Cogito, Ergo Sumana
Sumana oscillates between focus and opportunity

(0) : Technothriller Book Review Partially In The Form Of A Python Exercise:

cover of 'Hackster'

I am glad I read Hackster: The Revolution Begins..., a technothriller by Sankalp Kohli and Paritosh Yadav taking place in modern-day India. It's plotty and passionate and tense, and it's about Indians to whom India is the center of the universe. But it's also got major problems. Here are some quotes:

It was now time to attain answers. And he had found his answers in SNAGROM -- a device conceptualized by his father, but built and made operational by him with a few modifications to avenge the death of his patriotic father who had sacrificed his whole life for the progress of beloved country, India, only to be publicly humiliated and pronounced a terrorist with links to Pakistan's ISI by the ruling party of India, The Democratic Alliance Party. [p. 23]

Mr. Bedi, Vikram's father, was a scientist. He had the unique ability to solve problems by using concepts of one domain, into an altogether different one - something which most academicians couldn't do. His papers and theories on early meta-systems had brought a fresh perspective and direction into the scientific community. In his papers, he reduced the bigger problems into simple ones. He put it very simply, a meta-system is a system based on other systems. [p. 35]

Arjun could feel this guy getting to him.... he was not a person who took even the smaller defeats sportingly. For him defeat was accompanied by a splurge of vengeance. [p. 68]

"It seems like he had conceptualized a system that replicated the modern day concept of Big Data trackers and used it to come out with trends which were closer to reality." Vikram whispered to himself. [p. 78]

But, was it all because of one man? How could a single man cause so much havoc? It must have been 'the system'. [p. 111]

For ten years, he had used his peculiar ability to suppress all sorts of mutiny within the alliance with an ease that always surprised everyone around him. Nobody had ever seen him running across the country to meet the influential people in times of crisis. He would simply make a private phone call and follow up the next day. The matter would be resolved. [p. 152]

So I didn't love the prose or the characterization. And one plot thread in Hackster disproportionately bothered me.

In the scene below, two guys are investigating a break-in by Vikram, a super-elite hacker. Vikram broke into the Srinagar police department's "criminal database" to remove his friend Ashfaq's name from "the list of arms dealer with a pending investigation" (sic). Initially, police investigators had overlooked the incursion: "They termed it a routine hack failure." [p. 17-18] But this new anti-cybercrime unit digs deeper. For context, both authors of Hackster have MBAs, one "in the field of telecom technology," and in the Acknowledgement they thank someone for cybersecurity advice.

"He deleted one entry and then used a jumbler on all the others."


"After deleting the entry, he covered his track by jumbling up the names of all the people in the list. I tried running a point to point match between the shuffled copy of this list with an older correct copy, but none of the names matched. In short the whole list is corrupted, and we will not be able to make anything out of it easily. It is a long list. It has too many names. This guy is a genius." [p. 51-52]

But then Aarti, a top-shelf cybersecurity expert, succeeds at extracting the name "Ashfaq Ahmed Karim":

"He didn't know that entire data of servers of police department gets automatically stored in tape drives at the end of each month. These tape drives are detached from the servers and are stored in a secret location. I took out an older version of Illegal Arms Dealer List from the backup tape drives and then wrote a program to match each word of the older list with the newer one and rearranged the new list accordingly."

Sumit and Rao watched her with awe as she continued further, "Even the most advanced computer of ours took two days to complete this activity and give us this one name. This one lead should help us to take a step closer to our target." [p. 82]

My suspension of disbelief at this point broke so hard that it sent shards into nearby brick walls, where they remain, softly vibrating. I'm willing to set aside, for the sake of fiction, how badly guarded this data is, and why does Aarti have to go to the tape drive if there's an older version of the list more readily available, and why are they acting like this is a giant string rather than a set of rows in a table in a relational database and thus amenable to additional forensic techniques. Even so: this kind of puzzle is practically a junior programmer's intro-to-Python exercise. You could do this in bash; you could do it in Excel. And unless the Srinagar police department is tracking pending investigation against literally millions of arms dealers, a bog-standard developer's laptop could run that script in, mmm, 20 minutes. is 31 lines including commentsHmmmmmmmm, how long would it actually take? I decided to try to replicate this, without even trying very hard and while listening to a Taylor Swift album on repeat. I took the 417 names from the Nielsen Haydens' old blogroll, put them into a file separated by newlines (bloggers-archive.txt), and then removed one name, and saved the new file as bloggers.txt. Ah but now I want to obfuscate it! So I pulled all the names apart into their component words and shuffled them randomly and then wrote that back to a file (code: The new, jumbled list looks suitably forbidding:


My script does not bother to "rearrange the new list accordingly" because what Aarti really wants is the missing name. spits out the two words in the missing name, and it takes 0.04 seconds to do so on a ThinkPad. And I'm bone certain I could optimize performance further.

This points to an asymmetry I had not previously noticed regarding what will and will not break my suspension of disbelief. When I'm reading scifi or technothrillers, I am reasonably fine with magic zoom-enhance, encryption, robotics, and other implausible advances. I can deal with it if you have way cooler toys than exist in my world, if you tell me something hard for me is easy for you. But if you try to tell me that something easy for intermediate-skilled me is hard for hella competent world-class experts with best-of-breed gadgets, I laugh, because you're ridiculous.

I am married to a programmer whose code has literally been used to catch an illegal arms dealer. I highly doubt this repository is going to have a similar impact. But hey, I learned something new about my genre reading conventions and I practiced my Python 3.

Filed under:

(0) : How Knowledge Workers Can Learn More About Open Source Tools They Use: Yesterday I spent an hour teaching a woman whose nonprofit wants improvements to their current Drupal setup, especially around content approval workflow and localization. She wanted to understand more about how Drupal works so that she can understand the potential problems and solutions better, and be a better partner to her technical colleagues.

I talked with her a little about those specific questions, but most of what I taught her would be appropriate to any knowledge worker who wants to learn more about an open source web application. I pointed her to some resources and figured they were worth mentioning here as well.

Since she may end up with a test server so she can play with Drupal modules and configuration, I also talked with her a bit about what it means to ssh into a server, the fact that she will probably have to install new software (a console or terminal application) on her Windows computer in order to do that, and the basics of how public key infrastructure and SSH keypairs work, and why they're more secure than just using a username and password. I did this without notes or links, so I don't have any to offer here; perhaps you have a favorite explanation you'll share in the comments?

Overall in these kinds of conversations I refrain from saying "do this" or "do that", but I did share these two bits of wisdom:

  1. When you generate a keypair, the .pub file is the one to give other people, and the other one you keep to yourself.
  2. Make an effort to remember that passphrase. Otherwise you will be unable to use your key, and you have to have a slightly embarrassing conversation where you say "here's the new .pub because I forgot my passphrase for the old one," and it delays whatever you were going to do. But I showed her my ~/.ssh directory with all those old keys I can no longer access, and told her that if she does end up needing to make a new keypair, she is in good company, and basically everyone with an SSH key has gone through this at least once.

We talked about getting her a community of practice so she could have more people to learn from. She now knows of the local Drupal group and of some get-togethers of technologists in her professional community. And she has some starting points so she can ask more productive questions of the technologists within her org.

And this stuff is frustrating, and if you feel that way, that's okay; lots of other people feel that way too, and maybe it just means you need to try a new approach.

(0) : Marconi Plays The Mamba, Listen To The Radio: screen capture of 'Another Sunday'When Leonard and I lived in the Bay Area and drove south to Bakersfield to see his mom every few months, he got a satellite radio subscription. I'd navigate the music channels and look at the device to see the name of the artist and ask him to guess. When he couldn't tell, he often guessed "REM" (for loud stuff) or "Belle & Sebastian" (for quiet stuff).

Right now I'm working on an ambitious fanvidding project and am thus watching a bunch of other ambitious fanvids (e.g., chaila's "Watershed", danegen's "Around the Bend", counteragent's "Coin Operated Boy") to take notes on technique (e.g., exactly how many 100%-dark frames serve as a good stutter in frightening montages, versus how many blank frames help reset the eye and prepare it for a new sequence). Just now I was watching "Another Sunday" by Jescaflowne, set to "We Built This City" by Jefferson Starship. I checked the timecode scrubber. "Hey Leonard," I said facetiously. "Did you know that rock songs used to be four and a half minutes long?"

He looked at my screen as we made up Freakonomics-worthy nonsensical explanations of why this used to be the case. "What show is that?"

"Stargate Atlantis."

At this, Leonard developed a hypothesis that Stargate Atlantis and Supernatural are like REM and Belle & Sebastian, viz., if he can't tell what fandom a vid is, and there are spaceships and lots of guns, it's SGA, and if there are no spaceships and nearly no guns, it's Supernatural.

As a data point, I've watched zero SGA and one ep of SPN ("Fan Fiction"), but have spent happy hours enjoying fic and vids about both, particularly the critical readings -- if you're waiting for Ann Leckie's next Ancillaryverse installment, you could do worse than reading "Second Verse (Same as the First)" by Friendshipper/Sholio. I wonder whether the same thing will happen to me with Teen Wolf.

Filed under:

(1) : La Con De Python: I spent a good chunk of this month at PyCon in Montréal, watching talks, seeing people I rarely get to see, and working on Mailman. My stay in Montréal felt homey thanks to Jo Walton and Emmet O'Brien, who put me up in their place for the duration. Much thanks, Emmet and Jo!

It was wonderful getting to sprint with the rest of the Mailman team, some of whom I'd never met before. I'm grateful to the Python Software Foundation and the PyCon sponsors for arranging the venue and food; one can attend the sprints at no registration cost, and I thoroughly appreciate that. I wrote a few patches, told other attendees about the upcoming release and got them to come test the install, and did a great deal of testing and bug-reporting myself, and generally a bunch of release management. I had the privilege of discovering a funny bug, although I wish the bug didn't exist since it prevented us from meeting our goal and shipping 3.0 by Thursday. (A 3.0rc1 release is imminent!)

On the last day of the sprints, I started a keysigning. I think every keysigning I've ever participated in has included philosophical and engineering questions about the usefulness of keysigning parties, why we bootstrap an anarchistic web of trust using government-issued documentation to authenticate people, the difference between "I control this key" and "I am the person whose passport this is," and the anti-mnemonic powers of gpg command-line flags. I feel as though there ought to be, and perhaps is, a haggadah for this ritual that incorporates these questions. I can't exactly remember this exemplary exchange from Thursday, but it went something like:

Me: I wonder what I would learn if I tried setting up my own keyserver.

Debian guy: You would learn that the system is utterly ripe for abuse and that we're just lucky no one has seriously tried it yet. It's an append-only distributed database, after all.

Me: (Pause.) I think I had already learned that particular social lesson and I was thinking more of the technical lessons.

Debian guy: Ah! Yes, there are some interesting backend protocols involved....

This was the longest stretch I've ever spent someplace Francophone, and I felt my high school French coming back to me day by day; towards the end I was able to put together "J'ai perdu un chapeau bleu" or "Je voudrais acheter cette chose" with tolerable facility. (I did indeed lose a blue hat that I bought in Washington, DC in 2001 just before I left for my trip to Russia; we had a good run together and I hope it ends up with someone else who likes it.) I have never played Flappy Bird, but I understand that a single error ends the round; similarly, bad French in Montréal is a sudden death game for me, in which a single mistake or even a tilted head while parsing a response can cause the interlocutor to switch to English. Like many people with one dominant language fluency and a lot of language smatterings, I find the wrong language's vocabulary springs to mind at inopportune moments. A caterer was serving me food; I couldn't remember the polite French for "that's enough" and my mouth wanted to say "ಸಾಕು" instead. Similarly, "mais" and "et" no longer come as naturally to me as do "но" and "и". But I have it easy -- evidently this is even less convenient when one of the languages is ASL!

The next PyCon North America will be May 28 - June 5 2016 in Portland, Oregon; this overlaps with the Memorial Day weekend in the US (May 28-30) which means it will probably conflict with WisCon's 40th anniversary, and I already have plans to hit WisCon 40. I hope to finagle schedules so as to attend WisCon in Madison and then fly to Portland to participate in post-PyCon sprints. But that might be too much spring travel, because what if Leonard and I want to do something special in April to celebrate our tenth wedding anniversary? What I am saying is that adulthood sure does have a lot of logistics involving calendars.

: New Takes On My Published Writing: My Crooked Timber guest post on codes of conduct, freedom, governance, contracts, and copyleft software licenses has attracted over 200 comments. Many of them are thoughtful and interesting, and worth at least a skim if you found anything useful in the original post. For instance, can we compare mindshare to other forms of property? And what do we do to legitimately obtain the enthusiastic consent of the governed? Some of them have old or new perspectives on Adria Richards or Linus Torvalds. And about five percent of the comments are gross, hurtful, or laugh-out-loud wrong on multiple axes, e.g., "The FOSS world is not asking for codes of conduct, she is seeking to thrust them upon it." I shall be mining those for use in my stand-up comedy routine at AlterConf in Portland, Oregon in June.

Also, the code4lib Journal asked for me to turn my code4lib keynote from 2014 into an essay, "User Experience is a Social Justice Issue", for their special issue on diversity in library technology. The new article includes some contextual introduction and a retrospective with links to related work by others in the past year. You can comment there.

: Crooked Timber Guest Post on FLOSS Licenses and Codes of Conduct: The social sciences group blog Crooked Timber has published my guest post, "Codes of conduct and the trade-offs of copyleft".

A lot of open stuff -- such as the Wikimedia/Wikipedia and Linux projects -- are discussing or adopting codes of conduct, or expanding their existing policies. I'll reveal my biases at the start and say I think this is a good thing; for more, read my speech "Hospitality, Jerks, and What I Learned". But in this piece, I want to talk about the similarities and differences between codes of conduct and a set of agreements that some of these communities are more used to: "copyleft" or other restrictive software licenses. And I'd like to draw out some ways that the kinds of acts and artifacts that these policies cover reveal different attitudes towards contracts and governance.

Also I make silly references to Antitrust and Ducktales while oversimplifying free software licenses and political theory. So check it out.

Much thanks to Skud for an initial conversation about face-to-face versus online codes of conduct; my article, in the end, barely addresses that, but it was a seed for this piece. Thanks to Henry Farrell of CT for editing and publishing my guest post. And thanks to Naomi Ceder, Paul Tagliamonte, Leonard Richardson, and several other people who talked about this topic with me or beta read bits or drafts of the piece -- of course, all errors are mine.

Feel free to comment over at Crooked Timber!

: PyCon 2015: Today I am heading off to PyCon North America 2015 and am looking forward to sprinting on Mailman! You can now read my LWN piece on what'll be new in the 3.0 release as it's out from behind the paywall.

Many fellow Recurse Center-affiliated folks are giving talks at this year's PyCon, in case that's something you seek!

If you're going to be in Montréal as well, perhaps we'll pair program on something together! That could be fun.

2015 April

10 entries this month.

Categories Random XML

[Show all]

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Permissions beyond the scope of this license may be available by emailing the author at