Fork me on GitHub

Man, I came into clojure with such energy and gusto. It’s all but died within a matter of days? Why does this happen with literally everything I get into?


I think quite a few people find Clojure a lot harder than they had imagined and it can sap their enthusiasm. What sapped your energy @c.westrom?


@seancorfield I’m not sure. I think it’s just a personal thing. I don’t think clojure will ever leave me. My Japanese skill, music theory, and my other various little skills and interests never completely left me either, I can just never stick with one long enough to complete anything. It’s like as soon as I get serious I kill it.


How familiar are you with ADHD? What you described is a key characteristic of the diagnosis and may be a chemical limitation of your organism. If it is, there is little to nothing that you can do about it without help, which you can find nowadays in the form of therapeutic processes, drugs, personal organization and other things. If you don't know much about it, there are some documentaries for free online (just search for ADHD documentary on YouTube) that can give you an overview in a short time, just enough to trigger further research. If it resonates with you, look for a psychiatrist. Best of luck in your endeavors.


+1 for checking out ADHD--completely relate to what you're sharing, West


Oh hell no. I ain’t drugging myself. I was prevented from taking amphetamines as a child long ago, I won’t start now.


Have a goal in mind to build something for other people, and just remember how great it will be when it's alive and out there 😄


I think not finishing projects isn't always bad. In 'small' examples, we do it all the time: if you're not hungry, don't eat, if you're not enjoying a book, don't read it. You don't have to watch an entire TV series if it's not worth your time anymore... all of this is subjective of course, and effort isn't bad either. I personally find this a challlenging balance, but being generally OK with not finishing something has always helped me weirdly stick to the things that just keep coming back in my mind / interests. And it's ok if things take more time than you think they 'should'. As for drugs, they're not for everyone for sure, but I do think it's worth considering. Often by talking with a doctor. I say this with personal experience. I started taking an SSRI for anxiety and the improvements are tangible in my life and attitude. Point is not that you should take medication, just that it's a legitimately useful thing for many people, and you might be one of them, who knows?

☝️ 3

Clojure and babashka will still be my go-to for any weird experiments or cli tools I have in mind, but I’m not sure anymore about making this into a full time job.


You have an interesting background and I'm sure you will continue to accrue interesting knowledge and experience -- if a programming career isn't for you, it's still a great learning experience to have ventured into the Clojure world!


My experience is pretty much the opposite of yours: I latched on to programming during my formative early teenage years (in the mid-'70s) and tailored my education toward that career and I've been doing it full time ever since. I very much admire people who have creative skills because I have almost none: I tried (and failed) to learn music, to play trumpet, piano, and guitar, I tried (and failed) to explore artistry through drawing and painting, I'm not a good writer (but I do at least persist at that to some degree). I let my other (human) languages wither (German, primarily).


Something of an side, but as someone teaching creative coding at a couple of universities (as well as freelancing at the same) it’s always interesting to try and gauge whether students are motivated by the need to achieve a specific task, or whether they enjoy coding in the abstract purely as a mental exercise. Most students are in the first camp (maybe seeing coding as a process akin to googling for a solution), only a few are clearly enthusiastic about the process for its own sake - though we’re seeing that a bit more in the AV live-coding scene. Myself, I got hooked by Standard ML decades ago, after a background in mathematics, and worked on SML compilers for a while. I love Clojure as a process (network REPL etc.), but get frustrated by its sharp edges (try saying {:foo x} instead of (:foo x) by mistake and see how much trouble that causes, especially with a small font where you don’t notice the difference); were it not for Spec I might not still be here.


This reminds me of the Clojure seems to occupy the space between the mathematician-poet and the maker


I’d forgotten about that - thanks.


And yes, I can believe that Clojure is somewhere between #1 and #3. Personally, so am I, and I am pretty weak at #2, as evidenced by the slow frame rate in my on-stage AV performances.


Hi Clojurians! Hope this message finds you well and I won’t be banned for this lol. I’m looking for a Clojure/ClojureScript Engineer to join ML/AI Software team with the US based company. All about functional programming, microservices, FTE, direct hire, 40 hours - not overworked. Remote or offices in St Louis, NYC, DC. If you have commercial experience using Clojure/ClojureScript - feel free to text me :) Have a great day everyone


Maybe better in #jobs ? Might catch people that don't use off-topic ?


Thanks Stuart!


There's an api that requires a JWT token in the header. When you give them the token in the header you can act as the authenticated user. This api also has some paginated endpoints, where it lists the "next" url to call to get the next page, but these endpoints are listed as http and not https. This would be a troubling security bug, right? because if someone just follows the given "next" page url, they would end up transmitting their security token in plaintext?



👍 3

And in general this type of authentication would be inherently pretty bad for anything remotely important, vs just signing a message locally and having them verify it, due in part to opening yourself up to exactly these types of bugs?


in theory yeah, that protects you in some way from leaking the credentials, I would look at aws's url signing for examples on how to do that (it ends up being complicated in order to avoid things like replay attacks)


but the actual content of the request is then still vulnerable


JWTs as session tokens are problematic in several ways

☝️ 6

Yeah makes sense.


have you tried not sending the jwt to the subsequent pagination pages? Is it possible that those routes don't require it?


Yeah it's a 301 error when it's http


depending on how they expect the api to used, I dunno maybe that is fine, like if they expect the jwt to be set as a secure (https only) cookie, then the http request won't include it, but the redirected https request will


would that generally be documented somewhere? Their example docs just use a header with content type and Authorization: JWT <jtw key> and they don't mention much else about the token. (I already notified them it might be an issue, just kind of curious how bad of a mistake it is at this point, if it even is one)