I found out something really interesting (to me, anyway) today. It’s something that I took for granted – public records at city hall. I knew intellectually that I could go there and ask for information, but had never done so.

Large packets of information, folded neatly, going back to the decade of construction hold some sort of voyeuristic appeal. You can easily look through the history of a building, finding out that it’s been a toy store, a department store, and so forth. Knowing what’s been in the floors and corners lends an air of reality, an air of tangible history, instead of the anonymous and soulless relationship that i’ve had with most buildings.

I know that it puts me in the minority, but I had a lot of fun looking through old public records. I wonder what sort of emotional impact it might have to have these old records scanned and put online for public use. I know that I wasn’t asked for an ID, my name, or even my purpose when I went there, so I imagine that these are freely available for people to see. I can imagine the difficulty, but what if there were a time slider in Google street view?

First off, the $85 million (ed: billion) AIG bailout scares me, not because of future bailouts that it most definitely encourages, but instead because it still seems like it’s not enough to cover the sheer volume of credit default swaps that it has outstanding. I don’t get the feeling that $85 million billion is enough to cover the trillions of dollars outstanding in the whole international ponzi scheme that AIG has foolishly insured.

The second thing is that the whole “Change” message being put out by the McCain GOP campaign reminds me of the unintentionally funny Match.com “6 Months Free” campaign that’s all over TV commercials right now. The gist of the promotion is that if you use Match.com for 6 months and totally strike out… they’ll give you another 6 months for free. Hey, if you pay for our service and it doesn’t work for you for half a year, waste another half a year of your precious time, on us! It reminds me of the GOP message of “Change” on the economy. If the last 8 years haven’t worked for you, we’ll be happy to serve you with the same administration for the next 8 years!

In the handful of news articles I read today, I nearly passed over a link to one of Warren Buffett’s Berkshire Hathaway shareholder letters from 2002, the one where his predictions for the derivatives market seem eerily close to the unfolding of current events on Wall Street. Reading his conversational, informational letter is like finding an oasis in the desert. I’ve read other shareholder letters, and most of them feel as if they were written by drones who have no interest in providing anything but cheery opacity.

I was very pleased to find that Berkshire Hathaway publishes all of Warren Buffett’s Letters to Shareholders on their website. Please dig in and enjoy.

Grant McCracken linked to Twenty-Eight Articles: Fundamentals of Company-Level Counterinsurgency by Dr. David Kilcullen, Lieutenant Colonel, Australian Army, discussing it in the context of applied ethnography. If you are able to abstract away the most obvious differences between insurgencies and online communities, there is a lot of wisdom in this document directly applicable to the role of community managers.

In a modern online community, while no sane P.R. person would acknowledge that their employees view some segments of a user base as enemies, that attitude does exist, despite the measured tone of external communication. There are direct competitors kept at arm’s length, griefers, trolls, spammers, and many other types of people who (whether consciously or not) act to undermine the stability or quality of an online population. It is a significant portion of the job of a community manager to deal with their everyday activities without causing harm to the community through their own actions. And in many cases, the goal of certain harmful subgroups is to provoke the community’s operators into harsh action which they can then convert into media coverage for their own viewpoints.

If you’re involved creating online communities, i’d highly recommend you go read this article, ignoring temporarily the real differences between our work and the operation of a counterinsurgency. If you can work with the analogy, much of this hard-earned knowledge can be applied in similar ways. For example:

12. Prepare for handover from Day One.
Believe it or not, you will not resolve the insurgency on your watch. Your tour will end, and your successors will need your corporate knowledge. Start handover folders, in every platoon and specialist squad, from day one— ideally, you would have inherited these from your predecessors, but if not you must start them. The folders should include lessons learned, details about the population, village and patrol reports, updated maps, photographs—anything that will help newcomers master the environment. [...] This is boring, tedious and essential.

Staff at online communities come and go, but rarely do I see the operational knowledge of community managers codified into forms that can be quickly picked up by new hires. Often, new community managers are thrust into a situation beyond their comprehension by an engineering staff who has become too busy to deal with user base issues. It’s a great concept to develop handover folders for future community managers, or even engineers switching over to deal with a problem while the main community folks might be away. In some websites set up for community success, there exist mountains of contextual information connected to users, data, and media, visible only to the employees, which perform this function of informing people about the context behind a situation while they consider solutions. An emphasis on problematic user groups, topics, and geographical regions would be a useful component of such documentation.

18. Remember the global audience.
One of the biggest differences between the counterinsurgencies our fathers fought and those we face today is the omnipresence of globalized media. [...] When the insurgents ambush your patrols or set off a car bomb, they do so not to destroy one more track, but because they want graphic images of a burning vehicle and dead bodies for the evening news. Beware the “scripted enemy”, who plays to a global audience and seeks to defeat you in the court of global public opinion.

This is a fantastic insight into the operations of hostile parties on large, established communities. In some cases, direct competitors provoke a company into hostile action, which they use to get attention for their own startups by claiming injustice. In other cases, it’s an attention- or pageview-seeking bloggers causing problems then writing digg-bait about being banned from your service. With the speed of global blogging, it’s essential to remember that all correspondence and actions taken during a ban may be posted online, resulting in your trial in the “court of global public opinion.” Bans in this case, are commonly not finished when the moderator clicks a button.

I could go on, but i’ll let the article speak for itself. Some of my favorite pieces are the discussions of understanding a population locally and deeply, and gaining its respect, if not its love. I love finding cross-disciplinary overlaps, and this is one of the best examples i’ve seen in a while.

Every few years, a malicious email nearly gets past my years of automatic defenses and skepticism about stuff I get in my inbox. Today, I was one click away from getting owned. I’ll write about it to make sure my readers don’t also fall for the scam.

I got an email in my inbox with the subject line “CNN.com Daily Top 10″. I’m a CNN reader, and I imagine so are a large proportion of Internet users. In the email, there are a bunch of broken images and links that look pretty normal as far as HTML email newsletters go, especially considering the couple of years behind the curve that CNN has typically been.

Email as it appeared in my inbox

The payload wasn’t in the email itself – the email contained links to “Top 10 stories” and “Top 10 videos”, and of course, your eyes skip past all the other stuff to the content, and if you just glance, these look mostly plausible, or at least resemble the schlock that makes up news entertainment these days. The kicker is that the top video is really disturbing – “US Beef Unsafe for Consumption”. If you’ve fallen for everything else so far (again, not a big stretch, there aren’t attachments or weird spam-like bits of language, and the style is on par for the subject), then you’ll click on the link.

This is what you see when you get there. The js pops up after load.

The link takes you to a CNN Video lookalike page with a flash widget which pops up a Flash upgrade request. Again, this is something your average Internet user is used to seeing and consenting to without thinking. If you hit Cancel (which I did, as I often find this annoying enough to give up and not bother watching the video content), then it puts you in a loop with another error message until you hit OK. Internet users are used to poorly written javascript doing this kind of thing, so they might consent as well just to break the loop.

Behaves kinda like an idiotic website bug, so you might ignore this too.

Once you hit OK, if you’re using FF it’ll prompt you to download a file called getflashupdate.exe, which looks pretty normal as well.

If you’re like me, you just got here because you’re annoyed and want to jump out of the seemingly benign javascript alert box loop. However, I finally noticed one (of many, to be sure) small clues that revealed the nature of the scam. The URL of the download surely wasn’t CNN’s. Once I hit cancel, the flash widget told me that I was using Flash Player 0.

Flash installers tend to screw up pretty often, so once again the scam tries to imitate known behavior.

Altogether, there were numerous cues that I could have observed at any time to figure out what was happening. For one, the From: email address was fake looking. The URL’s in the javascript alert boxes were also fake. The URL’s for every story in the mail were identical. I know that I’ve viewed Flash media before without trouble.

However, for all the cues that were available, the writer of this exploit put in an amount of effort into crafting an authentic-feeling damnit-I-have-to-upgrade-Flash-again experience for an average Internet user that nearly fooled me. If it hadn’t been for my tendency to give up on content rather than install yet another Flash upgrade, I might have been caught hook, line, and sinker.

The owner of the website appears to be Brazilian, and the content looks fairly authentic, so I suspect this is an owned webserver in Brazil being repurposed to distribute a rootkit.

The last time I got nabbed was by the “I Love You” virus, which just happened to come from the name of my favorite Aunt, so it was pretty unlucky for me. Sure, I should have known better, but i’m a human, and we’re all susceptible to these kinds of attacks. I guess every time the attackers advance in their approach, we become better in our defense. It’s just too bad that they’re the ones in the natural position to change where the battlefront lies.

One of my least favorite parts of working in the software industry was the inevitable backlash involving various parties making smug remarks about how it’s all been done before.

I think we can partially blame the braindead mentality of DRY criticism, where people get a Pavlovian kick out of trying to identify places where other people are messing up because, obviously, they are just repeating work that has already been done.

We can also partially blame the exploited patent system for enabling a view where software concepts can be claimed for power and profit. Some people in large corporations take this view inside the company, where they are likely to feel slighted if a new product seems to be close to some idea that they remember thinking about or being in a meeting about five years ago. Some people make it their full-time job to seek out people who are working on ideas similar to their own and harass them until they get their perceived due.

In software, there’s really no way to earn knowledge without writing code yourself. So please give people a break when they’re jumping through well-worn hoops, oblivious to existing codebases or ideas.

If you’re not looking back at your old code or approaches with some sense of embarrassment at improvements missed, then you haven’t grown as a creator since then. To think that previous work is unimpeachable is awfully haughty, and is a good sign that you’ve become a Crusty Old Dude(ette), or some weird profit-mongering litigator.

So, instead of hopping on the Done It Before, Stupid bandwagon, what would be more helpful?

• Use the socratic method (ask questions) about specific technical challenges that were particularly challenging to previous attempts at a problem set.
• Contribute old test suites, datasets, or programs if they’re close enough to help ensure that any new solutions get written as efficiently (or more efficiently) than old ones.
• Check out the new approaches with an open mind and try to find out what’s substantially different or new about it.

Anyway, that’s my little rant about people who claim D.I.B.S. (nudge nudge, wink wink) on ideas.

I really enjoyed this Dadhacker post. I got confused by all the other comments so far, so I’m going to ignore them and just mention the point that I think resonates with me.

Whenever I have some really hard problems in my mental heap, i probably spend a ratio of 4:1 subconscious processing to conscious processing. That’s kinda how I justify all the time I spend running around the web, doodling, woolgathering, drawing out ideas on paper, etc. Most days when I was forced to do this, I would pick one or two small bugs to fix so i’d at least have something to talk about at the daily meeting. It’s more or less impossible to tell everyone what my subconscious has been working on the last day. At the least, I always felt somewhat intellectually dishonest when trying to report activities that have their roots in some portion of creativity as well as mechanical work.

The main benefit of talking regularly is available if um, you talk regularly, but I think the main appeal of Scrumjax is to have stuff to report up a chain in a medium to large sized group of programmers that don’t really talk with each other naturally.

I’ve known my share of sysadmins who held some measure of belief that the more secrets they kept to themselves, the more secure their job was. It’s a belief held amongst a good portion of bad sysadmins, and unfortunately for them, it usually restricts their career more than it ever helps. Clinging desperately to power, a bad sysadmin like this will hoard information like Gollum to the Ring, and attempt to undermine anyone knowledgeable who comes near.

A disgruntled city computer engineer has virtually commandeered San Francisco’s new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday. [...] Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn’t work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said.

– SFGate

This guy has taken his particular brand of sysadmin paranoia all the way to jail. If I were a betting man, I’d say that there’s no way this kind of person was intelligent enough to truly do enough to lock everyone else out, and someone with some real skills will actually resolve the predicament for the city in no time.

How does someone like this get so far into a position of power?

Typically, it’s by becoming a false prophet of IT, filling the ears of superiors and colleagues with bullshit simply because they don’t know any better. If a guy like this gets in a company at the ground floor, how is a nontechnical person going to realize that the sysadmin who seems so smart is really stunting the growth of the firm? I’ve even seen cases where sysadmins just flat-out lie about their work and spray a fusillade of jargon anytime they’re questioned about it. This tends to fool the below-average CTO and technical boss as well.

The unfortunate truth is that once someone like this gets power, it’s essentially poison for the entire technical side of the company. To make things worse, the kind of person that would hire someone like this is your average non-technical entrepreneur, who is impressed by jargon and confidence and might not know the difference. So i’ll go over my personal spotting guide to good and bad sysadmins below.

In my consulting and work history, i’ve come across the Bad Sysadmin personality type more times than I’d like. The typical signs are refusal to document work, an excessive amount of jargon, hiding for large amounts of time in obscure projects, and a tendency to look at people as either allies or enemies. A huge indicator is a refusal to verify backups (usually it’s because they lied about making them). These people tend to cost more to a company than they’re worth for the rudimentary technical skills they can employ. Many of them are completely incompetent, and they use these techniques as a smokescreen to hide their deficiencies. Generally, the Bad Sysadmin will be incomprehensible to the average person, mostly because they have no true interest in sharing knowledge. Instead, they prefer to wield their limited knowledge as a weapon in order to appear infallible, instead of using their actual work to justify their existence.

A Good Sysadmin, on the other hand, will be happy to verify or give an update on their work for you. In fact, they’ll be thrilled that anyone’s actually interested in what they do at all. They’ll have strong attention to detail, and a desire to keep things well-organized and documented for their own reference and for others. They’ll typically try to avoid jargon, and will try to explain things in layman’s terms. They might be very proud of things that nobody else understands, but if someone genuinely is interested, they will make the effort to translate. If they don’t know how to do something, they’ll go Google it instead of trying to bullshit you. They won’t be overtly political, instead hoping for someone above to help them with their career. Generally, these sysadmins tend to be deeply involved with their work, and unfortunately are usually less visible in an organization than the noisy, political type. It’s not uncommon to find one Good Sysadmin quietly doing all the work in a group of Bad or just plain Incompetent Sysadmins.

I’ve seen too many of the bad ones, and too few of the good ones in my career. If you’re in a position of technical responsibility, please make sure to cultivate your own sniff test for Bad Sysadmins. It could save you from a long period of IT hell.

It’s a fairly frequent experience for everyone to come across an existing application of an idea they’ve had on the backburner for a while. However, it’s pretty rare to find one done so thoroughly and well that it’s just completely unnecessary to go and do it yourself.

FlashcardExchange does a lot of cool stuff that I wanted to build myself in a flashcard application. Among them are shortcut keys for navigating through decks of cards quickly, special self-testing systems such as incorrectly-answered only and even the Leitner file technique, and most importantly, the ability to share and search through existing sets of cards.

Really, the only thing in my vision that isn’t present on this or the other flashcard sites is the strong subdivision of flashcard sets by college or school class. However, I can see how making the site appeal more to generic collections of knowledge is particularly helpful in making it useful to the general public. Kudos to Culley Harrelson and FlashcardExchange for a job well done!

Except for the ridiculous domain name, everything else about The Fall was incredible. Thanks to Neil for the recommendation. I had an inkling that i’d love it when I saw the trailer; i’m a sucker for heavily stylized dream sequences. I kept getting more and more engrossed in the film as I was watching it, and I came away extremely impressed with the realization of this plot.

Trying not to spoil the movie is difficult; the basic premise is that a young girl with a broken arm befriends an injured man in a hospital, and he recounts an epic tale to her about several travelers throughout the film. Her imagination is rendered vividly with gorgeous, thrilling dream sequences, and reality and imagination blend in the way that reminds the audience of the vastly different world we inhabited as children.

The dream story is designed so colorfully and beautifully that it’s hard to describe. The most strikingly rendered details were those which were re-imagined from the viewpoint of the imagination of a child only partially familiar with the world of adults and the English language. In one scene, a group of secondary characters is said to have been found tortured and hung (oh yeah, this movie can be pretty dark). In the dream sequence, they are found roped together attached to the ceiling, hanging from the waist down as part of a macabre chandelier.

The darkness of this movie does not belie its inspiring effect on the audience that makes it through. This is a movie that makes you wonder if the creators have gone too far; placing a child in a role where she must deal with darkness in a way that is completely out of bounds for the moral preferences of modern America. Although this tack may have been responsible for its lack of widespread distribution, I believe the underlying message is surprising; that the imagination and love of a child is stronger than the darkness of growing up. And with that, I believe that I should give you my recommendation to go see this movie in the theaters before it is gone.