The One Place to Hang Out

I've been making my way through this presentation by Maciej Cegłowski

Some kinds of services are just crying out for decentralization. Fifty years from now, people will be shocked that we had one social network that all seven billion people on the planet were expected to join.

Imagine if there was only one bar in Düsseldorf, or all of Germany, and if you wanted to hang out with your friends, you had to go there. And when you did, there were cameras everywhere, and microphones, and you were constantly being interrupted by people selling you stuff. That's the situation that obtains with Facebook today.

Surveillance as a business model is the only thing that makes a site like Facebook possible.

All the parts

Yesterday at JSConf 2014 we had a nodebots event. (We also had noderockets, nodeboats and nodecopters.) One of my favorite bots is below.

laserbot 2

 

We have a lot of different parts here.

Facebook sponsored the entire event. So props to them for making it happen.

laserbot

I'm still hunting down the maker to get more info, but it blows my mind how simple it was to put all the different parts together.

–Francis

Our Two Visions

I've been doing a lot of outward thinking* lately about Wizard Development's vision. "Vision" means a lot of things to a lot of people, so I should specify. To me it means the general principles and goals by which everyone in our company should guide their actions. I believe that, in general, everyone is a nice person and will try to act accordingly. However, having specific and clear goals will help everyone work together. Here are Wizard's:

Outward Vision: To help small businesses' dreams come true by building tools and applications which allow them to be more impactful in their business.

Inward Vision: To teach ourselves and each other to be the best developers we can be, and for our company to be a model of how we'd like our industry to operate.

People are solving problems all around us all the time. Small businesses are usually local and employ our friends and neighbors. By meeting the needs of their community small businesses  strengthen them. By moving their operations out of clunky tools (like Excel and email) and into custom applications, we enable them to do a lot more with a lot less. This should, in turn, benefit the communities they serve.

I speak a lot about wanting a diverse team. When I first explored starting Wizard Development, I wanted to hire a small and diverse team of senior developers so we could hit the ground running and tackle gigantic, complex problems. When you have a diversity of people, you get a diversity of ideas and ultimately that leads to a stronger team, stronger products, and just maybe stronger people. Unfortunately, diversity in senior developer roles barely exists. Software development has abysmal numbers in the categories of age, sex and race. This means that in order to get that senior team, I'm going to need to hire a diverse team of junior developers and help them grow.

I don't think I could do this without the help of my developer community. These people, many of whom I've worked with professionally and in Open Source software, have become my friends. A lot of them run events with the goal to educate and empower. Some of them have become amazing teachers. Others spend all their time solving problems for all our benefits. I want to link you to some of these people's work, but they have so many projects I don't know where to start. Most importantly we share some common values: Teaching, Learning, Inclusivity, and Acceptance.  I've already tapped a few of these wonderful people to help Wizard grow in both our business and our training. I can't wait to see how we can start giving back.

And so I'm putting my money where my mouth is and hiring a diverse junior team. My partner Sara just graduated from the Flatiron School's Brooklyn Web Development Fellowship (BK-000). During her 5 month course she introduced me to the brightest minds I've ever met. The Fellowship did the hard part of diversifying the industry —  they selected a class of students with a population representative of New York and gave them a fundamental understanding of computer science and web development. I had the luxury of watching them learn and seeing their curriculum, and I'm excited. They graduated two days ago and they are now entering our industry. My first job offers are going out to them.

I'm really looking forward to refining these two visions as we work together. =)

–Francis

* It's when I think about something and tell everyone about it, over and over.

Multiple Domain Tracking with Segment.IO and Mixpanel

At One Month, we've chosen to operate our app across several domains depending on what course you're taking. (OneMonthRails.com, OneMonthHTML.com, or the primary domain OneMonth.com)

As a result we broke a lot of our tracking that we do to figure out how people are using our site. We use a services called Segment.io that abstracts away a plethora of providers including Mixpanel, Google Analytics, and Customer.io. Segment.IO provides Analytics.js a nice well documented open source library. That we make a lot of use of.

Problem

The crux of the problem is that analytics.js and (and every service it supports) leverage a cookie to uniquely identify users. Cookies are local to the domain that served them. As a result you'll be identified as someone new on each domain of ours that you visit. If for example we wanted to see how many users were getting stuck trying to log in from the OneMonthHTML.com homepage. We wouldn't be able to tell who visited the homepage and then tried logged in, as the login happens on onemonth.com. We'd see them as new people during each step.

To work around this we'll need to move the responsibility of identifying users to a single domain. In this case onemonth.com. And we'll need to modify analytics.js to ask onemonth.com for the user's unique ID and use that on our other domains.

Cross-Origin XMLHttpRequest

There are a number of thought out security attacks around allowing javascript from other domains to run on your site. Because we own all the domains in question we don't need to worry about most of the issues. I opted to go for an asynchronous approach using Ajax and CORS. This required a little server side support. I'll save the details for another blog post, but you'll need a route on your primary domain that does the following;

— Returns a unique id for the user (saved in a cookie)
— Has the the proper CORS headers for your secondary domains
— This id should also be available for calls to `identify()` on pages served from your primary domain.

All this will enable analytics.js to ask for the ID of the user before sending tracking events. Now on our secondary domains we have the following JS.

It defers loading the analytics.js until we have an ID and forces the identify call to be processed before calls to `track()` or other functions. In a future version we'll probably write our own `track()` that doesn't processes until after after the user has been identified. Both approaches allow other parts of our app to track events without knowledge of our identify scheme.

Broken but solvable things

— Mixpanel Super properties are stored in cookies and don't follow across domains
— Initial referring domain on events often reflect one of our own domains

It would be cool if we could work this scheme and the fixes for super properties and referring domains into an extension of analytics.js. But that's something for next time.

–Francis

Wild West Mail Delivery in the Age of Bitcoin

If you saw me talk at ManhattanJS you know I have a dream about a decentralized mesh network that supports decentralized applications that cater to our decentralized behaviors.

There are a lot of parts to this dream, the hardware, the network, the software, the apps, the critical mass. All sorts of things. A ton of things. So I have to start somewhere. hackerchat should be the app with some plugable network backends. The two backends I have are one that works on the local network, and one that works over mesh'd xbees.

Say later we figure out a way to have a truly decentralized network. Say a cellphone to cellphone alternative radio network. (GoTenna seems to be doing this btw.) Maybe bluetooth to bluetooth? I like these ideas, they get us a Mobile Ad Hoc Network. We'll need a routing schemes that incentives efficient delivery and one that tolerates extremely high latency all while keeping security in check.

I'm going to start with incentivizing efficient delivery by leveraging a crypto currency (like bitcoin or namecoin) and it's blockchain.

I posted this to the bitcoin stackexchange.

The problem

I'm exploring having a bitcoin (or any blockchain) backed a distributed secure messaging system.

This is a peer to peer network that would pay for transport. In essence, it's the wild west, your key pair is your wax seal, and you've given someone $10 to deliver your letter back home to New York. I want to use Bitcoin to hold that $10 in escrow until the letter has been delivered.

I know Bitcoin can do multi-signature transactions but I'm not positive Bitcoin can do what I want, so I turn to this community.

Bitcoin gives us public and private keys for secure message delivery.
Bitcoin gives us the ability to pay people for transport.
We have 3 parties involved. A courier, sender and receiver.
We also have two transactions. One of the message from sender to receiver (or a key for said message), and one of the payment from sender to courier.
I'd like to ensure both transactions happen simultaneously. Without trust.

The Answer?

I got a cool answer but it required some trust. Over dinner I came up with a possible solution.

Seth wants to send Martha a message and is willing to spend 10 BTC to see it delivered. Charlie is happy to deliver it from South Dakota to Michigan at that price. Seth would like to ensure the message is delivered and Charlie wants to ensure he gets paid for his trouble.

They could do the following;

  1. Seth signs and encrypts the plaintext message (m1) to Martha into a cyphertext message (c1) using Martha's public key and his private key.
  2. Seth further encrypts the cypher text message with a nonce (n1) into a new cypertext message (c2)
  3. Seth builds a bitcoin transfer (t1) and adds the nonce (n1) to the transfers comment section and signs it. (t2)
  4. Seth then encrypts the signed transfer and nonce (t2) with Charlie's public key into a new message (t3).
  5. Seth then encrypts both the encrypted transfer (t3) and the nonce encrypted message (c2) with Martha's public key. This final package is good for shipping (c3)
  6. Charlie takes our package to Martha, it's a long trip but the 10btc is worth it.
  7. Martha decodes the package (c3) into it's parts the encrypted transfer (t3) and nonce encrypted message (c2)
  8. Martha gives Charlie the encrypted transfer (t3)
  9. Charlie decrypts the encrypted transfer (t3) into the a signed transfer and nonce (t2)
  10. Charlie tells everyone on the plant about the transfer (t2) including Martha. He wants to do this so people know he has the money.
  11. Martha takes the transfer (t2) and extracts the nonce (n1) and uses it to decrypt her message (c2) into the signed message (c1)
  12. Martha then decrypts the message (c1) again with her private key and gets Seth's letter (m1)

Lets see if I can make this a truth table;

Seth
(m1, seth_pk, martha_pub) => c1
(c1, n1) => c2
(t1, n1, seth_pk) => t2
(t2, charlie_pub) => t3
(t3 + c2, martha_pub) => c3

Martha
(c3, martha_pk) => t3, c2

Charlie
(t3, charlie_pk) => t2

Martha
(t2) => t1, n1
(n1, c2) => c1
(c1, martha_pk) => m1

The major problem I see is that this isn't composable. Charlie couldn't give the package to someone else and offer to pay them a smaller sum to complete the delivery. But I think we could switch this up so it could be composable. I also need to look into Bitcoin Contracts. Which gives a ton of power to a bitcoin transaction and might negate the need for as complex processes.

I keep thinking about the Diamond Age, it had some cool stuff about crypto and networks. Back to dreaming!

–Francis

NPM Wishlist

I don't write a ton of nodejs modules. I work on a few*, and I don't even work on them as much as I like. However I do end up using a ton of them. Here are some cool things I'd like to see that would make my life easier as a node developer.

Historical Versions

We see the latest readme, and the latest version number, but no info on the old versions. You'd have to go download them and check their readme's and and docs.

More support for docs

The readme is awesome but I'd love to be able to link to a doc site. The `man` option is cool but widely unused. Web docs may vary widely in quality and scope but they're googleable and have become a staple.

The 'directories.doc' directive mentions linking to a markdown formatted file that might get displayed in the future. That is also not widely used but would be a step in the right direction.

Finally I'd like to have versioned docs, I'd like to be able to see the readme and docs for a package at any point in it's life. Often I find a lot of modules in use that are out of date and even if there are good tests which might make upgrading easier, upgrading a module so the docs are relevant is silly.

That's it?

That's it for now. It's not a lot to wish for. NPM is in great shape and I'm quite happy with it. =)

–Francis

* johnny-five, node-serialport, firmata-pi

The internet is fucked?

On the NY Hack and Tell mailing list we've been discussing the recent news of Netflix paying Comcast for bandwidth. The two sides of the debate seem to be such;

Netflix had a cheaper inadequate backbone provider who doesn't have fast enough uplinks to major providers. Deals between providers can be anything they want, and Netflix just sidestepped the issue and got their own connection to Comcast.

Comcast is pushing smaller backbone providers out by pricing uplinks too high, forcing their customers to deal with them directly. Comcast is already being paid by their customers so this deal with netflix is essentially double dipping and sucks for competition and business.

James the instigator of this debate linked to a verge article that stresses making the internet a "common carrier".

Someone asked "If the internet were considered a utility, like electricity and water, would we be okay with metering it and paying per bit transferred?" and I had to jump in.

You know what? I would be. I'd be ok paying for what I use if there was a market that could set the price. Currently it's all about bandwidth speculation. For wholesale electricity there are 3 parts to your bill.

  1. The delivery fee, this covers the power lines and substations etc.
  2. The demand charge, this is calculated by the highest 30 minutes of usage during the billing cycle, they need to keep a % of that on hand in case you decide to spike again.
  3. The usage charge, the $ per kwh– this fluctuates as different zones have different transfer points with different limits and generators are all over the map. This is also public and available 24 hours to 15 minutes in advance depending on how you bill.

Commercial internet works similar to retail internet . I pay for the speed of my connection and I get to use it as much as I want. If I get a connection to a service provider I'll also pay them for an uplink to their backbone, data limits, speeds, who they're connected to, all factor into that contract. It's all upfront and I get to pick and chose. These two parts are of course often bundled together. If I'm in a datacenter already I may just be paying to patch a cable to another cage and then paying for the bandwidth. The key point is choice.

So we have an open market for commercial internet, just not retail. I'm curious what an open retail market would look like.

There are some great responses and I look forward to seeing where this goes. =)

–Francis

CORS issues always take 2 more hours then I think

Protip: Cross-Origin Resource Sharing headers are sent slightly different between Firefox and Chrome when hosts have a non standard port.

30 Years and Donors Choose

Today is my birthday. Last year you, my friends, helped me donate almost $4000 to both the Brooklyn Free School and Room To Read. It was amazing. I've never been so proud of everyone.

This year I turn 30. The gravity of this event has yet to dawn on me. However, more importantly I know what I want for my birthday.

DonorsChoose.org is a charity site that gives to teachers. The teachers express a need for equipment, DonorsChoose gets them a good price and presents a quote kickstarter style and we help buy it. Not only is DonorsChose a place to find teachers in need but they provide a great service by getting bulk discounts, and other savings. They vet the teachers and projects, and make it really easy to donate. I love it.

"Let everyone sweep in front of his own door, and the whole world will be clean." Johann Wolfgang von Goethe

For my birthday I'd like you to donate to a school in Queens. (My new home borough)
donorschoose queens

Here are some projects I like in no particular order.

These are teachers who are already teaching, they have the schools, the students, and the will. They just need some help.

And if you can't donate for whatever reason, I just ask that you tweet, share, email, this post to someone who might be able to. I'd like people to know this is an option for their neighborhoods too.

Thank you.

–Francis

Static Vanity Domains

I gave a quick lightening talk last night at Brooklyn Internets. In fact I sponsored the event. It's the first event I've sponsored and I couldn't have picked a cooler group.

There were a ton of great talks that night. And there was mine. I spoke on how to get a site up and running on AWS using Route53 and S3. I also go to show off my new website BlakeIsBeautiful.com.

You can find my slides from the night here.
DNS and You (pdf)

I wish I could have gone into more of the details of how DNS works but this was short and sweet. Also it highlighted some important facts about Blake.

I had a similar presentation about checkyourfuckingemail.com/ that I gave to the "Original Dev Team". It goes into a little bit more depth about how to setup the redirect from the naked domain.
Static Vanity Web Sites — An AWS Workshop (pdf)

As a sponsor I got to announce Wizard Development's Pairing Days. A weekly event I'm starting over the next few weeks. An in person pair programming session where we work on either open source projects or paid client work. I'll be your Project Manger and organizer and/or help you decide on what Open Source to work on. My intentions are to teach processes while we all learn to be better programmers. Being able to release features quickly is a skill that needs constant exercise, and it's a lot of fun.

More details to come!

–Francis

PS Here are the links I recommended looking into.