Woody had it right–do you?

On January 1, 1943, Woody Guthrie jotted in his journal a list of 33 “New Years Rulin’s.” Nowadays, we’d call them “New Year’s Resolutions”. Family, song, taking a political stand, personal hygiene — they’re the values or aspirations that top his list.

1. Work more and better

Do what you do, but better.

2. Work by a schedule

Random shit is random. Make a plan, do it.

3. Wash teeth if any

If you have teef, do it.

4. Shave

This is actually gender-neutral.

Shaving Cream, be nice and clean, Shave every day and you’ll always look keen.

5. Take bath – Good advice regardless of political affiliation.

6. Eat good — fruit — vegetables — milk – we are still in an age in which this is an item of debate, but I am of the mind that a balanced diet is good for mind, spirit, and soul.

7. Drink very scant if any

This is an obvious reference to teh booz, and very relevant and appropriate advice.

8. Write a song a day

Or whatever your muse pushes.

9. Wear clean clothes — look good

Honestly, change out your underwear daily.

10. Shine shoes

OK, we are in the post-shoeshine era, safely ignore.

11. Change socks

But we are not in the post-clean-socks era.  Gezus, change those stanky thangs.

12. Change bed cloths often

Once  a week maximum. If your favorite cat won’t sleep with you, it’s time.

13. Read lots good books

I will allow e-books and blogs and podcasts.

14. Listen to radio a lot –  ok, podcasts belong here instead..

15. Learn people better – people is a weird concept to me but I agree.

16. Keep rancho clean – um don’t sleep in your own shit?  Good advice.

17. Dont get lonesome – this is the tough one. Find friends, I guess.

18. Stay glad – easily done when you are working for your brother man.

19. Keep hoping machine running – tough assignment.

It was hard in 1943 to keep that machine running, though, so I will assume that after we slew the Nazis that it is somewhat easier to keep that machine running.

20. Dream good – this is somewhat of a hard assignment, but I assume Woodie meant that we should dream of a better world and then work towards it. Because otherwise what’s the point.

21. Bank all extra money – might have been possible for Woody Fucking Guthrie but for the  rest of use, “extra money” is a somewhat sad amount. Of course, this was written before certain laws where enacted that made it impossible for Mere Mortals to  sock some cash away.

22. Save dough – see 21.

23. Have company but don’t waste time – when you’re an entertainer it’s hard to separate social obligations from useful connections.

24. Send Mary and kids money – um yeah take care of your obligations. Honestly this should be #1. Shame, Woody.

25. Play and sing good – Professional goals.

26. Dance better – Social and personal goals.

27. Help win war — beat fascism – This was 1943, but I gotta say, beating the Fascists is taking longer than he might have anticipated.

28. Love mama
29. Love papa

Honor your elders, but, more importantly, love them.

30. Love Pete – No relation to Bob.

31. Love everybody – Relation to everybody.

32. Make up your mind – It is important that a person is not just floating around, even if that appears to be the only choice available.

33. Wake up and fight – What happens around you is not “just politics”. It is your life, and the live of your descendants.


Valley of the Boom

National Geographic’s’ series Valley of the Boom is a real nostalgia trip for people like me. The events that are described within – advent of browsers, social media, and internet video – are real and not subject to impartial social commentary. They happened, we lived through them, and We Have Opinions.

The biggest evolution described within so far (ep 2) is the advent of social media via theglobe.com. This is a very personal topic for me.

Let me essplain. No. Is too much. Let me sum up.

In the time frame of 1985 to 1995, “the internet” was a nebulous, yet very important, topic. There were many people on CompuServ and GeNIE that had very strong opinions as to what that meant. And there were many people on usenet.org that had opinions on that.

And there were people on fidonet.org that had opinions, and I was one of them.

On a FidoNet “echo” called Amiga General, I found a friend (asha) and a future lover (holly) that changed my life in irreversible ways. The former opened my eyes to other ways of seeing the world. The latter opened my eyes to love.

Regardless of what you think of CompuServ, GENiE, FidoNet, TheWell, or other online communities, the Thing that happened was Community. In this the Year of Our Lord 2019, Community is spat upon, declared to be a second class citizen on the Web, the fat remains that whether you are on FaceBook, Twitter, Reddit, or other sites, the Community you in habit defines you in a way that we, the Netizens of 1990, very much identify with, are knowledgeable of.

You can deny that you are part of these communities, but your interaction and support of a groupthink mindset is all that matters. What that mindset lands on is all that matters as far as your mental and political participation – and let’s face it, all participation is ultimately political – this is what you are.

There are certain things that define a person. I declare that one of those fundamental things devolves down to what – or who – you are willing to shoot.

So what is it, pilgrim? Where do you land in this ultimate declaration of loyalties?

Open Source Security


Recently it emerged that the PyPI repository had been infiltrated by some rogue code (1) – trojans that used the well-known Internet trick of typosquatting to infiltrate unsuspecting systems.

I just probably spewed out a bunch of garbage you don’t understand, so let me fill in the gray areas.

PyPI – This is the package repository for the Python programming language. For example, suppose I came up with a useful library for listing the contents of web page and called it webDir. Suppose I wanted to share it.  PyPI is where I would upload it, and other developers that had a reason to want to view the contents of a web page would be able to download it and use it as part of their own programs.

Typosquatting – This is a popular way to get someone to trust something untrustworthy. It relies on the fact that people are imperfect and sometimes type in words incorrectly.  Predict how people might do so, and you can create a web domain to intercept those typos and do … things. It’s been used for web pages quite frequently, but in the case of PyPI it can also be used for software libraries. Suppose you created a library called webdir (lower case D) that did the same thing but ALSO installed a virus. All you would need would be for a few unsuspecting developers to request the wrong package the right way a few times to get entrée to some interesting stuff.

So what happened is there were over a half a dozen instances of packages similar to webdir that got uploaded to PyPI and downloaded a few thousand times. They did exactly what the right packages do, but also added some code that – fortunately, this time – didn’t do anything malevolent, but could have without anyone’s knowledge.

Here’s the interesting parts.

  1. I read so many Python oriented blogs. And yet only one has mentioned this.
  2. At least five non-programmer blogs have mentioned this.

What the actual hell?

The Python “foundation” that maintains this repository say that they can’t help it – they have only two volunteers that support this repository, and they aren’t gatekeepers, they just take the crap that gets uploaded at face value and moves it on, provided it has all the right tic marks filled out. I could upload Professor Zola to PyPI and it would be okay as long as I filled out all the right forms.

They had no recommendations, no apologies, no plans. All they had were excuses.

I want to mention once again that a software language that forms a major part of the backbone of the greater internet has been infiltrated with trojans, twice, and that the people that maintain it have no plans for preventing it again, nor do the people that use it feel the least bit concerned.

One group of people, by the way, suggested that maybe keys would be good. You know, checksums by another name.  The problems with this are:

  1. All packages are already uploaded with properly formed MD5 checksums.
  2. The checksum verifies only that the file has not been modified after it was uploaded by the creator.

So, basically, “This virus is 100% authentic”.

PyPI can only be trusted if:

  1. All uploads are scanned and validated by people with domain knowledge.
  2. A separate authenticity repository (or something like it) is maintained to track the fingerprints of the legitimate, vetted packages on PyPI.
  3. Somebody works there that knows enough about the ecosystem to get alarmed when seeing ‘lmxl’ uploaded and claiming to be ‘lxml’.

The good news for now is that this time around, the compromise was limited to Python 2 users.  The next one will probably not be so limited.

By the way, if you are a sysadmin of a system that uses Python (for example, a RHEL system that uses Yum to manage its own packages), here’s a program that will let you know if you have been compromised.

from __future__ import print_function
import pip
packages = sorted(["{}".format(i.key) for i in pip.get_installed_distributions()])
fakes = ['acqusition', 'apidev-coop', 'bzip', 'crypt', 'django-server', 'pwd', 'setup-tools', 'telnet', 'urlib3', 'urllib']
for fake in fakes:
    if fake in packages:
        print ("""Found {} in you installed packeges, please delete {} from system.""".format(fake, fake))
        print("{} was not found on your system.".format(fake))

(1) – BTW, outstanding punage on the part of El Reg – Python variable typing is, after all, considered to be very loose. Poor, one might say.

Fallen Heroes

BMRightRemember the OS Wars?

Back in the 80s and 90s my computing platform of choice was the Amiga, a feisty platform that offered lightweight realtime preemptive multitasking for a really good price. Along the way it established itself as the premiere platform for video and graphics, going so far as to become the platform that authored the graphics for the TV series “Babylon 5”.

Back then it was possible to be passionate about operating systems and computer vendors, as apposed to today’s excercise in choosing one shade of mediocrity over another.

My sweetie recently aquired for me the sticker you see above, the famous Amiga rainbow checkmark.  I fly this flag with pride, but also with regret.

Commodore and the Amiga suffered from mediocre management that managed to destroy the legacy of an extraordinary team of developers. That is my regret. That today we are met with a choice between two or three flavors of library paste and for some reason people manage to generate loyalty for one over the other.  Not me. I know what we lost.

What we lost is for the chance to see a better computing world. Even if you’re a Mac Head, your OS would have been better by virtue of having some actual competition. AmigaDOS alive and well and on its own would have pushed everyone to do better.

So I fly this particular geek flag in rememberance if the world that could have been rather than the world that was. Because we had hope, and fire, and ambition, and passion. And it was betrayed by a bunch of guys in the Caymans.

They reported it. It must be true.

security-breach-hack-hackers-epsilon-640x0There’s a distinction to be made between a “reported breach” and a “verified breach” that allegedly obtained user data.

“Verified” generally means that a known e-journalist took the time to verify that the information contained in the “reported” breach was, in fact, accurate.

But often the e-journalist doesn’t have access to the data or even a source to confirm that the breach is real, so the e-journalist will often downplay any breach reports that they haven’t verified (or seen solid confirmation of) because it downplays their brand.

To an e-journalist, the brand is more important than the facts.

The problem is, the real world doesn’t give two shits if they verified it or not. If actual data was breached, then it is available on the Silk Road or reasonable facsimile. End of story.

So the question to you, the user, is this: did you have an account there?

If the answer is yes, then change your password at the very least.

That is the survival guide to the internet, in a nutshell, right there.

The Conservative Worldview is Anathema to the Internet

A few weeks ago, some fuckstick Thought Leader of the #gamerGate movement got his Trusted status removed by Twitter because he was abusive. This is not my opinion, it’s his own admission. He admits to being abusive on Twitter, and wants that to be endorsed by Twitter.

To be clear: he’s still allowed to post, abuse, whatever those little douchcanoes do on Twitter – he can still do it.

But he no longer bears the mark of a trusted poster on Twitter. That’s it. His user icon no longer has a little blue checkmark overlaid on it. That’s the extent of the Liberal Machine’s impact on his ability to spew offal into your face.

And that really pissed him off.


Monkeyballs himself showed up at the White House (not White Horse) to actually spring the question at an official press conference as to what the Obama administration thought of fine sociopaths like himself being censored by such Liberal Establishments and what the Administration thought of this methodical silencing of the Conservative Movement.

Unfortunately for us, the Press Secretary didn’t call him names and insult his mother on national TV. But he sure looked like he wanted to.

So let’s be clear on this, Righties. The culture of the Greater Internet has no place for you right now. Our Nation operates on principles that are somewhat more egalitarian than Conservative wisdom itself would be able to tolerate.

The reason you feel that the Internet is censoring you is because we ARE. We have no room for you or your pathetic worldview. And we are showing you the door. Site by site, forum by forum, we’re cleaning up and pushing you out of our venues.

Oh, don’t worry. You still have the right to express yourself. We’re not going anywhere near your Klan meetings, or your Lynching parties, or your book burnings. You can have those. Enjoy, as only a Conservative can.

But the Internet is ours. And we will continue to defend it.

Someday you’ll grow up and understand that it’s possible to be in favor of small government and financial conservatism without also being in favor of bullying, inequality among peers, and religious intolerance. And when that happens, we’ll welcome you back to our ranks, and we will each benefit from your returning to the ranks of Humanity.

But right now, your worldview sucks and you’re just not welcome as long as you bring that to table. Sorry.

Some would say that this methodical exclusion of Conservative cockwaffles is itself a form of bullying.  Well … no it isn’t. Listen, I’ve been bullied. I know what it’s like.  You’re being excluded, not bullied. Totally different thing.  I’ve also been excluded, and it feels totally different. Lot less bleeding, for one thing.

Your place

That’s a great MMO you wrote there. I’m sure your mother is very proud.

But look at  this.

It’s the size and shape of a grand piano. It was launched at over six times the speed of a bullet at a pea being orbited by a BB over three billion miles away. And when it got there, it put down the phone and snapped tons of pictures while skimming past the pea and the BB at 30,000 MPH. All on its own. And then, it located Earth and let us know it was okay.

Your lovely Web App bears about as much resemblance to “computer science” as “Chopsticks” does to Wagner’s Rings saga when compared to what these programming Titans did. 

Giants walk amongst us, and it is during weeks such as these that we are forcefully reminded of our place in the programming universe.  I don’t care how sweet your Android app is.  It is fit for little else but a sacrifice to the Programming Gods that gave us this.


Everything I Needed to Cope, I Learned from Arthur Dent

We all have internal defense mechanisms. We usually don’t develop them on purpose.  They just happen.

Mine came from, for starters, the absurdity of British science fiction and comedy.  It started with Monty Python.  Then I met Arthur Dent and the crew of the Heart of Gold. Such wonderful fodder for the imagination opened doors to other absurdist corridors.

For whatever reason, I found that my personal issues became far less threatening if I could wrap them up in absurd concepts, and reading such ridiculous stories provided me with more ammunition with which to fight that which bugged me.

Science Fiction and Fantasy provided the most magnificent vistas of such absurdity, though often it was couched in context that didn’t really fit in my modern landscape. But it often contained contextual handles that let me wire bits of it into my reality.

A lot of authors have absurdist chops without being known as absurdist authors. But they’ve found ways to hang absurdist concepts out there in the middle of serious-ish stories. Have a look at early Heinlein, or Niven’s Ringworld-era stories.  Heck, Niven even took an absurdist fan protest against The Ringworld’s concepts (“The Ringworld is unstable!”) and made it a plot element of a sequel.

Point being of all this, don’t let anyone tell you this stuff isn’t worth spending your time on.  What’s the point of Hamlet if you can’t relate? Shakespeare or Nietzsche might be Srs Bsns, but they’re also pretty much useless in helping you develop mental defenses against, well, pretty much anything. 

I mean, unless happiness is something you need defense against.