50 Linux Resources For Developers

I try to always bookmark interesting things I find as I bumble around the internet. I’ve collected thousands of bookmarks over the years, and I want to share some of the cool stuff I’ve found. I call these Nuggets.

Today, I want to bring you a list of links that might help you on your path to understanding and appreciating Linux. I don’t consider myself some wizened Linux guru, but I have spent many, many hours looking for guides and tools to make my life easier while using it.

If you’ve ever struggled to find information about Linux basics, or you just want to polish up your skills, there’s probably something here for you. This guide will be particularly focused on developers, but there will be information here that’s applicable to many other Linux users. Some of it is specific to Ubuntu users, but much of it is applicable across the board.

I’ve by no means covered everything, so comment or tweet to me if you have any you think I should include.

Read More

Killing patents, part 2

If you’re like at least a quarter of the people who read my original article, “Am I evil, or is killing patents just plain fun?” a few days ago, you probably read the title of this post as “Killing parents part 2” or “Killing patients part 2.” I have to wonder how many people originally clicked it simply for that reason.

This is but one of the many responses I got, however. Overwhelmingly, people who responded to the article were in favor of at least reforming software patents, and many favored getting rid of software patents altogether. I expected at least a few responses to my challenge, but so far the only patent posted is one that hasn’t yet been granted, and I suspect won’t be.

This may be sampling bias, as there are relatively few people producing software patents, and even fewer who actually want to be. Most people don’t have any real motivation to go find them, unless they want to win the prize of forcing me to write a post about how great patents are. Regardless, the fact that not a single one of the nearly 40 thousand people (almost all software developers, and smartasses too, if I had to guess) who saw this article pointed to one good patent is fairly telling, at least to me.

Several people were skeptical that submitting prior art to Ask Patents would have any effect at all. Well, while it isn’t a landslide victory for patent reformers, there’s a tag for rejected patents that suggests that 24 patents have been denied so far, with several drawing at least partially on answers from Ask Patents. Here‘s one example from 2010:

A computerized method of analyzing weather data to improve the selection of contextually relevant communication, the method comprising:
 1. Automatically receiving geolocation information of a viewer's location;
 2. Receiving weather data relevant to the viewer's location;
 3. Analyzing the weather data to identify a weather condition;
 4. Accessing a database containing multiple available advertisements assigned to weather conditions; and
 5. Selecting a communication associated with the identified weather condition based on a viewer's preference.

In English? Sending ads based on the weather. Sounds boring. Also sounds an awful lot like Weatherbug, an application which has been around since at least 2000, and about a million other weather sites. And, thankfully, the patent office agreed.

24 patents doesn’t sound like a lot, but that represents tens or hundreds of thousands of dollars likely wasted by these companies. That makes me happy!  Why? Because the biggest thing I want out of all this is for companies to stop treating patents as weapons to use against competitors, and status symbols for managers with no direct involvement.

Right now, it’s a gamble, not dissimilar to the VC industry: Apply for a patent and spend a little money upfront, for the potential to make a boatload down the road. It’s a moonshot, but every once in a while they hit the jackpot. The problem is that money is made via dubiously ethical behavior like waiting for lots of people to infringe and then suing when they get successful, instead of actually creating value. At least their lawyers make a lot of money. Direct costs to U.S. businesses have been estimated at $29 billion a year, indirect costs as much as $83. This is grade-A sleezeball material.

So, will my humble daily search for prior art on relatively few patents help? Maybe, maybe not.

Either way, I’d rather do something than nothing.

Am I evil, or is killing patents just plain fun?

The other day I re-discovered this post by Joel Spolsky on Hacker News, entitled “Victory Lap for Ask Patents.” I saw it when he originally posted it a while back, but it didn’t resonate with me at the time.

But re-reading it today, I realized how great an opportunity we, as software developers, have to force patent reform by actively contributing to this project. Ask Patents, if you haven’t heard of it, is a StackExchange site where you can ask questions about patents, or, in my case, respond to requests for prior art that invalidate an overly-broad patent. In my case, I focus on software patents.

I can hear what you’re thinking.

That sounds fucking boring

I know, right? But actually, I’ve found it to be quite a fun little puzzle to decrypt the legalese used by patent lawyers to try to get away with ridiculous patents. Here’s an example patent claim:

“A method comprising:

  1. generating, using a processor, time-based event boundaries detected in a plurality of images;
  2. computing inter-event durations;
  3. grouping events into clusters based on the inter-event durations; and
  4. validating, using a rule-based system, that each event belongs to an associated cluster based on event level content based features.”

Short version: a photo album that groups your photos by the time they were taken.

How hard do you think it was to find examples of prior art? (Hint: it wasn’t)

If you’re still wondering what I’m going on about, then perhaps a different motivator is called for. If you think this shit is boring and pedantic, how do you think someone at the USPTO feels when they have to read it day in and day out, and formally parse and research it to decide whether it should stand?

Let me put this another way – wouldn’t you rather those working for the USPTO were spending their time on legitimate patents? On getting a bunch of those “patent pending” labels off of everything we buy? On crippling the patent trolls, who raise the cost of doing business for anyone who gets successful enough to trespass on one of their dubious “works of genius”?

Well, you can help. Every minute you save the USPTO is another minute they can spend doing things that actually matter. I’m going to start doing it every day. I’ve already done 6 in the last hour. Time will tell whether my contributions actually do anything, but I suspect that, given how unglamorous the work is and how few people generally comment, even a little bit will be appreciated.

So how does this lead to patent reform? My hope is that the community can shred a lot of these useless patents before they take any brain cycles away from a qualified researcher. And if it happens enough, it will start to become clear to everyone involved that the vast majority of software patents are bullshit.

It might sound like a bad, or at least contradictory, idea coming from a programmer, but I genuinely hope (and have some reasons to believe) software patents go the way of the dodo in the next decade.

In fact, I would go so far as to wager the following. I will bet, on pain of writing an entire blog post dedicated to why patents are good, that no one reading this article can find a software patent granted in the last year that actually should exist. The requirements for a good patent are:

  1. Novelty
  2. Non-obviousness

Some software patents may technically be novel, but I’ve yet to find one that I thought was non-obvious. Maybe someone will be able to enlighten me.

Want to help some more? Take it to Twitter with the hashtag #patentreform!

Code red, the ship is on fire

Checking out Hacker News for a refreshing end to my work day, I was instead greeted with the worst of all tech-related bad news: Heartbleed, an exploit in popular versions of OpenSSL allowing attackers anonymous (read: no way to figure out how widely it’s been exploited up to this point) access to 64kb of memory of an affected client or server.

How bad is it? Tor had this to offer in its blog post on the subject:

If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.

Let’s play a doomsday scenario out a little bit:

  1. Attacker compromises the private key to Ubuntu’s (or any other distro’s) package repository
  2. Attacker generates their own certificate and phishes someone with write access
  3. Attacker pushes out legitimate-looking vulnerable versions of all your favorite packages, signed with the proper private key
  4. Attacker can effectively attack any machine that installs that vulnerable package

Let’s try another:

  1. Attacker gets private key for the instant messaging account for a security guy at Google, or their IRC server (thankfully, a Google employee was the one who found it, so at least they were probably first to patch against it)
  2. Attacker listens to all their communications to wait for an opportunity
  3. Attacker initiates a phishing attack using real-sounding information, impersonating an employee
  4. Attacker gets access to Google’s hosted JavaScript libraries, inserts a small keylogger
  5. Every user on every website using Google to include jQuery or other popular libraries gets keylogged

Both of these scenarios require a phishing attack to happen at some point, but even this wouldn’t be necessary. The possibilities are endless. And it’s better than a normal bug! Normal bugs are patched with software updates, and then they’re no longer an issue. Not so with this one. Every key, every password, every everything has to be assumed to have been compromised, and replaced. As you can probably imagine, that will take time.

Why am I posting this? It might seem I’m just predicting doom and giving no solutions. My hope is that you will help me in convincing all the parties affected by this to:

  1. Upgrade their vulnerable versions of OpenSSL
  2. Change all private keys that might’ve been compromised
  3. Generate new SSL certificates where necessary

This isn’t an easy prospect, and many will be slow to do everything necessary to protect against this exploit unless they have motivation to do so. Every day they wait, they potentially put millions of peoples’ sensitive data at risk.

Take it to Twitter using the #OpenSSLBug hashtag! Time is of the essence, and broad awareness is crucial.


You might want to stay off the Internet for a few days, assuming you’re not one of the unlucky few who have to go and clean this mess up.

Updates
Here is a tool to find out if your favorite sites support the vulnerable heartbeat feature, and thus probably need to do damage control. To name a few: Google, Twitter, and Instagram, although others may have simply disabled the feature temporarily, which unfortunately isn’t a complete fix.

Want to find more sites that need to be patched? Google the following, and you’ll begin to see just how deep the rabbit hole goes.

[REMOVED]

OpenSSL is trending on Twitter right now. It looks like people are starting to take notice.

For anyone running a website of their own, here’s a thread on ServerFault describing how to check your OpenSSL version and find any processes that might still be running on the old version once you’ve updated. If you’re running Ubuntu, they still haven’t released the new version, so head over to the OpenSSL site to grab the new version to compile from source. Once you’ve upgraded, restart all the services you get when running

lsof -n | grep ssl | grep DEL

When you’re ready to generate new keys and get new certificates:

Can’t remember all the keys you might need to rotate? Take these for a spin:

sudo find / -name "*.key" -type f
sudo find / -name "*.pem" -type f

This might also be a good time to tweak your webserver to use only secure SSL ciphers.

Introducing: Slowpoke

In the spirit of April Fool’s, but also because I think it might actually make me more productive, I’ve made a Google Chrome extension to slow down Facebook’s timeline feature.

Long for the days of 56k? All this high-speed gigaboot Internets nonsense got you frazzled? Just install Slowpoke in Chrome by going to “chrome://extensions/” and dragging the .crx file onto the page. Instantly, your Facebook addiction will be both sated and abated.

You’re welcome.

(Get it here)

Sociability > Profitability

“A man’s true wealth is the good he does in the world.”

— Mohammad

When you think of free market economics, undeniably the most championed principle is deregulation. By removing the obstacles that prevent us from economic exchanges, we become wealthier. Letting individuals be in total control of their financial decisions is the path to prosperity, as the thinking goes. Getting the state out of the way increases the number of transactions that will take place.

Inspired particularly by a book called The Rainforest by Victor Hwang and Greg Horowitt, I want to argue that traditional “free” markets are great, but that they’re not the pinnacle of value-creation.

Read More

3 reasons to throw out the Fisa Improvements Act, without reading it

As some of you may know, Democratic Senator Dianne Feinstein from California has introduced a bill called the Fisa Improvements Act that she is portraying as a reasonable reform of mass government surveillance. I’ve been skeptical from the beginning, reading headlines like “Stop the NSA ‘Fake Fix’ Bill” from EFF and others. I’ve read through some of the bill, but here’s a list of reasons why this bill should be dumped that don’t even require reading it.

The author of the Patriot Act is sponsoring a more reasonable bill

To my surprise, one author of the USA Patriot Act, Jim Sensenbrenner, is proposing a competing bill with the support of Democratic Senator Patrick Leahy, called the USA Freedom Act  (Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-Collection, and Online Monitoring Act). Here’s a summary of what the bill would bring about, including the elimination of the meta-data collection programs often mentioned in the revelations of Edward Snowden this summer, and a closing of the “backdoor” that allowed the NSA to search for data about Americans in collected data that was obtained with non-individualized warrants.

Silicon Valley is revolting in Feinstein’s backyard

Several California tech giants like Google, Facebook, Apple, and others have banded together to call for a reform to government surveillance initiatives to restore trust in the Internet. Crucially, they argue against the provisions in Feinstein’s bill that would continue to allow the meta-data collection programs, in favor of the USA Freedom Act mentioned above. If Feinstein is facing a revolt from the very California companies that she’s supposed to represent, there’s clearly something wrong.

Her donors list shows where her loyalties lie

According to Open Secrets, her biggest donors for the 2009-2014 election cycle include General Atomics, General Dynamics, BAE Systems, and Northrop Grumman, all of which involved in defense contracting. I wouldn’t call it a stretch to say she’s pretty invested in the defense industry, which happens to be the same defense industry the NSA contracts all this mass surveillance work to.

For these reasons, I urge you to write to your Senators to oppose this bill.

So I want to learn web development. Now what?

You might want to grab a cup of coffee

My last article about the importance of getting started on your programming education is my most-read article on Medium so far. Like anything in my life, my writing is an experiment. When I see as many people getting excited about programming as I have because of this, it excites me too, and tells me I’ve hit a nerve.

I think there’s a little more to the story that I didn’t fully flush out. So here, I want to set you on the path to writing your first line of code as quickly as possible. I don’t want to delude you: there is no getting over the fact that programming is an iterative process. I love this article, describing the process of programming through the allegory of cooking. The author describes the frustration of “just getting started” when there isn’t a clear picture of what “getting started” means. I can’t just yell at you to “GO FORTH AND CODE” without at least helping you understand what you need in order to do that.

Read More

Howdy

Welcome to my blog! I’ll be posting random musings about technology, privacy, entrepreneurship, politics, college, and everything else here. I’m always looking for interesting people with interesting ideas, so get in touch with me if you think you’d make a good fit as a contributor.