The greater heroes principle.

I’m not super concerned about the government listening to my phone calls, reading my emails, and tracking which sites I visit. I don’t lose sleep over these things being done to me.

I am however EXTREMELY concerned about the government listening to phone calls of the next Martin Luther King Jr., reading the emails of the next Thomas Jefferson, and tracking the browsing habits of the next underground railroad. These brave souls were all enemies of their governments, they hid people and information from the long arm of the law, but they were right and the government was wrong. With modern technology, the government is able to obliterate such people. It’s them I’m concerned about. Edward Snowden said it best.

History shows that the righting of historical wrongs is often born from acts of unrepentant criminality. Slavery. The protection of persecuted Jews.
But even on less extremist topics, we can find similar examples. How about the prohibition of alcohol? Gay marriage? Marijuana?
Where would we be today if the government, enjoying powers of perfect surveillance and enforcement, had — entirely within the law — rounded up, imprisoned, and shamed all of these lawbreakers?
Ultimately, if people lose their willingness to recognize that there are times in our history when legality becomes distinct from morality, we aren’t just ceding control of our rights to government, but our agency in determing our futures.

The next Oskar Schindler may not have a chance to save lives, the next Mark Felt may never don the nickname Deepthroat and expose government corruption. Why? Because the technological abilities of surveillance today are scary. It is the job of us, the citizens, to preserve the abilities of extraordinarily brave men and women to stand up to injustice.

Not only must we hold our politicians to account for illegal unwarranted bulk surveillance. We must make popular the channels through which such hero’s can communicate. Today, the next Nelson Mandela does exist: they are journalists, whistleblowers, and community organizers. Increasingly they have to hide their communications using encryption. If the only people using encryption are the people who should be targets of government surveillance then it makes these important contributors to our society stand out like a sore thumb. Our job as citizens to help the next Lech Walesa organize Solidarity while hiding among a giant crowd of people using encryption. You and I, all of us, should use encryption regularly in our communication so that the people who need it most, are not unfairly branded for using it. Who knows, maybe that next Alexander Hamilton is you?

Even if you aren’t doing anything wrong then you still have much to hide.

You and I are not doing anything wrong, but we have many things to hide from the bad guys. The world is unfortunately full of people who can and do use information about us to hurt us because they disagree with us, because they want something we have, because they think we are their enemy, because they want power over us or because no reason at all (e.g. “for the lulz”). What can you do to keep yourself safe?

Case Studies.

For example, in 2014 many people who supported the cause of fixing sexism in video game culture were targeted by armies of misogynistic trolls who disagreed with them. Many people who simply expressed their belief that sexism has no place in gaming found themselves harassed online, had their emails hacked, had their personal documents leaked, had their addresses revealed, and had phony police complaints filed anonymously to their houses. This is what it looks like to have your privacy violated, and this is just the beginning of a bigger trend. The victims here didn’t do anything wrong when they stood up for their beliefs but as it turns out they had very much to hide.

Another example, in 2014 the number of personal records which were leaked had sky-rocketed up by 60%. Companies which had computer security in place, such as SONY, Chase Bank, Target, Home Depot, and several hospitals, all had their data stolen. What does this look like? 7 million dropbox accounts were hacked and people’s private photos, documents, videos, and more were accessible to everybody. Hundreds of thousands of SONY employees had their embarrassing emails leaked, and found their private, confidential communications to be on the front page of tabloids everywhere. These people weren’t doing anything wrong, but they too found out that they have much to hide.

Data brokers are buying and selling our data at an increasing rate. Currently this information is “anonymous” in the sense that it doesn’t have your name on it. Today it’s being used to serve you ads that are very custom fitted to your psychology, and to find your mental weaknesses where you can’t resist buying something. The advertising technology being developed right now is exponentially more insidious. It will be everywhere, it will follow you around on screens throughout the world, it will gamify your life to reward you for being a good consumer and will punish you (by denying you services) if you don’t respond well to ads. You’re not doing anything wrong, but you already try to hide your phone number from telemarketers, and you should start hiding everything else from whatever the telemarketers of the future will look like.

Governments are increasingly monitoring their own citizens, often without a specific warrant that establishes probable cause. History is replete with people hiding from governments because they are Jewish, socialist, have the wrong friends, voted for the wrong party, or attended the wrong protest. We learn history so that we can learn from the past: therefor we know that in the future people who have done nothing wrong will have cause to hide things from governments because this is how it has always been in history. Also, to turn the question around, if you didn’t do anything wrong then why are you being searched digitally?

What can we do about it?

After nude photos of celebrities were leaked people said “well, they shouldn’t be taking nude photos” as if it’s somehow a wrong way to express ones self intimately. After people’s emails were leaked for tabloids to read people said “well they shouldn’t have said that” as if censoring yourself in private communications is a healthy way to live your life. After gamergate people said “well they shouldn’t have said so publicly” as if standing up against injustice is somehow the wrong thing to do. It’s been said “well nobody should be using facebook” or “just keep your political opinions to yourself, don’t criticize the government, and then it doesn’t matter if the government reads your emails” etc. etc. Clearly these are wrongheaded and misguided answers.

Every human being gets naked sometimes, has intimate secrets which they share with their loved ones, has said something in private that they later realize is wrong and that they do not want to be in a permanent record about them, and every human being has a desire to speak up for justice. If the answer were “stop doing these things” then such an answer means “stop being human”. If you are human, you have things to hide. Period. So the answer is not to stop being human, but the answer is to better protect your privacy.

What you can and should do is to take a few hours to learn about how to protect your privacy in this new digital world. There is a fantastic technology called OTR which keeps your online chats confidential. Another great time-tested technology called PGP protects your emails from prying eyes. A brand new technology called ZRTP will keep your phone calls from being listened to. These technologies are increasingly being integrated into many solutions. For example 25 chat clients currently support OTR, so you can use them for Facebook chat, or google chat. The number of PGP-supporting email tools is through the roof so you can protect your emails from hackers, leakers, data brokers, and spies, in any number of ways. ZRTP is pretty new so only a handful of companies and apps provide such solutions.

You’re not doing anything wrong, but you have plenty to hide from the bad guys. You should take some time to try an OTR chat, a PGP email, and a ZRTP phone call. You may not have needed these before, but the world is changing rapidly, and you need to adapt. Protect your privacy, and thus your humanity, today.

Understanding Gluten Sensitivity.

Living in the bay area is an interesting culinary experience. I have guests over for dinner very often, and we always have to ask for dietary restrictions. It seems like everybody here is either Vegan, Gluten-Free, Lactose-Free, or on some diet (raw, atkins, etc). Many restaurants cater to these, which I love because it makes it easy to healthy. I do however like to step back and question these things sometimes.

After a batch of recent studies came out disputing the existence of Gluten Intolerance it became fashionable to make fun of people who are allergic to bread. There was Jimmy Kimmel skit where he made fun of people who didn’t even know what gluten was but who were claiming to be on a gluten-free diet.

Gluten is a protein that makes up the glue-like substance that makes bread stick together. If you’ve ever eaten the crisp and fragile bread that’s made gluten free you’ll know that it’s pretty useful. Some people however cannot eat gluten at all because an autoimmune disease causes white blood cells to attack the villi in their intestines making it difficult to absorb carbohydrates in general and gluten in particular is a problem in this situation. This is called Coeliacs disease, and it’s neither funny nor controversial at all.

Some early scientific studies appeared to show that some people who had discomfort after eating bread felt better on a diet without gluten. But recently this analysis has been put into doubt. I decided to read into it and it turns out that the latest scientific theory is that the culprit is not gluten at all, but rather fermentable oligo-, di-, mono saccharides and Polyls (FODMAP). These are carbohydrates that your small intestine can’t digest, and which when they pass to your large intestines start to ferment. As you can imagine anything fermenting in your large intestine will cause flatulence, bloating, gas, and discomfort. Everyone is affected by these things, but some more than others. It just so happens that a gluten free diet also has low levels of these FODMAP’s. So while the latest science appears to tell us that “gluten sensitivity” is bunk, it is true that gluten-free diets do accidentally provide help to people who are more sensitive to the discomfort from FODMAP’s than others. I suspect that as this becomes better understood there will be a better diet which focuses on limiting FODMAP’s, and not on Gluten.

So, how do we deal with that friend who insists that gluten intollerance is a real thing? I think many people go about doing this the wrong way. First of all, there exists a mental disorder called “Gluten Sensitive Ideopathic Neuropathy” in which people make themselves feel sick when eating gluten. It’s like a psychosomatic response once they find out they ate bread. So if the person you are saying this to is mentally ill in this way, don’t make it worse, just hand it off to a professional. Second, they could actually have Celiacs, but that’s unlikely. Finally, saying “gluten intolerance isn’t real” won’t help anybody, because people do legitimately feel better when they go on a gluten free diet, so they’ll think you’re full of shit. Simply explain that researches had made a mistake, and that correlation didn’t imply causation, and that lowering the amount of bread and gluten products they eat will make them feel better because those foods have lower levels of Fermentable Oligo- Mono- Di- Saccharides and Polyls, which it turns are the real culprit.

VPN in Ubuntu with PIA (Private Internet Access)

I had a scare when I logged into Facebook on a cafe wifi in Berkeley last week. Then I learned that if you use Linux, you should not buy your VPN from PIA. Keep reading.

Almost immediately after signing in to the cafe wifi I get a text message from Facebook about a failed login. The kind of message I get when I fail logging in to the second factor. So I check the security logs on Facebook’s settings page, and sure enough somebody on a Windows 7 computer had been trying to access my account. I live in Silicon Valley and nobody I know runs windows (yes, the stereotype is true) so it was suspect. Somebody was snooping the cafe wifi and was trying to hack into my accounts! If I didn’t have 2FA enabled then my email and my FB and other accounts would probably be compromised right now.

So when I got home bought a VPN account so that my internet connection will be secure and encrypted in the future. A friend of mine has a PIA account and recommended it. It was black Friday so I go to bitcoinblackfriday.com and find a 50% off deal and sign up anonymously using bitcoin. The purchase went fine, running their install script appeared to go fine, but every time I tried to connect it would time out. I disabled my firewall, still no connection. I searched their documentation and found a .zip file with .ovpn files. I ran those from commandline and they had TLS connection errors. Time to email tech support.

Tech support responded with an automated email suggesting that I try restarting the network manager and changing the port numbers. I spent a long time trying all the numbers suggested and none of them worked. I emailed back with my results, as well as some pretty detailed logs from my attempts on commandline. I got bumped to tier II support which gave me a new .zip file to download with new .ovpn files, and they tell me that they only support a comically ancient versions of Ubuntu. I’m not on the latest cutting edge version, I’m on the enterprise-support version: 14.04TLS. Anyway, these new configurations worked. So I deleted the previous setup from network manager and manually imported the new .ovpn files into network manager. Now, after a few hours, my new PIA VPN is up and running. When my subscription runs out I am going to chose a different VPN provider based on whether they are not incompetent on Ubuntu.

So, if you are an Ubuntu user struggling to get PIA working here is what you do: download https://www.privateinternetaccess.com/openvpn/openvpn-ip-tcp.zip and extract it into a folder you won’t delete, then manually import the .ovpn files for the VPN locations you want to use. Then manually import them into network manager by clicking “configure connection” then clicking “add” and choosing “import from config file”. Select the file you want, enter your username and password. Now you too can connect to the VPN.

If you are from P.I.A. and you’re reading this. Please, for the love of cute kittens, do not tell people that you only support Ubuntu 10.10 and 12.04  because 10.10 isn’t even supported anymore. You wouldn’t tell people you only support Windows XP. It’s easy to just update your documentation to have people import the .ovpn files with TCP that actually work. Also, please know that I would recommend anybody with Linux to stay away from your service.

Surface tension

Have you ever scoured Facebook for more posts, more information, more pics, but still felt less fulfilled, less satisfied? Have you seen all the posts there are to see on Google+ and craved for more? How about reading all the headlines (not necessarily articles) on a news site but then yearning for more news to happen?

My theory, is this happens because we are craving depth.

Think back to 2005. Facebook was just becoming a thing, and as with all new things people felt the need to criticize it. Think back to thanksgiving 2005 when you had to explain social media to an older family member. The conversation probably went like this:

Your grampa in 2005:
“This social media is going to make us all antisocial. Nobody talks to anybody anymore, they just post pictures of what they had for dinner. They’re not real friends because real friends are the ones you talk to on the phone for hours and write letters to.”
You in 2005:
“No grampa, social media is a more efficient way of keeping your friends updated. It’s not replacing other forms of talking to people, but it’s supplementing them. People criticized the phone when it first came out that it would stop people from meeting face to face, but look we’re still talking face to face over dinner, aren’t we?”
etc. etc.

Every one of us at some point had to explain social media to somebody who just didn’t get it. Today, the realizations that were so avante gaurde in 2005 are well understood by the general public. Social media is accepted as a way of broadcasting yourself, which combined with direct communications makes us more social, better connected, staying in touch longer, and keeps us more socially conscious. Whereas those who did not adopt social media are left out of events, have trouble keeping track of long-lost friends, and are often seen as so disconnected from rapidly shifting social mores so as to seem bigoted.

BUT…

But yet there is a subtle point that our curmudgeonly non-adopter did get right. Real friends are those with whom you can have in-depth and meaningful discussion. Social media is made to show a surface, but not to provide depth. Social media broadcasts a highlight reel but it doesn’t provide meaning (nor often authenticity).

AND…

And to make matters worse, it has actually diminished our use of other forms of communication. We basically never write letters anymore. We rarely write emails. Some people are still into chat, most are not. We didn’t simply add another communication tool onto our toolbelt. Social media is a communication tool so big, so addictive and time consuming, that we had to make room for it but putting down other communication tools.

Which brings us back to why we are searching for more updates on facebook, and why we’re so unhappily addicted to the surface-level updates from “friends” whom we met once or twice at a frat party years ago. Previous forms of communication did not have teams working on “stickyness” or reasons for you to keep coming back. They did not employ psychology to turn their communication methods into something addictive. Literally addictive. They didn’t have billions of dollars of VC capital to make their communication method pervasive into every aspect of daily life, or have it interact with every element of your daily life. Social media had all of these things and we are now presented with the end result: Internet addiction.

We live stressful lives, so the kind of mindless browsing that social media gives us is more appealing to our brains that it would otherwise. Ironically, the psychology of happiness tells us that having long and deep conversations with a few trusted friends is much more conducive to happiness than lots of small conversations with strangers.

After a long day at the office where we probably wrote some 50 emails, the last thing we want to do is write a long email to a friend. But that’s exactly what we should do if we want to be happy. Email is a long-form kind of communication which you cannot get from chat, or from replies on facebook. In fact, you’re likely to feel guilty for email-length posts on social media. After talking to our clients and our remote development teams on the phone we may not feel inclined to call up our old friend from elementary school. But that’s exactly what we should do if we want to be happy. An hour on the phone with a friend about a topic will help us think through a matter and give us a really satisfying feeling of having talked to a human that we trust. Having shared things with them makes us happy.

Social media is a great form of broadcast communication that everybody should participate in, but it’s just not good for these kinds of deeply fulfilling things. You’re actively prevented from getting into too much depth in social media. The form factor just isn’t conducive to it. The form fields are too small. Long posts are ignored and short ones upvoted. The character limit may even be only 140 characters. Too much is happening at anybody to slow down for something bigger. So if we try to go deeper (as our brains want to do) then we meet this resistance. In science when an object attempts to penetrate something fluid and there is pressure pushing back this is called “surface tension”. I’d like to coin the phrase for this property of social media which prevents depth: “surface tension”.

It’s a fitting name, because social media surface tension also causes actual tension. We feel stressed out by the lack of depth when communicating with our friends. It’s hard to say this is our fault for not using older, more long-form methods of communication, because as we discussed earlier social media is designed to be addictive so that we use it more and use other communication less.

Having discovered and named “surface tension”, I’ve made a resolution to practice more in depth communications with my friends. I’m not going to give up social media or delete my facebook or G+ accounts, that would be stupid. I am however going to consciously keep it proportional to my overall communications (or at least try). The end result I am looking for here is increased happiness. I’ll let you know how that goes.

D3-tip was borked in require.js, “undefined is not a function”. GGRR

Dependency management is pretty critical in development. If you write javascript you should be using requirejs or something similar. If you want to make pretty charts using D3 and give them tooltips using the d3-tip library then you may experience some pain. The current AMD code for D3-tip may not work for you. d3.tip() may give you an error “undefined is not a function”.

There was a fix submitted for this long ago by alanhamlett but for some reason it was not merged. This ticked me off just enough to re-submit the patch, and to offer my fork with the patch as a service to others. Please view the pull request here: https://github.com/Caged/d3-tip/pull/81

To use the fix in bower, please replace d3-tip in bower.json with this:
“d3-tip”: “https://github.com/hendrixski/d3-tip.git#0.6.5_bower_fix”

You can run bower install https://github.com/hendrixski/d3-tip.git#0.6.5_bower_fix –save   to have this added to your bower.json for you.

If you don’t use bower, then please consider using it. You can git pull the code directly from the above-mentioned repo as well.

You probably already have this included in require.js, but just to  show you how I did it, add the following to paths and shim:
paths:{ “d3-tip”: “../bower_components/d3-tip/index”}
shim: { d3-tip: [“d3”]}

Cyber Crime is on the rise. What are you doing to protect yourself?

In these last few months celebrities had their private (and nude) photos hacked and leaked online. Regular people (like you and me) had their credit cards, addresses, social security numbers, etc, sold in online black markets after hackers stole terabytes of data from hospitals, banks, large store chains, small mom & even pop shops. I bet that your entire identity is probably on sale *right*now* on Silk Road 2.0 for pennies.

Last year there was a lot of focus on governments and social networks invading your privacy. But that’s not really scary to most people (except journalists, activists, gamblers, and tax evaders). This year however, there is a lot of focus on everyday criminals invading your privacy and how much it costs you in both time and money. Such concerns apply to EVERYBODY, not just paranoid libertarians.

So here is what I do to protect myself online.

  • I change my passwords for *everything* regularly. As well as my credit card numbers.
  • I avoid putting my credit card number and personal information for online purchases. Instead I’ve started using digital cash (e.g. “bitcoins”) when I buy things online. This is also good because no criminals can intercept my information over wireless (actually a very common problem in cafe’s).
  • I check my monthly statements from my credit union regularly to check for bogus charges.

I have the following plugins on my browser:

  •  HTTPS-Everywhere (which forces a secure connection if the option exists), Adblock (blocks ads, many of which track your online activities). I do not store a single password in the browser itself because that is unsafe.
  • Flashblock (which blocks flash unless you allow it, because much malicious software is actually Flash),
  • and LastPass (which allows me to keep a separate and complex passwords for every website, easily).
  • I use DuckDuckGo instead of Google for web searches.
  • I surf and buy in Private Browsing Mode so as limit how many cookies follow me around online. But honestly, this doesn’t do a whole lot for security.

Sometimes, I use TOR for browsing. But honestly, I don’t need to. I should just get a VPN for like $30/year. Some people however do legitimately need to use TOR (mostly in authoritarian countries), and the more people use the network the better it works, so perhaps it’s worth the occasional use.

Additionally I have a very long and complex password for my computer. I’m making encrypted backups of all my files. I’m encrypting my harddrive this weekend. I also want to get in the habit of encrypting emails. Nothing nefarious, but if my email is ever hacked then I don’t want someone rummaging through it to find private details, or any financial information that I share with friends and family.

On my phone I have a strong password, I’m setting up TextSecure and RedPhone to encrypt my text messages and phone calls with friends and family. It is *very* easy for anybody to listen to a cell phone call. So if you ever talk about finances with friends and family over the phone, then you would be a fool not to encrypt your call so that some punk down the street doesn’t hear it on a scanner and then go online to basically rob you.

So… this is a few hours of work to set up and learn, but once it’s in place then it maintains itself. Cyber crime is on the rise, so this stuff will become more and more important. If you are interested in setting up any of these tools then give me a buzz and I’d like to help. Also, if you want to encrypt your email as well then let me know and we can sign each others public keys. I hope this was helpful to somebody.