Clojurians Log v2

Man, I came into clojure with such energy and gusto. It’s all but died within a matter of days? Why does this happen with literally everything I get into?

I think quite a few people find Clojure a lot harder than they had imagined and it can sap their enthusiasm. What sapped your energy @c.westrom?

@seancorfield I’m not sure. I think it’s just a personal thing. I don’t think clojure will ever leave me. My Japanese skill, music theory, and my other various little skills and interests never completely left me either, I can just never stick with one long enough to complete anything. It’s like as soon as I get serious I kill it.

Clojure and babashka will still be my go-to for any weird experiments or cli tools I have in mind, but I’m not sure anymore about making this into a full time job.

You have an interesting background and I'm sure you will continue to accrue interesting knowledge and experience -- if a programming career isn't for you, it's still a great learning experience to have ventured into the Clojure world!

My experience is pretty much the opposite of yours: I latched on to programming during my formative early teenage years (in the mid-'70s) and tailored my education toward that career and I've been doing it full time ever since. I very much admire people who have creative skills because I have almost none: I tried (and failed) to learn music, to play trumpet, piano, and guitar, I tried (and failed) to explore artistry through drawing and painting, I'm not a good writer (but I do at least persist at that to some degree). I let my other (human) languages wither (German, primarily).

How familiar are you with ADHD? What you described is a key characteristic of the diagnosis and may be a chemical limitation of your organism. If it is, there is little to nothing that you can do about it without help, which you can find nowadays in the form of therapeutic processes, drugs, personal organization and other things. If you don't know much about it, there are some documentaries for free online (just search for ADHD documentary on YouTube) that can give you an overview in a short time, just enough to trigger further research. If it resonates with you, look for a psychiatrist. Best of luck in your endeavors.

Thanks @anantpaatra those look really interesting!

for personal blog, I just write markdown with hugo. With a team, I still use hugo but also enable netlifycms so others can log in with github/gitlab and edit with a web GUI

all hosted on gitlab pages but github and netlify are ok, too

Something of an side, but as someone teaching creative coding at a couple of universities (as well as freelancing at the same) it’s always interesting to try and gauge whether students are motivated by the need to achieve a specific task, or whether they enjoy coding in the abstract purely as a mental exercise. Most students are in the first camp (maybe seeing coding as a process akin to googling for a solution), only a few are clearly enthusiastic about the process for its own sake - though we’re seeing that a bit more in the AV live-coding scene. Myself, I got hooked by Standard ML decades ago, after a background in mathematics, and worked on SML compilers for a while. I love Clojure as a process (network REPL etc.), but get frustrated by its sharp edges (try saying {:foo x} instead of (:foo x) by mistake and see how much trouble that causes, especially with a small font where you don’t notice the difference); were it not for Spec I might not still be here.

This reminds me of the https://josephg.com/blog/3-tribes/. Clojure seems to occupy the space between the mathematician-poet and the maker

I’d forgotten about that - thanks.

Maybe better in #jobs ? Might catch people that don't use off-topic ?

And yes, I can believe that Clojure is somewhere between #1 and #3. Personally, so am I, and I am pretty weak at #2, as evidenced by the slow frame rate in my on-stage AV performances.

Thanks Stuart!

There's an api that requires a JWT token in the header. When you give them the token in the header you can act as the authenticated user. This api also has some paginated endpoints, where it lists the "next" url to call to get the next page, but these endpoints are listed as http and not https. This would be a troubling security bug, right? because if someone just follows the given "next" page url, they would end up transmitting their security token in plaintext?

correct

And in general this type of authentication would be inherently pretty bad for anything remotely important, vs just signing a message locally and having them verify it, due in part to opening yourself up to exactly these types of bugs?

in theory yeah, that protects you in some way from leaking the credentials, I would look at aws's url signing for examples on how to do that (it ends up being complicated in order to avoid things like replay attacks)

but the actual content of the request is then still vulnerable

JWTs as session tokens are problematic in several ways

Yeah makes sense.

have you tried not sending the jwt to the subsequent pagination pages? Is it possible that those routes don't require it?

Yeah it's a 301 error when it's http

depending on how they expect the api to used, I dunno maybe that is fine, like if they expect the jwt to be set as a secure (https only) cookie, then the http request won't include it, but the redirected https request will

would that generally be documented somewhere? Their example docs just use a header with content type and Authorization: JWT <jtw key> and they don't mention much else about the token. (I already notified them it might be an issue, just kind of curious how bad of a mistake it is at this point, if it even is one)