Ever since first working with Recurrent Neural Networks (RNNs) for predicting musical sequences during my PhD, I have been fascinated by these models and try to keep up with exciting developments in connectionist machine learning research surrounding these models. One of these for me has been the emergence of RNNs that are augmented by a dedicated memory unit. The idea was notably illustrated as the Neural Turing Machine (NTM) in an ArXiV submission by Alex Graves and colleagues from Google DeepMind. This early work while having gathered a fair deal of acclaim in the community, has since been followed up in a publication in the prestigious journal Nature that introduces a more evolved variant of the NTM known as the Differentiable Neural Computer (DNC). During the past couple of weeks, I managed to spend some time learning about the NTM and the DNC and prepared a little slide-show (with Google Slides) containing my observations to share with others.
So here is the link to the slides, and I hope some of you who read it benefit from it! Please let me know if you find anything that needs to be corrected in it. I would appreciate that!
This is an account of how I went from no encryption, to almost getting a paid SSL certificate to finally making and installing a free one on my domain. It started with me setting up an ownCloud server on my hosting account to access and sync my data on the cloud after going from Dropbox, to Copy to Mega and finally to pCloud over a span of five or so years.
Why ownCloud?
Mainly because I have a shared hosting account with Arvixe (an excellent hosting service) with unlimited data storage, and I was curious as to how much of an effort it would be to set up my own cloud storage since hearing about ownCloud a couple of months ago. It turns out that it wasn’t much of an effort after all. I simply contacted the support team at Arvixe who made the ownCloud app available on my cPanel and then it was just a matter of filling a simple online form with little details such as where to store your data, which address to access the ownCloud web interface on, etc. The ownCloud project is fantastic! And from what I’ve seen, it has most (if not all) features that any other company like Dropbox or Mega has to offer. It took me 15 minutes to set things up, install the (Linux) client and sync my cloud storage (a folder on my hosting account) with a local folder.
So is that it? Turns out that there’s more. Since now I’m transferring data to and from my domain, it is preferred that the connection to the domain is secure. And the connection can be secured with SSL Encryption.
SSL Encryption
I won’t go much into TLS/SSL encryption here as there are plenty of resources online that explain it. It would suffice to know that it is a way for a website to secure the connection between itself and a visitor so that any data exchanged between the two is encrypted and not visible to a (potentially malicious) third party that is eavesdropping on the connection. This is necessary to prevent what is known as a man-in-the-middle attack where a hacker intercepts the connection between the website and its visitor and collects the data being transmitted between the two (which may sometimes be confidential, such as credit card numbers, personal identification numbers, etc.) without either the website or its visitor knowing about it.
The Chromium Browser address bar when the connection to the page is not secured (note the “http://”).
There has lately been a growing interest on the web to adopt SSL (or its successor TLS) to secure connections between them and their visitors. Google has even proposed to blacklist websites that don’t adopt the SSL protocol. At a first glance, one can know whether or not a website is secure by keeping an eye out for a green lock next to the address bar, and the fact that it says https:// (with the green lock symbol) in the addres bar instead of http:// . The s here stands for secure. And if you click on the green lock, it pops up a little window that shows who the site has been secured by.
The Chromium Browser address bar when the connection to the page is secured (note the “https://”).
All this stress on security and privacy is, in my opinion, justified. So given that now I’m transmitting my data between my local machine and my domain I decided it would be a good idea to adopt SSL encryption on my domain. This can be realised by obtaining an SSL certificate from a Certification Authority.
SSL Certificates and Certification Authorities
In order to obtain an SSL certificate for your domains, you should purchase it from a certification authority (CA) or a reseller who sells it at a cheaper rate sans some extra benefits of support that the CA would be able to offer for a higher price. Some of the most popular CAs around are Symantec, GeoTrust, GlobalSign, DigiCert and GoDaddy. Each of these CAs sells you a certificate for a fixed period of time – typically 1 to 3 years – and offers different packages such as Extended Validation, Wildcard domain certification, etc. For instance, have a look at what Symantec, GeoTrust and GlobalSign have to offer. These are very similar options but priced differently depending on the CA’s credibility (which apparently is a major factor in deciding whom to go with) and what is contained in the option.
On the other hand, there are companies that purchase certificates from the CAs in bulk and re-sell them at a cheaper rate. These are websites such as SSL Shopper, or even your own hosting company. I know my hosting company Arvixe re-sells certificates purchased from GlobalSign. Depending on whether you are purchasing your certificate from a re-seller or directly from a CA, the price varies between $17 (the lowest I could find for a RapidSSL certificate from SSL Shopper) to a few thousand dollars.
A CA or a re-seller issues you a certificate following a verification procedure that confirms that you are indeed the owner of the domain and that your company is a legitimate one whose credentials have been verified by this issuing authority. And the verification process is either manual or fully automatic and depending on how thoroughly it is done, the issuance of a certificate can take anything between a few minutes to a few weeks. I did not complete this process myself (for reasons explained below) but I do recall abandoning a few applications midway because it seemed like a hassle to provide them with information I didn’t even know the meaning of. And although an expensive, time-consuming and thorough process might make sense for a big company that is dealing in a lot of financial transactions and exchange of information with its customers with a lot at stake, I felt like it was an overkill in my case when all I wanted to secure was my personal domain and communications with my ownCloud server (remember?).
Now this all sounds good, and I was almost convinced that I should buy myself one of the cheaper certificates for a few dollars a year from SSL Shopper. And I gathered all this information over a week of looking things up in my free time. I was quite sure that I had covered all viable options but I couldn’t help wondering whether it’s possible to get an SSL certificate for my personal domain for free. One final DuckDuckGo search led me to a StackOverflow post that answered this question in affirmative!
Let’s Encrypt
The StackOverflow post pointed me to the Let’s Encrypt initiative which essentially offers means for one to generate SSL certificate oneself via a fully automated verification process. Not just that, it offers you with a host of ways in which this can be done depending on your level of comfort with using the command-line, cPanel or any other means through which verification can be carried out. I was skeptical that something like this is too good to be true, but it isn’t. Also, the project is sponsored by several well-known organisations such as the Linux Foundation, Mozilla, EFF and CISCO. And the certificate is accepted by all mainstream browsers. As a coincidence, I later found out that The Site Wizard, which I had referred to several times in the past while choosing a hosting provider, website templates, etc. is also secured by a certificate from Let’s Encrypt!
Now this was exactly what I wanted, i.e. to secure my personal domain so that I can transfer data between my location and my ownCloud server. It does not matter to me (at least for now) how much extra assurance a seal from a known CA such as DigiCert or Symantec gives a visitor to my website. Plus, it’s absolutely free. In my case, I had the certificate generated within minutes through ZeroSSL with an automated ACME verification process that involved me creating two files with specific content on my domain that were verified by this website. There are many alternatives to ZeroSSL, any of which can be used as per one’s convenience. One thing to note is that the certificate issued by ZeroSSL is valid only for three months, but I don’t mind repeating the very simple process again when my current certificate expires.
Last Words
So to conclude, securing one’s website with a TLS/SSL certificate is not as hard or expensive as it may seem at first glance thanks to Let’s Encrypt. I’m very impressed by this initiative, and found it to be a perfect alternative for my needs given all other options known to me. The Let’s Encrypt team is currently seeking funding for their operations and I’m about to donate to it as a token of my appreciation. So if you are in a similar situation as I was before my research that led me to Let’s Encrypt, I hope you benefit from reading this post!
I had the opportunity to join my colleagues at Jukedeck – Patrick, Lydia, Eliza, Matt, Katerina and Gabriele – at the Science Museum Lates last night. For those of you that are unfamiliar with the concept, Lates are adults-only, after-hours theme nights that take place in The Science Museum (in London) on the last Wednesday of every month. It is attended by various organisations that would like to showcase their work relating to a chosen theme to an audience, as well as an audience that is keen on learning more about the science and technology underlying the theme. On the last day of August 2016, it was Jukedeck’s turn to show-off its awesome technology at the museum and some of us volunteered to tag along.
Lydia and me (in the background) explaining what Jukedeck and its technology is about to curious visitors at our stall.
The museum was packed with visitors, and it was great to see so many people interested in our technology! I hardly had the time to go grab some dinner amidst the constant stream of people wanting to listen to our music and know more about the underlying algorithms. To me, as someone who does the research and writes the code that generates our music, this was an incredibly rewarding experience to see first-hand the appreciation people had for our work. It’s, in many ways, like having a poster presentation at a conference but with a non-technical audience. I enjoyed it very muchIn the future, I’ll try my best not to let such opportunities pass. And I look forward to attending the event myself in the future as a spectator! If you happen to be in London around the time this event is on, I highly recommend attending it if you’re interested in science and technology.
