Tom Marble's Blog

Check out:

See also all posts and comments



Today I've made some modest changes to my CV, LinkedIn and various online profiles. The theme has been "less is more" and I want to highlight my interest consulting in Clojure, security and embedded hardware.

Why corp-to-corp consulting? I regularly get asked this question by companies that want to fill permanent, full-time positions. Having worked for big companies, small companies and even having founded a Silicon Valley startup from Minnesota (just think of the miles!) I've come to realize that consulting is a great fit for me. I can carefully chose clients projects that have really interesting problems and at the same time invest continually in personal development (e.g. conference organizing, working to increase the participation of women in open source software). One of the nice fringe benefits for clients is I can share best practices that I've learned in my travels with each engagement.

Let me know if your project could use some extra hands!



Yesterday I had a blast presenting my talk Security not by chance: the AltusMetrum hardware true random number generator at DebConf14.

DebConf 14

USB TRNG is a collaborative effort with AltusMetrum to create a completely open hardware and Free software true random number generator.

In my talk I mention the rationale for gathering more entropy: The Linux urandom boot-time entropy hole as described in the paper Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.

I also mention some of the difficulty in assessing RNG quality for security applications as highlighted by Matthew Green in his blog post How do you know if an RNG is working?.

I've been lucky to work on this design with Bdale Garbee and Keith Packard.

If you'd like to learn more you can...

  • Download the presentation (see below)
  • Check out the web page for USB TRNG
  • Join us on IRC OFTC #altusmetrum
  • Join the trng mailing list

Let me know if you'd like to get involved!


10000 Processes in Om

10,000 Processes in Om

I have just published om-processes which is a port of David Nolen's 10,000 Processes in Clojurescript to Om.

Clojurescript is a port of Clojure to JavaScript which is especially well suited for running in a browser. Just as Clojure offers a pleasant LISP on the JVM Clojurescript offers (nearly the same) LISP in the browser. The performance of Clojurescript is outstanding due to the massive optimizations available from the Google Closure compiler.

JavaScript, however, has some fundamental flaws... Top among these are it is single threaded which leads to an asynchronous callback style of "event programming". Clojure's core.async offers a solution in the form of CSP style programming. Using core.async one can think about coding in a more intuitive way.

In 10,000 Processes Nolen demonstrates using core.async to simulate independent "threads" despite the fact that the underlying platform has no native support for threads.

In Om Nolen leverages Facebook's React to create a high performance, immutable model for client programming.

The technical study om-processes is simply the fusion of all these ideas into one demonstration. Who knew web development could be so much fun!

Is this thing still on

Is this thing still on?

This is just a test of posting to my blog.. it's been too long...

And, since I upgraded my VPS I realize the dates/ordering of posts was lost :(

I'll try to remedy this!

Legal Issues at FOSDEM 2014

Legal Issues at FOSDEM 2014

I'm very pleased to announce the Call For Participation for the FOSDEM 2014 Legal Issues DevRoom.

This is the third year that I've been lucky enough to collaborate with some leading practitioners of Free Software and Open Source licensing and community leadership to organize this intense event on the topic of what makes FLOSS possible and what are the key issues facing FLOSS today. I'm joined by my friends Karen Sandler, Bradley Kuhn, and Richard Fontana.

I have been fascinated by the intersection of law and technology because it is the clever use of copyright that makes Free, Libre and Open Source Software possible. We hope to stimulate discussion on topics such as:

  • Copyleft vs. permissive licensing: What is a policy case for copyleft? If so what form should it take?
  • How is software freedom important in ensuring privacy and security?
  • What defines a Free Software and/or Open Source project?
  • Do traditional Free Software values face some level of cooption from for-profit corporate interest? If so, how?
  • Copyleft licensing models and how they relate to business models. Are there some business models that are license-permissible but bad for community building? On the other side, does your license choice limit or expand your community?
  • Eroding software freedom in the proliferation of closed computing devices such as mobile phones and tablets
  • Copyleft enforcement and compliance planning from a developer perspective. What is the future of GPL enforcement? Is it working?
  • What is its impact on adoption of copyleft?
  • How does the 'so-called' software patent war impact Free Software and Open Source?
  • Copyleft license compatibility. What are the challenges of code base merges when various licenses are in use? How does a compatibility analysis between licenses work?

Please submit your talk idea before December 1st and plan to join us in Brussels on February 1st and 2nd!


ClojureBridge Minnesota

ClojureBridge Minnesota

Of course the weather being what it is -- winter came in with a bang -- our turnout last night at was light....


But we had a small, enthusiastic group that discussed the recent Clojure Conj by editorializing the fine blog bost by Logan Linn.

We also introduced the ClojureBridge effort to the group and everyone sees nice synergy between this and our recent success in November with "beginner's night" (which we plan to repeat every other meeting).

As a software development consultant I often co-work at CoCoMSP -- a melting pot of entrepreneurial energy. I have introduced the idea of hosting ClojureBridge at CoCoMSP with the founders and they are considering it (fingers crossed)!

Now we need to recruit more volunteers to help organize our local ClojureBridge Minnesota workshop next spring!

Ask me how you can help!


2011 and not J1

Calendar.getInstance().get(Calendar.YEAR) == 2011 && ! J1

Here we are in the middle of yet another J1 and, alas, I won't be joining folks in the City of Oracle World. Of course I'm skeptical of the "new" hotel based format (from last year)... But the reason I would want to go is, of course, the "hallway track": to see friends and colleagues like: @robilad, @alexismp, @mreinhold, @fabianenardon, @virtualsteve, @delabassee, @brjavaman, @karianna, @romainguy, @headius, @AzulSystemsPM, @jddarcy, @jfarcand, @tom_enebo, @asz and @terrencebarr.

I'm not even sure of Oracle is aware of the hallway track?

The big news recently for FLOSS enthusiasts was the sunsetting of the DLJ. When we released a redistributable version of Java under the DLJ in 2006 we heard a lot of criticism about this new, less restrictive license. The Free Java world saw it as simply "not enough". As it turns out on the same day Rich Green promised the open sourcing of Java and with this news the roar of applause was amazing. However it would take a full year before the complete publication of OpenJDK source code. And, even then, the community was frustrated by the lack of support for the Java plugin.

During this intitial period we heard from people such as the Brazilian's at FISL that the Java plugin -- now well integrated with GNU/Linux under the DLJ -- made it possible to do banking and file tax returns on their favorite platform. Meanwhile an open source plugin effort was underway. Largely through the efforts of RedHat OpenJDK gained a truly open source implementation of the plugin. However due to the lack of a public spec (and source code) it continues to be very difficult to get the exact same Java plugin behavior with the IcedTea plugin.

Before the acquisition of Sun many of us had hoped that the code for the new Java plugin would be contributed to OpenJDK. Even though Larry has a beard he clearly doesn't drink the open source Kool-Aid and thus Oracle has decided to continue the closed plugin status. Since UI developers gave up on applets long ago maybe this is just an annoyance... At the very least its a shame that we now have a completely fractured Java plugin landscape and GNU/Linux users that need applets will have to struggle (as in the bad old days) to configure their browsers correctly.

Despite this setback it does seem that Java technology is enjoying a renaissance in the form of dynamic languages built on top of the JVM. I'm hoping to help with the modularization of OpenJDK and encourage community based performance analysis tools that extend the platform.

Send me a tweet and let me know how the hallway track is going!

Puissance de Clojure

Puissance de Clojure

I would like to thank Stephano Zacchiroli and Sylvestre Ledru for inviting me to talk about the Power of Clojure yesterday at IRILL.


IRILL is an unique organization comprised of computer science researchers from several leading European universitities and organizations collaborating to create a vibrant FLOSS ecosystem. It was an honor to present my view of how Clojure combines the advantages of Common Lisp and Java without the disadvantages of either. This was a tough crowd, experienced in functional programming and very critical of dynamic typing... There were many good questions and we had an active discussion.

I combined talking points with live hacking while presenting from within Emacs :) You can download my "presentation" here:

Grazie Mille et Merci!

Crowdsourcing Upstream Refactoring

Crowdsourcing Upstream Refactoring

I consider myself very lucky to attend Linux Conf Australia 2013. LCA is the the premier Free and Open Source conference in the southern hemisphere and collects an unique batch of code hackers, Free culture enthusiasts and maker practioners. I've wanted to attend LCA since Jeff Waugh told me about it in 2006. This year has been my chance to get to the land of Oz!


Today Bdale Garbee and I have just given a talk called "Crowdsourcing Upstream Refactoring" in the Cross-distro Mini-conf. We wanted to talk about our experiences in packaging (especially Java applications) and brainstorm on how upstreams and distros can collaborate on addressing our very different goals and share efforts.

I would like to thank Stefano Zacchiroli for providing insight, ideas and pointers to his research on the "Upgrade Problem". I also want to thank Bruno Cornec -- organizer of the Cross-distro Mini-conf -- for accepting our talk.

Below you will find links to the presentation (we were unable to display due to my laptop and the projector not getting along). Before too long the excellent volunteers of Linux Conf Australia will make video of the talk available.


first post

This is the first post to tmarble example blog.

Nevermind the testing... testing 1 2 3 :)


This blog is powered by ikiwiki