Farewell Google Ads

There’s nothing much to update except that I took down all the Google Ads that I ran. There was a sweet spot around 2010-ish when Google really loved this blog. Whatever I posted would show up on the first page, and very often at or close to the top.

Now, posting on the Web makes you prey to all sorts of “Dark Forest” attacks. As we know from Cixin Liu’s novels, the only way to be safe once you’re targeted for a “Dark Forest” attack is to either quit the space, or look as harmless as possible. I’m going for the later. No ads, so don’t you worry about having to run negative SEO against this blog.

Kidding aside, the real reason is that ads were simply not worth the hassle: increased load times, distraction from your attention, and an audience determined by algorithm just felt cringe to me. Ads are cringe.

I’ve been dabbling in Elixir lately. How it leverages modern, multi-core CPUs makes it a money saver on cloud bills. However, it requires rethinking your code in a functional and an asynch way. This has been super useful for me in dealing with parsing Arabic language data from Wiktionary. More later…

blogging Perl

Coder as Translator, or the glory that was Perl

Right now most of my work is in Python. It’s a neat language, but not as fun as Ruby is IMHO. I don’t want to get into a flame war. I prefer Ruby, often say it to someone with a math or data science background, get some eye rolling, and then say, “I work in Python.”

During the 1990s and early 2000s, one language reined supreme as the “Duct Tape of the Internet,” Perl. There are so many reasons Perl isn’t used today. One has to do with its philosophy, TIMTOWTDI. “There Is More Than One Way To Do It.” Such a philosophy, works with language, and is even encouraged in poetry where a poet is asked to use metaphors and similes to poetize. However, today, it is one of the central dogmas of computer science that the most efficient algorithm is the best algorithm. A merge sort is always to be preferred over a quick sort because a quick sort is slower in the case of almost-sorted data. God forbid you suggest an insertion sort!

Why would a programming language encourage inefficiency in algorithm design? The answer to this is a good and empowering one. Larry Wall, the creator of Perl, saw Moore’s Law as creating cheaper and quicker computing power every year, such that during the 1990s, it felt like there was a surplus of computing power. If a query took 9 seconds instead of 3 seconds because the algorithm was exponentially inefficient that was ok, because the main point was:

Great technology empowers everyone.

Larry Wall saw his creation literally as a human language which can be spoken by 5 year olds or Shakespearean actors. The range of expression is what allows natural language and by extension Perl to do so much.

My first paid programming job was in Perl. It involved making changes to a web form for a dentist website. Easy stuff, and it was great getting paid and being able to point to my work online. This dentist and his website have long since retired.

My first project where I saw the magic of Perl had to do with parsing random documents for mailing addresses to create a holiday mailing list. Parsing text is where Perl really shines through. The secretary cried tears of joy when she found out her task could all be done automatically.

My second project where once again Perl proved itself to be a workhorse that made impossible tasks possible had to do with updating spreadsheets for different managers tracking photographs for the NBC Olympics Website. The Perl code would check the state of the photographs from request to publishing, and update spreadsheets accordingly. Yeah, this sounds like a stupid process, but we still haven’t gotten rid of stupid processes to this day.

Much of the work felt like translation from human, natural language to what felt like Perl’s natural language. Today, someone speaking Perl learnt out in the wild wouldn’t really pass any of the tech interviews where there’s only one way to do it.

As time went on folks saw that Perl only empowered individual programmers. Much of the Perl that has been written is unreadable, since everyone makes up their own dialect, and tries to be as terse as possible in the many ways that you can be. Inheriting a Perl project can be a nightmare unless it’s properly documented (more so than say an inherited Ruby project). Also, today, Internet Duct Tape is an anti-pattern. No more using Perl or language of your choice to be a hero and integrate 2 disparate systems on the fly. But for a nice stretch of time, one coder could make a difference through the glory that was Perl.

I still do stuff with Perl like this to check if Twitter is down:

lynx -source | perl -ne ‘print “$1 on Twitter\n” if /(Something is technically wrong)./’


Building an OK, Sorta Secure Computer

In my last blog post, I talked about how a seriously compromised supply chain prevents us from ever building a secure computer. This morning I logged into my Instagram account and found that I had 7 followers even though my account was set to private and 2FA. I’m hoping this is a bug, but even so, it just shows that nothing presents as secure.

Let’s assume – and this is a big assumption – that we can build a secure computer because we now have a secure supply chain. So you buy a CPU, a motherboard, a hard drive, some memory, a power supply, input devices like a mouse and keyboard, something to connect to the Internet with, and a bootable USB stick with the OS of choice on it, for the wiring there are professionals that build them and for more top technology on wiring contact EMS Solutions in Ogden. I won’t go into the specifics of building a computer from these parts, but suffice it to say, you should be asking, “How will I know the OS is secure?” On some level, this is hard to do. Can you imagine reading all those lines of code? Historically, Red Hat Linux 5.2 was insecure. If you installed it with an FTP server running and exposed to the Internets, you would get hacked in days, if not hours. The hacker would just use a buffer over flow attack. For years, SSL, one of the central encryption layers for web browsing, was compromised.

OK, so you boot up your newly built computer with a “secure” OS like Kali Linux or Parrot. You create an account with a super secure, never used before password, and maybe some biometric protection. Nevermind that these OS’s are complicated to use and not consumer friendly. But you can be sure they won’t expose you to the Internet the way something like Mac OS or iOS will with bluetooth, or some other services with file, music sharing and Active Directory.

Are we secure? Well, right now the OS might be asking to run an update to make your OS really secure. However, in doing so, you give up your IP address, and thus an 80/20 chance of giving up your location. So before even getting to this point, you will want to proxy all your connections, but then again this begs the question: how can you even trust the proxy? Does chaining proxies you can’t trust equal security?

Let’s assume we trust a company like NordVPN or a network like TOR. We’ll also setup and turn on a firewall, too. Great, now we can download software updates. We’re not going to use social media though. That will surely give us away, even when we share an alias account with friends and family. When we browse the web we’ll just be using a browser like Brave with ad blocking with JavaScript turned off because we all know JavaScript is insecure – except for the JavaScript subset, CAJA. When we search, we’ll hope that Duck Duck Go doesn’t give up our privacy. We will use proxies all the time to keep our privacy. Still this will leave some sort of fingerprint. If you go to a website like Am I Unique, you can see if your browsing configuration & habits have set you up to be tracked.

Let’s review what we’ve done:

  1. Built a computer with components from a secure supply chain.
  2. Used a USB stick to install a secure OS. Make sure you’re account is secured by a password and if your computer has it some sort of biometric protection. We won’t connect to the Internet yet. Nevermind we haven’t even discussed vetting the security of the USB stick.
  3. Set up a proxy / tor and firewall.
  4. Update the OS.
  5. Use a secure browser like Brave.
  6. Turn off JavaScript except maybe for CAJA.
  7. Use only Duck Duck Go for searching since they supposedly don’t keep records.
  8. Don’t use social media. Even an alias can betray you.
  9. Check to make sure you’re web fingerprint isn’t unique.

We haven’t even discussed email yet. And your set up isn’t really secure. All I really need is your fingerprint and password. Anyone remember Dark Knight Rises? In my next piece, I’ll discuss secure email. If you’re not using a PGP key to secure your email, it’s not secure. It’s basically yelling in public. We’ll also discuss adding a VM running off of an encrypted key on a USB stick to really secure your computer.

How-To software

Basic Security is Not Secure

Let’s say I wanted to do basic security. I want to be able to defend myself against cyber attacks on my laptop, network, phone as well as any peripherals I might use that connect to any of the devices I use by switching to a SD-WAN network, if you want to learn more about it, you can check here on this website. I want to communicate securely. According to Andrew Defrancesco if want to be untrackable or have privacy. Basic security for the purposes of this post will consist of 3 things:

  1. Malicious code barriers & Cyber Defense
  2. Secure communications
  3. Privacy

Let’s tackle the first one. I have a computer that I just purchased from a store. A sales person might even suggest buying anti-virus software with a firewall. It’s guaranteed to protect me from everything except a zero day hack. Well what about this “zero day hack.” Anything on my computer that is listening to the Internet, e.g. notifications, Dropbox, Adobe, GoogleTalk. Ok, we turn these off. Are we still secure? What if the hardware is not secure? In light of recent revelations, we can’t even trust the hardware anymore. We are forced to build are own computer with our components we can trust, but this begs the question of finding a trustworthy component. Back in the days of 6502 processors, it could be possible to know all the contents in memory, and to even know the factory that made all the components. Catching a breach in the early stages, or detecting a security event before it can take place could also prevent any damage at all. These are just some of the ways that the SIEM software at could enhance and protect your business. With our global economy such an empirical luxury (if it was ever so enjoyed) is no more. You can start by getting a network penetration test to find the areas where you need to boost your cybersecurity measures, view this at Nettitude page. We might as well stop here, and think about what it would take to secure the supply chain of computer components. There’s a suggestion for it in the dystopian, Draka series of novels by S.M. StirlingAll computers are Read Only Memory (ROM), and produced under close government / military scrutiny. What we can conclude is that even on a basic level, we are not secure. You can check out the Venyu homepage and see what can make your connection secure.

In my next piece, I’ll look at secure communications on an ok, sorta secure computer. Call Treasure Valley IT Wilder or other experts if you need help with your business technology and security.

blogging Mobile Apps Social Media

A Brief History of Instagram Growth Hacking

In Episode 83 of the now defunct Hashtagged Podcast, Jordan Powers interviews Tyson Wheat, who talked about the early days of Instagram. Back then (2011), he says, “You just needed 10 or so likes within 5 minutes to get onto the popular page.”  When I heard this, I realized Instagram was gamed from the beginning. This isn’t saying that without enough hard work, luck and skill you couldn’t use Instagram in 2011 to launch a career. It’s just that already in 2011, you’re competing in the Tour de France with somebody that’s doping, or you’re in a sport where you’re competing with somebody on steroids. Instagram was never fair. The superb photos that ended up on the popular page back then sure had me fooled, though.

The first screenshot I have of Instagram from October of 2011
The first screenshot I have of Instagram from October of 2011

Hey, spamming likes to gain follows worked back then in 2011

By 2012, you could see that something was wrong in all social photo apps. People were gaming the system.

Hardwork and talent were still wonderfully rewarded on Insta back in 2011/2012.

In 2010, Sean Ellis coined the term growth hacking. Andrew Chen goes on at length in this classic article on what it means to be a growth hacker. For me though, growth hacking is finding flaws in the system and exploiting them in ways very similar to how the Russians tipped the 2016 election using hacking. So how did folks take advantage of the growth hacks on the popular page? In a similar way that diggs got monetized (Remember Digg?) the popular page on Instagram got monetized. According to Phil Gonzalez, a consortium of shady Turkish marketers would report a photo that naturally got to the popular page so it would get taken down, and then replace it with a post that got 100s of artificial likes from fake accounts within minutes.

But the popular page really didn’t help that much. I got on it once by posting around 8pm at my silent reading book club back in 2012. A few hundred likes and a score of follows rolled in finally pushing me above 100 followers. I had been stuck at below 100 for a year which is laughable now, but I’d have to say those first 100 followers were all awesome people and really great photographers. Eventually, Instagram would replace the popular page with the explore page, and basically had the algorithm dictate which photos got shown to whom on that page. But crappy photos selling the scam of the week (pills or bitcoin depending on the year) always seemed to find a way there every now and then.

What really helped grow accounts was becoming a suggested user. Instagram could choose anyone and let them be suggested for at least two weeks to years. This meant that when people first signed up, the UI would strongly suggest that they follow the suggested user. You could grow at a rate of 10,000 followers a week as a suggested user.

How’d this dude get suggested on the bottom? His photos are so so.

The second way to grow would be to get a suggested user to follow you. This is where some shady paying for follows came in.

The 3rd way was doing a free for all where you gave photos to people, asked them to do their best edit, and you would choose photos to feature as long as they tagged you in the photo of yours that they posted.

The 4th way, way back in 2012 was botting by using follow and unfollow. Companies like Massplanner which Instagram has now shutdown would sell these services for around 50 to 100 a month depending on how many followers you wanted. It’s not as shady as fake accounts since all you’re doing is suckering someone by following them, and then unfollowing them. Lots of folks have used this strategy from 2012 to 2016 to grow from 0 to 100,000 in a year. The downside is that your engagement is real low, and now that everybody is clued into it, your account just looks fake. The problem is folks who got suggested user back in the day, or coat-tailed off of them look just as fake. What’s even worse is that the algorithm for awhile gave the advantage to folks that botted. Here’s a chart showing that.

In blue @kingy_kings legit working hard to grow; in orange, @jackson.groves doing follow/unfollow by botting. The algorithm has them neck and neck, but then eventually the algorithm fails and rewards the cheater.

However by 2018, the algorithm would actually take away followers for botting, and it did this by feeding the botters to the botters as you can see in the chart below:

@teresa_ on Instagram is the worst. She’s botting and losing followers. lol

From 2016 to 2018 people would try the following to grow:

  • power likes, getting a like from a large account
  • paid features on huge accounts (1 million real followers or more)
  • DM groups – these really help lots with engagement, but sentiment analysis can reveal who uses fake comments. This is true if you don’t shoot bangers. I’ve seen accounts with 1000s of cake photos, and each cake photo is the best cake photo that someone’s ever seen. The idea behind this is similar to the hack Tyson mentioned above. Get 5 or so comments in 15 minutes to get way more likes than if you didn’t get the comments.
  • contests where you have to follow 20 to 40 people in order to enter
  • contests that offered a free camera if you followed them
  • follower networks where people grow multiple accounts to like and follow each other
  • The Gary Vee 2 cent hack; this got killed when the algorithm detects this and just makes sure the Top Page you see is the same as the Recent Page
  • getting a free feature from a large account
  • I’d say that the only strategy that works now is the last one which is just another way of saying “going viral.” Someone prove me wrong here, please.

    The result of all this is that:

    1. people take the same photos as everyone else, i.e. InstaRepeat
    2. people take crappier photos than before
    3. people are taught by Instagram to game the system and society

    This means Instagram is contributing to the downfall of society.

    What should you do if you care about photography? Delete the app. Go back to making zines like I have. If you can’t bear to delete the app, just use it for the DMs.


Where’d the year go?

There hasn’t been much tech-wise that’s interested me. I’ve gotten better as a coder, and finally built my own data app that helped me find and track people that follow and unfollow using bots on Instagram. It’s closed source, but I just might get to sell it to an adtech company. We’ll see.

I first got paid for coding back in 1993. 24 years of coding, and I’m not a manager. I was for awhile in New York and Los Angeles, but in San Francisco where genius IQs are common, I’m just a coder. Now, I don’t have a genius IQ, and don’t take much stock in it, but I test around 125 to 129. My last IQ test I was 129 – 3 points away from Mensa.

Anyway, if you go here you can see what I’ve made public that I’ve worked on.

I’m most proud of my Django-screenshots code, which takes a screenshot based on a URL you’ve given the code.

What’s next? Well, I love coffee. If you’re in San Francisco, I’d love to grab coffee with you.

Announcements iPhone Dev Mobile Apps

What happened in the last 12 months?

I’ve been spending most of my free time working on my photography. You can see see some of it at Bracket This, and a ton of it on my Instagram account. Right now though, I’m starting to focus on tech again. I’ve been learning Swift to make an iOS app while working with a really awesome designer, Andi Galpern.

Anyways, expect to see more posts about Swift and mobile app development.


What is Geonymity?

Geonymity is geo-location based anonymity. Sometimes you want to broadcast your info to everyone like at a bar or a party. Sometimes you want to be low key like at a new airport. Apps with geonymity enabled allow you to automatically determine how much of yourself that you share based on your location.

Clojure emacs

Switching to Emacs from Vim

I’ve been looking more and more at Clojure and decided to start coding using emacs.

Clojure is the language behind many highly performant and concurrent systems. It was used in BankSimple’s early days.

It’s also used at Akamai, a CDN, which has to serve hundreds of thousands of requests per second, when content rich media is getting “slash-dotted.”

I think my interest in using emacs has to do with how tightly knit Lisp is to it. It also seems highly customizable in a way that’s different from Vim. It’s highly customizable in a more programmatic way.

There’s a great “Getting Started” guide for Clojure, and emacs is recommended as the editor to use if you’re new.


Day 34: I didn’t do my laundry for a month

And I’m still not doing it. Instead, I’ve gotten into the habit of just hand washing in the morning. I put my cloths into the sink, take a shower, and then dry the clothes and me. 🙂 I don’t have to worry about sucking a huge chunk of my weekend to get clean clothes.

I didn’t think I’d last this long, because part of the process of quickly drying clothes involves using bath towels that started to get really funky by day 14. The solution is to sometimes rinse your clothes just enough that there’s still a bit of detergent. While you get the excess liquid out by wrapping your clothes with a towel and stomping on it, the soap gets onto the towel. Funk issues cured.

I just want to highlight that nylon and polyester blends are key to quickly drying clothes. By quick, I mean 4 to 8 hours air drying.

Also, the polyester blends that have coffee grounds as part of the fabric are very odor resistant. I’ve had my odor resistant hoody for a month and it still smells great.

What if it gets hot? Well, I learned about Ice Fil which is tech fabric that uses xylitol to cause a cooling, chemical reaction to your body when you sweat. You can be cooled by as much as 5 degrees F. This too also has a strong odor resistant property so after two bicycle rides, I haven’t had to wash my hoody made out of Ice Fil yet.