Lux et Veritas

From the earliest days of software technology, the term hacker has been used to describe someone who was particularly proficient with technology.  While the term “hacker” has come to mean something malicious to those with only a cursory understanding of geek culture, it is still held as a term of high regard among those who know otherwise.  Lately I have gotten the question from students in my IT/IS classes concerning how best to become a “hacker”.  While the question they are asking is not precisely the information they want to know, I have decided to answer the question correctly.

While this may seem like a silly exercise, it actually has a long and storied tradition inside of hacker communities.  There are a number of well known “guides” that have circulated the halls of old Usenet and dusty Jargon files from many years back with contributions from such luminaries as Bruce Parens, Eric S. Raymond, and Larry Wall.  Basically I am going to offer a stupidly basic outline of what I would like to have learned, in the order I would like to have learned it in, to have developed my skill-set (or lack thereof) in the quickest fashion possible.

*One caveat is that I have changed this list 8 times in the last 3 weeks (which is why it has taken so long to post) and added another step just minutes before posting again.  My point is that I will probably continue making updates for a while and I would encourage anyone comments or suggestions on how it can be improved.

  • Step 1: Start by visiting/read these websites, netcasts, mailing lists, IRC forums, & newsgroups.. everyday!  ArsTechnicaPhrack, SecList, Schneier on Security, OWASP, ITSecurity, cDc, Toms Hardware, HackerNew, and the LiquidMatrix Blog.  Listen to every episode of Security Now!  For extra credit read everything you can handle from the SANS Reading Room.  If you don’t understand what you are reading, Google it!
  • Step 2: The best resources you can possibly have as an IT Professional are OTHER IT Professionals.  This means you need to be part of your local community by networking with other professionals.  Nationally there is ACM, AITP, and IEEE. MORE importantly are your local groups & chapters.  In the Oklahoma City area we have OKC JavaScript Developers Group, OKC LugNuts, Okcruby, DC405Oklahoma Game Developers, OK InfraGuard, ISSAOKC, and OKCJug, just to name a few.  Join a couple groups and start attending monthly meetings.
  • Step 3: Build your own computer.  Check out the ArsTechnica System Guide to make sure you have compatible hardware that will actually be cost effective and then purchase the parts at PriceWatch (be sure to check the vendor ratings before you buy.)  Yes, you could actually buy a system “kit” from someplace like NewEgg but the value of this exercise is in learning the hows and whys of each component.
  • Step 4: Install a Unix style OS on your newly built system… and/or every other system you can get your hands on.  I recommend either Fedora or Ubuntu to start with as they are the easiest to begin using but in reality any *nix style will work (i.e. FreeBSD, Linux mint, OpenSuse, OpenSolaris, etc.)  No hacker I know lives in Windows (well… unless they are gaming.)  Linux OSes provide access to a system on a level you simply will NEVER get on Windows.  This is partly because of the power of the Unix system model and partly because hackers develop for hackers on Linux/Unix.  After you install your new OS, use it, everyday, as your primary OS.
  • Step 5: Make your own website… from scratch.  Go get a $6.00/month HostMonster account, decide on a domain name, learn FTP, setup an email account, and start making a website!  It is a cheep way to get some direct experience doing many of the most common web task.  Finally, got get a copy of the Lama, Pythonista, or Rails Tutorial and go through the ENTIRE tutorial thus creating your first dynamic website content.
  • Step 6: Continue building your library.  Nobody can know everything there is to know about technology.  Having quick access to information that you have (at the very least) read before is a HUGE help.  Additionally, going through the programming and hacking literature will give you the best hands-on experience necessary to take the next steps.  You should own/have read as many of these as possible:
  • Step 7: Pick a transformative technology and learn how to use it. “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” — Abraham Lincoln.   In many ways this is the basic activity that all IS/IT employees do on a daily basis.  Technology solutions have a tendency to be very darwinian.  Therefore, you should start by picking tools that have stood the test of time.  Very few technology resources have lasted longer than 4 or 5 years.  Tools like
  • Step 8: Find an Open Source project that interests you, pick a problem, and fix it.  Meaningful contributions to Open Source projects now rank as more valuable than experience with a fortune 500 company and by volunteering yourself to something used by hundreds or thousands of people, you increase your credibility as a contributor to the community.  Often contributors get their names listed in the software itself (imagine being able to show a prospective employer you name in the Firefox contributors tab.)  It doesn’t have to be software development either, many projects need volunteers to answer forum questions, update documentation, translate it to other languages, or simply test and report bugs.
  • Step 9: …and then teach.  No amount of experience will develop your skills, help you network, or let you enjoy technology more than passing on the things you have learned.  Write articles or blog posts, offer to teach a computer class at your local library, or do mentoring to grade school kids.  Sometimes this step can even turn itself into a decent part-time job.
  • Step 10: Download the Linux From Scratch book and build your very own custom operating system from source code.  You will learn more about how operating systems work than 99.9% of IT professionals do.  Doing your own OS build will change the way you see systems and how to protect them.  The results of a LFS build is not the system itself (you will probably go back to using Fedora shortly after finishing) but that you will NEVER go back to be just a technology user…

A Part of the Maine

Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree.
-Martin Luther

While checking one of my WordPress sites I noticed an update for one of my favorite plug-ins, The Events Calendar.  Everything was broken after the update so I when to the support site to get things running.  Long story short, I got the site working again based on the support recommendations they had but regardless, some functionality was still missing.  The reason for this was related to a huge shift in the underlying focus of the WordPress post design.

the issue you state about other plugins integrating has more to do with WordPress being in a period of flux between having everything be either posts or in its own table and authors fully adopting custom post types. The core WordPress team is placing a heavy emphasis on CPTs and most major plugin authors are moving over… As more and more plugins make the move, the integration you want to see will return in a much more powerful and controlled manner.
–Shane Pearlman

The Events Calendar has converted over to a new design method called Custom Post Types (CPT) whereby individual modules can define their own post “types” instead of adding functionality to default post type already available in WordPress.

This drew my attention because the new version of The Event Calendar provides a “Professional” version, with more functionality, that can be purchased. I haven’t actually seen much software in the WordPress universe that followed this model (and I don’t believe The Event Calendar did until this new update occurred.)

My concerns were confirmed with some web searching:

Custom post types aren’t really meant for that use [¦] Custom post types are great for things that are more or less catalogued: products (in an e-commerce site), listings for a real estate site, etc. For regular content creation as described [by Chris], you can already do [that] by using custom taxonomies and/or stylesheets to make post templates.

Some part of the WordPress team has been pushing these these CPT’s and it looks like they have been doing it primarily to capitalize on the success of a Free Software program. I suspect that most developers who are interested in focusing on this kind of feature set are probably not Free Software developers but are, instead, quasi-open source developers running Macs who would be making iPhone apps if they knew something more useful than PHP.

This kind of monetizing has become massively popular with the success of Apple’s App Store and Google’s Market. A significant number of developers who have built very popular software stacks on top of Open Source applications are looking for ways to turn that work into cash flow, and I don’t blame them. That said…

…I really don’t like something about it. Maybe it is because I left a “free” blog application because it stopped being free (I learned a valuable lesson between Free Software and free software and I still have a bad taste in my mouth about it.) Maybe it is because I have actually contributed work to a number of WordPress plug-ins and would NOT have done so if I had known my efforts were going to help someone else make money. Maybe it is because the new version of The Events Calendar actually broke a lot of functionality in the name of changing their platform model to a for-profit design and now I have to use an unsupported version of the software until I find another or I write one myself.

Whatever the reason, Open Source software is loosing something of itself if this is actually the intent of their focus, and we are all the less because of it.

If you can prove you don’t need it

For years, I have watched the number of technology companies that operate without debt.  The trend has always been popular among IT/IS companies because of the fundamental instability of intellectual property over hard assets.  The logic is hard to argue with.  If everything you “own” of value only has value as a direct cause of its perceived importance, then a shift of public perception doesn’t just hurt your brand, but fundamentally devalues your property.

Think of it this way; if tomorrow everyone stopped trusting Google for their search results (say, you know, someone found out their code sent all our personal information to the Chinese) then overnight they could loose 95% of their US market share.  How much is Google’s code-base worth at that point?  Currently Google is trading at 183 billion so a 95% loss in usage would probably translate to a market value somewhere south of 3-5 billion.

Physical assets don’t behave the same way.  1,000,000 lbs of steal doesn’t just loose 98% of its value overnight.  Even in heavily over-inflated markets things like… I don’t know… homes, don’t loose 98% of their value.  People may be upset that their 350,000 home is now worth 260,000 but just image if one NIGHT your $350,000 home was worth $7,000.  THAT is the danger for companies whose primary assets are intellectual property.

I will give you another concrete example.  Once upon a time there was a company who made A LOT of money in the energy trading business.  Basically the company had sold off almost ALL its physical assets because they made so much money acting as a broker for energy trading.  Think of them as the stock market (or eBay) for energy.  The only problem was that their principal value lay in the fact that people trusted them, trusted their market, trusted their systems, and trusted their software.  Then one day  it was demonstrated that this company lied, cheated, and stole in almost every way you could imagine.  Enron’s stock dropped from $90 to just under $1 in a matter of weeks.  Basically, Enron’s major asset was trust, which it lost, and the company disintegrated overnight.

So how does a company protect itself from such quick devaluation?  The same way you and I protect ourselves from economic turbulence; a big savings account and as little debt as possible.   Microsoft, for example, is famous for “saving” close to a billion dollars a month… yes, a MONTH!  At the same time, Microsoft doesn’t borrow money.  I have been told, by people I put NO trust in to know this information, that they don’t even lease the copiers.  Competitors who want to beat Microsoft can certainly do so, but it will not be an easy fight.  That kind of financial position means that competitors must beat them dollar for dollar, customer for customer, year in and year out… for YEARS!

So who else do you know that doesn’t use debt?  Here are are couple names both in IT and outside of it.  Accenture, Activision Blizzard, Apple, Bed Bath & Beyond, Broadcom , Citrix Systems, eBay, Gap, Google, Infosys Technologies, Juniper Networks, Marvel Technology Group, Qualcomm, Research In Motion, Stryker, Texas Instruments, and Yahoo.  Want to see something more amazing?  Check out those companies 1, 3, and 5 year average returns compared to the market average!

I think it was Warren Buffett who said, “Leverage [i.e. debt] is a funny thing, people who don’t understand it shouldn’t use it; and those who do, don’t.”

A Thousand Furlongs of Sea

We must learn not to disassociate the airy flower from the earthy root, for the flower that is cut off from its root fades, and its seeds are barren, whereas the root, secure in mother earth, can produce flower after flower and bring their fruit to maturity.
–Kabbalah

Generally speaking I work behind a desk eight hours a day (OK, more like 12) but once in a great while I will get to go out with a field crew to do actual physical work.  While physical labor is generally pretty scary stuff; I love getting out-of-doors.  My most recent excursion was to the western side of Oklahoma on a GIS mapping project.

I have driven through the panhandle a couple time previously but really didn’t spend any time there.  It is absolutely BEAUTIFUL.  For someone who is used to the lush green of the Ozark mountains; the naked beauty of the gypsum hills and high plains was like landing on another planet.  This trip was actually months ago, but I forgot I had taken pictures until today. You can check out the photo gallery by clicking the link below.

Oklahoma Gypsum Hills and Eastern Panhandle

13 Deadly Sins

The “Deadly Sins” from P. J. Brown’sWriting Interactive Compilers and Interpreters Wiley 1979.

–to code before you think.
–to assume the user has all the knowledge the compiler writer has.
–to not write proper documentation.
–to ignore language standards.
–to treat error diagnosis as an afterthought.
–to equate the unlikely with the impossible.
–to make the encoding of the compiler dependent on its data formats.
–to use numbers for objects that are not numbers.
–to pretend you are catering to everyone at the same time.
–to have no strategy for processing break-ins.
–(A break-in is when you interrupt an interactive compiler, and then possibly continue it later. This is meaningful in an environment in which the compiler is run dynamically, such as many LISP and some BASIC environments. It is not meaningful for typical uses of C/C++ (although there was at least one interactive C environment according to Chris Lattner).)
–to rate the beauty of mathematics above the usability of your compiler.
–to let any error go undetected.
–to leave users to find the errors in your compiler.

This entry comes to us from the GCC Wiki.

Some of My Favorite Rules

The website 1001 rules for my unborn son got me thinking about some of the rules I have for my life. Thought I would put down my own and list some of my favorite from 1001.

  • There is always time for a lemonade stand.
  • Perfect at least one recipe, steak doesn’t count.
  • Obstacles are ways of demonstrating our dedication.
  • Don’t complain, just work harder.
  • Take the new guy out to lunch.
  • Never swing at the first pitch.
  • Carry a pocket knife.
  • Learn from criticism.
  • X never, ever, ever makes the spot.
  • When excusing yourself from the table, you need not give a reason.
  • Stand up to bullies. You’ll only have to do it once.
  • Become an expert in something.
  • Never turn down a girl’s invitation to dance.
  • Order the local specialty.
  • Learn to drive a stick shift.
  • Never side against your brother in a fight.
  • Memorize the Bill of Rights and your favorite poem.
  • Keep your eye on the ball and follow through. In sports and in life.

189. Learn to drive a stick shift.

One Notebook to Rule them all

One of the rules of my organizational methodology is that everything that I write on paper goes into a single notebook. I keep a single notebook and each and every page is titled, numbered, and dated. Each notebook is numbered and range dated when finally filled. This means that I carry a notebook with me most of the time and, therefore, the quality of the notebook means a great deal to me.

Now I can already hear people screaming “MOLESKIN” to me; but the problem with Moleskin is that they are pretty darn expensive (remember everything I don’t type on the computer goes into this notebook… it can fill up VERY quickly) and they are generally quality overkill for something that basically holds todo lists and diagrams. Finally, Moleskins are really more about brand than need.

So my notebooks need to stand-up to punishment, not be too expensive, and have a useful layout that doesn’t make me feel like a third grader. The Foray Project Planner Notebook is EASILY my favorite. So for future reference (like when I need to order new ones:)

Where to buy: Office Depot

Description: These refillable notebooks feature smooth, white, premium bond paper and distinctive foil-stamped linen covers with high-quality double-wire binding. Each notebook contains perforated pages for easy removal as well as a date box on every page to keep you on track. There are 80 faint-ruled pages of 18-lb paper in each refillable notebook.

Item # 766134
Manufacturer # 99326FY
sheet size 8 3/5″ x 11″
number of pages per book 160
binding type wirebound
cover color Black
cover material 22 pt. linen 924 grain embossed
opening position right side
number of holes punched 0
paper ruling faint ruled
paper color white
paper weight 18 lb
acid free no
brand name Foray

Never Forget Today

Human pain does not let go of its grip at one point in time. Rather, it works its way out of our consciousness over time. There is a season of sadness. A season of anger. A season of tranquility. A season of hope.

–Robert Veninga

I was on my way to work when I heard about the first plane.  I remember thinking it was probably an accident, like the plane impact on the Empire State building.  I passed by Tinker Air Force Base on the way; it was guarded but nothing too crazy.  The second  plan crashed into the second building and I remember thinking that we would be going to war with someone.  I called my wife and told her not to leave home.  Being a state employee they told us to go home ourselves.  Passed by Tinker again… there was a tank, several 50mm Brownings, and lots of concrete barricades.  I almost enlisted right there but they wouldn’t let any non-military traffic into the base (my wife didn’t find out about that till a couple years later… she was not happy.)

I got home, hugged my wife and daughter, and cried…

Chaos, with better lighting

We are time travelers. Moving through the universe forced to experience it through the lenses of history. Not simply limited to our memories; our very senses can experience only what has already happen, not what is currently happening. The clock for the whole of the universe it is measured by the speed of light (299,792,458 m/s) and while trivial, on our microscopical level, it is yet undeniable. The sun we look at is 8 minutes old, the stars hundreds (or millions) of years old.

The implication of this is nothing short of awe-inspiring. If we could instantly travel 2000 light years away from our planet (and had a telescope large enough pointed back at our planet) we could see Jesus walking the earth. In this way the universe has a memory more thorough and more complete than any computer or human has ever had. Nothing is forgotten, nothing is lost, nothing is missing; it is just getting harder and harder to put the picture back together in a way we would recognize it.