Twitter Bot that Tweets 538 Election Forecast

I wrote a Twitter Bot that tweets real-time updates from FiveThirtyEight's 2016 U.S. presidential election forecast. This is the latest version of the model that correctly predicated 49 of 50 states in the 2008 election and all 50 states in 2012.Follow @polling_2016 on Twitter!Details: The system pulls updates from FiveThirtyEight throughout the day, but will only tweet when the model is updated and the probabilities change. It uses the polls-only model. Typically it generates between zero and three tweets a day. It is written using open source software and runs on Linux. This is unaffiliated with FiveThirtyEight or my employer.

Everything you Need to Know about HTTP Public Key Pinning (HPKP)

Key pinning comprises the most practical hope for TLS security over the next few years, making targeted Certificate Authority-based attacks much riskier. While we wait for new systems built on top of key pinning, HTTP Public Key Pinning (HPKP) allows website operators to perform opportunistic key pinning, today.Chain of TrustIdentity, not encryption, is the most important component of a cryptographic protocol: The best encryption in the world is worthless if you aren't speaking to whom you intend. SSL/TLS verifies identity through a chain of trust represented by a series of X.509 public key certificates. Your browser trusts a set of root certificates owned by Certificate Authorities; those Certificate Authoritess in turn extend their trust to the websites you visit. When you visit, your browser verifies the certificate chain starting with's own, moving down to the root certificate. If your browser ultimately trusts that root, you know you are talking to me …

The End-of-Life of Windows XP and SSL/TLS Configurations

This is a followup to my previous post, Strong SSL/TLS Cryptography in Apache and Nginx.Perhaps hard to tell given how many users remain, but Windows XP reached its end of life on 8 April 2014. This means no more support, updates, or bug fixes—not even of critical security flaws. Windows XP use has been dwindling, but its end-of-life provides an excellent opportunity to consider removing support for it from your applications and websites.Dropping Windows XP support provides particularly interesting results for SSL/TLS configurations, as most of the compromises one makes in their provided cipher suites are in support of old versions of Internet Explorer on Windows XP. Since those users are now even more of a walking botnet and malware infestation, we needn't continue to support them to the detriment of the rest of the Internet.And what changes can we make? In my previous cryptography guide, I advocate disabling SSLv3 support, which breaks Internet Explorer 6 on Windows XP, but prev…

Strong SSL/TLS Cryptography in Apache and Nginx

I recently moved my homepage, Robert Love, from HTTP to HTTPS. My goal was to configure the server with strong cryptography while making less compromises for compatibility and against security than many of the "best practice" configurations others provide. I thought I'd share the result. Notably, I recommend a cipher suite ordering that enables Perfect Forward Secrecy (PFS) with AES-GCM, disables broken ciphers, neutralizes known attacks, and still works on nearly every browser. I provide configuration for both Apache and Nginx.Many feel encryption is the raison d'être of HTTPS, but I argue that the verification of identity and prevention of man-in-the-middle attacks are more important. Consequently, given the sophistication of today's adversaries, I believe HTTPS is important even for situations such as static content where you may feel encryption is of minimal value. I hope this guide inspires more webmasters to put all of their content under HTTPS.Your Server&…

Slow-Braised Carnitas

I used to have a bunch of recipes up online. But writing recipes is no fun; it is difficult to capture the beauty of a dish with a bunch of steps. Moreover, using recipes isn't how I cook. I want to understand the flavors of a dish and then execute it in my own way, in my own hands. So the recipes went away.But one of the most popular—and one of my personal favorites—was a recipe for the Mexican pork dish carnitas. It was a fun, relatively easy recipe, not traditional in approach but fairly traditional (and really delicious) in output. Folks keep asking for it. So here it is, in hopes I can eat it at your next house party.Carnitas is a wonderful Mexican dish, pork shoulder cooked until tender and then given a great crisp. In Mexico, carnitas is eaten on its own, in tacos, or in tortas. The traditional recipe is simple: several pounds of pork shoulder, a pound or two of lard, orange peel, and some water (or coca-cola), slow roasted and then "boiled" to a crisp. That is…a …

Linux System Programming, 2ed

I'm pleased to announce the release of the second edition of Linux System Programming, my guide to system programming on Linux.I updated the entire book to reflect new interfaces and behavior in the latest versions of the Linux kernel, glibc, and gcc—3.9, 2.17, and 4.8, respectively—as well as giving the text a universal overhaul with even more examples and interesting anecdotes.What I am most excited about, however, is an all-new chapter on threading. I cover the basics of Pthreads, of course, but the meat of the chapter is a discussion on threading design and patterns in Linux. Should you use event-driven or thread-per-connection as your threading model? How do Linux's threading solutions scale? What are the costs of and alternatives to threading? How can you mitigate the risk of races? And other such fun topics.Chapters: Introduction & Essential Concepts, File I/O, Buffered I/O, Advanced File I/O, Process Management, Advanced Process Management, Threading, File & Di…

University of Florida CISE: Now More Than Ever

By now you've likely heard the proposal that the University of Florida plans to drastically restructure its Computer Science department, CISE. While the details are not as provocative a picture as the Forbes article paints, the proposal is still bad for the university and its students (read the actual proposal). Also, as an alumnus, the proposal is, frankly, embarrassing.At a time when the United States needs more STEM graduates than ever, universities ought be doubling down on their Computer Science programs. I encourage you to write to the university. Even if unaffiliated with Florida, this restructuring sets a bad precedent for other institutions.Today, I sent this email:President Machen & Dean Abernathy,I am writing to express my concern with the proposed changes to CISE. Contra more provocative coverage, I understand that the department is to undergo restructure and not outright elimination. I also understand the significant budgetary pressures facing Florida. Nonetheless…


This being 2012, I'm not blogging much. I apologize.

I have, however, been playing around on Google+. It offers an opportunity to do longer form posts—more akin to a blog—than, say, Twitter. I am enjoying it; perhaps you will too.

Follow Robert Love on Google+.

Paris in Diorama

A week in Paris in the Spring. Pour être jeune et dans l'amour. I made some dioramas:
Passerelle Debilly, Paris, France
Palais de Chaillot, Paris, France
Champ de Mars and École Militaire, Paris, FranceSee also my dioramas from around Spain.

Kindle 3 Kernel

I really dig the Kindle 3. The small improvements add up to a significant improvement in usability. As my friend Chris put it, "as soon as I turned it on I realized I did the right thing."For the curious, I got ahold of the Kindle 3's source code and generated a patch against 2.6.26 (I did the same for the Kindle 1's kernel).The patch is big and noisy, but here's what stands out: Ingo's RT kernel, which converts most spinlocks to priority-inheriting mutexes, removing most regions of non-preemption in the kernel; ARM architecture updates; driver for the Atheros AR6002 802.11a/b/g device; driver for the Freescale MC13783 voltage regulator; driver for E Ink; driver for the Asahi-Kasei AK4647 audio device; lots more.From the source, the Kindle is still code named Fiona internally.Anyone spot anything neat I am missing?

Google Instant

Google Instant, which we announced yesterday, is at its best after you have used it for a bit, and allowed the interactive experience to refine and improve how you search.But, for me, the simplest sell is searching for the weather. Last week, you might have searched for weather 02116 (and a decade ago, you'd have watched the evening news). Today, you hit w:Try it out on