Right now most of my work is in Python. It’s a neat language, but not as fun as Ruby is IMHO. I don’t want to get into a flame war. I prefer Ruby, often say it to someone with a math or data science background, get some eye rolling, and then say, “I work in Python.”

During the 1990s and early 2000s, one language reined supreme as the “Duct Tape of the Internet,” Perl. There are so many reasons Perl isn’t used today. One has to do with its philosophy, TIMTOWTDI. “There Is More Than One Way To Do It.” Such a philosophy, works with language, and is even encouraged in poetry where a poet is asked to use metaphors and similes to poetize. However, today, it is one of the central dogmas of computer science that the most efficient algorithm is the best algorithm. A merge sort is always to be preferred over a quick sort because a quick sort is slower in the case of almost-sorted data. God forbid you suggest an insertion sort!

Why would a programming language encourage inefficiency in algorithm design? The answer to this is a good and empowering one. Larry Wall, the creator of Perl, saw Moore’s Law as creating cheaper and quicker computing power every year, such that during the 1990s, it felt like there was a surplus of computing power. If a query took 9 seconds instead of 3 seconds because the algorithm was exponentially inefficient that was ok, because the main point was:

Great technology empowers everyone.

Larry Wall saw his creation literally as a human language which can be spoken by 5 year olds or Shakespearean actors. The range of expression is what allows natural language and by extension Perl to do so much.

My first paid programming job was in Perl. It involved making changes to a web form for a dentist website. Easy stuff, and it was great getting paid and being able to point to my work online. This dentist and his website have long since retired.

My first project where I saw the magic of Perl had to do with parsing random documents for mailing addresses to create a holiday mailing list. Parsing text is where Perl really shines through. The secretary cried tears of joy when she found out her task could all be done automatically.

My second project where once again Perl proved itself to be a workhorse that made impossible tasks possible had to do with updating spreadsheets for different managers tracking photographs for the NBC Olympics Website. The Perl code would check the state of the photographs from request to publishing, and update spreadsheets accordingly. Yeah, this sounds like a stupid process, but we still haven’t gotten rid of stupid processes to this day.

Much of the work felt like translation from human, natural language to what felt like Perl’s natural language. Today, someone speaking Perl learnt out in the wild wouldn’t really pass any of the tech interviews where there’s only one way to do it.

As time went on folks saw that Perl only empowered individual programmers. Much of the Perl that has been written is unreadable, since everyone makes up their own dialect, and tries to be as terse as possible in the many ways that you can be. Inheriting a Perl project can be a nightmare unless it’s properly documented (more so than say an inherited Ruby project). Also, today, Internet Duct Tape is an anti-pattern. No more using Perl or language of your choice to be a hero and integrate 2 disparate systems on the fly. But for a nice stretch of time, one coder could make a difference through the glory that was Perl.

I still do stuff with Perl like this to check if Twitter is down:

lynx -source https://twitter.com | perl -ne ‘print “$1 on Twitter\n” if /(Something is technically wrong)./’

{ 0 comments }

Building an OK, Sorta Secure Computer

by barce on February 5, 2019

In my last blog post, I talked about how a seriously compromised supply chain prevents us from ever building a secure computer. This morning I logged into my Instagram account and found that I had 7 followers even though my account was set to private and 2FA. I’m hoping this is a bug, but even so, it just shows that nothing presents as secure.

Let’s assume – and this is a big assumption – that we can build a secure computer because we now have a secure supply chain. So you buy a CPU, a motherboard, a hard drive, some memory, a power supply, input devices like a mouse and keyboard, something to connect to the Internet with, and a bootable USB stick with the OS of choice on it. I won’t go into the specifics of building a computer from these parts, but suffice it to say, you should be asking, “How will I know the OS is secure?” On some level, this is hard to do. Can you imagine reading all those lines of code? Historically, Red Hat Linux 5.2 was insecure. If you installed it with an FTP server running and exposed to the Internets, you would get hacked in days, if not hours. The hacker would just use a buffer over flow attack. For years, SSL, one of the central encryption layers for web browsing, was compromised.

OK, so you boot up your newly built computer with a “secure” OS like Kali Linux or Parrot. You create an account with a super secure, never used before password, and maybe some biometric protection. Nevermind that these OS’s are complicated to use and not consumer friendly. But you can be sure they won’t expose you to the Internet the way something like Mac OS or iOS will with bluetooth, or some other services with file, music sharing and Active Directory.

Are we secure? Well, right now the OS might be asking to run an update to make your OS really secure. However, in doing so, you give up your IP address, and thus an 80/20 chance of giving up your location. So before even getting to this point, you will want to proxy all your connections, but then again this begs the question: how can you even trust the proxy? Does chaining proxies you can’t trust equal security?

Let’s assume we trust a company like NordVPN or a network like TOR. We’ll also setup and turn on a firewall, too. Great, now we can download software updates. We’re not going to use social media though. That will surely give us away, even when we share an alias account with friends and family. When we browse the web we’ll just be using a browser like Brave with ad blocking with JavaScript turned off because we all know JavaScript is insecure – except for the JavaScript subset, CAJA. When we search, we’ll hope that Duck Duck Go doesn’t give up our privacy. We will use proxies all the time to keep our privacy. Still this will leave some sort of fingerprint. If you go to a website like Am I Unique, you can see if your browsing configuration & habits have set you up to be tracked.

Let’s review what we’ve done:

  1. Built a computer with components from a secure supply chain.
  2. Used a USB stick to install a secure OS. Make sure you’re account is secured by a password and if your computer has it some sort of biometric protection. We won’t connect to the Internet yet. Nevermind we haven’t even discussed vetting the security of the USB stick.
  3. Set up a proxy / tor and firewall.
  4. Update the OS.
  5. Use a secure browser like Brave.
  6. Turn off JavaScript except maybe for CAJA.
  7. Use only Duck Duck Go for searching since they supposedly don’t keep records.
  8. Don’t use social media. Even an alias can betray you.
  9. Check to make sure you’re web fingerprint isn’t unique.

We haven’t even discussed email yet. And your set up isn’t really secure. All I really need is your fingerprint and password. Anyone remember Dark Knight Rises? In my next piece, I’ll discuss secure email. If you’re not using a PGP key to secure your email, it’s not secure. It’s basically yelling in public. We’ll also discuss adding a VM running off of an encrypted key on a USB stick to really secure your computer.

{ 1 comment }

Basic Security is Not Secure

by barce January 30, 2019

Let’s say I wanted to do basic security. I want to be able to defend myself against cyber attacks on my laptop, network, phone as well as any peripherals I might use that connect to any of the devices I use. I want to communicate securely. I want to be untrackable or have privacy. Basic […]

1 comment Read the full article →

A Brief History of Instagram Growth Hacking

by barce October 24, 2018

In Episode 83 of the now defunct Hashtagged Podcast, Jordan Powers interviews Tyson Wheat, who talked about the early days of Instagram. Back then (2011), he says, “You just needed 10 or so likes within 5 minutes to get onto the popular page.”  When I heard this, I realized Instagram was gamed from the beginning. […]

0 comments Read the full article →

Where’d the year go?

by barce November 8, 2017

There hasn’t been much tech-wise that’s interested me. I’ve gotten better as a coder, and finally built my own data app that helped me find and track people that follow and unfollow using bots on Instagram. It’s closed source, but I just might get to sell it to an adtech company. We’ll see. I first […]

0 comments Read the full article →

What happened in the last 12 months?

by barce July 27, 2016

I’ve been spending most of my free time working on my photography. You can see see some of it at Bracket This, and a ton of it on my Instagram account. Right now though, I’m starting to focus on tech again. I’ve been learning Swift to make an iOS app while working with a really […]

0 comments Read the full article →

What is Geonymity?

by barce June 1, 2015

Geonymity is geo-location based anonymity. Sometimes you want to broadcast your info to everyone like at a bar or a party. Sometimes you want to be low key like at a new airport. Apps with geonymity enabled allow you to automatically determine how much of yourself that you share based on your location.

0 comments Read the full article →

Switching to Emacs from Vim

by barce April 23, 2015

I’ve been looking more and more at Clojure and decided to start coding using emacs. Clojure is the language behind many highly performant and concurrent systems. It was used in BankSimple’s early days. It’s also used at Akamai, a CDN, which has to serve hundreds of thousands of requests per second, when content rich media […]

0 comments Read the full article →

Day 34: I didn’t do my laundry for a month

by barce February 26, 2015

And I’m still not doing it. Instead, I’ve gotten into the habit of just hand washing in the morning. I put my cloths into the sink, take a shower, and then dry the clothes and me. 🙂 I don’t have to worry about sucking a huge chunk of my weekend to get clean clothes. I […]

0 comments Read the full article →

Day 13: Minimalist Winter Gear

by barce February 5, 2015

It’s day 13 of my challenge not to do laundry in washing machines and dryers and just hand wash for a month. So far it’s going great. $20 saved which I’ll use for tacos once I finish this post. Let’s talk winter gear. What’s the least you can wear and still stay comfortably warm? I […]

0 comments Read the full article →