon when I started to feel bad. Was I being too harsh? Was I just tired and sick of reviewing this document on a Friday at 5:30 when all I really wanted to be on my way home? So I threw the jargonic phrase in question into Google to see if the internets thought this was jargon as well. The first hit from this search had me laughing for a good minute. Follow the link, it speaks for itself.

So I concluded this was jargon after all 🙂 I don’t want this post to be interpreted as some commentary on writing style or our use of the English language in professional writing. I don’t have anything new to add there. If you care about effective communication read Orwell. If you’ve read this blog before (hell if you’re reading this post) you likely know that my writing can be as crappy as the next guys … just do me a favor and stay away from the jargon. It’s what separates us engineers from the marketing department.

Force apache2 digest auth over SSL

This may seem like a strange reason to be configuring an authenticated and encrypted HTTP connection … but it’s tax season! There’s a story behind this naturally but first a quick overview. Recently I’ve had had to exchange sensitive documents with someone. To do this I had to configure my web server to require digest authentication for all URLs below a certain directory. Further, to protect the data in transit I force traffic to these URLs over SSL. Pretty simple but very useful and worth a quick howto.

The Story

The guy that does my taxes is actually a friend’s dad. He’s an great CPA, a great guy and I completely trust him with my financials. The problem is … well he’s my buddy’s dad and he’s probably in mis mid to later 60’s so he’s not super tech savvy. He’s got email down (unlike my parents) but last year we ran into a problem.

I sent him my all of my tax relevant docs in hard copy as we’ve always done. What I didn’t expect was for him to send all of my tax documents back for me to sign in soft copy. This is great right? He meant well but I really wasn’t thrilled that he sent documents that have my SSN over email and in plain text. I tried to explain to him how to get an email certificate so we could encrypt our email exchanges but, well I think we ran into the technological version of generation gap. Needless to say, we fell back on hard copy last year.

After collecting up all of my soft copy forms for this years taxes I couldn’t bear the thought of having to find a printer to convert them into hard copy. That and I just wanted to get them out the door to my CPA same day. So with the available tools (a web server) I came up with a way to get my docs over to my tax guy with a level of security I’m comfortable with. Here’s how:

apache2 digest auth

There’s a million docs on the web describing how to set up the common auth modules for apache2. Frankly though my search turned up some pretty wild .htaccess files. I just wanted something that I could drop into the directory I wanted to protect and it would work. Here’s the digest auth part:

AuthType Digest
AuthName "taxes"
AuthDigestDomain ./
AuthUserFile /etc/apache2/taxes.digest
Require valid-user

This assumes you’ve got the digest_auth module enabled already (this is distro specific much of the time). Here’s a quick breakdown of the configuration directives. For the best reference see the apache mod_auth_digest docs.

  • AuthName directive specifies the name of the authentication realm. Any user that accesses this directory on the server must have credentials defined in this realm. For my tax documents I’ve named the realm taxes.
  • AuthDigestDomain tells the server which URIs will require authentication. In line with my desire to just have a drop in .htaccess file, I’ve used ./ which is the current directory. All subdirectories will require authentication as well.
  • AuthUserFile is the database file that has all of the user credentials … more on this in a minute
  • Require is how we specify additional constraints on which users can access the domain we’ve defined. I’m using valid-user which simply requires that the user specify credentials belonging to a … you guessed it, a valid user in the taxes realm. There’s a lot you can do with Require so you should read the docs for this one.

For any of this to work we need to specify the users names and their passwords. Apache has a tool that does this for us and it’s called htdigest. Check out the manpage for details but for the above example .htaccess file I used the following comand:

sudo htdigest -c /etc/apache2/taxes.digest taxes username

Force SSL

This is a pretty easy task but the method I came up with to solve it requires using Apache’s mod_rewrite which is basically regex black magic in apache config files. This is very much like driving in a tack nail with a 10lb sledge hammer. You can do some serious damage with mod_rewrite if you’re not sure of what you’re doing. For a simple task like this the solution should be simple and if you use mod_rewrite properly the result is actually very simple

DISCLAIMER: before using mod_rewrite you should read the mod_rewrite docs front to back and be comfortable matching strings with regex patterns (play around with grep on the command line).

RewriteCond %{HTTPS} ^off$
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI}

To protect the directory containing my tax documents I only needed two mod_rewrite directives in my .htaccess:

  • RewriteCond specifies the conditions under which the following rule will be checked. Here I’ve indicated that only URIs that aren’t HTTPS (the HTTPS server variable is set to off)
  • RewriteRule is where all the work is done and I’m using its most simple form. The first string is the regex that is matched against the requested URI. I’ve specified a pure wild card, it will match everything. Since this is an .htaccess file the rule will only be processed for URIs that are under this directory so I want it to match everything. The following string is the replacement text. This ends up being a simple redirect to the same URI that was requested but over SSL (trust me). If you’re skeptical hit the docs.


That’s it, you can get the taxes.htaccess. Nothing really novel here, just a practical use of my web server for exchanging sensitive documents, I thought that was worth a quick post.

Naturally this isn’t a perfect solution but it’s good enough. My tax guy can still screw things up on his end by having maleware on his office computer or he may sell my personal info to the highest bidder but these things are largely out of my control and would be a problem even if I sent him all of my stuff in hard copy. This also doesn’t scale at all but I’ve got only one guy doing my taxes in any one year so that’s a non-issue. Next is figuring out a way to get my completed documents back from him. I’m thinking I’ll have to code up a quick upload script … more to come.

Nokia E7 Pre-Order Page Crashes N97 Browser

I had hoped to hold out on buying another cellphone until Nokia got their shit together and released the first Meego phone. With the latest news out of Nokia being a Microsoft partnership and the projected release of the N950 being “later in 2011” it’s become painfully obvious that my N97 just won’t make it.

I signed up on the Nokia website to get email notification when the C7 was available for preorder I finally got that email today. I was sitting in my mechanics waiting room when I got the email so followed the link in the email on my N97 and after loading up 828K of the web page … the browser stopped responding. Actually the whole phone stopped responding for almost a minute. Eventually the browser just crashed and the phone recovered.

This pretty much sums up my experience as an N97 user: irony around every corner with Nokia looking like they’re really trying hard to screw things up: your company website shouldn’t crash the phones you make!

Despite my complaints about the N97 it was a huge improvement over my Samsung BlackJack II that (sometimes) ran Windows Mobile 6. Hopefully when I shell out the small fortune for the C7 it’ll be even better.