Oops! Something went sideways.

Looks like the styling got goofed up. Sorry about that, unless it's what you wanted. If this isn't what you were looking for, try force refreshing your page. You can do that by pressing Shift + F5, or holding Shift and clicking on the "reload" icon. (It's the weird circle arrow thing "⟳" just above this page, usually next to where it says https://blog.unitedheroes.net...)

isn't quite ashamed enough to present

jr conlin's ink stained banana

:: Pandemic Network Effect

There was an article done years ago that pointed out folks who’s job started during a recession generally earned far less over their careers. There’s a lot of reasons for this, but a big one is that folks don’t generally discuss their salaries so they have no idea if they’re being grossly over or under paid.

i can’t help but wonder if we’re overlooking a huge hurdle for folks starting out now, in the midsts of a global pandemic. In short: Are they missing out on peer networking?

Let me be open and say that i’m an introvert. i’ve trained myself to be sociable and can present as extrovert when needed, but it’s draining and not really my happy place. That said, i’ve still built up reasonably good relationships with folks i’ve worked with. i’m sure that some dude in a pressed white shirt and lavalier mic would proclaim this as “Networking”, but it’s something that i’ve kinda fostered and benefited from. A good many of those are with folks i’ve not directly worked with on a project, but have been folks who’ve i’ve had parallels with. i may have met them at a meeting, or in a few cases, at an offsite. Maybe it’s been one of those “Fellows in Arms” where we’ve all done some terrible group improvement class being directed by a dude in a pressed white shirt and lavalier mic.

With a year of “social distancing” and zoom meetings, that’s one less year of building the sort of work network that’s going to be critical to getting better positions, or be a lifeline when the layoff axes start falling. What’s worse is that video meetings are tiring and terrible as is, so the thought of doing them outside of work isn’t really going to be super appealing. Nor are junior folk going to see how beneficial they can be from more senior folk dragging them off to some semi-casual meet-up.

Plus, conferences and big get-togethers are probably not going to be happening for years to come. Sure, it was funny how you’d catch Con-Flu after a meet-up, but that didn’t carry the risk of killing you or doing serious, long lasting bodily harm. i’m going to guess that it’s going to be a while before insurance companies reduce the liability costs for those.

Humans, even the more anti-social of us, are social creatures. We think in tribes and communities.

If you’re a junior person, don’t neglect this. Reach out to mentors and peers to find and establish networks.

If you’re a senior person, watch out for the junior folks. Maybe introduce them to some of your larger nets the way you would at a conference.

Eventually the pandemic will go away, let’s make sure the damage done isn’t worse than it already is.

:: A Letter to Sen. Feinstein

*sigh* this again..

Dear J-R:

Thank you for writing to me to share your concerns about law enforcement access to encrypted communications. i appreciate the time you took to write, and i welcome the opportunity to respond.

i understand you are opposed to the “Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act of 2020” (S. 3398), which i introduced with Senators Lindsey Graham (R-SC), Richard Blumenthal (D-CT), and Josh Hawley (R-MO) on March 5, 2020. You may be interested to know that the Senate Judiciary Committee—of which i am Ranking Member—held a hearing on the “EARN IT Act” on March 11, 2020. If you would like to watch the full hearing or read the testimonies given by the hearing witnesses, i encourage you to visit the following website: https://sen.gov/53RV.

The “EARN IT Act” would establish a National Commission on Online Sexual Exploitation Prevention to recommend best practices for companies to identify and report child sexual abuse material. Companies that implement these, or substantially similar, best practices would not be liable for any child sexual abuse materials that may still be found on their platforms. Companies that fail to meet these requirements, or fail to take other reasonable measures, would lose their liability protection.

Child abuse is one of the most heinous crimes, which is why i was deeply disturbed by recent reporting by The New York Times about the nearly 70 million online photos and videos of child sexual abuse that were reported by technology companies last year. It is a federal crime to possesses, distribute, or produce pictures of sexually explicit conduct with minors, and technology companies are required to report and remove these images on their platforms. Media reports, however, make it clear that current federal enforcement measures are insufficient and that we must do more to protect children from sexual exploitation.

Please know that i believe we must strike an appropriate balance between personal privacy and public safety. It is helpful for me to hear your perspective on this issue, and i will be mindful of your opposition to the “EARN IT Act” as the Senate continues to debate proposals to address child sexual exploitation.

Once again, thank you for writing. Should you have any other questions or comments, please call my Washington, D.C. office at (202) 224-3841 or visit my website at feinstein.senate.gov. You can also follow me online at YouTube, Facebook and Twitter, and you can sign up for my email newsletter at feinstein.senate.gov/newsletter.

Best regards.

Sincerely yours,

Dianne Feinstein
United States Senator

Thank you for your response.

While i don’t believe that anyone will ever stand up and be pro-child abuse, i caution that using that banner can often cover significant issues as well. i cite Ms Banker’s testimony at the hearing you attended. Perhaps you may have missed it.

One important decision that should be addressed by Congress in the first instance is any choice to limit or weaken encryption technology. While the bill does not identify “encryption” as a specific matter that the Commission must address, the Commission is not prevented from addressing it and the bill calls for the Commission to include a privacy, security, or cryptography expert. For these and other reasons, it is widely anticipated that the best practices that might emerge from the Commission would require that companies either weaken, or refrain from deploying, encryption protections for private communications. Limitations on the deployment or strength of encryption would impact a wide range of stakeholders and equities that are not represented on the Commission, as well as topics not within its scope.

Requiring companies to engineer vulnerabilities into their services would make us all less secure. Encryption technology stands between billions of internet users around the globe and innumerable threats—from attacks on sensitive infrastructure, including our highly automated financial systems, to attempts by repressive governments to censor dissent and violate human rights. Strong encryption is key to protecting our national interests because encryption technology is an essential proactive defense against bad actors.

Giving the government special access to user data—by building in security vulnerabilities or creating the ability to unlock encrypted communications—is impossible without generating opportunities that would be exploited by bad actors. The exponential growth of the internet both deepens and broadens the risks that would be caused by weakening encryption technology. As the internet becomes relevant to more areas of society and the global economy, our exposure to security vulnerabilities expands as well. Foreign and domestic entities have, for decades, targeted private data in hacks aimed at internet companies—a clear threat to our economic and national security. Strong encryption is our best tool for ensuring that the costs of cyberattacks, data breaches, and other types of exposure are low. And encryption can also be a smart strategy to decrease the incentive to engage in hacking. Encryption fundamentally protects the vital interests of our country and its citizens.

i feel i need to underscore this.

Criminals will continue to use effective encryption. Your bill will simply open the potential for innocent citizens, like yourself, your associates, and your families, to have personal information stolen or used against them.

You can either have effective secure encryption, or you don’t. You cannot have secure “back doors” because they WILL be discovered and used. There’s a saying in computer security: “Hackers have infinite time and resources”. i’ll also state that you cannot have an effective secure key escrow system.

i have a copy of the Washington Post article that shows the TSA master keys. These are now available for 3D printing by anyone. There’s also the famed 1620 key, which opens elevator control panels, job sites, and thousands of other locks in New York, and is available for $8. i’d also encourage you to read up about the DeCSS DVD decryption key, or how quickly even very sophisticated Anti-Piracy systems like Denuvo are cracked. Now imagine how big a target your finances and your secure email would be.

It’s a bit like putting up a bill against the practice of dropping puppies into wood-chippers that included installing cameras into every person’s home. Surely, you oppose puppy mulching, so a camera that watches you 24 hours a day, 7 days a week that may be accessed by authorized persons only. Surely, since you love puppies, you wouldn’t be opposed to it, nor would you be shocked if footage of your morning routine showed up on America’s Funniest Home Videos because the master password was written on a post-it that appeared on the Wichita evening news.

i understand how important keeping children safe is. i also understand how critical it is to keep everyone’s personal data safe, and how fragile that system is already. Please don’t make it any more fragile.

Oh for fuck’s sake…

"550 5.1.1 User senator@feinstein.senate.gov' not found

:: Web Pushless

Hi!

i’m one of the nice people that brought you WebPush. That lovely tech that is probably one of the most user hated things to roll out. i work on the back-end bits. i still hold that in spite of idiot web marketing folk who don’t want us to have nice things, web push is still really useful, but that’s not important right now.

What i want to talk about today is something i’ve been asked a good deal lately:

“How do i provide push notifications on mobile devices if i can’t use device native Push?”

Ok, that probably sounds like a really weird question, but let me explain a few things.

How Push works:

i’m not going to go into super detail here, but suffice to say that Web Push provides a way for servers you’re not connected to currently to send you messages that you’ve agreed to having delivered. It’s super easy for you to send messages to servers since they don’t move around and change their IP address every 15 minutes. Your phone may well do that. So what we do internally is have your phone connect to one of a bunch of servers we run, then it sits around waiting for you to send a message. For things like laptops or desktops which have big batteries or are always plugged in, that’s a great solution. For phones, however things are a bit different.

How Push works on Mobile Devices:


i do believe that Donald does not approve of your battery usage.

Your phone doesn’t want to be on. It wants to power down as much as possible so that your battery doesn’t die after an hour or so. It has LOTS of VERY AGGRESSIVE power management things it does in order to facilitate that. It will also flag any app that consumes “too much” battery and point at it like Donald Sutherland in Invasion of the Body Snatchers. Naturally, since having a reliable connection from your devices maker’s servers to your device is actually really useful, they’re very forgiving about any that they might set up. In fairness, they have a lot of neat tricks they can pull at very low levels to keep your CPU asleep and the battery usage minimal that they’re absolutely not going to let your J. Random Application take advantage of.

So instead they offer a way for you to piggyback on top of their protocols. That’s what Firefox on Android (and to some extent Firefox on iOS and Amazon FireTV) does. The data we send over these bridges is still encrypted because the decryption key is in the User Agent (the actual “Firefox” application).

The problem is, running machines that your device connect to for long periods is kind of expensive. As in people in the Accounts Payable department screaming “WHY DOES THIS BILL HAVE SO MANY ZEROES!?” sort of expensive. There are things you can do to control costs, but frankly, when you’re talking about hundreds of millions of phones calling in, you’re talking about having at least a few good boxes just to handle the loads. It’s kinda depressing how much doing nothing costs, particularly in setting up a secure link that does nothing, but that’s our problem more than yours. (Although, next time you want to buy something, if you were to search for it in the AwesomeBar, click on one of the ads and buy it from there, that’d be swell!)

That’s one of the reasons that Google put their messaging system under Google Play. It’s an app that only gets installed on authorized Google Android devices, and (surprise) it costs money to do that. You can absolutely grab a copy of the Android Open Source, customize it to fit your phone’s hardware platform and get rolling. You might even be able to sideload some versions of Google Play onto those devices, but Android is the most used phone platforms on the planet and even Google has pipers to pay.

So, how do you do Push if Push isn’t there?

Thus we come to the (potentially) million dollar question.

So, if you’ve got an off-brand Android phone, it’s probably using the Open Source release of Android, which does not have Google Play. Honestly, it probably doesn’t have a lot of services. So what options are there?

  1. Polling: This is probably the easiest. When your app is active (or if you set up a timer) you could have it poll a well known server address and check to see if there are any messages. You want to be careful with this, to avoid “thundering herds” where all the devices suddenly check at once and swamp your servers. You can randomize things a bit, but i’ve also seen some devices that “helpfully” round sleep timers to a nearest interval (e.g. you thought you said sleep for 5 minutes? Oh, well, we slept for 15 since that means less CPU.) Some experimentation and monitoring your servers may be required.

    Pro: here is that it’s fairly straightforward and simple to do.
    Con: it’s not exactly “timely”. Good for “Remember John’s Birthday tomorrow” less for “your tea kettle is boiling”.

  2. Active Reception: This one is a bit trickier. Basically, when your app is active, it connects to your servers using WebSocket, HTTP/2 or whatever protocol and actively pulls and listens for messages. This can provide much faster message deliveries while the user is present and attentive.

    Pro: Quick message delivery with feedback.
    Con: Could be complex and doesn’t work when the device is sleeping.

  3. Combo: This one combines the two above steps. You have a small stub program that checks a URL to see if there are any messages pending, and if so, spins up your app to do a full connection. The connection processes everything, then lets the device go back to sleep.

    Pro: Almost exactly like Push, sort of.
    Con: Complex, and probably buggy. Dances the line between “efficient” and “here come the howler monkeys”

Sadly, i believe that any of these would probably constitute a “savvy business opportunity” for some startup, and while i’ve not looks, i would not be surprised in the least if there was a company out there that was offering a service like one of these. i don’t think it would be free though, mostly because of the costs associated with it.

:: Chaos and Kindness

There are two completely different events that have happened in the last week that i need to think about. i tend to find that i think most when i am on a keyboard, so yay you ineffable void and ad bot now reading this, you get more words!

1) Mozilla’s Layoffs.
social media love
The company i work for announced layoffs for about 70 out of 1000 employees. The folks were chosen by project and role, that part is normal. What’s not normal was something i don’t think i’ve ever seen another company do. The employees were not treated like modern lepers and tossed out the door.

Instead, they were told that they were going to be laid off, but still had access to most of the things they needed. This included company mail, internal Slack channels, resources, etc. Folks inside the company rallied to support them. Spreadsheets were created that had employee info and prospective or recommended hires from folks networks. Social Media networks hosted “#MozillaLifeboat” to help get folks on their feet fast, and many very positive words were said in praise of those who were let go.

The folks who we let go were treated like humans. There was an all hands meeting held a couple of days after the layoffs occurred. The folks laid off were encouraged to attend, ask really hard questions, and were given good answers.

Ask yourself, “Would your company have done that? Could they have done that?”

Granted, mozilla works pretty hard on not hiring sociopaths and jerks, so it’s just not really the culture to be terrible to each other. Still, i’ve been through five rounds of layoffs, and had never seen that level of trust.

As remarkably smooth that incredibly disruptive and painful experience was, it did absolutely drive home a point i’ve been thinking for years: You need to be most loyal to the friends and colleagues you meet in your career than to anywhere you happen to work. Any employer that demands faithfulness solely to them is a huge risk to your professional and personal life. Your friends are who will help you, your employer is not. If you work for somewhere you can’t get that, it’s a HUGE red flag. The money might be good, but the risk is tremendous. i can say with first hand knowledge that getting paid well at a place that doesn’t respect you as a person eats at you in subtle ways.

A side product is that you remember that you’re dealing with people, and as such, folks are making it up as they go. Folks want you to believe that there’s a plan and direction, but quite often, there’s not. More often than not, there’s just a rough guess and a general feeling dressed up in powerpoint slides and bold rhetoric. Again, unless you’ve got sociopaths at the helm, layoffs hurt the folks making the decisions about who stays and who goes. Even if they are sociopaths, the company is giving up the money invested in the person and whatever income that person could have brought in.

(Oh, and if you’re ever working somewhere and see absolutely no sign of remorse or regret when an executive talks about layoffs, leave. i’m talking about actual regret, not “Sorry to see those folks go :sad face emoji: it’s terrible. Anyway, who else here is excited to see the Project Foo we’re launching!? [loud, upbeat techno music]”. Yeah, after that, spend the rest of the day polishing up the resume and sending notes to your network about potential leads.)

2) Actix drama

i’ll preface to say that i don’t know all the details about the drama around actix-web. As i understand, there were some concerns around coding practices, a single maintainer, and some folks who may have been jerks. Coding practice discussions are part of any open source projects, single maintainers are concerning for anything other than a small package that’s just starting, and half of the world are jerks.

What happened was that the project maintainer pulled the library code off of github and announced he was done with open source. Honestly, that’s good, because i believe he didn’t know what open source really was.

Let me diverge a bit here.

Open source is about trust.

When you decide to use a package, you are extending trust that:

  • The program/library/package works.
  • It will continue to do so.

Bug fixes, improvements, documentation, etc are also part of that, but kinda fit into the list above. Open source can sometimes be called “Free as in puppy” in that you might be getting into a lot more than you expected.

It’s very rare that the trust is broken. There are ways for a package maintainer to step away from a given package. They could ask a larger group to take over. They could pass it on to someone else. They could “archive” the package and let someone else fork it into a new version. Almost never does anyone just yank their code down in the same way that you almost never see an argument end with someone throwing a temper tantrum. It’s sad because while the author may have been a talented engineer, i can no longer trust anything that they produce.

Would things have been different if folks were not jerks? Probably. Likewise, i think folks were presuming a level of emotional maturity that may not have been present. i don’t fault the author for his actions, even though i’m deeply impacted by them. i’ll survive, reassess and move on. i’m saddened by them, but i look forward to the growth that i hope he gets to experience.

So, how do these things both relate?

In essence, it’s about people. It’s about remembering that at the end of the day, we’re all real, breathing, mentally weird beings and not just clever bags of thinking meat. Sure, there are some openly hostile folk out there, and there are trolls, dirtbags, grifters, and fools, but those tend to be the painful exceptions, rather than the rules.

As Michelle McNamara often said, “It’s chaos, be kind“.

:: A Few Thoughts about the Star Wars

Ok, let me get a few things out there.

1) i have not seen the final Star Wars movie yet. From the sounds of things, i’m tempted not to, but i’ll probably watch it on some streaming service eventually.

2) i find the various uber nerdy videos talking about the details of Star Wars hilarious, whether they intend it or not. Star Wars is about as far from hard science fiction as the Lord of the Rings. And i’m about to go off on one aspect of it just like those uber nerds.

3) i’ve been watching Star Wars since i sat in on the first one in a mostly empty theater on release day, when Han shot first and you could see the matts on the TIE fighter flybys.

Ok, so Star Wars is pretty much about one family. One really screwed up family, but one family, the Skywalkers. Since The Force is a thing in this universe, and has been for quite some time, it’s reasonably safe to presume that there was at least one other family out there. Otherwise with the various alternate species that are also Jedi or Sith, someone back when got James T. Kirk freaky.

As i understand the last movie’s major plot point (oh, yeah, spoilers, i guess) one of the main characters turns out to be from one of those companion families of Force folk.

We learn in the early movies that being able to lift spaceships out of swamps or become a walking bug zapper is a hereditary trait. It’s a biological component called midiclorians or something. That’s kind of the equivalent of living in a world where folks with red hair can fly (not dye jobs either, gotta be born a proper ginger).

That’s awesome and all, except that during that same time, a couple of the big time Forcey folk decided that all the lesser Forcey folk should instead focus on Forcing daisies up out of the ground. The whole “Special Order 66” or 69, or 72 with chicken, or whatever. So, we’re talking a pretty successful level of genocide against a bunch of Force users/sensitives/etc. Pretty darn horrific, if you ask me, but hey, they’re space Nazis, so genocide is kind of their thing.

What’s more, with the death of all the other Jedi/Sith over the arc of eight movies, essentially you’ve just reduced the pool of high power folk chock full of midiwhatevers to a breeding pool of two.

Now, just think about what that means if you actually pay attention to things like biology. There are not a whole lot of populations that survive from just two individuals. Hell, a species is considered “endangered” at below a population of one thousand.

So, what does this mean for the future?

Get ready for a few generations of Space Wizard Inbreds. Yep, Bill-Bob-Skywalker using the force to play banjo on some porch on Degobah thinking that sarlac’s sure got a pretty mouth. And yeah, you thought Luke and Leia kissing was creepy, just wait ’til you start thinking about how the Jedi/Sith repopulate.

Oh, yeah, and don’t forget that they can wield superhuman powers.

Thank God they’re in a galaxy far, far away. i don’t want them doing donuts in a rebuilt X Wing (with mud flaps) while orbiting Uranus.

Blogs of note
personal Christopher Conlin USMC Henriette's Herbal Blog Where have all the good blogs gone?
geek ultramookie

Powered by WordPress
Hosted on Dreamhost.