🎃🤖

Two WiFi pumpkin robots from friends: Ryan’s Pumpkin Pi shoots flames:
Les’s makes faces:
View this post on Instagram

Also the wifi pumpkin is gibbering away again

A post shared by Les Orchard (@l.m.orchard) on

   

I love this story from rachelbythebay about hosting in the late 90’s:

Then there was this little company. They were selling dedicated Linux servers for $99 per month, and promised to put them online within an hour of you ordering them, 24 hours a day. Also, they had “the best support in the industry”, according to them.

It seems like nobody else could crack this particular nut. They couldn’t figure out how they were managing to stay in business. How could they possibly be making money selling all of this stuff for just $99/month? How could they possibly hang a new server in a rack in under an hour, and then install the OS on it, and all of this?

As the story goes, this was the “moat” protecting their business. Nobody else could get into the space since they couldn’t make the math work. This one company kept going and kept raking in the customers.

Then, one day, it changed. Another company figured it out, and suddenly there was competition at the “bottom” — the bare-bones super cheap dedicated server market. What happened?

Well, according to my friends, what happened was either a single full-page color photo ad in an industry magazine, or perhaps a large photo accompanying an article. Basically, someone from the company is shown standing there in front of the actual servers, looking proud. I guess they wanted to show off the fact they used certain chips, or something like that. The picture itself contains enough details to show that there is no magic involved.

What did it show? It seems like it gave away the entire “secret”

Giving away the company’s secret sauce

I worked for a dial-up ISP at the turn of the century. Heady times for the internet.

We had a Sun SPARC server running Solaris that handled Apache web hosting and that thing was a beast. We also had a Debian server running RADIUS (greedo) that never had the right time, and some sort of mail server with POP3 access (no IMAP4). For $100/mo we would sell you 100 MB of shared hosting space (with 1 GB of transfer per month).

You could easily run that entire ISP stack off of a single Raspberry Pi these days.

Check out this time lapse video of the Giacobini–Zinner comet from reddit user u/jostef0:

You know what a comet looks like. If I tell you to close your eyes and imagine a comet, you have a mental picture in your head of what a comet looks like. Your comet is an amalgam of all the illustrations you saw in science books growing up (with a bit of the opening of Star Trek: The Next Generation thrown in for good measure)

This real comet tweaks that a bit. “That’s the thing from the picture!”

Time lapses give us a new perspective on our place in a slow-moving universe. If you look up, you can see the sky. If you wait long enough, you can see the stars move. But, like the Flaming Lips said, “it’s just an illusion caused by the world spinning round.” Check out this video, where the image is stabilized to the stars instead of the Earth:

Seeing the Earth spinning like that changed the way I look at the night sky. And it’s important to look up when there’s a clear night. It’s easy to forget how gut-wrenchingly awesome the night sky can be. If you still have time, please check out what happens when people look up:

❤️ This post proudly created in Gutenberg

I posted this to my coworking space’s Slack, with the caption “If you’re going to spoof caller-id, maybe choose a valid phone number?”

Based on the response, the problem with the number wasn’t as obvious as I thought. Can you spot it?

Leaving Facebook

Now seems like a good time to talk about when I deleted Facebook in January of 2016, and why I came back.

It started off with buying some boxed wine.[1] I texted my wife a picture of the options to find out what she wanted.

A couple days later, I started seeing ads for boxed wine on Facebook. That freaked me out. I had never looked at boxed wine online. I had never bought boxed wine online. I had no relationship between my online identity and boxed wine. I try to limit what Facebook knows about my browsing habits. [2]. Yet here was an ad for boxed wine, online.

My first thought was that Facebook was looking at the images in my text messages and using that for ad targeting. It's a simple but wrong explanation, like the idea that Facebook is eavesdropping on microphones,  Both errors come from anthropomorphizing Facebook, assuming that Facebook uses the same senses that we do. The scary fact is that Facebook et al have enough data on us that they don't need to listen to us or watch us.

Did you know that Facebook ads have a "Why was I shown this ad?" link? I wanted to know why I was seeing boxed wine ads, so I clicked it to find out.

If you don't have experience buying online advertising, let me translate: DLX gave Facebook a list of personally identifiable information (PII) and calls it an audience. Facebook then links that PII to accounts, and uses it's ad algorithms to decide who to show ads to.

DLX, it turns out, in Datalogix.  They get a list of the things you buy with loyalty cards, and then matches those purchases with your online identity. If you take a look at that link, it has this line: "The company reports that it keeps the information anonymous and gives consumers the option to opt out of data collecting and reporting by selecting the opt-out option on their website."

Here's what I saw when I clicked the Opt Out link on Facebook:

If that's gibberish to you, it's basically screenshots showing that Datalogix's opt-out process is really broken and neglected.

So my options are either stop using loyalty cards (and pay more for groceries), or stop giving value to the data that I'm generating. I made a step toward the second, and deactivated my Facebook account. It was deactivated basically from February to November of 2016.

I don't have too many insights about my life without Facebook. I didn't miss it really. I had one person contact my wife to ask if I'd blocked them over something, and we then had a good email conversation.

I came back partly due to the election. I felt that maybe my "no politics on Facebook" rule had been part of the problem – assuming that we wouldn't elect a nightmare. Maybe my voice needed to be heard. I wouldn't swing an election, but if I spoke out maybe I wound help convince a couple friends who were on the fence. Naive, yes, but I was looking for something to do. Anything.

The other reason I came back was because I was basically offloading a lot of social labor on my wife. She was now the sole invitee to events because our friends couldn't invite me on Facebook. She would tell me news from friends that I couldn't see elsewhere. My subdivision uses a Facebook group to share community news, which I had to get from my wife. I wasn't completely off Facebook, I had unconsciously delegated it. So I rejoined.

After all the recent news, I'm off Facebook again. I'm trying to ween myself off of algorithmic timelines (in favor of chronological) since they are dopamine addiction machines. Also, the snooping they do on phones, how they are polarizing the country, and the newsfeed being largely garbage all made the decision pretty easy. I may come back again, but for now I'm sticking to RSS feeds and (non-algorithmic) Twitter.

1: A boxed, collapsible bag is a pretty great packaging system for non-carbonated beverages like wine. It keeps O2 out while letting you have as much (or as little) as you want. Like beer in a can, it's a great package that has undeserved quality connotations.

2: Firefox just launched a really cool plugin that will segment your Facebook browser identity from your other browsing. Highly recommended.

❤️ This post proudly created in Gutenberg

Why is Apache sending a “X-Pad” header?

Apache sometimes sends an HTTP header “X-Pad: avoid browser bug” for reasons that aren’t entirely clear. There isn’t a lot of searchable information about this header, so my coworker Matt dug into the source code and found out what’s going on.
The header was added to deal with a bug Netscape versions 2 through 4.0b2. The bug was that Netscape would hang if a linefeed character was sent as the 256 or 257 byte. Apache checks to see if it’s about to hit the bug and, if so, sends this header to pad the output.
The fix is from April of 1997. If they had waited a few months to report it, they might have earned $1,000 with Netscape’s Bug Bounty.
Hopefully this blog post will make the X-Pad header show up in Google and save future people from wondering what it is.

Continue reading “Why is Apache sending a “X-Pad” header?”

Real RSS Spam

The spammers keep getting cleverer and cleverer. A blog that will remain nameless let its domain name expire. A black-hat SEO spammer bought up the domain, which is pretty common. What surprised me was what happened next.
The spammer must have realized that there was a blog previously at that URL. So they installed a special version of WordPress for SEO spammers (I won’t link it here, get in touch if you’re really curious) and even published a feed at the exact same URL as the previous RSS feed. When I opened up Google Reader, the long-dormant RSS feed sprang to life with 10 new posts.
I was excited that the blog was back until I read the first one. Once I realized what was going on, I was impressed by the spammer’s ingenuity and pissed off that they’ve found yet another way to intrude on me. I’m so sick of spammers, I wish I could someone could tell me how to get a green card to somewhere they didn’t exist.

DRYer than thou

At work we have a project (launching Monday, w00t!) that has a lot of cool things happening on the browser side. You know kids these days, what with their jQueries and Web 2.0s, they need whiz bang special effects in their websites. In my day, we only had one type of input field in our forms, and we liked it! Don’t know how lucky they are… but I digress.

One problem we ran into was that we needed to do the same calculation on the server side and the client side. Let’s say for the sake of example that we need to calculate Michigan’s 6% sales tax or California’s 7.25% sales tax. The real calculation was only slightly more complex. One thing to note is that the calculation would need to be very responsive because it would be running a lot and affecting user input, so speed is a concern.

I came up with two options. The first is to write the same calculation in PHP for the server side and JavaScript for the client side. I didn’t love this because it isn’t DRY. If we had two calculations in two different files then when someone was updating the code they would likely miss the other one.

The other option I came up with was to put the calculation on the server side only and use AJAX to run it on the client side. This seemed overly complex, which will sound funny when you see what we decided on. We had avoided AJAX on the site because it wasn’t really needed; adding it for this seemed like a bad value/complexity trade off. I was also worried that server lag could cause a bad user experience, as I pointed out above the calculation needed to be fast.

So I was talking it over with my coworker Matt and he made a joke and we both laughed it off. Then we thought about it, and realized there there were fewer downsides to his approach than my two, so I started coding.

Continue reading “DRYer than thou”

“Up and running”

Xbox Live has a funny definition of “Up and running.” As of 7:00pm on Dec 29, 2007 their status message read:

Status: Up and running
Users may experience issues performing transactions dependent on Windows Live ID availability including but not limited to Xbox 360 and Zune account creation, renewal, recovery, all DMP transactions, and logging into or creating Windows Live ID accounts. Users will experience intermittent issues including but not limited to: Tournaments, Storage Downloads, Gamer Tile, Statistics through Arbitration, Match Making, and Messaging. Additionally, Halo 3 and Call of Duty 4 users may experience issues joining matches or posting statistics. Customer Support may also experience issues referencing customer data. We are aware of the issue and are currently working to resolve it. We apologize for any inconvenience.

My Xbox 360’s dashboard isn’t coming up and I can’t get into Halo 3 matchmaking, so the only entertainment I’m left with is pedantically reviewing Microsoft error messages.