A man who trusts everyone is a fool and a man who trusts no one is a fool. We are all fools if we live long enough.

In my opinion, entirely too much of Winter's Heart if taken up by Perrin attempting to rescue Faile and Elayne solidifying her grip on the Lion Throne. Either is an interesting enough plot line to carry for a little while, but they just go on and on… I don’t think I’d mind if either was shortened significantly or even dropped entirely if/when the Wheel of Time goes to TV.

“How do you know when a woman wants to kill you?” Rand mused.

“When she knows your name?” Dobraine did not sound as if he were joking.

And so begins the slog.

A Crown of Swords is by far the slowest book of the series thus far.

It was a dark, blustery afternoon in spring, and the city of London was chasing a small mining town across the dried-out bed of the old North Sea.

…

Soon the city was lumbering in pursuit, a moving mountain of metal that rose in seven tiers like the layers of a wedding cake, the lower levels wreathed in engine smoke, the villas of the rich gleaming white on the higher decks, and above it all the cross on top of St. Paul’s Cathedral glinting gold, two thousand feet above the ruined earth.

And then, as if written by the hand of a bad novelist, an incredible thing happened.

The Amulet of Samarkand is a fun book. It feels someone like a grittier Harry Potter, where instead of the bright and shiny flick of a wand, you summon demons. Instead of a fantastic hidden castle in the woods, you have Arthur Underwood–imagine if Harry was tutored throughout his magical career by a slightly more competent Vernon Dursley. And instead of a dark wizard coming to kill you because of an accident of your birth… well, Nathaniel does a pretty good job of bringing trouble down upon his own head.

Let the Lord of Chaos rule.

Rand is trying to rule Cairhien and Caemlyn, Tear and the Aiel. Egwene is raised Amyrlin Seat . Nynaeve discovers how to Heal that which should be impossible to heal. Mat begins to build an army and finds himself bullied into following Elayne and Nynaeve to Ebou Dar.

TLDR:

# Use 'always' so headers are also set for non-2XX and unset to avoid duplicates
<IfModule headers_module>
	header unset Strict-Transport-Security
	header always set Strict-Transport-Security "max-age=16070400; includeSubDomains;"
</IfModule>

Slightly¹ longer version:

HTTPS everywhere is a worthwhile goal. Even when you have traffic that isn’t super interesting or sensitive by itself, the fact that you’re encrypting it makes traffic that really does need to be encrypted safer against tools that grab all of the encrypted traffic they can to decrypt later if/when possible.

One of the downsides of using HTTPS though is that without certain things in place, many users will still type domain.com in their address bar from time to time, completely missing out on the https://. While you can immediately redirect them, that very first request is a risk, since if a man-in-the-middle attack happens to catch that request, they can downgrade the entire connection.

Enter HTTP Strict Transport Security (HSTS). It’s a HTTP header that you can send on the first HTTPS connection you establish with a compatible client. Once you’ve done that, any further requests (until the header’s TTL expires without being renewed) will be sent to https:// no matter what the user types. Which solves the first request problem for all sessions… but it still doesn’t fix the very first time you have to get the header. So how do you fix that?

A long time ago in a galaxy far far away, I wrote up a script that I used to take an AWS S3 bucket and count how many objects there were in the bucket and calculate its total size. While you could get some of this information from billing reports, there just wasn’t a good way to get it other than that at the time. The only way you could do it was to… iterate through the entire bucket, summing as you go. If you have buckets with millions (or more) objects, this could take a while.

Basically:

conn = boto.connect_s3()
for bucket in sorted(conn.get_all_buckets()):
    try:
        total_count = 0
        total_size = 0
        start = datetime.datetime.now()

        for key in bucket.list_versions():
            # Skip deleted files
            if isinstance(key, boto.s3.deletemarker.DeleteMarker):
                continue

            size = key.size
            total_count += 1
            total_size += size

        print('-- {count} files, {size}, {time} to calculate'.format(
            count = total_count,
            size = humanize.naturalsize(total_size),
            time = humanize.naturaltime(datetime.datetime.now() - start).replace(' ago', '')
        ))

The Fires of Heaven is mostly a book to extend what we’ve seen before.

Elida solidifies her control on the tower while the rebels come together to oppose her. Nynaeve tugs her braid. A lot. Elayne and Nynaeve end up in the circus (not even kidding) and with a captured Forsaken...

One problem that has come up a time or two is dealing with email-based domain validation (specifically in this case for the issuance of TLS certificates) on domains that aren’t actually configured to receive email. Yes, in a perfect world, it would be easier to switch to DNS-based validation (since we have to have control of the DNS for the domain, we need it later), but let’s just assume that’s not an option. So, how do we ‘catch’ the activation email so we can prove we can receive email on that domain?