Almost spring

Almost spring

The final creme brulee crust of ice
clings valiantly to the surface of the swimming pool,
but vanishes at the lightest touch of the fingers

I pretend it’s warm enough
to be outside in bare feet,
pretend not to shiver when
the water gets on my neck.

Pretend it will be
warm again some day.

Alexa, chapter 2

Since last I wrote, I’ve been experimenting with Amazon Echo skills.

Getting the skill working for personal use wasn’t very difficult. Having a skill published to the whole world is more involved, because you have to pass their certification testing.

I’m not quite there yet, and I’m not really sure what I’m doing wrong.My first attempts to address the problems found in the certification phase have led to this:

That’s a PHP function that handles the validation of the request certificate, timestamp, and various other things that are part of the request. However, apparently I’m not validating the certificate correctly just yet, as the latest feedback was:

1. The skill does not validate the signature for the incoming requests and is accepting requests with invalid signature specified. Please refer to the document that describes how to build your Alexa Skill as a web service (available via this link: ) for tips and requirements about validating the requests (and their signatures) sent to your web service.

Furthermore, I can’t find anywhere in the documentation what you’re supposed to return on failure, so perhaps that’s what I’m doing wrong.

On the other hand, all of the skills that I’ve written work just fine for me, in developer mode, I just can’t show them to anybody else.


Alexa, ask Fajita what’s for dinner

Several weeks ago I acquired an Amazon Echo. One of the most interesting things about this device, to me, was that I can write my own Echo skills, using the free skills kit.

This turned out to be both easier, and harder, than expected.

TL;DR: The code is at

The biggest challenges were 1) that the docs are convoluted and incomplete, and 2) that the Echo doesn’t like SNI SSL vhosts. Details follow.

At a very simple level, when you say a certain thing to the Echo, it makes (can make) an HTTPS request to somewhere that you define, and then return a response. The request POSTs some JSON, and expects some specially-formatted JSON in response.

The Echo developer interface gives you a web-based config form to tell it where to POST your data, and what speech patterns should trigger this POST. This can be any web service of your creation, as long as it’s running HTTPS, not HTTP. Your service can also run on something called Lambda. I have no idea what that is.

Here’s how you do it:

  1. Register a developer account at and then go to to create a new Alexa app.
  2. On the ‘Skill Information’ tab, point it to a web app endpoint running on an HTTPS server somewhere. This can be anywhere, and you can write it in any language you’re familiar with.






3. On the ‘Interaction Model’ page, tell Alexa what phrases she should respond to. This is done in two steps.

a) First, tell it what actions, or ‘Intents’, your app will perform. For some reason, for this step you have to write a schema in JSON.







b) Second, tell Alexa what phrases should trigger each of these actions by creating ‘Sample Utterances’. For example, to trigger my GetMenu action, I create a sample utterance of ‘GetMenu Whats for dinner’, which means what I will actually say is ‘Alexa, ask Fajita what’s for dinner’. (In my case, my skill is named “Fajita”, for reasons that I’ll explain at some point You just need a name for your skill that isn’t already taken by another skill.

4. On the SSL Certificate tab, indicate that you have a valid SSL cert.

5. On the ‘Test’ tab, you can start experimenting with your app. This will cause it to send JSON requests to your app, and tell you what comes  back. The format of the request and response are most clearly described (with examples) here:

See my example code at to get an idea of what you can do. In my particular case, I have Alexa making a dinner recommendation, and, optionally, only returning vegetarian options.


The biggest problem in all of this was not the code, which was fairly easy, but the SSL setup. In short, it appears that the Amazon Echo doesn’t know about SNI. So, my server configuration, where I have several different HTTPS virtual hosts, each with its own SSL cert, doesn’t work. For a while, I thought it was because it didn’t like my Let’s Encrypt certificate, but this turned out not to be the case. As soon as I set my Echo app vhost to be the first, default SSL host, everything worked fine. This tells me that it’s just not making an SNI request. So, easy enough to fix, but this cost me a couple hours to hunt down.

The other, smaller problem, was that the documentation is thorough, but not laid out for a beginner. Finding the JSON format definitions, for example, took a great deal of hunting, as well as a lot of debug dumping of POST data. The links above should help bypass a little of that learning curve.


There’s several things I still want to do with my app.

  • Put the menu options in a database, rather than hard-coded
  • Provide an interface where someone can edit the menu options via the web, indicating whether a particular one is vegetarian or not
  • The interaction model provides the ability to give some variables in the sentence structure. Like, for example, I could ask for a menu suggestion “containing ginger”, and have “ginger” passed as an argument to my app. I’d like to play with this some.

Why Fajita?

An IRC channel where I spend a lot of time – #httpd on Freenode – has a helper bot named Fajita. I think of her as my personal assistant, and have long wanted to have some kind of voice interface to her in my home. Alexa is that, but Fajita will fill some of the talents that Alexa doesn’t have yet.


Monoliths and Lightsabers

In (I believe it was) 1990, I took a course in college called Monoliths and Lightsabers. I have reason to remember this course on an almost weekly basis – more when there’s a Star Wars movie in everyone’s attention.

The course was a review of the 2001 movies, and the Star Wars movies, from multiple academic perspectives.

We watched ‘2001: A Space Odyssey‘, and all three Star Wars movies, a number of times during the semester. We also watched some other movies, which may or may not have included ‘Spaceballs‘ and ‘A Clockwork Orange‘ (more about that in a moment).

Each week we had a guest lecturer. A physics lecturer talked about the science of warp drive and lightsabers, as well as transporters, laser guns, and so on. A philosopher and a theologian talked about the Force. A literature professor talked about the development of story and character. Of course, a film professor talked about the magic of film making, and the incredible technology that was invented to make Star Wars, as well as how astonishing 2001 was in 1968, although it seems rather slow to today’s audiences. An artist talked about the use of color in Star Wars, and in 2001, to convey certain themes more subtly than blowing things up. I vaguely remember a physical education teacher (dance, maybe?) talking about the use of martial arts and tai chi in the Star Wars choreography. A history professor talked about the Nazi imagery in Star Wars, and the use of other historical events as part of the plot.

One week, a music professor talked about the use of music in Star Wars. The per-character theme music is something that was common films of an earlier age, but has largely faded from modern cinema. And the use of music in 2001 was powerful, in that the Zarathustra theme evokes discovery, but also darkness.

I asked this professor (remember, this was a small, private, Christian college) what other movies similarly used music in such a powerful way. A Clockwork Orange was suggested, which we then went and rented and watched. It’s quite a shocking movie, particularly to 19 year old me.

Similarly, the art professor recommended ‘The Cook, The Thief, His Wife & Her Lover‘, which, while using color in the most fascinating way I’ve ever seen in any movie, before or since, was a truly appalling watch. Very, very disturbing movie. I cannot recommend that anyone actually watch it, but the use of color was amazing.

(By the way, another movie that uses color brilliantly is the new ‘Anna Karenina‘, which is beautiful enough that I considered reading that awful book again.)

The professor of this course, Richard Sherry, also did another course that was an overview of Science Fiction, where we read, among other things, The Left Hand of Darkness, which would probably have been quite a controversial choice if the administration had been aware. Dr. Sherry was, in his quiet way, one of my most influential professors in college, although I don’t know if I’ve ever told him that.

I’ve been thinking about this course due to the new popularity of Star Wars, but also because I’ve been asked recently what my favorite, most memorable course was in college. 22 years on from college, this is the one course that I remember most clearly, and which I refer to in my mind the most often, closely followed by the Sci Fi course. I was already a big Sci Fi fan at the time, but the class introduced me to authors that I probably wouldn’t have chosen to read, like Anne McCaffrey, and Ursula Le Guin, The Earthsea books remain some of my favorite of the genre. And, also, filled some of the huge gaps in my reading, such as ‘Stranger in a Strange Land‘.

School closed

Today school is closed, again, for no discernible reason. No new snow. None predicted for today until late tonight. Clear roads. Cold, but not dangerously so.

I know it’s a hard call to make. I just wish there was a little more consistency in the criteria.

Introducing Einwimz – a word game

Long, long ago (2004-2006) I played a game called Ghyll. You can still witness the carnage at  I am sure that I’ve told many of you about it, since it was tons of fun.

In short, it’s a fictional wikipedia, with a turn-based system of writing the entries. Collaborative fiction meets encyclopedia.

I’ve wanted to do one of these again for many years – this was about 10 years ago – and have finally started it up. I wonder if you’d be interested in playing, and/or if you know other people that might be interested. They don’t need to be “writers”, necessarily, just people with a sense of humor and some imagination.

If you would like to play, I’m setting up the website, and you can create an account at Game play is as-you-have-time. If you skip a round or two here or there, nobody minds. I’m still in the process of setting things up, and will let everyone know when the first turn starts. I expect that we’ll start the first turn in the next week or two. Meanwhile, read the front page of the site, and the FAQ that is linked from there, if you want to play.


Server Not Found

Up until about 9 years ago, I had a server rack in my home office. At one point, there were as many as 12 servers running on it, running websites, DNS services, email , NNTP, and a variety of other services.

I blogged about this a while back.


As time went on, I started to recognize the benefits of running services in the cloud. This meant everything from moving email to GMail, to running web and DNS on a hosted server at Rackspace (then known as SliceHost).

Eventually, I had no computers in the house at all, except for my work-issued laptop.

A little while ago, I started to miss my servers, for many reasons. I still run some mail services on my VPS at Rackspace, to do things like mail aliasing for a variety of domains, and of course I still run all my own web servers there. But there’s something about having a server that you have to physically maintain that keeps your skills going in ways that you just don’t have to when it’s out there somewhere.

A year or so ago, I found a refurb Dell machine for next to nothing, and put CentOS 7.1 on it. That released in April, so it must have been about then. For a while I didn’t do much with it, other than test OpenStack installs. But after a while I brought up a Minecraft server on it, running the Bukkit distribution of Minecraft, to play with family members. Then I opened it up to a few friends.

treasure_huntThis Christmas, one friend did a treasure hunt for her kids in the Minecraft world, which was incredibly cool. I’ve seen them on the server a number of times since then.

When I posted on Facebook about this a few days ago, someone from ArcLight responded, saying I should host my server there, which brought on this trip down memory lane. No, Seth, while I appreciate the offer, and I’m certain you’d do a better job than I, running it myself was the entire point. Thanks, though, and I wish you well with your business.

iTunes Phishing

I received this email this morning:







Notice that ‘Apple’ is misspelled, and the grammar is slightly weird.

This links to the following site:








… where it asks me to input my Apple ID and password. Presumably, at that point, they can use that to make purchases on my credit card. Assuming, of course, that I have an Apple account, which I don’t.

This type of attack is called “Phishing” and is the easiest and most effective Internet “hacking” technique, since it requires almost no talent, and relies on the trust (or gullibility) of the target.

If you receive an email like this, delete it. If you’re not sure, manually type in “” in your browser and see what information they have on your account.

The Margin Is Too Narrow