Intuition i.e. what my smooth brain needs

TL;DR – go read this Probability Theory primer by Michael Betancourt

I spent the past month or so struggling with the measure theoretic foundations of probability theory. What the heck are sigma algebras? Nothing I read really landed with the dozen or so brain cells I have dedicated to mathematics. You may rightly ask what could possible work with such little mental capacity.

From the shockingly limited learning I’ve somehow accomplished to date, I’ve made a couple far-reaching and likely false generalizations that fit my world view:

1) Every key insight can be explained simply given the correct framework.

2) Any esoteric notation or concept has an underlying motivation that can be simply explained.

My hope is that I can find those simple explanations for everything I care to learn. Sir Dr. Betancourt’s excellent exposition checked those boxes for me. Whether or not that translates into a workable grasp of these concepts is left to be determined.

Do I really need a domain name for every crappy idea that crosses my mind?

No but we all have our vices. After getting soundly trounced in a puzzlehunt, I took some of that frustrated energy and channeled it into Right now it only highlights random portions of the input text. I had grand visions of automated rearrangements of words, pattern recognition, association building etc. Of course all of that fell by the wayside as life moved on.

Now my favorite personal use case is to fill the entire screen with “-” characters and watch the light show.

Street Parking Map

I’ve learned a lot about myself since moving to LA. One thing I learned immediately is that I’m terrible at street parking.

I came to terms with this truth while scraping the overcooked bits off the bottom of a hot pot, during a dinner I was an hour late for. is my first step towards conquering parking.

I hate parking.

SQLite, inspiring.

Just take a look at this website:

They test everything. One particular term caught my eye, because I didn’t understand it.

100% modified condition / decision coverage

What does this mean?

First, what is 100% decision coverage? For each conditional, both the true and false branch must have test coverage.

Consider A & B, the following two cases provide 100% decision coverage:

A = true, B = true

A = true, B = false

But these cases don’t provide 100% condition coverage, which states that both A and B take on all possible values. These cases provide 100% condition coverage, but not 100% decision coverage:

A = true, B = false

B = false, A = true

What about 100% condition / decision coverage? Each decision and each conditional must take on all possible values at least once.

A = true, B = true

A = false, B = false

These test cases provide condition / decision coverage.

Finally, what is modified condition / decision coverage? Like, condition / decision coverage, each conditional and decision must take on all possible values. The additional restriction is that each condition must affect the decision independently.

The above cases don’t provide 100% MC / DC coverage, because of this case:

A = false, B = false

If we hold one fixed, the decision of A & B is not affected by the value of the other.

We would need 3 cases:

A = true, B = true

A = true, B = false

A = false, B = true

To satisfy 100% MC / DC coverage. Pretty strong requirement huh?

Oh and every entry / exit point of the program must be exercised, but that’s a minor detail.


ecryptsfs and ssh don’t play nice together

I encountered the most aggravating issue today. My zeal for security combined with my lack of understanding was my downfall.

Recently I bootstrapped a server with a fresh Ubuntu installation. When asked if I wanted to encrypt my home directory, I didn’t hesitate for a second. No baddie was pulling my files off my disk, no hell no.

When ungodly winds struck LA last weekend, the power went out. Nine times out of ten, any wind over 15mph and LA’s grid is struggling.

So I turn this machine on again, and go to SSH in. It prompts me for my password.

Strange, I absolutely had my public key installed on the server.

I ran ssh-copy-id again for good measure.

Same problem.

I scoured Google with vague terms “SSH public key still prompts for password send help”

And then it worked! I ran ssh and it logged me in smoothly, no-hassle, as God intended.

Did I fix it? Take Note: When something works without any change to the system, no you did not fix it. I’m looking my fellow programmers dead in the eyes right now.

I carried on, logged out and tried again. Once again prompted for the password.

OH I logged out of all my sessions! I could only SSH with public key authentication when I was already logged in with a separate session.

What the devil is this bullshit … ecryptfs … my home directory was only decrypted and mounted when I had an active login session.

Where do SSH keys live by default? /home/user/.ssh/authorized_keys.


SSL for Everything Else

Last post I mentioned how easy it was to setup SSL with AWS Certificate Manager.

But what about all your other servers? Are we going to cough up $16 per year for a single-domain SSL certificate from Gandi?


Let’s talk about Let’s Encrypt. I downloaded their Linux version and got down to business.

Here is a running tally of my steps.

  1. Google “nginx letsencrypt” and find this DigitalOcean guide.
  2. Stop my nginx server to free up port 80, which is used in the letsencrypt process.
  3. run $ ./letsencrypt-auto certonly –standalone
  4. Enter my domain name.
  5. Make 15 seconds worth of changes to my server blocks in nginx.
    1. Redirect port 80 -> 443
    2. Setup a block for port 443 SSL, all in the guide
  6. $ sudo service nginx start

It took 5 minutes to fully setup.

I love it when life is stupid easy.

Easy SSL with AWS Certificate Manager

Amazon Web Services recently rolled out the AWS Certificate Manager: blog post

Always a brave soul, I used it to set up HTTPS for a domain name I have lying around. I’m writing about how it blew me away. It’s so damn easy.

I’m a big fan of HTTPS. Being a security enthusiast (note: not qualified expert) I think the whole protocol is pretty sexy.

Michael’s Old Dumb Way

Normally, I use the one-year free SSL certs from gandi. Free is always good, but setting it up is a pain in the ass. For each domain name I need to fill out the form for a Certificate Signing Request, etc.

Then I need to configure my web servers to use HTTPS, usually by updating my nginx configuration.

The AWS Way – Best Way

This process can be completed in 30 minutes or less, especially if you’re familiar with AWS.

Step 1: Route53

Create a hosted zone with your domain name ( Go to your registrar and input Amazon’s nameservers.

Step 2: Amazon Certificate Manager

Create a certificate request for Amazon will send you a confirmation request via your WHOIS contact email. Accept it and boom you’re done!

Step 3: Elastic Load Balancer

Create a load balancer instance that accepts both http (80) and https (443) in it’s security group configuration. Attach your ec2 instances to the load balancer.

Note: It’s good practice to make sure your ec2 instances only accept traffic coming from your load balancer’s security group. I allowed public ssh for convenience.

If you use the default health check (, this will get your ec2 instance up and running quickly.

$ ssh -i yourkey.pem ubuntu@ec2-blahblahblah
$ echo "Hello World!" >> index.html
$ sudo python -m SimpleHTTPServer 80

Go to the AWS Certificate Manager interface and create a new record set. Click “yes” for alias and select your Elastic Load Balancer instance by clicking on the blank.

Congratulations! Visit and bask in the glory.

Or visit in the next hour to see my Hello World!.


Chroot Jail Part 3

Recently I decided my dev DigitalOcean instance needed a boost. Normally 512mb is sufficient for production but I want to develop remotely.

I opted for a temporary resize to 1gb of RAM.

I also learned that my attempts to bind /dev/urandom and /dev/tty in /etc/fstab were failing miserably. I had to use DigitalOcean’s VNC connection and manually try to figure things out.

Remember how often I hit Ctrl-W and closed the tab still raises my blood pressure.

I ended up using /etc/rc.local to run


$ sudo mount --bind /dev/urandom /jailthing/urandom
$ sudo mount --bind /dev/tty /jailthing/tty

And it worked like a charm!

No more VNC to setup my convoluted login scheme anymore!

Getting MEAN

I’m forcing myself to build websites to back my domain names. If you didn’t know this about me, I love buying domain names. Sadly, I’ve been lax about making use of them.

Beautiful names like and are wasted.

Well actually is set up with No-Ip to give my personal machines subdomains, but that service has proven less than useful to me.

To get back into the web space, I chose to play with MEAN.

I head on over to the tutorial page and get cracking. My target server is a 512mb Digital Ocean droplet with Ubuntu 14.04.

Everything goes smoothly for the most part. I did hit a few snags:

mean init

This command initializes your application. It creates a directory of your choosing with a skeleton app.

If for any reason this fails (root owns ~/.npm, oops), the directory is still created. Simply running mean init again errors out due to the directory already existing. I had to rm -rf that shit and it’s annoying.

The tool offers to set up an admin user but requires a password of either letters, numbers or dashes with max length 15. What the hell.

npm install

The process is killed if the process requires more memory than is available. No error message beyond “Killed” is emitted. This step will fail on a 512mb instance.

The accepted workaround is to either create or expand the swapfile used by the system.


I’ll make another post about my actual development experiences, stay tuned!




Micro Utilities

Recently I’ve created a tiny site called It’s a repository for all the small utilities I write from now on.

On that note, I thought about the API that these little utilities should expose.

Most bash scripts or utilities use command line arguments to define behavior. This is great for humans but can be a pain when calling scripts from other scripts.

My current strategy is to implement the same API in all scripts:


Debug output -> STDERR


All options, flags and input data are encompassed in the input JSON. Likewise, all output is exposed as JSON. Human-readable output is sent to STDERR.

We’ll see if this utility convention works out!