off-topic

https://github.com/clojurians/community-development/blob/master/Code-of-Conduct.md Clojurians Slack Community Code of Conduct. Searchable message archives are at https://clojurians-log.clojureverse.org/
West 2021-03-08T00:26:24.198400Z

Man, I came into clojure with such energy and gusto. It’s all but died within a matter of days? Why does this happen with literally everything I get into?

seancorfield 2021-03-08T00:29:07.199400Z

I think quite a few people find Clojure a lot harder than they had imagined and it can sap their enthusiasm. What sapped your energy @c.westrom?

West 2021-03-08T01:16:31.200300Z

@seancorfield I’m not sure. I think it’s just a personal thing. I don’t think clojure will ever leave me. My Japanese skill, music theory, and my other various little skills and interests never completely left me either, I can just never stick with one long enough to complete anything. It’s like as soon as I get serious I kill it.

Kifah 2021-03-08T08:18:49.208300Z

+1 for checking out ADHD--completely relate to what you're sharing, West

West 2021-03-09T01:52:07.236600Z

Oh hell no. I ain’t drugging myself. I was prevented from taking amphetamines as a child long ago, I won’t start now.

sova-soars-the-sora 2021-03-09T20:43:11.246900Z

Have a goal in mind to build something for other people, and just remember how great it will be when it's alive and out there 😄

adam-james 2021-03-15T17:02:04.377Z

I think not finishing projects isn't always bad. In 'small' examples, we do it all the time: if you're not hungry, don't eat, if you're not enjoying a book, don't read it. You don't have to watch an entire TV series if it's not worth your time anymore... all of this is subjective of course, and effort isn't bad either. I personally find this a challlenging balance, but being generally OK with not finishing something has always helped me weirdly stick to the things that just keep coming back in my mind / interests. And it's ok if things take more time than you think they 'should'. As for drugs, they're not for everyone for sure, but I do think it's worth considering. Often by talking with a doctor. I say this with personal experience. I started taking an SSRI for anxiety and the improvements are tangible in my life and attitude. Point is not that you should take medication, just that it's a legitimately useful thing for many people, and you might be one of them, who knows?

1
☝️ 1
West 2021-03-08T01:19:27.201500Z

Clojure and babashka will still be my go-to for any weird experiments or cli tools I have in mind, but I’m not sure anymore about making this into a full time job.

seancorfield 2021-03-08T01:27:32.202800Z

You have an interesting background and I'm sure you will continue to accrue interesting knowledge and experience -- if a programming career isn't for you, it's still a great learning experience to have ventured into the Clojure world!

seancorfield 2021-03-08T01:31:34.206600Z

My experience is pretty much the opposite of yours: I latched on to programming during my formative early teenage years (in the mid-'70s) and tailored my education toward that career and I've been doing it full time ever since. I very much admire people who have creative skills because I have almost none: I tried (and failed) to learn music, to play trumpet, piano, and guitar, I tried (and failed) to explore artistry through drawing and painting, I'm not a good writer (but I do at least persist at that to some degree). I let my other (human) languages wither (German, primarily).

felipebarros 2021-03-08T02:15:19.206700Z

How familiar are you with ADHD? What you described is a key characteristic of the diagnosis and may be a chemical limitation of your organism. If it is, there is little to nothing that you can do about it without help, which you can find nowadays in the form of therapeutic processes, drugs, personal organization and other things. If you don't know much about it, there are some documentaries for free online (just search for ADHD documentary on YouTube) that can give you an overview in a short time, just enough to trigger further research. If it resonates with you, look for a psychiatrist. Best of luck in your endeavors.

✅ 1
orestis 2021-03-08T06:31:33.207300Z

Thanks @anantpaatra those look really interesting!

2021-03-08T07:16:06.207600Z

for personal blog, I just write markdown with hugo. With a team, I still use hugo but also enable netlifycms so others can log in with github/gitlab and edit with a web GUI

2021-03-08T07:17:26.207800Z

all hosted on gitlab pages but github and netlify are ok, too

cassiel 2021-03-08T09:51:20.215Z

Something of an side, but as someone teaching creative coding at a couple of universities (as well as freelancing at the same) it’s always interesting to try and gauge whether students are motivated by the need to achieve a specific task, or whether they enjoy coding in the abstract purely as a mental exercise. Most students are in the first camp (maybe seeing coding as a process akin to googling for a solution), only a few are clearly enthusiastic about the process for its own sake - though we’re seeing that a bit more in the AV live-coding scene. Myself, I got hooked by Standard ML decades ago, after a background in mathematics, and worked on SML compilers for a while. I love Clojure as a process (network REPL etc.), but get frustrated by its sharp edges (try saying {:foo x} instead of (:foo x) by mistake and see how much trouble that causes, especially with a small font where you don’t notice the difference); were it not for Spec I might not still be here.

Joe 2021-03-08T10:51:36.216400Z

This reminds me of the https://josephg.com/blog/3-tribes/. Clojure seems to occupy the space between the mathematician-poet and the maker

cassiel 2021-03-08T11:32:44.219800Z

I’d forgotten about that - thanks.

2021-03-08T11:35:30.222200Z

Maybe better in #jobs ? Might catch people that don't use off-topic ?

cassiel 2021-03-08T11:36:22.222400Z

And yes, I can believe that Clojure is somewhere between #1 and #3. Personally, so am I, and I am pretty weak at #2, as evidenced by the slow frame rate in my on-stage AV performances.

elizabethkh 2021-03-08T11:38:36.222800Z

Thanks Stuart!

2021-03-08T19:00:12.226800Z

There's an api that requires a JWT token in the header. When you give them the token in the header you can act as the authenticated user. This api also has some paginated endpoints, where it lists the "next" url to call to get the next page, but these endpoints are listed as http and not https. This would be a troubling security bug, right? because if someone just follows the given "next" page url, they would end up transmitting their security token in plaintext?

ghadi 2021-03-08T19:00:30.227Z

correct

👍 1
2021-03-08T19:11:11.229Z

And in general this type of authentication would be inherently pretty bad for anything remotely important, vs just signing a message locally and having them verify it, due in part to opening yourself up to exactly these types of bugs?

2021-03-08T19:31:01.230600Z

in theory yeah, that protects you in some way from leaking the credentials, I would look at aws's url signing for examples on how to do that (it ends up being complicated in order to avoid things like replay attacks)

2021-03-08T19:32:06.231600Z

but the actual content of the request is then still vulnerable

ghadi 2021-03-08T19:32:08.231700Z

JWTs as session tokens are problematic in several ways

☝️ 2
2021-03-08T19:35:31.232Z

Yeah makes sense.

dpsutton 2021-03-08T19:36:19.232600Z

have you tried not sending the jwt to the subsequent pagination pages? Is it possible that those routes don't require it?

2021-03-08T19:41:38.233200Z

Yeah it's a 301 error when it's http

2021-03-08T19:48:51.234200Z

depending on how they expect the api to used, I dunno maybe that is fine, like if they expect the jwt to be set as a secure (https only) cookie, then the http request won't include it, but the redirected https request will

2021-03-08T19:59:51.236100Z

would that generally be documented somewhere? Their example docs just use a header with content type and Authorization: JWT <jtw key> and they don't mention much else about the token. (I already notified them it might be an issue, just kind of curious how bad of a mistake it is at this point, if it even is one)