/blog

At the root of all this is an issue of privacy. A fundamental question would be: do you/we have a right to privacy. My opinion is no.

We do have a right to be secure in our persons and property against illegal search.

Are bits you've shared on the public internet still your property? (I think no) It's information you're sharing with the public and/or giving to a third party (Google, Facebook, Twitter, &c)

Many (most?) of these sites operate with a TOS that gives them some ownership/control of the data. If you give your data to Facebook and they give it to the Gov have you been illegally searched? (I think no)

Has FB been illegally searched? (I think no) However heavy-handed some of our recent-ish terrorism laws may or may not have been it would have been resting on these third party providers to fight since it appears they are the only one who have a claim on illegal search.

My fundamental belief that we have no *right* to privacy - it's one of the reasons I make&sell encrypted communication tools.

/djb

Recently we've been in a battle with some of the webs busier sites regarding our registered trademark.

See, many sites let the username represent the owner of the account like twitter.com/edoceo. Many sites (Tumblr, Wordpress/Gravatar, Twitter and others) make no efforts what-so-ever to ensure that these usernames are not crossing trademarks.

According to their policies you could register "Microsoft" and these sites would not mind (but we know that's not true). However, when it comes to small businesses like mine these sites don't care at all. They are full of lame excuses. It super easy check trademark with an API query (http://edoceo.io/trademark)

On some sites we've identified orphaned accounts, that clearly have no usage and formally requested access. We're told things like: it cannot be changed, or there are "data integrity" issues. Bullshit. We know for a fact that at least one of these offending sites is backed by MySQL - UPDATE is a pretty easy statement.

Other bigger carriers such as YouTube and Instagram do respect the trademark. Simply send them a nice letter, using the provided forms and wait a few days. Done and done.

For now, we're looking for legal council in SF to help us out.

Also, we've made a tool called Username Shop which helps to research as well as buy & sell these usernames aftermarket. At least, until these sites start respecting trademarks.

Yesterday one of out hosting providers had a network hiccup. We use a number of providers and something happens somewhere at least once a week. Network blips are something one simply has to build around, redundancy & failover and all that.

Linode manages their issues well with frequent updates to their status page. Employees participate in their IRC channel as well and are very responsive.

It was however speculated that the Fremont data-centre has more outages than others.

I had this theory for a while that SPD parking enforcement targets vehicles operated by "poor" people. I heard and saw anecdotal evidence - my beat-up Jetta gets a ticket for a time-violation, while the BMW behind me does not.

So, today we have an actual experiment going on. My beat-up Jetta, a nice BMW and a clean Dodge Doakota have all parked, on the same block in the same 2h limit zone.

The parking time limit is enforced from 8am to 6pm. The BMW arrived around 8:30, my Jetta at 9:00 and the Dodge at 9:10. As yet, we've not see the parking attendants.

09:50 No Sign of Parking Enforcement (PE)

11:14 Parking Enforcement Spotted

Parking enforcement just passed our three sample cars, slowly. I'm sure that each was recognised by their system, they have marked the tires of our sample cars with white chalk.

11:32 Dodge Leaves

The Dodge has left, so now our sample cars are down to two. I'm not wanting to get a ticket on the Jetta, so I'm going to move it now. However, I still assume that by EOD the BMW will still not have a ticket.

12:03 Parking Enforcement Spotted

PE makes another pass, this time using orange chalk markings. An observation of the BMW has no marking, in either white or orange chalk. Cars that were chalked include: Toyota, Honda and an F150 - all on the same block & same zone as the BMW.

13:53 Parking Enforcement - Marking

Didn't see them pass however, I did just look at the cars. Now a new Toyota and a Nissan have been marked with white chalk, the BMW however still has no chalk markings.

16:00 Parking Enforcement Spotted

I just watched the Parking Enforcement dude (same guy I've seen three times today) drive past. Chalking tires, guess what - the BMW - which has been parked since about 8:30 in a two (2) hour zone - still has not been chalked or ticketed.

16:29 BMW Leaves

The BMW just left, roughly eight (8) hours in a two (2) hour limited zone. Tires were never chalked, though the tires of surrounding vehicles was. Not citation was issued, although I saw other citations being given out.

Summary

I've managed to convince myself, after today's diligent observation that SPD Parking Enforcement is not applying the rules the same to all illegally parked vehicles. My theory that the "nice car" would not get a parking citation, while other cars would be targeted played out as I described. Accommodation for the Affluent.

What I'd like to get my hands on now is the data about the citations, make, model, age as well as the zip code of the citation and zip code of the license holder. From that we could build a pretty good model.

I'm betting that the City and the State don't want that type of transparency.

In Oct 2010 I had this concept of an IT related skills quiz, community constructed and community graded. Conversations with others in the field led me to register a domain (ibise.org) and create a prototype of the system. The grand scheme was to create some type of community regulated certification system.

Progress was(is?) slow. By 2012: I'd told a few people; created code to handle various question types (pick one, pick many, fill-in and essay) and created a few questions. The breadth of skills represented was small. The name had changed to Opus, and now Ars.

It's hard, very hard, to grow a project when it's not able to get more than 10% of your time. I wanted this thing; however I had no time to grow it. Nor did I feel like spending a few buck to have it populated with questions, polished and published.

Over time the idea morphed around; what was the real issue I'm solving. What did/does/are/were the problems which others in my field faced with regards to representing skill-set? The name changed, more than once (Opus, then finally Ars I/O) which makes it hard to get a good bond with the project.

Time to Let it Go

Recently I came across Smarterer which provides for very similar quiz functionality (limited to pick-one style questions). And the Ars project (as it's now called) had migrated away from the focus on the Skills quiz and become yet another on-line profile. I think we have to let-go of the Quiz part and simply integrate with Smarterer.

I had/have some "my baby" feelings about what I've built so far, so it's tough. However...

From the feedback the my associates gave me the site had morphed into a system that pulls your IT profile from a bunch of sites and makes a pretty display. From fancy Quiz system to simple Resume Editor.

So, yes, now Ars integrates with Smarterer. And, of course Stack Exchange is getting into the Resume business with their Careers 2.0 option, which is suprisingly like Ars.

I'll either have to give more time to Ars to compete with Stack Exchange, or I'll have to let this thing it's morphed into go too.

Domain brokers and re-sellsers are inflating their metrics with false numbers.

The Back Story

Edoceo has been tasked with acquiring a domain name on behalf of a client. We'll call it "V.com"

We review the WHOIS to attempt a direct transaction. This is blocked by the GoDaddy Domains by Proxy addresses. No matter, simply make a purchase attempt via GoDaddy to use their auction system. We began that process and submitted our bid.

The False Metrics

When we first viewed the domain auction with GoDaddy the metrics were zero (0) direct visits and zero (0) auction views. We attempted bid placement however, since we had to login in we were redirected back - now the view count was two (2). Our bid was entered and prompted to visit the shopping cart - for a domain with a bid view count of four (4). Returning back to the domain review page the view count now shows six (6)! We completed the bid process with a view count of seven (7) showing; still zero direct visitors.

Lost Revenue

The domain auction had a few (20+) days to close. Of course, we kept checking on it too. By the time it close the view count for the auction was over 20 - that was 99% us.

The down side is that the seller viewed this as an increased interest in their domain. And while we were interested and bid accordingly ($600) this decade old, unused domain remains unsold.

It appears that the false counts delivered by GoDaddy & Sedo provide a soft-basis for inflated value for the domain holders. Rather than pocket $500, this domain owner will likely lose another $50 over the next five years waiting for another buyer. And with new TLDs coming on-line, the demand for .com is waning.

Whatever, domains are easy to find - $9.95 got us another very cool .co.

Just started working with a new company, inherited sloppy code

Recognising Sloppy Code

Developers know it when they see it; non-modular; repeated, disorganised directory structure, editing on production systems. Business operators on the other hand don't, here's some tips.

Examine the Project You don't know code, but if you see many duplicate names. Or files like like home.php, home-0.php, home-12july.php, home-bk.php, home.php~ that is an indicator of slop. More importantly it highlights that there is no code tracking tools in place.

It's very important that the code team use tools like Subversion or Git or Mecurial or Bazaar.

Third Party Review Get a second opinion. Have an alternate, cash compensated dis-interested third party review the code. The the report comes back an mentions duplicated code, lack of structure and other such then we have slop.

If the code as been identified as sloppy, it can be an expensive process to resolve it. It's important to enforce good development practices from the beginning.

1. Use a Source Control system (Subversion, Git, &c)
2. Host Multiple Environments: Work, Test, Beta, Live
3. Review Code with a trusted third party
4. Test, Test, Test
5. Control the Team - Don't let them stray or feature creep

Resolving Sloppy Code

Quite a tough problem, clean what is there or throw it out entirely and start over? Depends on the depth of the project. Many times small fixes to the slop can keep the system operational and continue to generate revenue. Rebuilding requires to redefine the specifications and basically re-build from the foundation up. Maintenance time is lost to rebuild-time - or one could bring in a new team for the rebuild.

Smaller teams are forced to try to re-work existing code to a more unified option, perhaps implementing one framework or another. In some circumstances early projects have two conflicting methodologies in-place. And the choice must be made to use one of those two, or fork to yet a third option.