Building a Mastodon Client in to my Cyberpunk SSH App

  • February 3, 2023

Let me quickly get you up to speed: I wanted to build a website for my hacker projects, but instead of a website I ended up building an SSH app (because I’m weird). Basically, instead of visiting it in your web browser you have to open your terminal, run an SSH command, and then you use text commands to play with the application, read about my projects, etc.

Read More

Cybercrime Groups Offer Six-Figure Salaries

  • February 1, 2023

AJ Vicens, reporting at Cyperscoop, about the high salaries groups are using to lure skilled software developers in to a life of crime:

And just as the cybersecurity market is competing for the best talent, cybercriminals are also offering high salaries and perks to attract the best. Some ads boasted annual salaries as high as $1.2 million for the skilled hackers. […] According to new analysis from the cybersecurity firm Kaspersky, it appears that developers are the most sought after within the cybercrime ecosystem. […] Other in-demand positions included attack specialists, reverse engineers, testers, analysts, administrators and designers. Even the most sophisticated hacking crews still need help, the researchers said.

Another good reminder that software is software! No matter where or how it’s used, you still need the same process, support, and the ability to attract talent if you want to be “successful.”

Now, if you’ll excuse me, I need to finish polishing this other version of my resume. At this point there’s no one that can prove I wasn’t a high ranking lieutenant on the Silk Road, right?


Why Are Technical Interviews Still So Bad?!

  • January 19, 2023

Python for Engineers has a great post on how terrible technical interviews are for people on both sides of the table.

There is this idiotic myth online that the majority of programmers cannot program. That everyone else looking for a job is an idiot, and our job is to expose them, to teach them a lesson, to humiliate them till they quit.

Most programmers feel they are Gandalf holding back the darkness rather than just random people who happened to be on the other side of the interviewing table this time.

The average technical interview tends to be a terrible way to evaluate candidates. The setups don’t match the real world experience of coding and the interviewers are usually there because they are skilled at the technical aspects of that company, not because they are good at evaluating talent. Things have only gotten worse with COVID because now you have the same broken systems, but recruiters are freaking out that the hiring process is taking too long even though you’re hiring a well-paid scientist who will have the keys to your data.

The suggestions in this post are some of the same things I do after ~20 years of going through and conducting technical interviews. Here is my high-level plan of attack, but if I had to distill it down to a one-liner, it would be “Get them talking.”

  1. Talk about their resume. Let them walk through their work history.
  2. Give them a short problem to solve at home using whatever resource they want. The goal of this isn’t to take up a lot of their time, but a simple way to ensure that they can do the basics. You can learn a lot by looking at something someone worked on for a couple of hours.
  3. Ask them what their favorite thing they ever built was. Maybe it’s code, maybe it’s from work, maybe it was a personal project that was barely technical. Ask them why it was their favorite and what the biggest challenge was.
  4. Ask them about the hardest project they ever worked on. Why was it hard? How did they get through it?
  5. Ask them what they do when they finish a big project. How do you move on to the next thing?
  6. When they bring up new topics along the way, pause and go down that path for a bit before coming back to the primary thread.

After that do you know them completely? No, but if you can’t get a good sense of a person from a conversation like that you did it wrong. Don’t think of yourself as a host on a technology game show, think of yourself as a podcast interviewer with the primary question of “Do I want to work with this person on our list of projects?”


Excuuuuse me, Princess

  • January 15, 2023

Polygon has a wonderful (and relatively short) oral history of the short-lived Legend of Zelda cartoon that was embedded inside of the The Super Mario Bros. Super Show!

There were elements of the games, like sound effects and visuals, but the show mostly has Zelda and Link posted up in Hyrule castle defending the Triforce of Wisdom from Ganon while trying to acquire the Triforce of Power from the evil wizard himself. (The Triforces talk, by the way.)

Naturally, they address the origin of the famous Link catch phrase…from a character that famously never speaks.

Robby London came up with the idea of the line, “Excuuuuse me, Princess,” which is inspired by the Moonlighting relationship and a snarky line from a Steve Martin routine.

I also love this little bit from Eve Forward:

I’ve no idea what the reception to the show was. This was in the days before internet; you couldn’t just log in and see your work torn apart in real time. My own feeling is that the Super Mario Bros. show wasn’t very good, especially the live-action bits, and that Zelda was the best part of it[…]

She nailed it. I love the Super Mario Bros. Super Show for the nostalgia, but I never loved the show. What I loved was when, seemingly randomly, I would catch one with an embedded Zelda episode.


Twitter Says That Stolen Data From Them Isn’t From Them

  • January 12, 2023

If you have given up on following news about Twitter, I don’t blame you, but there as been a batch of ~400 million user records being sold online and marketed as coming from breaching Twitter’s systems.

Today Twitter is saying that there was “no evidence” of that data coming from Twitter’s systems.

After a comprehensive investigation, our Incident Response and Privacy and Data Protection teams concluded that:

  • 5.4 million user accounts reported in November were found to be the same as those exposed in August 2022.
  • 400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident.
  • 200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems.
  • Both datasets were the same, though the second one had the duplicated entries removed.
  • None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.

Therefore, based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems.

There are two problems with this kind of statement:

  1. “No evidence” doesn’t mean it didn’t happen.
  2. How can anyone reasonably trust Twitter with this evaluation?

Whether you like Elon Musk or not, he’s all over the place, going down rabbit holes of conspiracy theories, and has gutted Twitter of talent, either directly or indirectly, especially in areas such as security. Even the rapidly shrinking group of people who still think Elon is a genius would have to take a deep breath and a LONG pause before believing a report like this because of the repetitional damage he has caused to Twitter and his own brand.

Trust matters a lot with these kinds of reports, and Twitter has none.


Shopify Cancels All Recurring Meetings with Over Two People

  • January 9, 2023

If you were wondering what the latest thing that a CEO thought up in his shower the size of a studio apartment that has one of those terrible “rain” shower heads and is now shoving it down his employee’s throats is…

As employees return from holiday break, the Canadian e-commerce firm said it’s conducting a “calendar purge,” removing all recurring meetings with more than two people “in perpetuity,” while reupping a rule that no meetings at all can be held on Wednesdays. Big meetings of more than 50 people will get shoehorned into a six-hour window on Thursdays, with a limit of one a week. The company’s leaders will also encourage workers to decline other meetings, and remove themselves from large internal chat groups.

I won’t pretend that I like meetings, and I do make sure that my team doesn’t fall in to the trap of meeting bloat. Big meetings, outside of “All Hands” announcement-type meetings, are usually a recipe for a long meeting where nothing gets done…but to mass remove all meetings with more than 2 people?! That sounds incredibly stupid. Yes, there are lots of meetings that shouldn’t exist at all, but I can easily think of a number of small and extremely important meetings that included, for example, one person from the key groups/departments that was 5-7 people.

Mass deleting meetings because of executive “thought leadership” will certainly cause your team to spend more time cleaning up the mess you made than you could possibly save with these rules.

Oh, look! That’s exactly what happened the last time this happened at Shopify!:

Former Shopify dev. For what it’s worth, this isn’t the first time they’ve purged all recurring group meetings. It happened several years ago as well. Surprised the article doesn’t make mention of that; maybe their source hasn’t been at the company long enough to know.

I won’t comment on the merits of this at large, but it was annoying for me at the time because I had several recurring calls with external partners, which were all summarily axed. The bot didn’t discriminate between meetings with 3+ Shopify employees, or 1 Shopify employee and 2+ external contacts. Hopefully they fixed that this time, because it was embarrassing having to explain to partners why all of our recurring meetings had gotten deleted.

As always, there’s a happy medium here. Maybe a bot that flags larger meetings to the department head to talk to the employees and ensure the meeting is optimized?


What’s New in Shortcuts - Issue 55

  • January 1, 2023

Thank you to Matthew Cassinelli for giving my Post to Mastodon shortcut a nod in the New Year’s Eve edition of his “What’s New in Shortcuts” newsletter.

If you’re interested in Shortcuts or macOS/iPadOS/iOS automation, this is a newsletter worth checking out.


My Top 5 Gadgets of 2022

  • January 1, 2023

In the last hours of 2022, I wanted to take a quick moment and celebrate the gadgets that had the most impact on me this year. Steam Deck The Steam Deck is PC gaming rig that you can take anywhere. If there’s a better device for 40 year old fathers who like to play some games, I can’t imagine what it would be.

Read More

How to Befriend Crows

  • December 28, 2022

Befriending crows is a wonderful thing.

I have many crow friends at home and at work. They bring joy at unexpected moments and can rescue a miserable day even without shaking down the dust of snow that Robert Frost described.

This thread is an updated version of one I posted at the bird site in July 2019.

I am extremely tempted to do this with my neighborhood crows, but I’m not entirely certain how my wife will feel about me bringing crows to the house all the time.

(By “not entirely certain” I mean, that I’m 100% certain that she won’t like it. I think that’s why they call it a murder of crows.)


Post to Mastodon v2.2 - Bug Fixes and Setup Questions

  • December 26, 2022

Another update regarding my Post to Mastodon Apple Shortcut automation, which is now at version 2.2!

Specifically, I’ve learned two things about Apple Shortcuts today:

  1. Their logic for input type sucks and is very buggy.
  2. You can set setup questions so people don’t have to edit the shortcut after they download it!

Both of these issues are now fixed in the latest version of the shortcut, which you can download directly right here.

The original post explaining the shortcut has been updated as well, and can be found here.


Post to Mastodon v2 Shortcut - Image Support

  • December 24, 2022

Yesterday I released an Apple Shortcut (macOS, iOS, and iPadOS) that will allow you to quickly post to your Mastodon instance. As you might imagine, it received a little traction on Mastodon including the following feedback:

A feature request already? Over the holidays?! I don’t have time to figure out…it’s done!

I present to you: Post to Mastodon Shortcut v2 - Now with Image Support

Note that is just supports a single image, with an optional message, or text alone as of today. I didn’t want to make it too easy to blast our Mastodon hosts with lots of high res images from Photos!

You will also need to do the same configuration as before:

Once you install the Shortcut you will need to edit it to add two things:

  1. The domain of your Mastodon server.
  2. The access token for the app you will need to setup in your Mastodon preferences

You can find the full instructions on the previous post, linked above.

Enjoy the shortcut and Merry Christmas!


Posting to Mastodon via Shortcuts

  • December 23, 2022

The best thing to come out of Elon Musk’s Twitter purchase (and then backing out of the purchase, and then purchase, and then massive layoffs, and allowing crazies back on Twitter, and whatever happened today) is that Mastodon has been so much fun! One extremely minor annoyance has been the lack of good Mastodon clients, and while TapBots is hard at work on that right now, it makes posting on Mastodon a little bit harder than it was on Twitter.

Read More