<![CDATA[Enginn Solutions]]>http://blog.higg.im/Ghost 0.6Sun, 08 Nov 2015 02:28:00 GMT60<![CDATA[The What, Who & Why of The Web]]>Computers. The Internet, The Web, The Net, I get it. Rather than humble-brag and elbow others with that fact, I just want to talk about how others seem to think people don't get the web, or think it's a great distraction for taking selfies and writing cryptic emoji stories to

]]>
http://blog.higg.im/2015/11/08/the-why-of-the-web/960c5978-f930-4509-8999-aa4206ad7607Sun, 08 Nov 2015 02:08:24 GMTComputers. The Internet, The Web, The Net, I get it. Rather than humble-brag and elbow others with that fact, I just want to talk about how others seem to think people don't get the web, or think it's a great distraction for taking selfies and writing cryptic emoji stories to our partner at 2:00AM in the morning, or that The Net serves nothing more than 'great mother enabler' for any noun/verb that will satisfy The Net's capability. Nouns and verbs like community (Reddit), commerce (Amazon), and commuting (Uber) become enabled by The Net all the time, and it is the only motif in town. The only bullshit narrative we can tell our friends when we talk about The Net is that we managed to buy something from it once, or that we are addicted to Snapchat, or that there's a new invite-only torrent site they discovered where they get all their warez and moviez on tap.

Tell me about your story

I don't want to bore you with my story or how I got into computers (I was gifted a Commodore 64 from a young age and modified the source code of games to give me extra lives) so this probably explains the vast bulk of not only how I got into computers, but also the why.

A lot of the noise surrounding 'Web Technology' and a lot of the noise coming from web conferences is mostly concerned with the questions of:

  • What has been done with tech that hasn't been done before? (Think Y.C)
  • What has been done that works well and how can we improve it? (Think Apple)
  • What can I do with the web that will enable {verb/noun} to be better? (Think Uber, Google)
  • What is the state of the art, and how can we make it cheaper and ubiquitous? (Think Maker Culture)

The Who of The Web

There is another motif which is not as pervasive as the {verb} motif, and it's the Who of The Net, or the person in Person Place or Thing. Clay Shirky can talk about this at length and much better than I , and his work has been doing the rounds in social media classes the world over since he published his first few books. Here Comes Everybody was a seminal work and the discussions are still relevant today. If you still don't "Get Facebook", well according to Clay Shirky, you're not meant to. He said this in 2008, and he said a bunch of other things about social media that persist to this day and ring true nearly a decade later.

We don't need Gary Vaynerchuck, or Seth Godin to explain it away. The Who of the net concerns itself with the celebrity 2.0 Youtube stars of our time who feverishly attain views in exchange for AD dollars from Google, or the legions of computer hackers dubbing themselves Anonymous who work collectively to DDOS all your favourite sites when you were not looking, or the Tinder Dating App deviants who use the wonder of TCP/IP to find a partner (The beauty of the baud is still alive apparently).

Next Motif Please

The Who motif is boring, and still doesn't quite get to the point of The Net which is The why ― Why do others miss the point of it consistently, repeatedly, and with an unforgiving pattern? Why does anybody with an entrepreneurial streak seem magnetized to The Net as if by not 'going digital' they are not entrepreneurs and should just give up on the spot? Why are Opportunists walking into hacker conferences dressed like Mr. Monopoly trying to poach talent and scoop up 'fresh meat' engineers for their new Incubator project?

Once we were young We ARE young in the garden

Well the why is emphatic enough, if not misunderstood: The Web Is Still Young, you see. Again, I'm not going to bore you with my story (I listen to a lot of Terrence McKenna and happen to find his work not only relevant to our times, & let's just say his definition of a 'heroic dose' is not that heroic. I disproved it. Don't quote me on that). Now back to our why of the net: The Net has grown up in recent years, and for somebody with a feverish addiction to information that I could handle ten years ago, I had to take a step back and watch this time, instead of assimilating it. One strategy I did try in recent years to manage the onslaught of new information is write scripts and scrapers which extract only the good parts of the net, and deliver it to me in one synaptic nerve dose that made that scene in Clockwork Orange where he watched a bit of ultraviolence look like Bambi.

Cambrian Explosions

Perhaps the why is elusive, and keeps the net going, but not like a fast car on breeze-blocks where the wheels are moving fast and the car is going nowhere (as so many burned out tech enthusiasts like to make claim). Terrence McKenna talked about the net so innocently in 1995 and if he was alive today to see this information explosion he would be astonished (it probably takes a lot to astonish such a man). The only problem I have with playing the information card is that it's an obvious card to play, like when your friend says "Of course the net is fascinating. It's made of information. Calm down. Get some sleep, it will be there tomorrow when you wake up. Stop addicting to this shit man!".

- "More Internet please!"

Also see: Intelligence Explosion

Scraped from the bottom now I'm here

What my friend doesn't realize is the power of scraping and filtering information. My scripts are still there in my bookmarks folder. I remember the night I wrote them, between smoke breaks and strong wine, red bull, fast music, green tea, gigabit backbones, and terabytes of warez. They're there. They survived the mess of life, and the rabbit hole of the web. They survived revolutions, economic collapse, depression. They're still there to this day when I'm in good health, have better hardware, not smoking, and the Irish economy is showing signs of recovery. They're still there amongst all the noise about tech startups and Opportunists converting {noun/verb} to something digital. They're still there when Facebook brings in Dislike buttons, and Twitter now has 'hearts' instead of 'stars'. My why is primitive, like when I changed the source code of Commodore64 games to give me extra lives. My why persists to this day, and this is my message: The Net is what you make of it, not what the current narrative permits. The Net's fertile ground, and it's still very young! Plenty of opportunity out there (Motif yawn), but still very early days, despite the onslaught of new information, and the evolution of web technologies. Mc Kenna says it best when he says that evolution is not a slow and gradual process, but punctuated by key turning points where all future change veers off in entirely new directions.

]]>
<![CDATA[The false narrative of phone culture]]>I just want to bust open the false narratives surrounding phone culture and speak about the long term implications of having a computer in your pocket at all times that talks to the public Internet.

The current narrative of phone culture is that phones are pervasive and have seeped so

]]>
http://blog.higg.im/2015/11/03/look-at-my-invention/6213b298-19ef-46c3-a434-d5fee403eed0Tue, 03 Nov 2015 16:32:41 GMTI just want to bust open the false narratives surrounding phone culture and speak about the long term implications of having a computer in your pocket at all times that talks to the public Internet.

The current narrative of phone culture is that phones are pervasive and have seeped so far into consumer culture that anyone who forgos a phone is immediately cast off as suspicious. You get this (and I have experienced this) where people immediately assume because you are phoneless that you are engaged in criminal activity or trying to evade the watchful eye of the intelligence services.

I have experienced this peculiar effect of technology before, of a sort of crippling disablement of otherwise rational thoughts, where the technology controls the narrative, and not the other way around.

Empowered vs Enfeebled

My only conclusion as to why people would think this is because they are enfeebled by their phone, and not empowered by it. I have experienced this peculiar effect of technology before, of a sort of crippling disablement of otherwise rational thoughts, where the technology controls the narrative, and not the other way around. This leads to a blame game of who is in control, and who is not. Big Brother gets the brunt of the blame, and not the citizen. In the worst case, the citizen identifies with the aggressor and feeds the narrative: "I am not in control, Big Brother is. I willingly submit my data to third parties". But, you are in control, and you should never forget that. Perhaps you need to work hard at being in control, or challenge more assumptions about that, but in a free and democratic society, we are in control (and empowered) more than we have ever been.

When I forgo a phone, or I do without phones for long periods of time, it doesn't mean I know what every transistor in the phone is doing, or when phones talk to an IMSI catcher. I simply forgo my phone.

Not overthinking things

The Big Brother narrative is false. Let me be clear when I say that technology is there to augment our lives, not replace it. When I forgo a phone, or I do without phones for long periods of time, it doesn't mean I know what every transistor in the phone is doing, or when phones talk to an IMSI catcher. I simply forgo my phone. I don't try to obfuscate my behaviour with VPNs, unbundle the base-band, or wrap my phone in a Faraday sleeve, or any number of anti-spying techniques being sold as snake oil to paranoid consumers. I just go phoneless. No other reason other than I don't think too hard about what its like to be freed from a device that doesn't care about you anyway.

Are we phoneless yet?

This sounds like a judgement on those who carry phones and don't think too hard about this but then call out those who go phoneless because they (the phone-equipped) don't understand the hardware. This is not a judgement. It's simply challenging the false narratives and assumptions citizens have when they carry a phone around: DO you feel empowered or enfeebled (weakened) by a phone, and if you do, then how are you coping? Do you resort to a blind ignorance about the fact of spying or do you free yourself of the things that don't make you feel free? The latter is sound, and has not landed me in trouble. If I need to dial 999, I will use your phone that you are so happy to hand over to a stranger right? You hand your phone over to strangers every time you turn it on, so why not me too?

]]>
<![CDATA[Fugued by Dave Snowden. Solving complexity with Kiosk Mode]]>"We live in interesting times" - the tagline of this blog says it all. After watching Dave Snowden's talk recently about how not to manage complexity, it put me in a fugue state about what the web means for generations to come. He makes many compelling cases in that talk

]]>
http://blog.higg.im/2015/10/20/security-through-compartmentalized-computing-and-context-switching/38a37d39-f6e9-4d05-9e8d-5ccdee2f46a7Tue, 20 Oct 2015 20:47:47 GMT"We live in interesting times" - the tagline of this blog says it all. After watching Dave Snowden's talk recently about how not to manage complexity, it put me in a fugue state about what the web means for generations to come. He makes many compelling cases in that talk about why the web is essentially dead and broken and no longer the emancipatory anarchist utopia it once was.

Another compelling point he makes is the war of the skinbag versus silicon. Instead of being slaves to machines, or turning them into "fetishistic devices", we should use them as a tool to augment our lives, not replace them. I came to this talk far too late in the game, and was Fugued not because his ideas were unique (I've been shouting loudly about privacy issues for some time), but because they were compelling. So few speakers can put forth a case like that for me to shake me out of old patterns and narratives.

Recently I've been compartmentalizing my computing environment into multiple discrete single purpose environments using Qubes, and Virtual Machines, and making my computing more compartmentalized and discrete. The reason I do this is because complexity has finally crept up on me in the most subtle of ways and has caused me to nearly give up computing entirely and take up goat farming. It is not only physically taxing, but mentally taxing too. Complexity is not only hard to manage, but impossible without someone like Dave to impart wisdom.

I managed to sort of get my computing environment back into a flow state where I can work with a modicum of security and privacy, but it is by no means perfectly secure. I adopted the idea of 'containered' apps years ago instead of the old approach of one monolithic app that does all the things. Browsers, for example, are a perfect example of an app designed for 'all of the things', and hence very possible to break and hack into. Dave briefly mentioned (blackhat) hacking, but overlooked its opposite which is ethical hacking, or whitehat hacking. I have been doing whitehat stuff for years but never done anything serious with it until recently. Enter context switching:

Context switching has been around for years, but people rarely call it that. Switching between private and public modes is context switching. Having an app for reading the news, and then stepping into another app for looking up directions is context switching. But why is it important? Why do we naturally switch between contexts without caring for what it is? Well the truth is: humans are incapable of multitasking. Machines are great for multitasking, but humans; not so much. SO then it is in an engineer's interest to magnify context switching many folds to see if this impacts computing in some way. Here are the pros and cons for context switching:

PROS

  • You can get more done. The old idea of multitasking can be abolished, and it is impossible to contaminate two different states, or working environments with each other.

  • Relatively more secure. Got a shady .DOCX document in an email that you accidentally opened? Thankfully context switching is possible via virtual machines, and so even the worst malware only affects that VM. Depending on what you're doing on that machine (work or play). Do not mix work with play.

  • Rollback to a pristine state. This is not a unique concept. The ideal computing environment is when you start with a blank slate and are not reliant on a monolithic framework for working. You get the chance to experiment this way and toy with new concepts the moment you start working again, because a pristine state means more than a blank state - it also means bad habits are more easily broken.

CONS

  • Overhead. A great source of pain can spring from overhauling a computing environment for the purposes of context switching. Luckily things like Qubes have this behaviour built in, but Qubes is not always ideal if you're a tinkerer like me, and then proceed to naively roll your own environment. Invariably bespoke solutions lead to mental taxation and fugue states. Try to avoid getting fugued.

  • Time. There is a huge opportunity cost to context switching, and you might even lose friends in the process. Be willing to sacrifice large portions of your weekend for building a context switching environment. Be also willing to forgo healthy social outings and job opportunities.

  • Portability. I am aware of such things as Vagrant which are built for web developers who work on many different machines throughout their life and just want to pick up where they left off in terms of coding, and the operating system they use. One tradeoff of context switching is you have to be willing to drop the convenience of Vagrant and have a monolithic device. The key difference being that it is a static monolithic device with all the features and benefits of 'transient', or kiosk mode computing.

Also Noteworthy:

]]>
<![CDATA[A Magna Carta For The Web]]>I just want to share with you how I feel about the web today and put forth some ideas about how we might make it better and improve it well into the future.

The web is under way for a fundamental shift in how it is built and operates, and

]]>
http://blog.higg.im/2015/07/31/a-magna-carta-for-the-web/0b27d9c1-6bf8-4acc-9d32-f4ffed05f8eaFri, 31 Jul 2015 17:47:04 GMT

I just want to share with you how I feel about the web today and put forth some ideas about how we might make it better and improve it well into the future.

The web is under way for a fundamental shift in how it is built and operates, and the conditions are now ripe for an evolution of the web unlike anything we have ever seen. The web is all things to all people and it is in the business of anyone who participates on the web to further its progress, and strengthen the already existing protocols we have in place that made it so unique in the first place. Today you can switch on HTTP2, do Micropayments with Bitcoin, exchange sensitive data with others using robust cryptography like TLS, crowd fund world changing ideas, even download a physible over P2P file sharing to fix your broken dishwasher handle.

A Magna Carta For The Web

With all that is possible already, it would be easy to think the enterprise of the web is complete, and that our job as Netizens is to build on the strength of the web and not fix its weaknesses. The problem with that mindset is that is calcifies the web, turning it into a digital city that by design, is difficult to uproot and accept we made a mistake in the many steps we took to architect it. Once a building is constructed, there are very little mechanisms in place to re-organize the structure and iterate on the design. The web tends towards a centralized state as a result.

A Magna Carta For The Web

Once we were young in the Garden...

The topology of the web is starting to change, and what used to appear a decentralised and independent web is coalescing into a centralized one with a growing number of people losing trust in the key players. Our trust is forever lost in services like Google and Facebook and the curtain is being lifted on the ISPs and anyone involved in the infrastructure of the web. The web is becoming less of a black box. This coalescence is not unique, and this behaviour is even observed in nature. Rather than fight coalescence, it is preferable to simply acknowledge it and then see what we can do on an individual level to change this and revert back to what made the web so beautiful in the early days; of the days when a Google search was not a bazaar of profiteers trying to sell you something, and the web felt less top down and less commodified. I can't read an insightful article on the web now without it clamoring for my 'eyeball hours' in an AD sidebar, or monitoring my typing cadence in a Turing test captcha designed like an Orwellian telescreen.

A Magna Carta For The Web

I want the indyweb approach back and want people to run their own mail servers and to self-host their blogs using nothing but their home network. One day I want to read a web page, and upon reaching the end, a Javascript beacon will not be in place which registers the fact I read the whole article. I want my data not to be arbitraged behind closed doors and sold to the highest bidder. I want the circuitry in Cisco routers to not have back doors. I want elliptic curves to not be backdoored and have true random seed values. I want to boot up my Windows machine and have it not phone home to 20+ U.S corporations. I want the $100.00 per month I pay to my ISP to go towards network hardening and IPSec, not simple maintenance. I want to write the words 'pressure cooker' in a novel without feeling the cold gaze of Big Brother registering that on 100+ plus computers with an analyst sitting behind each one. I want to tell my girlfriend I love her without it being ingested into Echelon or PRISM

A Magna Carta For The Web

But oh how we have strayed, sisters and brothers...

One would think that the NSA is there to bolster the web and actually make it secure & private, but this is not the case. Infact it is known they have weakened the web and deliberately threatened freedom of speech as a result. The revelations were a catalyst for hardening the web and decommissioning old legacy technology, and whilst I appreciate the need to police the web, I do not appreciate the dragnet / passive monitoring approach. It is bad for business and has led me to conclude that the web is now fundamentally broken. I am not afforded autonomy on Amazon for example, because I know every item I peruse is plaintexted on the wire and being monitored. Amazon loses my business because of this and my trust is not only lost in Amazon for not responsibly encrypting their site, but the people who allow the monitoring to happen in the first place. The ISPs, the sys-admins who bought those Cisco routers, the DNS providers who log everything, the many un-patched servers my traffic has to go through before it has to reach my computer. Let me just buy a gift for my friend without them knowing, and an analyst knowing too.

A Magna Carta For The Web

Privacy in an age of spies.

The end goal of the web is to make our lives easier and be a utility. We turn a computer or hand-held on, and the web is just there, like water is there when you turn on a tap. The end goal of the web is not to extract as much data from the end user as possible on the scarce hope of profiteering from their eyeball hours or predicting their next travel hop because they once searched for a destination on Google maps. The end goal of the web is also not to be a romping ground for spy agencies to nose around our private lives and know more about us than our loved ones or next of kin. My Magna Carta for the web is simple: free and open access to information with privacy and security baked in as the default. It is not a huge ask, and as I said before the web is all things to all people and it is in our interest to have basic humans rights looked after first before we even attempt to go on-line and have autonomy, freedom of speech, and freedom of association.

Also Noteworthy:

]]>
<![CDATA[Open All Secure (HTTPS) Hackernews Links In One Fell Swoop]]>

Rather than open specific links on Hackernews which seem interesting, it is preferable to open a bunch of them randomly without any bias attached to them. Also see: Filter Bubbles, and Confirmation Bias.

The following code is a bookmarklet and you install it in the usual way. You might have

]]>
http://blog.higg.im/2015/06/20/open-all-secure-https-hackernew-links-in-one-fell-swoop/cb121bdb-d6de-415d-89fd-f9be472d1136Sat, 20 Jun 2015 10:46:02 GMT

Rather than open specific links on Hackernews which seem interesting, it is preferable to open a bunch of them randomly without any bias attached to them. Also see: Filter Bubbles, and Confirmation Bias.

The following code is a bookmarklet and you install it in the usual way. You might have to increase the maximum amount of popups that are allowed to open in your browser. In firefox you can increase the following value in about:config

dom.popup_maximum

Increase to something reasonable, like 60.

Make sure to run the bookmarklet on news.ycombinator.com.

Screen Capture

When clicked, it opens all HTTPS URLs that have been posted to Hackernews in new tabs. It avoids opening any ycombinator.com links, and other metadata related to ycombinator.com like their API page.

Why HTTPS only?

This was a small measure I took to protect the integrity of a browsing session. You don't have to use it, and can remove this part in the code if you want:

&& list[a].href.toString().match('https')

Tips

If you are opening a bunch of links like this, it would be preferable to turn off images, and have some sort of AD blocker running. This ensures the links open a lot faster and are not downloading a tonne of resources.

Show me the code!

!function(){ 

var list = document.getElementsByTagName("a");
for (a = 0; a < list.length; a++) {
    if (!list[a].href.toString().match(/ycomb|mailto/ig) && list[a].href.toString().match('https') && !list[a].href.toString().match('News/API')) {
        window.open(list[a].href);
    }
};

}();

void(0);

Can Haz Bookmarklet Version?

!function(){var list = document.getElementsByTagName("a"); for (a = 0; a < list.length; a++) {if (!list[a].href.toString().match(/ycomb|mailto/ig) && list[a].href.toString().match('https') && !list[a].href.toString().match('News/API')){window.open(list[a].href);}};}();void(0);

To install, create a dummy bookmark (this page for example), and replace the URL value with the bookmarklet code. Feel free to give it any title you want.

]]>
<![CDATA[Love Yourself Today by Maser]]>
Save on sightseeing with the Dublin Pass

I am a big fan of Dublin street artist Maser. One of my favourite pieces is 'Love Yourself Today'. I saw this as a T-Shirt, and hunted down the image on Google images. I couldn't find a decent resolution of the piece, so I vectorized a pixelated image. The result

]]>
http://blog.higg.im/2015/06/16/love-yourself-today/b8bdd50a-02d4-4efb-8454-ddfa2ca9b375Tue, 16 Jun 2015 19:12:58 GMT
Save on sightseeing with the Dublin Pass

I am a big fan of Dublin street artist Maser. One of my favourite pieces is 'Love Yourself Today'. I saw this as a T-Shirt, and hunted down the image on Google images. I couldn't find a decent resolution of the piece, so I vectorized a pixelated image. The result is this:

A simple, but powerful message. I am certainly an advocate of looking after numero uno. Not in a narcisstic way, but treating the mind/body as a temple and addressing oneself before addressing others.

Maser makes good use of fancy handwriting typography. This one looks very familiar and I think it could possibly be Bello. If you are unfamiliar with Bello, don't be - it's has gained as much popularity as the infamous Lobster font now, and is a bit overused.

]]>
<![CDATA[What Happens After Lastpass?]]>

Lastpass being super transparent and putting their reputation on the line with their post about getting hacked is either terribly clever, or terribly stupid.

Terribly clever because it churns away all the users storing ultra sensitive information there, and keeps all the non important information used for the everyday activities

]]>
http://blog.higg.im/2015/06/16/so-lastpass-was-hacked/b912f234-e6d2-48ef-9b70-f68bc0078437Tue, 16 Jun 2015 14:20:56 GMT

Lastpass being super transparent and putting their reputation on the line with their post about getting hacked is either terribly clever, or terribly stupid.

Terribly clever because it churns away all the users storing ultra sensitive information there, and keeps all the non important information used for the everyday activities of the web. (Imgur accounts, disposable Reddit accounts, spam Twitter accounts, etc). If you think about this; it makes sense. Using a hosted service to store mission critical information is not only stupid, it is dangerous, and puts the onus on Lastpass to protect it, which as they have made clear: they are not going to protect it. But they will keep your lame Imgur account. They will keep your lame Flickr where you store holiday snaps and pictures of flowers. They will keep those Reddit accounts you keep on creating to upvote your stuff.

Bad Move?

On the other hand, Lastpass revealing this information could wipe them out entirely, along with all their data. Imagine, for example, hearing news that 5 years of web logins and surfing was compromised there. The next obvious action taken by such a user is to export all this out of Lastpass, switch over to some other solution, and abandon Lastpass entirely, telling all their friends on social media about their move, and running Lastpass into the ground because of a network effect. This has probably already happened. I imagine Lastpass does have users like that who are not especially savvy and place their trust in a black box like Lastpass without a care for a future breach.

Alternatives

On the other hand, there are viable alternatives like Keepass and 1Password which are not a black box and are ethically designed with the user in mind, and not the bank accounts of the creators. My personal favourite is Keepass because it is FOSS. Second would be 1Password (1Password is closed source and proprietary, but the design implementation is heavily scrutinized by their community and has more eyeballs on it than other solutions). Also, 1Password responds to threat landscapes and are ahead of the curve in terms of infosec. AgileBits, the company who ships 1Password actually care about this stuff. Plus they're not a hosted service, so they're not spreading themselves too thinly.

]]>
<![CDATA[All of the gear, but none of the game]]>

All of the gear, but none of the game

Some of the gear, and some of the game

All of the gear and all of the game

I wrote this small haiku (is it a haiku?) referring to the optimal state of affairs one would want in game playing; that

]]>
http://blog.higg.im/2015/06/16/all-of-the-gear-but-none-of-the-game/6dced045-6131-4786-af33-27a00132c472Tue, 16 Jun 2015 13:25:32 GMT

All of the gear, but none of the game

Some of the gear, and some of the game

All of the gear and all of the game

I wrote this small haiku (is it a haiku?) referring to the optimal state of affairs one would want in game playing; that of having all of the gear and all of the game. For some context, I witness the first sentence all the time throughout my travels:

All of the gear, but none of the game

What does that mean? It means having the tools for the job without knowing how to use them. It means having gadgets without knowing how they are made. It means having all the equipment to play, but having no talent to excel at the game.

Some of the gear, and some of the game

The middle sentence is better, but not optimal. Some of the gear is not enough. You would want to be well equipped. You want the right tools. Indeed, more than ever, we have the right tools. iPhone, laptop, global Internet, free ebooks, free music, free software, free time, free-everything. But you only have some of the game, and some of the gear; Meaning, the tools do not maketh the winning of the game, and your skills are not fully honed. Avoid this situation.

All of the gear and all of the game

The most optimal situation would be having all of the gear and all of the game. But what does 'all of the gear mean?'. If it means having your own collection of tools and equipment to win the game, then this only partially optimal. Having all the gear is having access to other people's gear. It means distributed gear. It means having the bare minimum amount of gear in any given situation to solve any problem at any time. Some ostentatious amount of gear is not enough. It means gear that can be re-purposed and recycled. It means global gear, local gear, and shared gear.

Couple this gear with some game (talent) and a fully honed skillset, and we have a born winner on our hands.

]]>
<![CDATA[Twitter Should Be A Public Utility]]>

Foreword: This post is a reaction to Dick Costolo stepping down from Twitter. And since the trendy thing to write about these days is Twitter, I penned down my thoughts. This is my gut feeling about Twitter. Disclaimer: I could be completely wrong about Twitter, and only time will tell

]]>
http://blog.higg.im/2015/06/12/on-twitter/293f2bee-a4ee-4eb1-8b6e-cb2759abbfaaFri, 12 Jun 2015 10:44:34 GMT

Foreword: This post is a reaction to Dick Costolo stepping down from Twitter. And since the trendy thing to write about these days is Twitter, I penned down my thoughts. This is my gut feeling about Twitter. Disclaimer: I could be completely wrong about Twitter, and only time will tell about where it is going, and what Twitter means for the web.

Like many others, my punditry is based on wild speculation about Twitter's future, with no hard facts in place to backup my opinions about Twitter's future. All I can really say with certainty is that Twitter is a great product and so entrenched in the workings of the web that I honestly can not imagine the web without Twitter. In some sense, Twitter is like plumbing for the web, and is part of the web's infrastructure, and I wonder if Twitter was meant to be web infrastructure instead of a web product. The web needed a microblogging API and Twitter filled the gap, meaning Twitter was really just an attempt to better the web, not better the bank accounts of investors.

Twitter has a history

In terms of Twitter's future, I think the consensus is that Twitter has a developer problem. I spoke previously about the product being brilliant, but the real problem is related to their API. It seems like a blanket solution to their problem: "Fix the API problem and you fix Twitter". But remember, when we are referring to 'API' we are in fact referring to the product itself. There are countless issues still not even addressed in Twitter's developer ecosystem, that it is not clear whether Twitter ever took their developers seriously. It is clear that Twitter addressed some old (user) issues holding it back, like user on-boarding, cleaning up the timeline with 'while you were away', and improving the direct message (DM) system, but they overlook their developers repeatedly. Remember, Twitter has a sour history with developers.

Are we plumbing yet?

There were some issues with developers in the past related to the API, and apparently Twitter upset a lot of developers and destroyed the efforts of many. Their API is looking a lot better with things such as Fabric, and has assuaged many developers with that, but I think Twitter is missing a real opportunity with developers that they seem to have missed repeatedly over the years: That Twitter is infrastructure. That Twitter is plumbing. That developers are their most valuable users, and that Twitter needs an ecosystem of apps with some level of ownership by developers. Twitter was at least for me, always a geek toy. I since gave up developing apps on Twitter, and joined app.net instead. I am aware of things such as Twitter Fabric (their new API), but I really wonder if I should be investing my time in Fabric. Does Twitter know how much I want to build apps on top of their API? Are they aware (even at a very basic level) that the Web 2.0 dream of a mashable web is still possible?

More Punditry

Also Noteworthy

]]>
<![CDATA[Facebook are keylogging. Followup screen capture by Aral Balkan]]>Aral Balkan independently verified my claims that Facebook are keylogging your status updates as you type.

To give you “suggestions”, Facebook sends everything you type in a status update to its servers (so they know what you’ve typed, even if you don’t submit the status update itself). Watch

]]>
http://blog.higg.im/2015/05/28/facebook-are-keylogging-followup-screen-capture-by-aral-balkan/57796981-516f-497d-b1d4-cb16436231f6Thu, 28 May 2015 14:09:12 GMTAral Balkan independently verified my claims that Facebook are keylogging your status updates as you type.

To give you “suggestions”, Facebook sends everything you type in a status update to its servers (so they know what you’ve typed, even if you don’t submit the status update itself). Watch the screen capture below to see how Facebook are doing it:

Hat tip to Aral Balkan of the privacy advocacy site ind.ie

In the past, Facebook released a study where they analysed exactly this information.

We only know of that study because Facebook released it. Given the negative feedback that study and the emotional contagion study got, they probably won’t be making the mistake of publishing such studies in the future. They run such algorithmic studies on users all the time, of course, because it is their business to do so (see ind.ie/the-camera-panopticon).

]]>
<![CDATA[The two paths we could take as hackers]]>The mere mention of hacking/hacker in everday conversation surfaces stories of the Target breach and the Sony leaks, despite the word having a long history of being used correctly and in the right context. These days it is more apt to prefix other words to hack so we have

]]>
http://blog.higg.im/2015/05/27/hacker-with-lots-of-free-time-what-are-you-doing-about-that/8e3fca3b-0746-4135-9ac1-af050f85f75aWed, 27 May 2015 17:34:45 GMTThe mere mention of hacking/hacker in everday conversation surfaces stories of the Target breach and the Sony leaks, despite the word having a long history of being used correctly and in the right context. These days it is more apt to prefix other words to hack so we have context ― Foodhack, Bushack, Keyboardhack, and the ever popular Lifehack are far more suitable.

It is all about context, and most people's culturally sanctioned dictionary definition of the word hack is that of Stan in Swordfish breaking into DoD mainframes using a bespoke worm program that he coded in his spare time. We all have that perfect Kinkade chocolate box vision of a hacker in their nerd cave crafting worm code that can take down governments, banks, and the economy in one fell swoop. Sadly these Kinkade scenes look all too actual in malware hotspots like The Ukraine/Russia where people are given inordinate amounts of free time to master the stack and possibly, given the right circumstances, create distinguished, clever malware that, could put an entire team of people in a 9 to 5 job position coding the same malware to shame. I am not specifically saying Russian hackers are capable of this: it happens anywhere an individual has chosen the life (an esoteric phrase you see in places like HackBB which refers to copious amounts of time programming and learning systems).

There are two possible outcomes from the life. I chose Option One below, because option two is frankly too terrifying to even ponder, or consider. (More on option two later).

Option one: Get rich slowly and legitimately

There is no point in wasting time on Reddit looking at GIFs all day if you are not doing anything productive with that. There is only so much lulz to be had online, and despite the limitless amount of distractions available; I can assure you these distractions get tiring very quickly. The next logical step is to leverage how much content you consume for the purposes of financial gain. If you really enjoy GIFs, the natural opportunistic urge to create your own GIFs will follow. Before you know it, you are selling the GIFs in GIF marketplaces, or printing the GIFs out frame by frame on (hopefully) cheap paper, then selling the GIF frames as art to people with more disposable income than you. You might not be Rich Uncle Pennybags, but you are getting rich slowly and hopefully squireling your Internet dollars away in a savings account for a rainy day. A playful hacker spirit combined with some business acumen is a wonderful thing! Note: If GIFs are not your thing, there are boundless opportunities for creative types in places like Dribbble and Github where you can flex your hacking muscles and get rich slowly. You might not be earning Mr. Monopoly style income like those at Snapchat and Facebook, but you are earning some money in a tried and tested way that has worked for millennia. And yes, you can import your natural hacking inclinations into the creative arts. All the best hackers I know are artists pushing the envelope of their creative abilities and thinking of novel ways to use things beyond their intended function.

Option two: Get rich very fast (and possibly go to jail)

The Internet is awash in vulnerable software and services, sitting there exposed like a sitting duck ready to be owned. The terrifying fact of the matter is that script kiddies will happily throw commands at these services and send carefuly-crafted packets to them without a care in the world. Usually a script kiddie will get spooked by a news story of a bust, or learn a bit of sense. But that Machiavellian spirit sometimes remains, and script kiddies can and do grow up. The natural progression of being a script kiddie is pulling off every blackhat hacker's fantasy: Owning a bank, or uncovering a database of sensitive information. Doing so does not discount the fact that it is hard and requires mastery; but doing so is illegal and frankly terrifying to even ponder getting caught.

If you have natural hacker inclinations like myself, the thought of getting rich very quickly will cross your mind at some point. We are all born with the ability to hack and I don't ascribe an elite mentality to hackers. Hacking can be seen as an approach to systems, and not a mindset. When it comes to breaking and entering; this comes with the territory of systems design; the more you know how systems work, the more you have an obligation not to sabotage your own moral compass with thoughts of untold treasure troves of sensitive information and e-money. I get sweaty holding a €50.00 note in my hand. The thoughts of untold millions in my (unlawful) possession through means of a bank hack is scarier than the act of hacking a bank. Money is nice and affords freedom, but it is not the ultimate yardstick of having made it in life. Even still, there is the prospect of jail and living in fear for your entire life because that money is not yours.

Tip: Option one is preferable here. Earn your money legitimately and slowly please.

Tip: Make sure to watch The Grugq's talk above if you want to challenge your assumptions about opsec.

Disclaimer: This article is for educational purposes only and is a guide only. If you are into infosec, you should get into consulting for large companies doing pentesting and earn money that way. I chose not to get into pentesting because other avenues opened up for me in terms of freelance web design and the creative arts. It is the best decision I ever made.

Also Noteworthy:
]]>
<![CDATA[Stop overanalyzing and become the best version of oneself]]>I always had a very analytical mind, and several people have told me this over and over to the point I had to address it. There is nothing particularly wrong with analysing things, and without analysis, a great many things would go undiscovered and un-adressed. This private religion of intelligence

]]>
http://blog.higg.im/2015/05/14/hacking-the-reptilian-brain-by-seizing-to-analyze-2/422760b8-ed67-4b95-aca3-68b1c2011561Thu, 14 May 2015 19:49:05 GMTI always had a very analytical mind, and several people have told me this over and over to the point I had to address it. There is nothing particularly wrong with analysing things, and without analysis, a great many things would go undiscovered and un-adressed. This private religion of intelligence as McKenna calls it is both a blessing and a curse. On one hand an analytical mind can assess situations, people, events, and see the cracks between the tiles. It pays attention to details, nuances, and idiosyncrasies. An analytical mind predicts things in advance, makes correlations where none should be made, and assembles disparate information together to form others hidden agendas and reveal our own subconscious agendas too. Analysis is forever in the business of finding meaning where others find noise. This is often a great assistance to us, as it allows us to make sound judgements about careers, where we would like to live, what food we should eat, etc.

Blessed and cursed

The curse of the analytical mind is that it can be too analytical. We often hear the phrase stop over-analyzing or you're thinking too hard about this. This is sound advice if we are over thinking because it calms the mind and reminds us to meditate and take a breather. The mind is forever running, like a computer that can not be switched off. Even in sleep, it is de-fragmenting itself, trying to make sense of the day and making plans for the next. The brain has a field awareness which means it is aware of the body and its environment at all times, and of other beings in close proximity of that environment. The reptilian brain is constantly assessing the environment for threats, scanning its surroundings for food, and assessing situations.

The resistance

It is that very basic part of the brain that causes the most problems, because it is concerned with primal fears and instincts. Thankfully those instincts have been met for the most part and a reptilian brain needn't annoy us that much except for the part where it can and does. Having a reptilian brain is an inevitable part of being human as you can not forgo millions of years of evolution. Seth Godin talks about the brain's "resistance" to new situations and getting out of our comfort zone, because overcoming that fear is paramount for success in the field of business and entrepreneurship. If only we could take that quantum leap each day to forgo our comfort zone we would have an entire generation of Richard Bransons closing deals, raising capital, and taking risks, but we don't. People are very happy to settle for a pampered existence and coast along for decades without anything truly significant in terms of business or success happening in their lives. My definition of success being that those primal fears were finally overcome and the best version of oneself was actualized.

Also Noteworthy:

Terence McKenna - Life is an Opportunity

Seth Godin - Keep Making a Ruckus

Reptilian Brain (Basal ganglia)

]]>
<![CDATA[The Blackhat Supercut. Hacker movie sans fat]]>Blackhat looked good, but I ended up making a supercut version because it is dragged out beyond belief. You would think with something such as hacking there would be some mad plot twist, but it is yet another tired Hollywood trope of bad guy vs good guy, and glamorizes computers

]]>
http://blog.higg.im/2015/05/03/blackhat-supercut/2bfb6ff8-8ea2-45d0-bf5f-daef1c382e1eSat, 02 May 2015 22:44:34 GMTBlackhat looked good, but I ended up making a supercut version because it is dragged out beyond belief. You would think with something such as hacking there would be some mad plot twist, but it is yet another tired Hollywood trope of bad guy vs good guy, and glamorizes computers like all the other hacking movies. (There is nothing sexy about a Linux terminal, people).

]]>
<![CDATA[Thwart browser fingerprinting with tactical tech]]>The EFF have released a tool called Panopticlick that creates a lossy hash of your browser. The idea behind the tool is to issue each user with a very unique browser footprint that is used to definitely verify you are the person visiting a page. I stress the importance of

]]>
http://blog.higg.im/2015/04/29/do-ad-blockers-and-anti-tracking-plugins-only-partially-solve-privacy-on-the-web/6df391f2-a001-44f7-9a29-16f7e3d96732Wed, 29 Apr 2015 14:54:59 GMTThe EFF have released a tool called Panopticlick that creates a lossy hash of your browser. The idea behind the tool is to issue each user with a very unique browser footprint that is used to definitely verify you are the person visiting a page. I stress the importance of definitely because the tool can zoom right in to an individual at the personal level, or a small sample size of users. (More on sample sizes later). Especially concerning about fingerprinting is how accurate it can be. If a useragent is changed, something else will give an identity away like the fonts installed on a machine, the pixel depth of a screen, or the time you visit a page. Flash and JavaScript are typically disabled by users now because they can prove too invasive.

Disabling things and lowering your footprint can still uniquely identify you however, and plugins like NoScript are mistakenly seen by privacy advocates as a golden panacea for browsing privately. Disabling Javascript and Flash is cute but only partially addresses a problem; we sometimes want Javascript on the web because of the richness it affords.

...

NoScript all the things

Tantek Celik wrote a controversial post about the JS problem. He suggests web apps should offer information publicly instead of hiding it in a walled garden. Hoarding information behind a walled garden that is not publicly accessible by crawlers and researchers, is counter intuitive to what the web stands for. The standards in place for web documents like HTML and JSON are rarely used, and proprietary formats are seldom 'curlable' by machines. I want documents scraped in the usual sense of using cURL to grab a document.

Rich browsing is poor browsing too

Tantek's anti-Javascript sentiment is interesting, except many JS-only applications are here to stay, and although standardisation is what made the web a roving success, standardisation is also not a golden panacea and cure-it-all solution. Standards work to a degree until they are no longer needed, and we can build an abstraction like Javascript on top of them. Browsers now are a soup of Javascript, and unless we are running something like Lynx to surf the web, we are caught with a trade-off of rich browsing experiences with Javascript enabled versus poor browsing experiences with Javascript disabled. Both scenarios are interchangeable in my view, and only the former is preferable. We would want to browse with Javascript on.

Stay safe out there

Fingerprinting is a complicated subject but I think it is the wrong word we are using. We are using the term "fingerprinting" to suggest that we can in fact be fingerprinted. Tracking is a much more suitable term, because you can be tracked and not identified. "Fingerprinting" assumes the worst case scenario; that of actually being identified. When you surf the web, you are going to be tracked. If you disable JS, there are still raw Apache logs you have to contend with which reveal a great deal about you, i.e; what IP you are using, what Useragent you are using, and also when you accessed a site. (Always try to download webpages and read them at a later stage). On top of those, there is the issue of plaintext sent down the wire at many different data islands you were not even aware of. To further complicate things, there is the potential for the integrity of a browsing session to be compromised by man-in-the-middle attacks.

Tactical tech

You will be, can, and are tracked/dragnetted whatever which way you decide to run from the issue, or conceal your behaviour! I am not the first to educate web users on what fingerprinting is: it is a way to niche a user of the web and isolate specific individuals. Individuals who have inadvertently went out of their way to niche themselves. If you think about that for a moment, and backtrack how a user would niche themselves accidentally:

  • They bought a laptop on sale. Niches the O.S down to ~1000 laptop models in that area with specific Operating Systems installed.
  • They subscribe to an expensive Internet Service Provider. Niches them to specific internet exchanges in an area.
  • They use the same machine every single day and don't spread themselves thinly across different devices, or attempt to unbundle their computing. Huge niche issue.
  • They visit the same websites out of pure habit, and just this alone is enough to fingerprint them. They don't surf the web, instead choosing to be loyal to a few large websites.
  • They don't practice Internet hygiene and refuse to routinely clear their browsing history because of the faster access to sites in the address bar, or better access to assets via a local cache.

There are some obvious solutions to the above like spreading oneself thinly across many devices, using several ISP providers (using 3G, 4G, dialup, free wifi, and home broadband at random intervals), surfing the web in private sessions, using a mix of TOR, VPNs, proxies, and wifi-hotspots. When you are 'online' you are really just a node on the network and discoverable by every other node on the network. By virtue you can then be tracked, attacked, niched, and ultimately: fingerprinted. It depends on how well you are versed in what fingerprinting actually means. If you knew what it meant, you would not want to be fingerprinted, and would simply opt out.

Increase the sample size

It seems that by increasing the sample size for a computer in a network then we can afford to blend in and look like an ordinary user. In other words, the more segments a tracker can learn of, the better the 'hash' of your identity. Ideally the hash has to be the same for a huge sample of users. So, if your browsing habits matched the browsing habits of say, 1000 people, then a tracker would find it hard zooming down to a specific person. But a sample size of 1000 users is too small, and ideally we are looking for a sample size that matches the amount of users using the Internet itself, which is unrealistic. For now our best bet is to browse in the largest sample size we can find. Currently that number varies from country to country, region to region, and from user to user. Unless some drastic measures are taken to pool web users into a huge sample size, like creating a 'Manhattan Project' for the web, or making devices super cheap, we are still stuck in antiquity. Noteworthy:

]]>
<![CDATA[Purging assets like a boss with the MaxCDN API]]>MaxCDN has a great purging mechanism in place that offers real time purging. Purging is part of what makes a CDN work properly, as you will want the latest copy of blogposts being served to your users. Not having the latest copy can damage your reputation as a publisher, because

]]>
http://blog.higg.im/2015/04/25/purging-assets-like-a-boss-with-the-maxcdn-api/9d891d10-1d16-4009-a1a9-6ab78ba34510Sat, 25 Apr 2015 19:49:05 GMTMaxCDN has a great purging mechanism in place that offers real time purging. Purging is part of what makes a CDN work properly, as you will want the latest copy of blogposts being served to your users. Not having the latest copy can damage your reputation as a publisher, because we live in an increasingly real-time web where technical difficulties and stale content are rarely tolerated by visitors. I don't want to upset my readers like this, so I set aside a few hours to automate the purge process so it's not a chore to do each time. I write fairly regularly, and stepping into my MaxCDN control panel for each new post that comes out is tiring. What I love about MaxCDN is their Rest Web Service (RWS) API. MaxCDN have a small perl repo on Github which demonstrates how to use the API. I made a tiny perl script to automate the purging process and rebuild assets on their edge servers. This script is for MaxCDN power users and requires some knowledge of REST and perl environments. Do not blindly start using the API like I did. It takes some work to get it all working smoothly, ninja or not.

My blog is a Ghost installation, so I don't have the power of such things as W3 total cache, which is a handy plugin for managing caching if you run Wordpress. I treat my whole blog as a living document and frequently revisit old posts to correct any inaccuracies, so the blog is forever shifting. Frankly I lose face if the latest copy is not being served and I have to resort to busting the cache, loading a page in a private session, or simply brute forcing the blog to serve the latest copy by using the purge all button. You might ask why I use a CDN if I am changing things all the time? Well a CDN is not just for static assets like large downloads and rarely-changed things like Javascript and images. That is one use of a CDN: bulky binary blobs, but it can be used for publishing blog posts too. I wrote about why you would want to use a CDN for blogging here.

When I first started using MaxCDN to serve living documents, I was always scared of the purge all button, because I knew all their edge locations were busy grabbing new copies of all my posts. Ever since they introduced the origin shield feature, I no longer have to worry about this. Origin Shield just uses one PoP (Point of presence), namely the Virginia edge to grab my content. Then it intelligently serves this content on other edge locations. It's a lot more efficient and doesn't hammer my servers as much. It's also more gentle on MaxCDN's servers too, which is always a win. I would be more wary of purging every asset from their servers if you run a massive blog. Thankfully I am a one man show and don't have too many binary blob assets. However, that could change as my blog gathers more steam and I push out more posts.

Also Noteworthy:

]]>