Earlier today a small group of people carried out an attack on two mosques in Christchurch, New Zealand. A lot of good people died. A lot of good people were injured. A lot of good people will never be the same. Three people have been taken into custody and people around the world are talking about yet another terrorist act carried out at a place of worship. There are always a number of questions that come up when an act of malevolence such as this takes place. Who were the perpetrators? What could have caused this tragedy? Were there any signs beforehand that people missed? Can it happen here? These questions are all valid, but rarely the one that I generally ask. When everything is all said and done, what I really want to know is why people are so angry at the world that they feel the need to lash out in this manner?

New Zealand Flag at Half-Mast

Mass shootings are nothing new, but they do seem to be more common. The first time I read about this type of incident in any depth was when the Columbine High School massacre took place in 1999. 13 people died that day, including both of the shooters. A string of copycats followed with people attacking schools, shopping malls, casinos, sporting events, music concerts, places of worship, and just about any confined place where people might congregate. The motives differ slightly. The objectives differ slightly. The backgrounds of the perpetrators differ slightly. The result is the same; lives are lost and questions are asked.

An article on The Guardian says that one of the perpetrators of today's shooting wrote a 74-page manifesto that read like a long rant lamenting the fact that some groups of people are not the same as other groups of people and how global mobility is eroding the monocultures that have long existed within known geographic confines. He wants people who practice Islam to live in "an atmosphere of fear" and spent two years planning today's attacks. Now he'll get to spend the rest of his life behind bars. So much of what happened today is beyond absurd. Try as I might, the leaps in logic that a person would need to follow to reach this sort of decision are just beyond me.

Later in the document, he purportedly1 describes himself as being a private and mostly introverted person, an ethno-nationalist, and a fascist. The first two descriptions are fine. The latter two have me wondering if perhaps the education systems around the world need to be overhauled, as these demonstrably bad ideas seem to be gaining momentum among pockets of semi-educated people. It is as though we have learned nothing from the hardest lessons from the 20th century.

Ethno-nationalism is a concept wherein the nation is defined in terms of ethnicity. The central theme of ethnic nationalists is that "nations are defined by a shared heritage, which usually includes a common language, a common faith, and a common ethnic ancestry". This works with microcosms living in isolation on islands surrounded by hundreds of kilometres of water, but completely falls flat in the world of today where a person can easily buy a plane ticket to the other side of the planet and leave in a matter of days or hours. A nation that is not open to globe trotters is not open to economic growth or a better distribution of wealth within society. Nations that exist in such isolation must consist of hunter-gatherer tribes, or be structured as a fiefdom, dictatorship, or communist state. This would mean that every nation would live as the people of North Sentinel Island, North Korea, or some hideous combination of both.

Fascism seems like a natural extension to ethno-nationalism, given its authoritarian ultra-nationalism characterized by dictatorial power, forcible suppression of opposition, and strong regimentation of society and of the economy. Every nation that embarked upon a fascist path in the 20th century killed millions of its own people in the process. I've had conversations with people who believe that Stalinism or Maoism is a good form of government, but none of these proponents would last more than a month in 1950s Russia or China before being turned in for "re-education". They have neither the smarts nor the cunning to survive for long in such a corrosive society2.

So where is the allure? What can drive people to honestly feel that the world would be better if everyone stuck together in subjectively distinct gene pools? What can push people to despise practitioners of a different faith? What can fill a mind with such despair that mass murder seems like a justifiable course of action?

I don't have the answer to any of these questions. The only possible remedy I see would be to change people's perspectives so that people get a better understanding of why the world is the way it is. With a little more perspective of the 20th century, people will be better able to say why so much of the world fought the wars it waged. With a little more perspective of the various forms of government, people will be better able to understand why most fascist nations collapsed within half a century. With a little more perspective of religion, people will be better able to understand that most people who follow a belief system are not interested in killing or dying. With a little more perspective of cultures — not just the culture we grew up with, but many cultures — people will be better able to appreciate the differences and find joy in the similarities.

With a little more perspective people might come to understand that life is unjust to everyone. Some people have a better time than others on occasion, but this doesn't give any of us the right to intentionally make it worse.

  1. I haven't read the 74-page manifesto myself, nor have I tried to find a copy of it.
  2. I say this knowing that at least two people I've discussed communism with will strongly disagree with me the next time we meet for coffee.

183 Days

On September 12, 2018 I started to write a blog post a day after reading about a little challenge that Jeremy Cherfas did about ten years ago where he would try to write a post containing exactly 100 words for 50 consecutive days. While I scoffed at the idea of limiting myself to just 100 words in a blog post1, I did manage to hit the 50-day mark on November 1st. From there I wanted to see if I could double that to 100 days, which I did, and then six months ... which I have just accomplished. Today marks the 183rd consecutive day where a blog post has appeared on this site and not once have I had to "cheat" by backdating or scheduling for more than six hours in advance2. This is a number that I really didn't think was feasible given the amount of time that I dedicate towards so many other goals.

How feasible might it be to go a full year without missing a day?

Thinking of the Near Future

Over the years there have been a number of blogging challenges that I've tried to set for myself only to fail in the first couple of weeks, so I'm not particularly keen on jinxing this daily groove that seems to be working. That said, there are a couple of things that I would like to aim for in order to make this effort worthwhile. Not all of these are specifically related to blogging.

  1. Use fewer commas - there are just too many in my writing, which I'll admit does lend to an easily recognizable style. It would be better to use longer sentences that do not rely on the same three grammar forms over and over and over.
  2. Keep the Five Things summaries - I like doing these on Sunday nights. There is no reason for them to stop so long as the casual format does not begin to feel like work.
  3. Publish some of the more creative efforts - There are a number of blog posts that I've completed to a certain degree and left as a draft. Some of these might actually be worth publishing, such as the slightly comical post positing "What kind of machine would Dominic Toretto from Fast & Furious use if he used a computer the same way he drove?"
  4. Enjoy the process - writing every day is not the easiest thing in the world. If I ever lose interest in putting something out on a daily schedule, then it would be better to fall back to an easier schedule or simply go back to posting at irregular intervals. Strained writing is not enjoyable to write nor read.

With these points in mind it will be my goal to make the next six months of writing at least as enjoyable as the first six. My grandfather never blogged, but he did write in his journal for over sixty years without missing a day. After retiring he would often paste newspaper articles on a page and then write his thoughts on the topic, which sounds a great deal like what a Quotation is in 10Cv5. Maybe I can consider doing the same after half a century of an unbroken publication streak.

  1. Naturally. Heck, I'll use 100 words just saying "Hello" to my dog in the morning.
  2. I did schedule the post on March 11th to be released at exactly 2:46pm, but this was the only one that was set to publish more than an hour into the future.

Over-Thinking Solutions

This morning on Ars was an article outlining a mobile application with a wide-open API and hard-coded passwords that resulted in some social media fireworks and hurt feelings. The security problems are the sort of thing that one might expect from a new developer or a one-person development group within a small organisation, but are by no means unique. Quite often I have stumbled across similar discoveries when joining or taking over projects at the day job and it just goes to show that creating secure applications is not at all easy but should be something we constantly work towards.

Security on the Table

Today I put the finishing touches on a new feature for an HR-owned project at the day job that is used by just about every employee at manager-level or higher across the globe. People have been asking for a way to upload files to the application, have them appear on reports, and make them downloadable to the appropriate people. In addition to this, the we need to know who downloaded each file and when. None of this is particularly difficult, and I decided to make the download mechanism a little more interesting by adding the following rules:

  • each download link must be unique
  • a link is valid for a maximum of 15 seconds
  • links must be used by the same account that requested them
  • links cannot be guessable

The HR system is running on a couple of Amazon servers and files are to be stored in a locked-down S3 bucket. In order for files to be downloaded, they must first be copied from the S3 bucket to the web server, then sent on to the recipient if they're using one of our white-listed source IPs.

So far so good, right? This is all basic stuff. So when I demoed the system to the HR people and a couple of senior members of IT, I was surprised by some of the questions that came back. After a couple of minutes, they asked me to step through the logic so they could understand how the whole process worked. This is what I told them:

  1. a list of files is presented on the screen
  2. a person clicks (or taps) the file they want
  3. the browser sends a request to the API asking for a link
  4. the API verifies the account has access to that file and creates a URL record, then sends the information back to the browser
  5. the browser opens the supplied URL in a separate tab
  6. the web server receives the request for the file, authenticates the request using session data, confirms the source IP is valid, and verifies the requested URL
  7. if everything's good, the web server copies the file from the S3 bucket to the server
  8. the web server records the file access in the database, preventing the URL from being used again and creating a verifiable audit trail
  9. the web server transmits the file to the browser over HTTPS, which acts as a standard download
  10. the file is removed from the web server

All of this happens in the blink of an eye for the most part, with the most time-consuming aspect being the actual file download. Everything else is just a handful of text characters moving between computers. After I finished going through the process not once, not twice, but thrice, someone asked a question: Don't you think this is a little over-engineered?


It would be far simpler for me to simply insist the S3 bucket be open to the web so that a direct link to the file could be shared, but that is incredibly risky when working with files that are associated with HR data. It would also be simpler to just copy the file to the web server if it doesn't already exist, and leave it there for any subsequent download request. This would save on database queries and ensure that an interrupted download could more easily be continued. Heck, either of these options would be much simpler to document and communicate to management, too!

But this is often why corporate systems are discovered to be terribly insecure. Just because something is simple does not mean that it's better. The reverse is also true, in that complexity does not necessarily result in security. That said, so long as I am putting my name next to the work, I'll do what I can to make the system as effective as I can, and the 10-step process I outlined to the managers appears to do the trick.

Later this week I'll write up some documentation that includes a visual depiction of the flow so that the mechanism is better understood by anyone at the day job who wants to know how it's done, and that someone will probably be me in six months when some feature request requires me to understand how the functions work. Do I over-engineer solutions? Most certainly. Is there a chance they'll leak data or otherwise expose the company to risk? Not so long as I do my job correctly.

One Step Closer

Earlier today I had a completely different blog post lined up to write for today about toenails but, after releasing 10C v5 build 19C124 , I figured that something a bit less icky1 would be better.

The 5th major version of the 10Centuries platform is inching closer to being ready with today's release of support for RSS and JSON feeds. These two elements are central to how blogs work and could have been released sooner, however, there are some distinct differences with how a v5 site will offer syndication feeds to subscribers. With a typical blogging engine there is just one syndication feed that people can subscribe to. 10Cv4 had a maximum of three if you configured a site for podcasts as well as a stream of social posts that could be fed into or some other system. Neither of these options are complete solutions that reflect how people might actually want to subscribe to a site, so this next version of the platform needed to be a little smarter and allow for dynamic subscription links.

Understanding the Problem

Many months ago, I would subscribe to a number of blogs run by prominent members of the IndieWeb community. The problem that I had was the "spam" that quickly accumulated in the RSS reader. Every post type would appear in the syndication feeds from some of these sites. Blog posts, links, books read, geo-tags, orders on Amazon, scads of social posts, and more. A person who was a dedicated IndieWeb proponent could easily have 100+ items sent out per day, which buries the things I might actually want to read from a person. There are plugins available for many blogging engines that allow people to configure separate syndication feeds to work around this problem, but this doesn't seem too common just yet. Given that I am more guilty than most of spamming timelines, the last thing I would want to do is force anyone to unsubscribe from my syndication feeds simply because everything was too much to parse. To this end, I decided to make it possible for 10Cv5 to have what is essentially a limitless number of syndication feeds available for people to subscribe to, each offering something different.

The problem with a limitless number of anything is that finding what you want can be quite the challenge. To this end, an update later this week will see the v5 themes given a special page just for syndication feeds where a person can choose what types of post they want to see in their reader. If a person wants just blog posts, there's a link for that. If a person wants blog posts and quotations, there's a link for that, too. Blog posts, quotations, bookmarks, and social posts? Yep, v5 has you covered. A simple page will be set up with toggles to let people choose what they would like to subscribe to, and a single link will be shown for people to copy and paste into their syndication client/service of choice. By default, the site's primary syndication feeds will show the same types of posts as the site owner decided to have on their landing page. The customization is really just for people who want more control.

What's great about doing this is that it will also be possible for sites to have special syndication links available for a limited group of approved readers, or unique syndication links for paid access to content, or randomly generated links that can be used in an effort to have just one reader per link so that a more complete picture of how many subscribers a site might have becomes possible2. To the best of my knowledge, no other blogging engine offers this level of syndication flexibility out of the box, so I hope it scratches an itch that others have had.

Almost Time to Move

Later this week I hope to move this website over to the v5 Beta server so that the system can get a semi-decent workout from a larger amount of traffic. There are about a dozen websites that are currently on the beta, but none are heavily trafficked. This site will add a few thousand hits per day, which will give me a much larger collection of performance metrics to know what SQL queries could stand to be tweaked, and what areas may need some attention. Before this can happen, though, there are a few items that need to be completed on the Anri theme:

  • the Operations Bar
  • post & page editing
  • file uploads
  • podcast integrations
  • viewing comments on a post page

None of these are particularly difficult, and two of these could be delayed slightly and not interfere with my ability to publish posts on v53. That said, the sooner these five items are complete, the sooner I can ask others to kick the tires and poke holes in my code. 10Cv5 has been in development for far too long and it really must be released sooner rather than later. People will complain about the lack of themes and the lack of site controls at first, but regular updates and the honest feedback I've come to expect from the community will allow the system to evolve into something that people might enjoy using in the near future.

Silly as it may sound, I'm starting to feel a little excited about bringing v5 out of beta and into a live setting.

  1. The post wouldn't have been too bad. I'm just really impressed with how often our bodies can fix themselves without any direct, conscious interventions.
  2. My hosted version of 10C will not do this, because it would constitute too high a degree of person tracking, but there are no limits to what a person running their own instance of 10Cv5 could do.
  3. Blog posts can be written and edited via the Social site, after all.

Eight Years

Today marks the 8th anniversary of the Great Tohoku Earthquake. While Reiko, Nozomi, and I were able to get through the disaster relatively unscathed, a lot of people were not nearly as fortunate. Buildings were destroyed. Towns were wiped off the map. Lives were lost. In the days that followed, the full scale of destruction and loss began to unfold as well as the media blackout imposed by the Japanese government on all topics related to radiation. The reactors in Fukushima that had suffered containment explosions showered radioactive dust across large parts of the country, including sections of Tokyo. Fearing an uncontrollable panic, the government kept the extent of the damage under wraps for months. Even today there are some things that the news organisations are not permitted to talk about, as an informed populace might try to hold leaders responsible for their secrecy.

Despite the contamination, the affected regions managed to organize, clean up, and restore as much as possible. As time went on, people forgot about or ignored the lingering concerns posed by the particles ejected from three nuclear reactors in Ōkuma, a city on the east coast of Fukushima prefecture. Some of us, however, continue to be cautious about where our food comes from.

For a lot of people it's the events of Friday March 11th that changed the direction of their life. For me, it's the days afterwards.

I was working at a startup in Tokyo at the time. Friday afternoons were generally slower than the rest of the week as people started to think about their weekend plans. Being Tokyo, there were a couple of small tremors in the morning and again around lunch, but something was different about the shaking that started at 2:46pm. This one was accompanied by the earthquake warnings that were sent to every cell phone in the area and, being a company that wrote software for cell phones, we had a lot of devices screaming about the impending Magnitude 9 event. The building shook ... and shook ... then changed direction and shook some more. Tiles on the stairwell wall came loose and fell, echoing all the way. My phone rang and Reiko told me to get out of the building, which I was in complete agreement with. Being on the third floor, this was relatively easy to accomplish.

Two minutes later the ground stopped moving and Tokyo was absolutely silent. People outside looked up at the buildings to make sure that nothing would fall on them. Cars were stopped at the side of the road. Electrical poles swayed. The moment of silence was then broken by the sound of sirens. Fire trucks, ambulances, and police cars were quickly mobilized. People made their way back into buildings.

Being Japan, my colleagues and I were told to stay at our desks as the day hadn't finished, yet. I was responsible for the server infrastructure of a popular Twitter client for flip phones, and this quake was going to see a much larger than normal spike in traffic. I hopped onto the server control panel and checked out the usage statistics. As expected, the spike was incredible. The servers did their job, though, and people were able to keep in touch with friends and family as the cell phone networks were overloaded, making phone calls completely impossible. Land-line phone calls were still possible, though, which is how I kept in touch with Reiko and her parents throughout the day.

At 5:00pm the president of the company told everyone to go home. By this point the roads were completely congested with 35-million other people trying to do the same. The trains were all stopped. The subways as well. Emergency shelters were overcrowded. Convenience and grocery stores completely emptied out, with just about every product on the shelves sold. My colleagues could all walk home. I might have been able to do the same, but opted to stay in the office overnight. This would allow me to keep an eye on the servers and ensure they could keep up with the load. More importantly, though, it would allow me to relax despite the endless series of tremors that shook the building every few minutes. I am not comfortable in crowds, and even less so when in crowds of anxious people.

Reiko and Nozomi were together at our apartment in Kashiwa, and we made use of MSN Messenger for the first time in years to keep in touch. The cell phone networks wouldn't come back online until the 13th, but data traffic was unaffected1.

Sleep was fleeting that night, as tremors ensured that everything that wasn't nailed down in the office would shake and rattle. One of my Tweets made it onto German TV, and the company's servers performed admirably. Traffic in the city was gone by sunrise and an eerie calm had descended. Tokyo, despite its tens of millions of people, was absolutely silent. Getting home wasn't easy, nor was it easy to find any good quantity of clean drinking water. We managed to make it through, though. Two weeks later, we moved back to central Japan.

Nozomi wasn't the same puppy after the earthquake. She became much more nervous and didn't want to be left alone for any length of time. It wasn't until several months later that she would eat food without our help. Sometimes I wonder about Nozomi's family as she is from Miyagi prefecture, just north of Fukushima. Were they near the ocean when the tsunami struck? Were they affected as severely as Nozomi? I don't know the answer to these questions, and maybe that's for the better.

Earthquakes are to be expected when living in this part of the world. Once is enough for me.

  1. Smartphones were not very common in Japan before the Tohoku Earthquake. However, after the troubles people had calling friends and family from their cell phones, iPhones and Android devices flew off the shelves. Within two years, the flip phone was a relic of the past.

  1. 1
  2. 2
  3. 3
  4. ...
  5. 282