In that time, a lot of great things have happened. I hit the ground running with my job. I was part of a mobile dev team, from which I learned A LOT. I’ve worked on multiple side projects that have garnered modest publicity. I was on the front page of some of the world’s most read online publications (that literally caught the eye of more than 2.5 million people). I’ve got some amazing people in my life now that I didn’t even know one year ago and I can’t imagine living without. I could go on and on.

It’s been a good year. No, it’s been a great year. But I’d be lying if I said I was content. There are many reasons for that, but I won’t bore you with them. Rather I’ll leave you with this: Where do you see yourself in five years? Why are you waiting five years to get there?

I’m cheap

I admit it, I’m not one to often purchase apps. It’s not that the price is too high, it’s just that I don’t find myself to be very productive on my iPhone. It’s usually not worth the money when I can often complete a task more quickly on my laptop–and for free. Despite all this, CodeBucket had good reviews so I decided to buy it for the negligible price of $1.99. Or so I was told.

Buffering…

It wasn’t until two days later, Tuesday, that I received an email receipt from Apple for my purchase. Here’s a snippet from that receipt:

First of all, why the hell did it take two entire days for me to receive an emailed receipt? The purchase happened on Sunday, the receipt is dated Monday, and I get the email on Tuesday? Perhaps the internet tubes were filled in Cupertino this weekend. But, whatever, I can live with it. It’s not like I was eagerly awaiting my receipt so that I could keep my books in tip-top shape.

What’s up with that?

The second issue here is a bit more bothersome. As I mentioned, I thought I was purchasing an app for $1.99. Apparently a 6.5% sales tax was applied to this purchase, bringing the grand total to $2.12. Now, my issue here isn’t with the fact that I had to pay tax; that doesn’t bother me. The problem is that I was never told that I would be paying tax on the transaction. The price read $1.99 so I assumed I would pay $1.99. There was no final confirmation to make sure I agreed to a grand total–it just went ahead and applied the tax and charged me.

I consulted the iTunes Store Terms and Conditions, and sure enough it’s in there:

Your total price will include the price of the product plus any applicable sales tax; such sales tax is based on the bill-to address and the sales tax rate in effect at the time you download the product. We will charge tax only in states where digital goods are taxable.

Apparently Ohio enforces tax on the sale of digital goods. I was unaware of that. I did a quick ctrl+f on the Wikipedia page, and Ohio didn’t come up. I guess Apple knows more than me about taxes. Regardless, it’s a common courtesy to let a customer know just how much they’re paying for something before they actually pay. Oh, and an emailed receipt really shouldn’t take two days to deliver. But I guess when FT 500 says you’re the most valuable company in the world, you can do what you want.

This isn’t the same as the dotcom bubble

In the late 1990′s and the early 2000′s, we had the dotcom bubble. Every other day, a new IPO was launching for some web company. Excitement was bountiful, and it seemed like a fool-proof move to invest in anything that ended in “.com.” Some things were great. After all, the economy was surging at the time and companies like Amazon made the scene. But, as we soon found out, there wasn’t much to back up this excitement. Eventually, companies like Pets.com realized that having a website wasn’t equivalent to having a business, and the bubble collapsed. Investors pulled out, stock values went to zero, credit was frozen, and companies died. The dotcom bubble was an exercise in investing in nothing. But the current app bubble more closely resembles the recent housing bubble.

If you want a good, in-depth, analysis of what happened in the housing crisis of 2008, you should read Andrew Ross Sorkin’s Too Big To Fail. But for the moment, we can focus on some very simple concepts. The housing bubble came about because (big investment) banks made risky bets. They loaned money to consumers to buy homes that, historically, should not have been eligible for such financing. The banks assumed that housing prices would continue to go up, and even if they took some losses on risky loans, they would profit in the long run. Also, these big banks took out insurance on their loans so that if a consumer defaulted, the bank would still be covered. Unfortunately, the defaults hit hard. The assets (housing) that the banks had financed became toxic–as there was no one to pay off the debt–and the banks started losing money, fast. The insurance that they had taken out was also crumbling because it was never anticipated that so many banks would need so much coverage in such a short span of time. All in all, the banks, who had loaned and insured trillions of dollars to each other, started to bring one another down.

So what does that have to do with apps? Well, take this same idea and scale it down a couple orders of magnitude. Instead of large investment banks and houses, we have venture capital investors (like Y Combinator or Google Ventures) and app startups. New app companies are popping up at a very impressive rate, and it seems like they all have the same business model: build up a user base and then sell out to a big company. Very few of them appear to have an actual method of bringing in revenue. But what’s more amazing is that the big tech companies are continuing to invest in these “toxic” assets. Facebook bought Instagram for $1 billion. Instagram had never turned a profit. Companies like Zynga, which is in the “virtual farm animal” industry, are buying up competitors like OMGPOP for hundreds of millions of dollars.

Yes, there is a case to be made for these acquisitions. You could argue that Facebook bought out Instagram so that it could secure the large user base. But here’s the problem: that cannot go on forever. Asset bubbles occur when companies focus on securing assets rather than profits, in the hopes that the profits will come later. The big banks secured housing, California investors are securing apps and users. This is when “bubble math” starts appearing. Companies make a large investment, and break it down into individuals, saying things like “we spent $20/user on that acquisition,” and hope to eventually turn that user into a profit.

Software development is a good business model

I know that this sounds like an attack on the software development industry. Trust me: it’s not. I work in the software development industry and I see enormous value in it every day. There are also decades of evidence to show that the industry is quite lucrative.

I also have no problem with software startups. You never know which next big tech company is going to come about out of someone’s garage. The problem is that too many people think that having a website or an app is the same thing as having a business. If you don’t sell anything (such as your software or a service related to your software) it’s hard to picture any success in the long run. Eventually, Google and Facebook will stop spending $1 billion on asset takeovers and realize that they can do it cheaper in-house. Then what will happen? Google will stop paying inflated prices for the assets. Venture capitalists, who have been anticipating these high payouts, will stop (or significantly decrease) funding to startups, and then we’ll see a massive exodus (failure) in the tech startup industry.

Six months ago, I predicted that we would see the bubble collapse soon after the Facebook IPO landed. So far, we haven’t seen that. And for the sake of all those startups, I hope I’m wrong. But for the sake of a healthy industry, we need to start producing better products and services. I would much rather see Google, or any other large tech company, acquire profitable tech startups. Or better yet, if startups can be profitable on their own, then maybe they will be the next Google or Facebook. Enough with this Instagram and Zynga crap. Let’s see some real innovation that is actually sustainable.

You’re doing it wrong

It’s not the QR Code’s fault that it sucks. It really isn’t. In fact, QR Codes are very good at what they do: they are a two-dimensional representation of some data. That god-awful box polluting the top of this blog post holds some data and your mobile device is very good at delivering that data to you in a meaningful way. The problem is that the powers that be haven’t yet figured out how to use these things correctly.

For whatever reason, QR Codes started gaining huge popularity in the late 2000s and that has continued into the current decade. Restaurants, libraries, museums, and marketers all realized that QR Codes could be read by smartphones and they instantly assumed that it would be a good idea to plaster these ugly things everywhere. I can forgive some people for this, but marketers? What the hell are you thinking? Every piece of a product or advertisement design is important. Why would you waste such valuable space with a giant ugly box that literally means nothing when viewed by a human eye? Protip: if you’re making me go through hoops to get your advertising message, you probably need to reevaluate things.

I saw a big QR Code plastered to the back of a truck driving down the highway the other day. In 1994 Denso Waved invented a powerful gun that shoots both forward and backward simultaneously. Not satisfied with the number of deaths and permanent maimings from that invention they affixed QR Codes to the backs of moving vehicles.

It’s only when we wake up that we realize something was actually strange

Like the housing bubble, many people are too blind to be able to see that we’re in a QR Code bubble. Everyone keeps chugging a long like nothing’s wrong, despite endless stats that suggest that no one is actually using these things.

The main issue here is that QR Codes should have never been presented to consumers. They shouldn’t be built into advertising, they shouldn’t act as information kiosks in department stores, and they certainly shouldn’t be substituted for a simple web link. QR Codes should be treated like bar codes, because they are the same thing. The only difference is that QR Codes can hold a lot more data.

When I go to the store, I pay absolutely no attention to the bar codes on the items I am purchasing. There is no need for me to even realize that they are present. But they are of great value to merchants: they power their entire point of sale and inventory systems! You may have also noticed that when you receive a package shipped by FedEx or UPS, they often have similar two-dimensional data matrix labels on the box. Those aren’t for you, they’re for the shipping company to track the package!

If you must do it, do it right

And this is the key. Because QR Codes are ugly and because they really aren’t convenient, you should stop expecting consumers to use them. That’s not to say, however, that you can’t use them yourself.

I was part of a research and development team for ShelvAR for two years working on integrating this sort of technology into an augmented reality shelving and inventory system. While we didn’t use the exact specifications for QR Codes, we did create very similar codes, aptly named ShelvAR tags. They are the same idea: a rectangle of black and white pixels that represent data. But here’s the kicker: the consumer (in our case, a library patron) is never meant to interact with these tags. They might notice them, but a call to action is never requested.

Library employees, however, are meant to use these tags–but very minimally. In the project’s most recent demo, you can see that the tags are passed over very quickly and don’t act as a gateway to more content. They serve their very concise purpose and the person moves on.

Not unlike bar codes in a grocery store or tracking codes on packages, ShelvAR employs this technology correctly. Other projects can use codes like this correctly too, it just takes some time to stop and think. So stop this madness of trying to turn ugly pixels into marketing and realize that it’s time to move on to something different.  Just like you would never expect me to scan a bar code to view your content, you should never expect me to scan a QR Code either.

What are your thoughts on changing your name on Facebook/Twitter to [First Name] [Middle Name] so potential employers won’t find you?

— Eliot Fowler (@EliotF1011) September 28, 2012

To which I fired back a resounding:

“It’s asinine. Set up proper privacy settings instead.”

and

“Your name is your brand. If you compromise it for ‘privacy’ reasons you’re doing it wrong.”

Now, there are many theories about the idea of assuming a temporary and new identity; some debate whether the act of disguise is necessary, others question if it even works. But I’m not going to discuss either of those. I’m going to tell you why hiding your name online, even temporarily, is a terrible idea.

But we have to, like, hide from creepers

For the uninitiated or indisposed, the idea is that you can “hide” your online profile by changing your listed last name to your middle name. The theory is that if anyone searches for your first and last name they won’t be able to find you and you get to keep your online presence in tact. It’s a popular tactic, often exercised by college girls looking for jobs, that likely stems from some forced procedure during sorority rushing. Unfortunately, the fiction here is the belief that your online presence persists after such a change. I assure you: it does not.

It used to aggravate me when my Facebook feed would suddenly fill up with people (mostly girls) that I could not identify. It seemed as if overnight I had friended fifteen Sarah Nicoles and eleven Katy Lynns! At first, I’d try to identify who everyone was by clicking on their profiles and shuffling through some picture, but I quickly gave up on that. I’m bad enough with names that I sure as hell wasn’t going to try to learn everyone’s middle name. Eventually I went through and unfriended everyone that I couldn’t immediately identify.

They weren’t anonymous, they were ambiguous 

If my frustrated anecdote about Facebook friends isn’t enough, then let’s talk about it in broader terms. Social media is a shouting board that anyone can jump onto and immediate have an audience of hundreds or even thousands of people. Why on earth wouldn’t you use this to your advantage? When you alter your identity, yes you can still consume but you cannot produce. You have given up the most powerful platform available to you! If you’re searching for a job, why not impress recruiters with your insightful tweets about the industry? And take it even farther than Facebook and Twitter. Do you have a website? Does it use your name? If not, why? If you are an artist it could be your portfolio. If you develop software why not showcase some of your work? Hell, if you work in finance then why aren’t you blogging about the markets?

For some of you, it’s because you’re lazy. Others of you are scared. You’re afraid that the big and scary internet may judge you and point out where you are wrong. It doesn’t matter. If you’re looking to make a name for yourself or you’re just looking to get hired, your enthusiasm to create content will win over at least half of everyone who sees it.

Your liabilities should be assets

The entire point of social media is to have an online presence that represents who you are and you should be proud of it. I’m not telling you to open up your entire Facebook profile to the world but I am telling you that if there’s anything online that would ruin your career, you’ve got bigger problems than Facebook’s challenging privacy settings. And on that note, configure your Facebook privacy settings! I know, they’ve got a confusing and shitty setup, but take an hour and just do it.

If you use Twitter and your account is private, you’re doing it wrong. Twitter is not Facebook. You’re meant to interact with people you don’t know. No one wants to ask permission to read your tweets. Now, because Twitter should be treated as an all-eyes platform, you need to use it differently from the way you use Facebook. You know what’s worse than a drunk texter? A drunk tweeter. You can ask Anthony Weiner about that one.

A rose by any other name

Your name is your brand. Unless you’ve achieved all of your dreams and aspirations in life, you need to go out and sell yourself every day. This isn’t the 1950′s, so stump speeches in front of the barber shop won’t work anymore. The entire world is interconnected and you’re competing against everyone else. Social media is a fantastic tool that you’ve been given, so use it. What’s in a name? In our world, everything.

Nobody cared

The response from the service was tiny.  In the month that the site has been active, I’ve had roughly 80 users.  I think there is a lot to be said about this, but it probably boils down to two conclusions: First, most people seem to hate any political integration into Facebook.  While I believe that Facebook is an excellent medium for political discussion (we’ll save that argument for a different blog post) most people seem to disagree with me.  It’s likely due to the cognitive tensions that politics creates between friends, and that makes people uncomfortable.  Second, I believe that most people, at least in my age demographic, are rather apathetic about politics.  Most don’t follow it enough to really have a strong opinion on most political matters, let alone care what other people think.  If you’re an outlier, by all means, check out the site.  See how your Facebook friends (might) vote this November.  I promise not to harvest any of your data.

It makes an ass out of you and me

The entire project is guesswork that relies solely on my broad generalizations about people.  Some of the assumptions are obvious.  For example, if you like Mitt Romney’s page, I assume that your leaning towards voting for him.  Other times, it’s empirical.  A recent poll from NBC/WSJ showed that President Obama pulled in 94% support from black voters, while Mitt Romney pull in 0%.  From that, I’m making the assumption that if you like the NAACP’s Facebook page, you’re probably voting for Obama.  Overall, I cataloged 120 Facebook pages and put them into either a ‘Romney’ pile or and ‘Obama’ pile–giving some pages more weight than others.  From there, the math was easy.  I simply looked through a user’s likes and found the ones that fell into each pile.  If one pile had more than the other, I assumed that they are going to vote for that pile’s respective candidate.  There is absolutely nothing scientific about my method.

Don’t trust these statistics 

It was interesting to see how my Facebook friends are forming opinions as we get closer to the election–especially now after both the Republican and Democratic conventions.  When I first launched Deductive Politics, it was able to make predictions about roughly 18% of my friends.  Now, just a few days after the wrap-up of the DNC, it’s making predictions about 21% of my friends.  I’ve also received feedback from users letting me know that, since the conventions, the balance has shifted between candidates.  Draw whatever conclusions from this that you like.

Final thought: please register to vote.

That being said, there are tons of ways that we, as developers, can improve our communication skills.  Much of this blog post could be applied to other fields, but since I’m a developer, that’s the context in which we’ll be discussing.  I’ve worked through issues on team projects, work assignments, and personal endeavors, and because everybody loves blog posts with lists, I’ve compiled some common pitfalls below, minus any pointless enumeration.

Be conversational

One of the easiest ways for a developer to break out of this stereotype is to talk about something other than software development.  You’re a human, not a robot, which means you do human things outside of work.  What are your hobbies?  What TV shows do you like?  What do you like to read?  What’s your family like?  Pick one of these, and take a few minutes to talk to your teammates about it.  Find out something about them.  Show an interest in their lives.  What’s great about this kind of conversation is that there’s absolutely no pressure attached to it.  It is exactly what people mean when they say ‘small talk’.  And it achieves two things: the team becomes more knowledgeable about each other, which allows them to work better together, and it boosts morale.  It’s nice to know that someone showed an interest in you.

Ask for help

A lot of people are shy.  This is true of developers and it’s true in virtually every other position you can think of.  The fear of being judged is very real and very much a challenge for some people.  But here’s the problem: as a software developer, you work in a field that is completely based on problem solving–and mostly within a team setting.  If you’re stuck on something, by all means ask for help.  There’s a reason you’ve been placed on a team with a more senior developer.  Chances are, he or she has seen this exact issue before, and if they haven’t they may have the expertise to help you figure it out.  If you are the senior developer and you’ve hit a roadblock, don’t be afraid to float the question out to the rest of your team.  You never know what strange quirks they may have encountered through their experiences.  Additionally, programmers love to show off how smart they are.  They are usually eager to share a piece of knowledge.

 Don’t tell me what the answer isn’t

One of my biggest pet peeves is something that other developers like to do all the time: I ask a question and they tell me what’s not the answer.  Here’s how that conversation usually goes with me:

Me: “What do you think the round-trip-time on this request will be?”

Teammate: “Well it’s not going to be like an hour.”

Me: “That doesn’t answer the question.”

I can’t tell you how many times I’ve had to go through a version of that conversation.  Usually, the person responding to my question is doing so sarcastically, as if to imply that my question was stupid.  Not only is this type of exchange not helpful, it’s also a waste of time and a good way to create unnecessary tension within the team.  Programmers tend to think (rightfully or wrongly) that they are intelligent.  These subtle jabs are a good way to piss them off.  Fortunately, unless your teammate is a dick (more on that soon), these types of interactions only occur when a question of fact is presented.  If, instead, I had asked for assistance, the same teammate would have proved to be more helpful.

For the love of god, speak up

Sometimes ideas are necessary without an explicit prompt.  Brainstorming sessions are not uncommon, and many times they will include people who are not members of the development team.  These could be discussions about which direction to take a product, which features to implement next, or even just a general discussion of how things are going.  If you have a thought that you think is important, put it out there.  The title of this post is ‘Be Silent Or Say Something Better Than Silence’.  I’m sure you’ve got something better than silence.  It doesn’t matter if you think that it doesn’t concern someone who is present.  Most of the time, you’re going to have something valuable to contribute.  Every other time, by just saying something every now and then, you send the message that you are engaged with the team.  The more perceived participation you have, the more clout the team will give you.  If you seem invested in the project, the team will become invested in you.

This isn’t a chat room; inflection matters

Many programmers prefer to communicate over email or instant message.  I would recommend against this as much as possible.  The more you refuse to actually speak to people, the more they will think you suck at communicating.  That being said, when you actually do talk with someone, make sure you use appropriate tonalities and non-verbals.  Look them in the eye.  Smile.  Use your hands.  Speak loudly.  No one likes talking to Napoleon Dynamite.  Unfortunately, this is one of the most challenging fixes to make.  Many people don’t even know that they exhibit these issues and what’s worse is that it takes practice to actually fix them.

Explain it to me like I’m five

Whether you’re explaining something to a fellow developer or to anyone else, don’t assume that the other person knows exactly what you’re thinking.  Many times, programmers will gloss over details that they perceive as obvious and the listener gets an abridged version of  whatever you’re trying to say.  Slow down and be very specific, down to the elementary facts.  You’ll quickly be able to gauge whether or not the other person needs more detail.  Take the following bad example:

Person A: “Why do we want to use a hash table?”

Person B: “It’s faster.”

If Person A is a developer (which they probably are since they know what a hash table is) they probably could have guessed that the application should be implemented with the fastest runtime, therefore Person B’s answer didn’t really answer anything.  When trying to be more specific, I like to lead my answers with a question.  It lets me know if I’m being specific enough and allows them to interject with a request for more details if necessary:

Person A: “Why do we want to use a hash table?”

Person B: “So, you know how hash tables have a constant lookup time?  Well, since we don’t care about order for our data, we don’t need to waste time traversing though an ordered data structure like an array.”

Same question and technically same answer, but much more informative.

Drop the initialisms

API, JRE, SDK, IDE, RoR, WCM, and any other abbreviated piece of technology that you might be working with can usually be left out of discussions with non-developers.  If one of your stake-holders asks you how hard it would be to implement a feature, they don’t want to hear about you having to rewrite all of the JSON requests.  Usually you’ll be fine by saying “it’s a significant code change” and then say how long it will take.  If they press for more details, only then should you start pulling in the technical nomenclature.

Your time is not more important than mine

If I’m taking time out of my day to talk to you about an issue, it’s probably important.  This is true whether I’m a developer, a designer, or a business analyst.  It’s very rare that someone is ‘wasting’ your time.  Sure, you’re busy.  Everybody’s busy.  If I initiate an interaction, consider it important.  You wouldn’t appreciate it if someone blew off your emails, would you?  Your code isn’t going anywhere.  That being said, programmers do “get in the zone” and when we’re on a roll coding, it’s very upsetting to be interrupted.  The best way to avoid such interruptions is to stop them as soon as they become apparent.  If you think that there really is no value of you sitting in on a meeting, talk to its organizer about it and explain the impact on the project.  You may not always win your refuge, but that’s life.

Separate yourself from your work

We program because it’s something we enjoy doing.  But remember, unless you’re working on a project that you’ve invented, this is a job you’re doing for someone else.  It’s easy for programmers to get caught up and connected to the code we write, but it’s just a product.  By all means, give your job the best effort you can, but if someone corrects your work, know that they are doing just that: correcting your work.  Don’t take it as a slight against your abilities.  If you start taking offense, your positive communication skills will break down.  You’ll start speaking defensively and will gradually become less approachable.  If you have a question or disagree in any way, voice it in an appropriate fashion.  Once the issue is settled, move on and make whatever changes are necessary.

Don’t be a dick

This one should be obvious, but I don’t think that it actually is.  And this statement should be applied to any field, not just developers.  Assholery (yup) does you no good.  At the very best, it may trick others into thinking that you are smart and important–and maybe you are. But for the most part it’s just going to make the team hate you.  If you’re a dick, teammates aren’t going to want to ask you questions or help you when you have a problem.  They won’t be likely to turn to you for input, and more likely than not, they’ll be less willing to work with you in the future if they have the choice.  Chill out; if you’re trying to prove something, you’re failing.

ShelvAR

A video about ShelvAR was my first experience with something “going viral” on the internet.  In less than a day, we received tens of thousands of hits on our video and were being contacted by librarians, researchers, and Fortune 500 companies all over the world.  Interviews and photo shoots happened shortly there-after.  We were even scheduled to appear on CNN to discuss this technology but that ended up getting bumped due to the death of Osama bin Laden.  Unlike my other experiences, this instance of “going viral” moved beyond the internet and out into the real world.

I Just Can’t Wait For Booty

One of my side hobbies is creating mashups.  I’m no Milkman, but people tend to send me positive feedback on what I make.  Usually I’m very excited when I get a couple hundred listens on my tracks.  One of my tracks sampled “I Just Can’t Wait To Be King” from the Lion King soundtrack.  Initially, it was like the others and was only exposed to a small group of people.  One day, though, I logged on and saw that it had over 100,000 plays in under 24 hours.  Today it sits at over 200,000 plays.  Turns out the track was discovered by a popular Tumblr site Ruined Childhood, and it took off.

So this is happening…

Yesterday some of my coworkers and I were goofing around and took a stupid picture.  Yup, that’s me with the thumbs-up.  Then we thought it would be funny to continue taking iterations where someone else sits next to a display of the previously shot picture.  My friend in Washington DC, Paul Weber, saw it on Facebook and he jumped in too.  Long story short, the idea made its way to Reddit.  Over 1.8 million views and 750 comments later, the joke exploded into a “crowd-sourced chain photo” with participants from all over the world.  The full series is here.

Update, 2012-08-08:  My buddy, Paul, ended up putting together a video of the pictures.  I think it’s safe to say that it has also “gone viral”.  In about 24 hours it’s received over 101,000 hits on YouTube, was covered by Gizmodo and The Daily Mail, and ABC’s Good Morning America even asked if they could show the video.

I have no idea what I’m doing

I can’t explain why some things go viral and others don’t.  Some might argue that the ShelvAR video is boring, the mashup is off-beat, and the chain-photos are stupid.  And I could probably entertain all of those assertions.  But they took off anyway.  I believe that a lot of it has to do with luck.  A large portion of internet virulence can be attributed to sites like Reddit and 4Chan, and I think that most of the success there relies on good timing.  Other services like Tumblr, Facebook, and Twitter are also key players.  But what makes someone want to click an link and share it?

You can’t force it.  When I was in school, I heard of classes trying to create viral videos.  They would brain-storm and attempt to come up with something clever.  Sure, the videos would turn out ok, and they might have received a lot of attention from peers, but nothing ever took off.  Internet virulence is not a goal, it’s a side effect.

So fast you’ll freak

I was very surprised at how easy it is to build such a thing.  No wonder actual spam bots are always latching on to my account.  In just a couple of hours, I whipped up a cluttered hack that aggregated stories from Hacker News and Proggit, pushed it to a virtual machine on my laptop, and watched as the automated tweets came pouring in.  I even set up a public repository on GitHub so that the world could see my messy hackjob.  Granted, I spent much of the day tweaking various pieces and fixing some bugs that I hadn’t accounted for, the whole process was surprisingly fast.

The best way to screw up UTF-8 decoding is to not do it at all

The next morning, I went to my bot’s timeline to find two surprising facts.  First, I noticed that I had somehow tricked 12 people into following the bot that would be spamming them with links every 15 minutes.  Second, I saw that a lot of the tweets contained garbage text. One of the biggest offenders was €™.  One of the APIs was sending me the HTML-safe version of UTF-8 encoded text that had been decoded in CP-1252.  That bold hunk of garbage should have been an apostrophe.

Fortunately, the API is open source and I shot the creator and email.  He replied back confirming what I had already concluded and that he hopes to push a fix some time soon.  If any of you are savvy with Python and are interested in contributing a fix, the GitHub repository can be found here.

You shall not pass

Upon returning home from work yesterday, I went to check on my bot.  Because I hadn’t handled any sort of network errors, it had crashed at some point during the day.  I went to restart it; no go.  I then called up twitter.com in my browser, to find that it wouldn’t load.  I temporarily shrugged this off, as Twitter is notorious for having random downtime.  A few hours later, I noticed that I still could not get on Twitter.  My TweetDeck client was failing to connect as well.  Intrigued, I asked my roommate to try.  He was able to connect via his mobile phone, but not through the connection from our house.  Awesome.  I quickly fired up curl to see if I could get any response.  Nope.  I wasn’t even getting a 4xx or 5xx HTTP response.  The best I could do was ping.

It was at that point that I concluded that my bot had somehow pissed off the spam filters on Twitter and I was IP Banned.  Despite the fact that the API Docs say up to 150 requests per hour are allowed (I was making about 8), I felt like this could be the only explanation.  Hours had gone by at this point and the issue still existed, so I emailed their support.  I explained the monster of a script that I had created, let them know that I had turned it off, and that all I wanted was to be able to tweet again from my personal account.  Ten minutes later, and no response from support, I was able to get access Twitter again.

It’s all for the best, of course it is

It’s probably a good thing that my bot only lived to be 2 days old.  It was, after all, very spammy.  Also, it would have been cumbersome to try to keep a virtual machine constantly running on my laptop.  If you’re interested in seeing the mess I created, feel free to fork the GitHub repository.  I stand by every line in that script.

The Dark Ages — they haven’t ended yet

In the interest of not pissing off the people who hold all of my money, I’ll leave the name of my bank out of this.  For those of you who follow me on Twitter, it won’t be hard for you to figure out who I’m talking about.

In the wake of all this LinkedIn madness, I decided it was that time of the year again to change all of my passwords.  Obviously, I did this in order of primacy, starting at the top: my online banking account.  If anyone ever gained access to that, they would not only be able to take my money, they would also be able to assume much of my identity.  Like any good citizen of the internet, I was prepared to create a new passphrase that was long and made up of letters, numbers, and special characters.  Remember: the goal is not to stop attackers from guessing your password; it’s to stop them from cracking your password.  I was instantly stopped in my tracks.  As it turns out, my bank doesn’t allow for passwords longer than 12 characters and no special characters are allowed.

Even before the LinkedIn leak, this is just bad password practice.  An argument, albeit a poor argument, could be made against special characters (the fear of SQL injections comes to mind), but a maximum length of 12 is absurd.  In fact, 12 characters should be the minimum length.

When in doubt, castle

So what could I do?  I am, as it stands, at the mercy of my bank’s rules.  Some, such as Jeff Atwood, would suggest that I change banks.  But that really isn’t practical.  So, I did the best thing I was willing to do: pick a 12-character random password.  I’m still in the process of committing that to memory.

Moral of the story: go find out how your financial institutions are limiting your security.  Pick the strongest passphrase possible.  You may even be more compelled to change banks all together.