Chuggnutt!

Category: Online

  • Living in a cyberpunk dystopia is weird

    Living in a cyberpunk dystopia is weird

    Living in a cyberpunk dystopia is weird. Most of the time we don’t even realize we are. We forget because it’s become so mundane, but we live in a highly connected online society largely influenced by giant corporations, and not for the better.

    Cyberpunk is a subgenre of science fiction in a dystopian futuristic setting that tends to focus on a “combination of lowlife and high tech”, featuring futuristic technological and scientific achievements, such as artificial intelligence and cybernetics, juxtaposed with societal collapse, dystopia or decay.

    Cyberpunk plots often center on conflict among artificial intelligences, hackers, and megacorporations, and tend to be set in a near-future Earth, rather than in the far-future settings or galactic vistas found in novels such as Isaac Asimov’s Foundation or Frank Herbert’s Dune. The settings are usually post-industrial dystopias but tend to feature extraordinary cultural ferment and the use of technology in ways never anticipated by its original inventors (“the street finds its own uses for things”).

    Wikipedia: Cyberpunk

    It’s important to understand that “cyberpunk” as a genre and a concept got its start generally in the late 1970s/early 1980s, and enjoyed a popular heyday through the ’80s and early ’90s. Many—most—stories were written before much of the internet and everything that spun out of that even existed (things like wifi, webpages, smartphones, social media, and so on). William Gibson wrote Neuromancer without ever having used a computer; cellphones weren’t even invented yet.

    Go back and read some of those early works. Stylistically they are terrific, conceptually brilliant when done right, but much of the technology, extrapolated and imagined, well, it can be quaint.

    The point being, the online, near-future, “cyberspace” technologies imagined in most of those defining cyberpunk stories were for all intents and purposes surpassed in the mid-aughts. The cyberpunk “near future” is our “now future.” We’re living it.

    With that in mind, scroll back up and re-read that description again. We can pretty much tick every box. Artificial intelligence? Check. Hackers? Check. Megacorporations? Check. Extraordinary cultural ferment? Check.

    These don’t all look exactly like what was described in the books, of course. Instead of cyberdecks we have tablets and laptops; in lieu of cybernetic brain jacks, we have smartphones and wifi. But let’s face it: we’re living in a science fiction genre.

    And yes—dystopia? Check. Our day to day experience may not seem particularly dystopic, but taking a step back and looking over the big picture, there are definitely elements of a slow motion dystopia in action that come into view. Consider climate disaster, the creeping rise of fascism, the influence wielded over society by billionaires and corporations, the erosion and active suppression of individual freedoms, privacy, and education… Small pieces that we just live with, rather than the overarching dystopian societies of the genre, but still present.

    It’s a strange time, and just to top off this post and emphasize how weird it all really is, I asked ChatGPT to write a paragraph on this very subject:

    As we enter the year 2023, it’s becoming increasingly clear that the real world we live in is starting to resemble the dystopian cyberpunk futures that once only existed in fiction. From ubiquitous surveillance and the erosion of privacy, to the increasing influence of mega-corporations and the ever-widening gap between the rich and the poor, the signs are all around us. The world feels both familiar and alien at the same time, with strange new technologies and societal norms emerging faster than we can keep up. It’s a world where people are more connected than ever, yet more isolated and disconnected from each other. The pace of change and uncertainty is dizzying, and it’s hard to know what the future will hold. It’s a strange and surreal feeling to be living in a world that seems so out of step with the one we once imagined.

    There you have it.

  • Mastodon notes

    So I’ve been using Mastodon a bit for the past few months, and with the latest influx of users via the great Twitter Migration of Late 2022 I thought I’d jot down some of my notes on the platform.

    I have two active accounts, on different servers:

    • My personal one, @chuggnutt@mastodon.cloud, which I originally created in 2018 when Twitter’s dysfunction was becoming increasingly apparent.
    • The Brew Site account at @brewsite@mastodon.online, created earlier this year to start hedging my social media bets in earnest and also to work to expand the beer blog’s reach and learn the new platform in the process.

    The first thing all new users encounter when creating a Mastodon account is server (or “instance”) selection, which can be confusing and mystifying. It took a minute to get my head around the concept, but once I did, I realized that except for a few caveats, it doesn’t matter which server you choose. Here’s why:

    • Each server is running its own instance of the core software, and has its own set of rules.
    • All of them can connect and share data in a manner similar to RSS.
    • This interconnectivity, known in Mastodon parlance as federating, essentially consolidates it all into a more-or-less seamless social media experience, just like you’d expect without knowing anything about different servers at all.

    Now, here are those caveats I mentioned:

    • Because a server instance can be run by anyone, including bad actors, unsavories, and deplorables, you’ll want to check the rules of a given server before deciding if you want to join. Many of these “bad” servers end up being blocked by the good ones, and these good ones have rules of conduct. Pick one with good moderation and content policies.
    • With the spotlight on Mastodon and the big growth surge that’s been happening recently, some servers are undergoing growing pains and performance issues. For instance, the mastodon.online server that I have The Brew Site on is one of the popular ones, and its performance had slowed quite a bit at one point, seeming to be about 12 hours behind in updates. (Of course the next day it was much improved and working in close to realtime again.) It’s hard to know ahead of time which servers are going to perform better but it’s something to keep in mind; you may want to pick a smaller, newer instance to join that isn’t getting hammered.
    • If you decide you don’t want to be on that particular server, you can move to a new one and the process for doing so it supposed to be fairly easy, though I haven’t done it. One thing I’m unsure of for this process, however, is if you can move any content you created (posts, photos, etc.) to the new server as well, and if so how that works.

    I’ve been using both the website interface and the official Android app and find both to be perfectly usable and fine. For the web, I activated the “Enable advanced web interface” setting and I like it better than the default interface; it sets up multiple configurable columns for easier viewing and seems to be more responsive. You can enable this in “Edit Profile,” “Preferences,” and “Appearance.”

    Overall I like it so far; the multiple servers issue I mentioned above isn’t an issue for me at all (other than occasional performance) as my home timeline shows me posts (“toots” in Mastodon parlance, as opposed to “tweets” on Twitter) from every user I follow, regardless of what server they are on, and I can favorite (“like”) and boost or reblog (same as retweet) any of those posts just fine.

    I don’t notice any algorithm issues, because there are none; that is, there’s no algorithm showing you customized content. To be fair, I always view my Twitter timeline in chronological order and don’t let the algorithm mess with it, so there’s no change for me there.

    But hashtags (words prefixed with the “#” character, like “#hashtag” or “#craftbeer“) are super important on Mastodon, because the search features are more limited, and hashtags are one of the few things you can search for. So if you want any of your content searchable, liberal use of hashtags is key. Also, you can follow specific hashtags, similar to following people, which is something I’m still exploring.

    When posting images, two things to be mindful of: you should include descriptive “alt” text for the image, which is important for screen readers for visually impaired users; and images which could be considered sensitive should be flagged as such, which allows for people to decide to click to reveal an image they may not want appearing directly in their timeline for whatever reason.

    The alt text is simply another term for “text description” and it’s pretty straightforward to add a description to an image—either via the “Edit” button on the image, or even an “Add image description” option (or something similar). It’s good practice to caption all of your imagery this way to make your posts more accessible.

    I’ve been making sure to caption all images I’ve posted in this way, and so far have only flagged one image as sensitive on my @chuggnutt account; there’s probably an argument to be made about flagged pictures of beer as sensitive on @brewsite but I haven’t done much of that, except for setting “content warning” on my Beer Advent Calendar posts (emulating a surprise reveal each day).

    A lot of these best practices and FAQs can be found on Fedi.Tips, by the way, which I’ve found to be a useful resource.

    Content Warnings are the other area of note. I’ll just quote the Fedi.Tips site for these:

    Content Warnings (CWs) are optional Fediverse features which hide the content of a post behind a warning message. The post can be revealed by clicking on the warning.

    Content warnings are for any kind of content where the person reading may not want to read it right that minute, but they may want to read later. It could be something serious like upsetting news, or less serious like film spoilers. There’s also a very strong Fediverse tradition that those who are able to should use CWs when talking about emotive topics such as politics or religion. It is also often used for potentially “not safe for work” content such as gore or nudity.

    They’re very easy to add when you’re writing a post, and are entirely optional, though considered polite and considerate to use them.

    So is Mastodon going to replace Twitter? Yes and no. “Yes” in that many Twitter users, disgruntled with how the service and safety have degraded under the new management, are migrating to Mastodon as a potential alternative. But “no” because Mastodon is its own beast (so to speak), similar but different and isn’t trying to be Twitter. It’s just another step in the ongoing evolution of social media.

    I noted this fact on Twitter even, not long ago:

    Everything ends. And nothing is as ephemeral and transient as social media.

  • The best chicken article I’ve read in awhile.

    Actually this might be the only chicken article I’ve read now that I think about it. It’s long but really good. Did you know the Egyptians “mastered the technique of artificial incubation”? I did not.

    Oh, and don’t forget, chickens are basically the descendants of dinosaurs which is awesome.

  • Timeline of the far future

    On a similar topic to my previous post about the scale of the universe, I’ve been enjoying Wikipedia’s Timeline of the far future for equal amounts of mind-boggling scale. Really, once you hit 1020 years from now the numbers are pretty much meaningless to realistic human comprehension. But when you start hitting the exponents of the exponents? Like 10^10^50 (or to steal Wikipedia’s image: 10^{10^{50}})  then all you can really do is quote:

    Although listed in years for convenience, the numbers beyond this point are so vast that their digits would remain unchanged regardless of which conventional units they were listed in, be they nanoseconds or star lifespans.

  • The Scale of the Universe

    I realized I missed posting in April entirely(!), and I don’t like the look of the gap in the archive calendar, so I’m back-dating this entry.

    And you need to check this out, a Flash-animated Scale of the Universe that is simply mind-boggling. From the smallest structures known (quantum foam, the Planck length) to the largest (the size of the observable universe), that you can zoom in and out on, and it’s all to scale (relative to the zoom level). The coolest thing I’ve seen online lately.

  • Anatomy of a blog hack

    So, last weekend I found out that my blogs had been hacked.

    Actually, it wasn’t just my blogs, nothing personal involved or anything like that: the shared server space my sites were hosted on was compromised, and a good number of other sites and files were hacked as well. Based on what I can piece together, here’s what happened:

    There were a number of sites on this hosting space that were running out-of-date versions of WordPress, and some that also had various other PHP code installed (NetOffice, Gallery 2, a few others). Any software that is outdated is potentially at risk to known exploits, but more worryingly, I found an old bit of PHP code on the server that was set up to run arbitrary PHP code for (I presume) some back-end admin processing, and ultimately I think this was what had been exploited.

    And until I had found and killed this code, the exploit happened at least 3 times even as I was cleaning up the server.

    The exploit itself, once I knew what to look for, was fairly simple:

    • In PHP files that were writable to the Apache webserver process, the code was altered so that any line containing an opening PHP tag (which tells the server to start executing the code after it as dynamic PHP until the closing tag is reached) looked something like this:
      From <?php .....
      To: <?php     eval(base64_decode('malicious code encoded here')); .........
    • When I copied this code to a sandboxed PHP environment and decoded it, it contained fairly simple instructions:
      • If the visitor to the site was coming from a Referrer—in other words, if they had clicked on a link from another site like Google search results, Facebook, someone else’s blog—they were redirected instead to a completely different site that presumably contained spam, or malware, or whatever.
      • If the visitor was coming to the site directly—they had typed the URL directly into the browser’s Location bar, or clicked on a bookmark—then they were passed on through to the site.
    Because I normally type in URLs to my blogs directly, or click the “recently visited” link in Chrome’s list, I didn’t see the exploit at first. But as I was writing a blog post on The Brew Site on Friday the 20th, I was searching out a link to a previous blog post (gotta love Google for that) and when I clicked that link to pull up the earlier post, I was redirected to some site in Poland (or at least, with a Polish country code for the top-level domain).

    Fortunately, I don’t believe this hack was in place for long, since I often search out links in this manner and would have noticed sooner: Sometime in the wee hours of the morning of January 19th was when the files were first modified is the earliest I can determine.

    It took me a bit of time to figure out the exploit (at first I was thinking it was the Google 302 hijacking exploit), but once I did I was cleaning up files on my blogs by Saturday morning. I hadn’t yet had the chance to address the (many) other files and old sites on the server hosting space, so unfortunately my blogs got re-infected at least once more before I was able to kill the old files and update others. Most of my weekend (and part of the following week) was spent updating, fixing permissions, cleaning, and deleting files and sites.

    For reference, a handy pattern for detecting this code in grep is:

    grep -R -l 'eval(base64_decode(' *

    (This should always work because you should never have similar PHP running in your legitimate code…)

    Now, I keep my WordPress blog software (and installed plugins) up-to-date pretty religiously, and I try to keep permissions set appropriately. But a good number of files in each blog were infected even so—how? It turns out, even though a fair number of the core files that were originally installed (manually) had the correct Unix group (“<account>:users”) and permissions of 644 (rw- r– r–) and were untouched, I was also making liberal use of WordPress’s built-in auto-updating feature, along with automatic plugin installation, and at some point the files that WordPress were updating got set to the “nobody:users” group—the Apache webserver process. It was these files that were exploitable to the “nobody” Apache process that was being exploited by the other code on the server. (Along with the few files I had set to group-writeable as well.)

    So, lesson learned. I’ve battened down the hatches, fixed the permissions on all the files in my sites, and have decided to forgo WordPress’s auto-installing and update features for now for good measure. And, I’ve finished up a (long overdue) move of my blogs to a new webhost with none of the legacy code possibilities that were extant on the original server. (Nothing against the original web hosting provider, I just needed a clean break with an affordable price.)

    Of course, you all let me know if you still run into any problems, okay?

  • The best thing I’ve seen lately

    Just in time for Halloween!

  • Twitter cleaning

    I figure I need to clean up my @chuggnutt Twitter account (and probably the @hackbend and @brewsite ones as well).

    Not that I have an extraordinary number of followers, or people I’m following—522 and 425, respectively—but I realized there’s a fair amount of “noise” on what amounts to my personal Twitter account and there are accounts I’m also following on either @hackbend or @brewsite, and I don’t really need to see redundant tweets.

    So I’ll be going through my personal Twitter account and weeding out accounts I’m following, and figure if anyone’s using something like who.unfollowed.me and gets offended that I unfollow them, I can at least point to my criteria:

    • If the account hasn’t had an update in 2 months or more, unfollowed.
    • If I’m also already following that account on @hackbend or @brewsite, I’ll unfollow on @chuggnutt.
    • Unless it’s someone I know personally, or have interacted with on @chuggnutt more often, then I’ll keep the (redundant) follow.
    • Of course there are accounts I just find interesting even if I never interact with them, so I’ll keep following those.
    • If the account seems spammy, or keeps posting repetitive tweets, unfollowed.
    • If the account is something like a brewery that I’m not already following on @brewsite—or a Bend business or similar I’m not already following on @hackbend—I’ll follow on those respective accounts and unfollow on @chuggnutt.

    I’m not too worried about the followers to my account; it’s been awhile since I’ve had to do a bot/porn sweep and block accounts, and I haven’t really seen any I’d consider blockable come through lately.

    …I should probably go through and clean up my Facebook sometime, too.

  • Pandora

    The last several weeks I’ve been checking out Pandora, the “Internet Radio” site that lets you build custom stations of music based on your personal preferences (and provides a live stream of said music). You can give it artists or genres to choose from, and from there—and based on what you tell it you like and dislike in real time, as the music plays—it figures out other music to play for you.

    So far it’s remarkably good. It’s like magic.

    (Yes, I am well aware that by writing about Pandora now, in 2011, I’ve missed out on something like four or five years of its existence. One might say I missed the boat, and am now late to the show. I’m all right with that.)

    Now, I’m not a big music guy—most of the time I listen to whatever’s on the radio in the car while driving to or from work, and I’ll play the occasional CD (I do own a few). I like music, it’s just more of a background to my life, and I don’t invest a lot of time into it. But with Pandora, it tweaks just the right buttons—I’m as interested in the algorithm behind what it will pick for me next as in the music itself. So I’ve been letting it play in the background at work and generally marveling at it.

    I’ve only created one station thus far, but since it lets you create different stations I’m fascinated by the potential for creating other, vastly different ones based on mood (for instance).

    It’s kind of cliché to say, but this is one of those internet technologies that just works, works well, and makes me feel like I’m living in the future.

  • Tools of the trade

    It’s been awhile since I’ve posted anything overly technical here, but it strikes me that a “snapshot” of what I do (for work) and how I do it (the tech) might be useful to some.

    What I do is web development for Smart Solutions here in Bend. Smart Solutions is a web and software development company and the company essentially has three main divisions: custom software development, SEO (search engine optimization—I know, that’s another post), and web development. All these “divisions” work pretty closely with each other—there’s a lot of line-blurring, actually—but for the most part developing websites for clients is what I do.

    The platform we develop for is Pixelsilk—the custom Content Management System (CMS) that Smart Solutions developed from the ground up (and is still developing). The marketing pitch is, it’s SEO-optimized, gives you full control of your HTML, gives you all the tools you need to interact with social media, etc. etc. etc. Move past all that and get to the meat of it, and the primary things I really like about Pixelsilk is that you interact with all of your content and data inside of the system (rather that working with offline files that need to be FTP’d to various places), there’s a powerful and comprehensive Javascript API (giving me the capability to extend the system in new ways), it gives you the ability to re-use code and libraries, and that it’s entirely web-based—-meaning I can work on a site from any browser.

    I’m also the company’s defacto WordPress developer—yes, we host WordPress blogs in addition to Pixelsilk sites—and a few other PHP applications so I still get a chance to flex my PHP muscles every now and again. (Smart Solutions is otherwise a Microsoft and .NET shop.)

    Of course, I use a number of additional tools to develop for the web, and that’s what this post is really about.

    What I use is a mishmash of online and offline tools. In the “offline” category I make use of:

    • The GIMP, open-source graphics software. Free to download, and fairly powerful, there’s still a lot I’m learning about it, but I do most of the graphics work I need to accomplish with it. (Photoshop is the standard for the company, but I’m not versed in it.)
    • Microsoft Visual Studio, various flavors. Sometimes moving the HTML/Javascript/CSS into an editing tool is easier to deal with, and I frankly like the Visual Studio editing environment best of the various programs I’ve tried for these types of files.
    • PHP Designer. I actually use the (older) free version because, well, it’s free and does what I need, it’s fairly lightweight, and it has the same kind of keyboard mappings and editing environment as Visual Studio.
    • Notepad. Yes, a stripped-down plain text editor. You’d be amazed at how much I have this open.
    • FileZilla. Yes, sometimes you still need an FTP client, and FileZilla is a good free Windows client.
    • PuTTY. A great free SSH client, because I spend a non-insignificant amount of time on a *nix command line.
    • Apache/PHP/MySQL: Installed on my Windows boxen as test environments. Pretty critical especially when developing WordPress themes.

    Online:

    • Google Chrome and Mozilla Firefox as my primary browsers. I actually use Chrome as my primary while at work and Firefox while at home; these are both highly standards-compliant web browsers and I know if I can get something to work properly in them, then that is in fact how it should work. Chrome has some great built-in development and inspection tools; in Firefox I employ a number of extensions.
    • Web Developer (Firefox plugin): A variety of pretty essential additions in toolbar format for all aspects of web development.
    • Firebug (Firefox plugin): Probably the #1 plugin I would recommend; it adds code inspection, network information, Javascript debugging and inspection, and all manner of incredibly useful tools—you can’t be a proper web developer without this installed. (Chrome’s built-in tools come pretty close to this.)
    • Page Speed (Firebug add-on): A fantastic add-on to Firebug that analyzes the overall page performance (using Google’s recommended benchmarks/tests) and gives you hints on what you can improve.
    • Header Spy (Firefox plugin): Shows HTTP headers on the status bar, useful for troubleshooting server information.
    • AFOM (Firefox plugin): Incredibly useful plugin for the Windows version of Firefox which fixes the memory leak prone to Windows Firefox.
    • Internet Explorer: Of course, you can’t develop for the web without checking your work in IE, and IE8 has a decent set of developer tools built-in—including the ability to switch between IE7, IE8, and Quirks modes.
    • W3C Validator: Because you want to make sure your site code validates and works properly, right?
    • jQuery: The best Javascript library out there. If I’m doing anything in Javascript these days, 99% of the time it’s using jQuery.

    There is of course other tools I use that fall primarily under the heading of “my own sites” and are not necessarily web development per se: Google Analytics and Google AdSense are two examples. That’s probably another post.

    This list is likely incomplete—I may have missed an item or two or three, and if I think of any I’ll update it. But this gives an idea of the various tools I’m employing currently and to a large extent what I’d consider the minimum number any good web developer should be using these days.