In May of this year, with the internet fully in the grip of the UK EU referendum, hashtags used on Instagram showed that discussion was highly polarised between #Leave and #Remain. The high degree of ideological distance between the two camps indicated that each group functioned as a separate ‘echo-chamber’, in which they spoke mainly to their own membership. The Leave campaign had a much more coherent online identity, made better use of hashtags in general, and was simply more active in generating content, all of which may have contributed to their successes. In early June 2016, a study of Twitter content found similar biases: Out of 1.5 million individual tweets, 54% were pro-Leave, and only 20% were pro-Remain. Those findings are interesting enough on their own, but what really sparked our interest, was that a third of the sampled content was created by only 1% of relevant user accounts.

If you’re not familiar with the inner workings of Twitter: No-one has that kind of time. It is highly unlikely that all of those accounts were directly controlled by people, or even large groups of people, and much more likely that many were staffed by automated software robots, or ‘bots’: Simple computer scripts that simulate highly repetitive human activity. In fact, an independent analysis of the 200 Twitter accounts which most frequently shared pro-Leave or pro-Remain content found that only 10% of those accounts were likely to be human.

The EU-referendum is not the first time ‘bots have been observed in democratic discussion. In the 2010 US midterm elections bots were actively used to support certain candidates and hamper others. In 2012 Lee Jasper admitted to their use in a parliamentary by-election. In the 2012 Mexican elections, Emiliano Treré identified a more effective use of bots, calling it “the algorithmic manufacturing of consent”, and a form of ‘ectivism’ (which includes the creation of large numbers of false followers, a charge levelled at Mitt Romney during the 2012 US Presidential election). A very large ‘bot-net’ was also utilised in 2013 to produce apparent support for a controversial Mexican energy reform. Those bots may have gone entirely unnoticed had they not been operating too rapidly to successfully pose as human agents.

Bot-related tactics have not been confined solely to the generation of apparent support, but have also been used to drown out members of a campaign by rendering their hashtags useless. The challenge presented by bots is not the introduction of false information, but the falsification of endorsement and popularity. Political discussions around the popularity of a single issue are particularly vulnerable, as are the financial implications of stock-confidence. During 2014 a bot-campaign elevated the value of tech-company Cynk from pennies to almost $5 billion USD in a few days. The company’s president, CEO, CFO, chief accounting officer, secretary, treasurer, and director were all the same individual: Marlon Luis Sanchez, Cynk’s sole employee. By the time Cynk’s stock-maneuver was discovered and its assets frozen Sanchez had made no additional profit, but for the investors who had been caught in the scheme, the losses were real.

Bot network detection research is being conducted by various defence agencies (including DARPA) but the field is complex, constantly changing, and yet to prove itself effective. Meanwhile, the deployment of bots on social media is within the terms of service for most of the relevant platforms, as long as no additional crime is committed their use is yet to face prosecution, and even in the case of Cynk no social media platform has assumed any kind of liability for their use.

The most active political users of social media are social movement activists, politicians, party workers, and those who are already fully committed to political causes, but recent evidence suggests that “bots” could be added to that list. Given the echo chamber effect, the fact that many online followers of political discourse are often not real users at all, and the steady decline in political participation numbers in many countries, bot use (while cheap to mobilise) may not have much power over the individual voter. Their deployment in the U.S. and Mexico has instead been largely targeted at journalists employed by mainstream media outlets. Politicians, activists, and party-workers may all find democratic scrutiny harder to achieve if the ‘public mood’ or ‘national conversation’ is being mis-reported by journalists with a bot-skewed sense of online discussion. The 2015 Global Social Journalism survey shows that in 51% of cases, reporters from six countries, including the UK and US, “would be unable to do their job without social media”. In 2012 38% of journalists spent up to two hours a day on various networks, but by 2015 that number had climbed to 57%. If unethical actors can unduly influence these avenues of online discourse, an increasingly vulnerable news-media may suffer from, and pass-on, the political biases of anonymous others.

If voting is affected by media, written by reporters who live on the internet, the shape of which is determined by anonymous, innumerable, automated agents (which no-one can track), how do we proceed in pursuit of a fair democracy?

The Ready Player One Approach to Defense

The Idea

Back when the hardware wars were real and there were standing battlefronts in every playground about what platform was best there was very little in the way of hardware standardisation. This was before the consoles stole the hearts of all children and parents had stopped believing the lies about computers being used for homework or organising Dad’s vinyl collection and Mum’s recipes.

We’re talking pre-IBM supremacy, before x86 architecture would take over the world. This is the time of the dinosaurs. The Motorola 68000, the ARM, and the Zilog. These chips are mostly mothballed now and consigned to the dustbin of history and the shelf of nostalgic enthusiasts. That is apart from the ARM of course who’s descendents still dominate the mobile and low power markets.

Named after the book by Ernest Cline which celebrates, nay revels in retro-gaming culture this thought experiment utilises older operating systems to protect the user from outside agents through sheer dint of their very obsolescence. The idea is that if there’s no active support, there’s no active malware. Probably.

I was inspired by the idea behind Qubes which uses a compartmentalised approach to security. Each task that the user may want to perform is kept distinct from any other by having the user spawn a new virtual environment. I have thought a few times about using containers via Docker for something similar but the RPO (That’s Ready Player One) sounded like a lot more fun and might make my childhood relevant again, however briefly.

The Reality

My immediate concerns for RPO as a workable solution are performance and interoperability .


Yes, the hardware I am going to try and emulate is sometimes over 20 years old but it still takes an absolutely horrendous amount of CPU power to create and run another chip entirely in memory, especially multiply. It’s entirely possible to cripple the host machine with too many emulated CPUs and environments. Another issue is that because we’re theoretically using non x86 images we can’t use something easy such as Oracle’s VirtualBox for our emulation, instead having to roll our own via the slightly more esoteric QEMU. To get the most out of any system that’s considered there should be a near-tin Hypervisor to handle the spinning up, down, and switching between environments.


Theoretically if you can fool your guest OS into mounting or reading a FAT32 partition it should be possible to pass files between your environments. There are myriad devices which do this in hardware to allow people to have every single game written for their preferred machine on a single Micro SD card using this same approach, I’m just suggesting a shared folder between guests.

The Butter Zone

The sweet spot in terms of OS maturity is the point where it was last released on proprietary hardware and not turned into another short-lived and under-supported Linux distro, when it has nothing in common with the rest of the world as it exists now. Getting a hold of the ROM images, system BIOS and OS disks etc is an exercise in internet legal grey areas which I will leave for the reader.

My current list is:

  • BeOS 5 on BeBox (Dual 133MHz PowerPC 603)
  • AmigaOS 4 on Amiga 4000T (25MHz Motorola 68040)
  • TOS 4 on Atari Falcon (16MHz Motorola 68030)
  • RISC OS on Acorn A5000 (25MHz ARM3)
  • Amstrad CP/M on Amstrad (4MHz Zilog Z80A)

As a child of the 80s I wanted the Zilog CPU to represented but I can’t honestly see a use for it other than nostalgia. Not even good nostalgia like Spectrum or Commodore, Amstrad nostalgia. Only weirdos had Amstrads.

Letting go…

Let’s face it, there’s going to be a metaphorical ton of stuff that you’re not feasibly going to be able to achieve with your RPO device. If the file you want to open is something that was created post-1994 then you’re probably out of luck. Unless someone has come along and written a PDF parser for the Amiga OS (it’s not actually outside the realm of possibility) then you’re probably going to have to forgo that 20MB doc. Less is more as they say.

The Amstrad had a full suite of office suitable tools even back in the 80s on 8bit hardware but you might not really recognise it as such today. I’m sure that by the time the Amiga and Atari STs came to the end of their respective lives there were much more fully featured office applications available. Possibly even terminals and command line access for useful things such as SSH and IRC.

RISC OS as the only operating system in this list still under active development has a full selection of internet tools available for use and even has modern builds specifically for the Raspberry Pi if you were so inclined.

Summing Up

Used alongside a modern operating system for when you absolutely need to check Facebook or Twitter, open a PDF, work on your presentation or whatever it is that can’t be done in a 16bit environment I think there’s a useful charm in working with emulated obsolete machines, not only from a security but also from a media archaeology perspective.

Plus you get the added benefit of being able to play Syndicate on the Amiga which was easily the best version ever made.

Much like my previous article on Zalgo obfuscation, this is just a proof-of-concept and not meant for actually protecting one’s butt in the field unless one really likes flying by the seat of one’s pants.

Fullstack is a Fallacy

Rockstar. Ninja. Guru. All these bombastic adjectives have been used when employers and especially IT recruiters have been searching for talented new blood to join their teams. They’re also essentially meaningless. A term tacked on to job titles to make them look relevant and ‘with it’. They’re not. You can now add “Fullstack” to that list. Like “Rockstar” employers are trying to get something for nothing.

Fullstack as a principle is meant to describe that the developer who should be applying to the position has a solid grasp of all the technologies from the server, through the middleware, to the front-end and can write applications securely and safely across all of them.

Which stack are we talking about? Node, Mongo, Redis, Elasticsearch? Angular, Python, NoDB? PHP with PostgreSQL? Your stack might be incredibly different to mine. LAMP, WAMP, MAMP was a standard for a long time and of course things must change as all things do but without industry definition “Fullstack” is just another square to mark off on your BS bingo card.

This is why I think it’s a damaging precedent to set. I don’t want the guy who grinds my keys to be the guy that fixes my car, or my window cleaner to examine a sick pet. The same is true with technology. If you want a fast well-maintained server you get a sys-admin or sys-ops person to do it, you don’t get your database engineer to build you a responsive front-end and so on.

In an industry where personnel are already expected to keep up-to-date with the current latest tech as well do their job and sometimes even learn old tech to fix problems from the past it’s demoralising to see listings for Fullstack only positions and be made to feel that one might be under qualified among their peers. In many cases, I would say the majority, it’s just not true, it’s the greed and ignorance of recruiters trying to seem hip.

So no, I’m not “Fullstack”, I’m a specialist. And so are you.

The Zen of Cheese Sandwiches and 90s Technology

There’s an old Tibetan koan (probably) that goes along the lines of “to make a cheese sandwich from scratch one must first invent the universe”. I’m not going to bother looking up if that’s true or not but you get the gist of what I’m saying here I think.

I’ve been making a new personal site for prospective employers and also because I’ve got a bit of spare time on my hands. The two facts are not mutually exclusive. With the zen cheese sandwich in mind I’ve been bootstrapping my way to a new website. I’m probably going to use an off-the-shelf CMS because there’s only so much my poor brain can handle at any one time and at the moment it’s all front-end technologies.

When I started I thought “I do the same thing every time I start a new project, I should build a boilerplate.” So I built a boilerplate so I can check it out of github and get on with work rather than spend precious minutes or hours or whatever on setting up.

“I really want to learn about PJAX (Pushstate with AJAX)” so I started writing a vanilla JS PJAX library.

“I can’t have an asynchronously loaded site without having some sort of YouTube/Github progress signifier” I told the cat as there’s nobody in the house for a week and my grip on reality is slipping somewhat. So I built a small CSS3 animation progress bar.

“My layout sucks, I should do it in Flex. But I hate using Flexbox.” So I built a simple flexgrid CSS tool.

I’m sure you can see what’s happening here. Cheese sandwich in hand I was building the universe.

That’s when things started getting weird. Well, weirder anyway. The base level of weird is quite high around here. Now that I could spin up a project in a matter of seconds things there’s no reason not to for any and all ideas I may have at any given time. This week alone I’ve started and pushed to a dozen brand new repositories. The nadir (or pinnacle perhaps dependent of viewpoint) of which might be my reintroduction to the web of the <blink> tag.

You’re welcome Internet (fuck you AP, I won’t do what you tell me). Next up I might have a stab at a marquee tag for the new millennium*. Once I get my website built of course.

* Marquee was never deprecated! Can you imagine my surprise when I tried to start this project and there was text dutifully marching from right to left as if the 90s had never left.

Wifi to the people

There’s “free” wifi in places like cafes, airports, shopping centres. However, lest you get too comfortable or you start thinking you can get things for free, this is usually limited to something stupid like fifteen minutes.

This system works based on your device’s MAC address. MAC, standing for media access control (have you ever heard of anything so in need of fucking with) is a unique identifier for your network interface that tells a network that you are an individual user. When you’ve had your time, the network kicks you off based on your MAC address, usually requiring you to pay for more time or give them your email address or other such bullshit.

If you change your MAC address and reconnect, the network thinks you’re a whole new person and will give you another lot of free time. Repeat until you’re done reading or doing whatever it is you’re doing.

If you want to see your current MAC address, open up a terminal and enter this**:

$ ifconfig en0 | grep ether

… and you’ll see some hexadecimal number printed, like d4:c2:ad:45:bb:2a. That’s your MAC address, and this is what you want to change. How, you ask? Well …

I wrote a Python script to change my device’s MAC address. Here it is.**

1. This was written for OS X running Yosemite. Yosemite uses en0, some earlier versions use en1. Google and check. This is self-help, people.
2. Depending on your version of OS X you may need to disconnect from your Airport for this script to work. Follow the instructions in the comments of the script linked above.
3. This was written in ten minutes and tested on one machine. Doesn’t work? Google it. This script contains the bones of running commands from a Python script, you should be able to fill in what works for your own setup.

Save this somewhere as a Python file, calling it something you’ll remember like (use whatever you want). To run it enter this on the command line (this is assuming you named it but use whatever you called the file, and the right path to wherever you saved it):

$ python3 path/to/location/

Enjoy your wifi.

Trashing the trash.

I plugged in this external board today. It’s supposed to have a capacity of 16MB and I needed all sixteen. There were a few files on it so I deleted those, and emptied my system trash can. That should have done the trick. (I’m sure you see where this is going.)

Try to upload to the board: No space! I inspect it and find out that it’s still nearly full, 14MB on it, despite me doing all the right things to delete what was on it.

Fuck you, computer.

So, let’s take a trip to the Land of Wind and Ghosts, where files live on long after you’ve killed them.

sis-transis$ cd /
sis-transis$ ls Volumes/
mainDrive externalBoard
sis-transis$ cd externalBoard
externalBoard sis-transis$ ls
externalBoard sis-transis$

List: nothing. O rly. Time to look in the corners.

externalBoard sis-transis$ ls -a
. .. .Trashes

Trashes. You little fucker. Get in the sea.

externalBoard sis-transis$ sudo rm -rf .Trashes

Presto: Available space, 16.6MB.

As always, fuck you computer, but today fuck that Trashes file in particular.

How We Sewed Our Own Straight Jacket

Google recently announced its initiative to improve the mobile browsing experience of all net users via its Accelerated Mobile Pages project, AMP.

AMP is a direct competitor to Facebook’s Instant Articles functionality but abstracted from the platform as a standard or protocol rather than within the context of Facebook’s walled garden.

I say walled garden because of the 1.5 billion active Facebook users 30% access the service through a mobile app of some sort. Unless you’ve specifically set it up to not do so it uses an internal browser. I have no figures to hand about how many people have changed their default Facebook browser to be one of their own choosing. My instincts tell me that it’s very few. Why is this an issue? If you ask my mother or my youngest niece what the Internet is they would most likely respond “Facebook”. Facebook is becoming a platform in its own right. And content creators, journalists and publishers both are treating it as such. I’ve heard figures from online media agencies that cite numbers as high as 50% to sometimes as high as 90% conversion rates on Facebook posts. That’s a lot of eyes on articles and for some publications that’s the difference between life and death. I get it.

The AMP proposition is a sub-set of the HTML standard which eschews all JS (read none at all), ads, and embeds. I’m not saying that the spirit with which this was suggested is bad per-se but that perhaps by following our knee-jerk reaction against the popularity of Facebook’s Instant Articles we’re going to accidentally create a tiered system akin to the one that net neutrality believers are still trying to fight. Why do I mention Net Neutrality? Because AMP suggests a selection of tags specifically for a small group of preferred vendors with tags such as amp-twitter and amp-youtube. This codifies the web as it exists at the moment. Fine. For now. But what if the landscape changes? What if an unknown video streaming provider becomes the de-facto media delivery service ahead of YouTube?

Oh wait, it can’t because who’s going to use it if it doesn’t work out of the box?

One of the beautiful things about the Open Web is the ability to make your own bad decisions about what technologies you use and to badly implement them however you see fit. That’s how people learn. It’s certainly how I learned. By picking apart code and stitching my own creations together from what I thought I had gleaned. Without this ability the web becomes static, inert and unchanging.

Some of us old internet dinosaurs used to have to wrangle the then new markup language HTML 4.0, then later the better but still incredibly flawed XHTML1.0 specification before being presented with HTML5. HTML5 is great. A video is a video, audio is audio, and all of the old favourites such as iframes and objects and embeds still work with no muss or fuss. Back in the days before broadband when mobile telephones were small things that had monochrome screens and about 24 characters of space total, way before the iPhone would come along and change our lives forever there *was* a mobile internet markup language. Wireless Markup Language. WML was a pared down and fairly ugly web technology which used the idea of cards. It was pretty unpleasant. Then mobile networks caught up, we have faster than broadband wireless speeds on our handsets. They started to access the web as our desktops did. We were given CSS3 and its media queries to allow us to make all this look presentable on our pocket machines. So why the need for AMP or Facebook Instant Articles? Because we’ve bloated the web with so much tracking and third party javascript that even with 4G access pages take 8 seconds or more to load. It’s our own broken web and impatience that’s prompted Facebook and Google to try and fix it for us. But it’s as far from the Open Web as it’s possible to get. What we have are competing standards, one a proprietary initiative by a would-be-platform that seeks to become the Internet and another by a coalition of worried parties who want a language of whitelisted third-party service providers. At least that last one is Open Source and you can roll your own support if you have to.

So how do we go about solving this issue? Well one way would be to speed up web page delivery. Stop commodifying the user quite so much. Do websites really need to know where you’ve been and what you’ve clicked? I would say not. If you’ve not helped your friends and family block tracking and ad software as a matter of course you’re remit in your responsibility to their security and online safety. Ads are potentially poisonous and have been the vector for a good number of high profile malware attacks.
If you create websites push back against injecting more tracking. Write cleaner more efficient code. Use less libraries, maybe switch from jQuery to Aerogel or use vanilla JS for more things if it reduces your bloat. Optimise your images and videos. Start your design phase with a mobile first methodology. Uglify your CSS and JS (add maps to this though, you still want to a) be able to use the developers tools to read your work and b) you’re a good netizen and want people to read your output and be inspired).
From a user point of view you can install ad-blockers and tracker blockers like Adblock and Ghostery on your laptop.

There are wifi Adblockers available for mobile devices too, they will also speed your experience up. It’s up to us to keep the web free by not making the tracking of users profitable or useful.

Are there alternatives?

Yes. Sort of. A lot of this technology is in it’s infancy. So much so in fact that FBIA and AMP seem to have got the drop on Mozilla and other open source heavy hitters. One hopeful is the CPP.

This is an open note and I will be adding more points as I think of them.

Solution: Add more piss.

I read somewhere recently:

Getting your data off the internet is like trying to get piss out of a swimming pool.

I really liked that. (I wish I know who said it; if you know please tell me.) UPDATE: Headcrash found the origin (or as far back as this appears to go). Apparently this was a line from the massively underrated television show, Newsradio:

I was part of a conversation recently where the topic of discussion was how to keep your data out of the big system. Stay off Facebook, avoid Twitter, keep everything behind a VPN, don’t take your mobile phone anywhere you don’t want someone knowing you were .. you know, the kind of stuff even I used to file under “tinfoil hat nonsense” until some years ago.

Anyway, it struck me that it’s pretty much impossible to operate like a human being in the contemporary western world and keep your data out of the hands of people who will use it in ways you don’t agree with, or sell it/give it away to people you don’t want to see it. The entire corporate internet is set up to take your data, suck it up like a relentless black hole that absorbs everything it can find.

If you want to live like a normal Western 21st century human being means that your data will leak onto the internet at some point, in some form. You will sign up for a Gmail address, a Facebook account, a Twitter account, a newsletter, or you’ll download an app or you’ll buy something online, an innocent act that allows a spigot to be shoved into your personal flow of data, and some invisible entity to siphon off all it can. These procedures are so painless, so buried in terms and conditions implicitly or lazily agreed to (and we all click Agree for the sake of convenience, all the time), that moving through the digital realm without a trace has become, if not impossible, then incredibly fucking hard. The piss leaks into the pool; good luck finding all of yours and extracting it.

There is a weakness in this data-siphoning system, however: it’s indiscriminate. It assumes everything it knows about you is true. It assumes you don’t lie. Facebook didn’t bat a robot eyelash when I changed my gender to see if it would change the advertising I got (big surprise: it did). It accepted what I gave it, moved on, accepted it without prejudice.

Could the solution to this invasion of privacy, then, be not to extract one’s own piss, but rather add more piss? 

If we can’t move through the digital realm without a trace, then surely we can cover our tracks with sufficient digital garbage that it’s impossible to tell what’s a real footprint and what isn’t, to give the algorithms all the data they can eat – because if there’s one thing we all know about algorithms, it’s garbage in, garbage out. Hide in plain view by covering yourself in garbage. Like everything. Fill out all optional fields. Choose a new age range every day. Move between genders. Shopping websites and consumer entities may know that a woman is pregnant before she has told a living soul, but how can these algorithms infer pregnancy if they have no idea what gender they’re dealing with?

This has already been played with, to some extent, with the Chrome plugin Valley Girl, which clicks “Like” at every opportunity presented. No matter where you are on the internet, if there’s a Like button, Valley Girl will click it. After a matter of weeks, what you really like becomes immaterial; your taste, your humour, your political leanings are obscured by the sheer volume of noise inserted into what Facebook knows about you.

High five, Valley Girl. I hope you piss into the gutter of my Facebook data profile forever and ever.


Mac Homebrew and avr-gcc woes

checking whether clang++ accepts -g... yes
checking whether g++ accepts -static-libstdc++ -static-libgcc... no
checking for gnatbind... no
checking for gnatmake... no
Press ENTER or type command to continue
checking whether compiler driver understands Ada... no
checking how to compare bootstrapped objects... cmp --ignore-initial=16 $$f1 $$f2
Press ENTER or type command to continue
checking for objdir... .libs
checking for the correct version of gmp.h... yes
checking for the correct version of mpfr.h... yes
checking for the correct version of mpc.h... yes
checking for the correct version of the gmp/mpfr/mpc libraries... yes
checking for version 0.10 of ISL... no
checking for version 0.11 of ISL... no
checking for version 0.12 of ISL... no
configure: error: Unable to find a usable ISL. See config.log for details.

Some background here, I’ve been trying to get the toolchain for my mechanical keyboard set up but for some reason when I was using homebrew I could never get the avr-gcc installed due to a failed isl dependency. No matter what I read and tried I couldn’t get the make script to use the right isl version. I installed and uninstalled isl lord alone knows how many times. I installed and uninstalled the right version of isl012 but couldn’t link the headers correctly. Even the last resort of a symbolic link in my opt folder did nothing.

I have now fixed it.

All you need to do is:

$brew edit avr-gcc

Change the two lines depends_on 'isl' and "__with-isl=#{Formula["isl"].opt_prefix}" to isl012 and you’re good to go.

$brew install avr-gcc

It *should* install the dependency for you and have the bonus of not making your other build chains break due to rolling back. No more failing out on an implicit repository head too far ahead of the make file. I wish there was a way of switching to a previous stable version in homebrew without having to tap formulas using the git switch trigger in a one liner as standard. Something like $brew switch isl 012 would be good but for some reason only some repos support that syntax, postgresql for example.

Seriously, fuck you computer.