Surreal Stalker: A Snack

I’m looking over my writing notes, and hope to start posting more regularly.  Meantime, here’s something, just to keep the engine running:

I swear this is an actual transcript of a conversation I overheard one day.

I don’t remember where I was, who was talking, or what any of the circumstances were.  But this did happen and was, in context, serious. Make of it what you will:

“So yeah I was like talking to him over the weekend and while we were talking, y’know, my phone was on the counter, and he was like, ‘Hey, let me see your phone’ and I gave it to him and he said ‘Yeah, see? That light on your phone. That’s a phone tracker’ and it turns out it was my stalker’s dad trying to find out where I was. Which is weird, right? But that’s just my stalker, he does stuff like that all the time.”

Advertisements

Impressive, Inspiring, and Inexplicable

This is a story to remind us all to enjoy what we do, and to do what we enjoy:

It started absently enough.  Someone asked: “What’s the difference between three nines and four nines?”  The first hit on Google was https://uptime.is/

It’s a slick little calculator, showing what each level of 9s in uptime translates to, in minutes/hours/etc.  So I got my answer, and normally that might be the end of it – but something on the page caught my eye:

Secret alien technology, heh. –Wait, what’s that in the alien’s trunk?  A flag? And it says … lisp?!

Lisp is a programming language taught in prehistoric Intro CS courses, with – as far as I could ever tell – the sole purpose of hazing students.  I figured it was there to winnow out the students who thought “Hey, this could be a lucrative career” from those who really had a passion for programming.  Since leaving that course (back when dinosaurs ruled the earth), I never heard of that language again.  What’s the story?

The story is at the top of the tool’s own page.  It describes how an Norwegian IT lawyer decided to write this simple but useful tool, and basically decided to write it in Lisp, just to be perverse.

I love it.

It reminds me that – yes, this is our job, and often we have to race to find the best solutions for things, but that far too often we’re constrained by fear, or by worry, or by concern.  We design things as best we can because there’s a certain artistry in good design, but mostly because we don’t want the phone to ring at 3 am.

But it’s supposed to be fun.  It’s too easy to forget that.  Mr. Miazine, apparently decided, just for the sheer giddy foolishness of it, to write the thing in the most bloody-minded language he could find.  Look at his grin, in the picture on the article.  He knows.  He knows he could have written something quick and easy and common, fired it off, and left it to be used but forgotten in a corner of the internet like some kind of programmer’s paper towel.

Instead, he created art.  Intentionally or not, he made a statement that said, “Do what you love and love what you do.”  Even though – or perhaps because – that statement was written in the most archaic language possible.

Cheers, Sir.  I salute you, and thank you for reminding us to pursue our passions.

(Comments particularly welcome.)

Five HipHop Tracks

I was asked to come up with five tracks to introduce hip-hop as we, the old folk, know and love it.  Specifically, this request was geared towards one who was asking with an eye toward becoming a hip-hop artist, so bear that in mind.

It was an interesting exercise, and I put a bit of work into it, so I thought I’d add it here for public posterity.  Please do feel free to comment or add opinions, etc., the three of you who visit this site.

These tracks are (almost) all single rappers, because they were requested by an individual rapper. That said, crews rock.

If you do follow these links, please play these in order. (Maybe cue them up all at once in different tabs on YouTube, just to get the ads out of the way.) Order matters.


GangStarr: It’s Getting Hectic

Two things about this track: one is the entire second verse, and the other is its live background – this track comes from a ’92 compilation album which was a pioneer of live music behind rapping, seven years before The Roots made the Billboard charts.

Slick Rick: Children’s Story

This track tells an actual story. Because honestly, that’s the entire point! As easy and as popular as it is, there’s only so much “I’m so-and-so, I’m this, I’m that” bullshit you can spew before you lose your mind (and your audience).

Kweli:  Get By

I couldn’t put together a list without including either Kweli or Eric B/Rakim. I included this track (Kweli) since it does two things I’d like to highlight:

  1. Show us what life looks like from where you are, and
  2. Where possible, be positive and try to make things better.

 

Triple Ave:  Trinity

From this distance, the most important reason this track is here:The group submitted this track to a sort of music-industry event. At this event, a track would play over the speakers, and then a panel would discuss it. When this one came on, the A&R man on the panel said: “This is the best track I’ve heard today. In fact, it’s the best new hip-hop track I’ve heard – but I can’t do a thing with it. I can’t sell this because it doesn’t promote greed or violence.”

Big Daddy Kane:  Ain’t No Half Steppin

Not only do we need a BDK track in general, but it also makes a good point:”Half steppin” means not being fully committed, or not doing things well.
So, whatever you do, do it completely, and as correctly as you can. Go balls-out. Moderation is for monks.

Bonus Track:  Suckaz

This isn’t part of the track listing proper, but while we’re here: Our whole world has been poisoned by greed and false prophets. Speak from your heart; speak to what’s real and what you know. Don’t make shit up, or pretend you’re something you’re not. Be honest and true.

Spelling Food

My grandfather couldn’t spell for anything, God bless him.

It’s not a surprise, of course – he left the Pennsylvania schooling system at 8th grade, and went straight to the Navy*.   And it’s not like the Pennsylvania public schooling system in the early ’40s was a model for educational excellence.

(Of course, the people of that generation were supermen and superwomen. A substandard education by their standards is pretty much a gifted education by ours.)

If there was one thing that he couldn’t do, it was to properly spell a possessive or a plural.  (e.g. “we serve bean’s”.)  But my favorite, still to this day, is seeing a dropped letter on a past tense.  Show me a sign that says “We serve bake beans” and I’ll show you a slightly teary ex-Pennsylvanian.

The point is, I have an irrational trust of such a place.  Like, you might think “eww, they can’t even spell corned beef. What must it taste like?” but I think “Ah, home. Bet they cook like my grandparents used to.”

So this predilection also skews me in unexpected ways.  My grandfather, my best friends, my extended family – they can’t spell for squat either; you’d think they never picked up a book in their lives.  So when I’m helping the kids with their homework, I should try to nudge them towards spelling more accurately, right?

Maybe.  But then again…

I think of all the people I’ve been blessed to have in my life, and they’re rocking just fine without reading like the New Oxford.  Which maybe isn’t the best educational perspective, but that can I say?  It’s all I got.

And if I’m lucky, one of those … creative spellers … will even learn to cook like my grandfather did.

 

* (Yes, that means he enlisted a few years early.)

Tribe

I was on my way back to visit my family in the UK, and asked my sister what I could bring.  After a quick canvassing, the answer came back: my niece wanted me to record a piece to which she could study.

So, with great thanks to Hypno for having the percussion ready, and for his usual recording and mastering magic, we recorded the following in pretty much record time.  Enjoy!

Once QA, always QA.

Before I launch into my sociotechnological observations, let me define some terms, and maybe fill you in a little on my background.

QA stands for Quality Assurance1 – in this particular context, Software Quality Assurance.  Infosec is short for Information Security, the people charged with protecting us all from (for example) having our iphone data or Sony accounts posted on the web.  IT of course stands for Information Technology.  And by the way, IT is more than just being the poor bastard who gets sent out to the desk of a wonky computer: it means infrastructure and phones and usually power and AC and sometimes fire suppression. It means the care and feeding of all the computers that keep the business running, not just the computer where the boss reads email.  Currently I work as a technologist of broad scope, encompassing both IT and Infosec and pretty much everything in between. 

I was very fortunate to start my career in Quality Assurance at Broderbund Software, along with a small army of incredibly wonderful people – almost all of whom still stay in touch, decades later2.  One of those wonderful people was a lead technician, and she had a favorite quote: “Once QA, always QA.”  She was usually referring to people who used QA as a launching pad to other tech jobs – R&D, product management, IT, or such.  The context was usually “You will always think like you do in QA, no matter what job you take in life, hahaaa welcome to our brain damage” – but, as I’ve discussed with her recently, it goes somewhat beyond that.

QA people – the ones who really have the brain damage, I mean, not just the checkbox-compulsive metricmonkeys – have this weird kind of perversion in their blood, where they like to dance on the heads of systems and break them.  The idea is to make those systems stronger, of course, but chasing down the holes in the plan is where all the fun is.

(Sound familiar at all?)

Back then in QA, the first thing we’d usually do to a new product was to run it as it was intended once or twice.  This would give us a rough set of expectations as to how the program should run in general.

From there, we’d usually move into doing silly things – trying to click everywhere all at once, typing random characters3, trying to run as many instances of the program as possible, and basically just doing things that would make the poor computer shed silicon tears of bewildered frustration.  I’d say it’s a short hop from that mentality into Infosec, particularly pentesting – well, either that, or to a white jacket in a rubber room. 

Of course, I’m not saying that mentality’s limited to QA.  Anyone in Infosec – or even IT/Desktop Support – or anyone whose account has gotten compromised – has had enough times on the phishing merry-go-round at least to mouse over a URL before clicking on it.

(And you’re doing that too, right?)

What I am saying, though, is that those of us with more inquisitive backgrounds tend to think that way already. It’s a comfort as we pursue our professions, but that philosophy soon bleeds into everything else we do, especially things that don’t have anything to do with personal computing.

For example: I automatically look for video cameras wherever I am.  It’s not really about being paranoid, so much as reflexively wondering where I would place them if I were the head of security, and looking to see if there’s a camera where I would place one.  After all, I used to play small-stakes dominoes in my local bar, which had cameras covering every corner.4

Now, I certainly don’t care whether or not I am on camera, but I do want to know where the cameras are.  What does interest me is where the cameras are looking, and why.  More to my point, by thinking this way I’m not usually looking where my attention is being directed.  Sure, I’ll look once – but that’s about all, just as as QA testers we ran the program once “normally”, just to get an idea of what everyone else is intended to see.

Here’s a more digital example – about a year ago, I watched someone in our company exploit a pretty major vulnerability on an internal webpage that actually sent the employee’s ID through a CGI GET process. It was tempting to keep playing with the information we got as part of this hack, but part of being good at Infosec involves hewing to a certain level of trustworthiness, and making a good-faith effort to report vulnerabilities to the people who can actually fix them, before getting all Jack Sparrow with the digital loot we find5

How did he find the vulnerability? By reading the URL of the internal link he had to click on for one reason or another.  And I mean the complete URL, not just the first few characters that confirms that he’s going to a trusted site.  He noticed his employee ID in the URL, and basically said “Hm, I wonder what happens if I change a particular digit or two in this URL.”  And voila, he was able to verify whatever the company was asking – not just for him, but for anyone whose employee ID was similar to his.  Or he could have just found out the employee ID of anyone he wanted, given an automated script and probably a good few hours or so.6

See what magic awaits us just behind the spotlight?

That’s one of the byproducts of a QA background: we don’t just click on a link like a lemming, we might just read the damn thing first. Check to see that where it goes is where you intend. 

From there we (the QA tester, the Infosec, and me) start to branch out from just URLs, or even computers in general, and start to really look around us, almost unconsciously, and start thinking about what we see.  If we see a set of floodlights in a corner of the ceiling, we’ll probably ask ourselves what might live behind them. Is there a camera posted behind those lights? Or perhaps a small set of speakers?  After all, why waste such a perfectly lovely hiding place?

That thought process is really how I see the main connection between QA and Infosec, and – in this example – between coming from such careers and knowing where to look for the cameras, and wondering why those cameras are there.

Once QA, always QA.  The complexity of the systems and the tests may have changed dramatically over the last two decades, but the underlying philosophy really hasn’t.

And the more you look behind the curtain, the harder it gets to pretend that you haven’t.


[1] As opposed to “QnA”, meaning “Questions and Answers.”  A QA department usually has more of the former than of the latter.

[2] In fact, we just had a reunion party a few days ago, at the time of this writing. We’ve had one every few years or so, and it’s been almost fifteen years since that company got bought out.

[3]This was well before the relevance of a SQL injection – hell, it was before any Internet game that I know of besides Nethack.

[4] They knew that we were gambling for money of course; they just didn’t care. That wasn’t what the cameras were there for and that absolutely wasn’t what they were worried about.

[5] Of course he made a report right away.  And, surprise!  The report went ignored. Not even an automated rejection letter.

[6] I want to make it very clear: he did none of this.  His ethics are strong.  But he could have.
(And while I’m here, yes: he’d started his career in QA as well.)