advice for an aspiring programmer

Last week we interviewed a candidate who we really liked but who was much too green. He asked for some advice, so here’s what I wrote — might as well put it online. Hopefully it’s a little more specific and opinionated than these things tend to be.


It was a real pleasure to meet you, but your instincts are right: at this point we have to invest in people with a bit more experience under their belts. I do want to stress, though, that your enthusiasm and interest in software engineering came through clearly, and made us all enthusiastic about the developer you will no doubt become.

Toward that end, let me offer a little more advice than I usually put into these sorts of emails:

  • Pick a technology and invest time in it. There is tremendous value to understanding the repetition of patterns across engineering domains, but you need to gain deep expertise in one before you can do so effectively.
  • I’ll be more specific: pick one of these technologies — Ruby, Python, Node/Javascript. All have vibrant open source communities from which you can learn a lot for free. All have bustling job markets. All have bindings in a huge variety of domains. All are abstract and widely supported and will spare you many of lower-level languages’ headaches. All have robust web frameworks. Personally, I’d suggest Python, because it is the most stable and widely supported. It’s everywhere– it is Google’s noncompiled language of choice, for instance, and widely used in scientific computing and a huge number of other areas. But its community is less fun and accessible than the others, and it’s more sedate. The others will take you on a wilder ride, but you will probably have to learn things a few times as the community changes its mind about how to solve a problem. This is extra true for Node and less so for Ruby — which reflects each community’s age.
  • There is a premium for mobile dev work, but I wouldn’t invest in that right now because it’s too specialized to be a great way to learn. Also iOS will be in turmoil thanks to Swift, and Java dev is a drag outside the genuinely-exciting opportunities of Android.
  • Focus on the web and the key tasks associated with it. Skim the topics that other languages’ web frameworks cover — they all solve the same problems in slightly different ways. Invest a little time in learning jQuery — being able to build out web templates is a very plausible starter job, and one you can get good at fast. Also, make a point of learning regular expressions and the network libraries and functions necessary for using APIs.
  • You do not need to know much about data structures, compiler design, sorting algorithms, recursion or most of the other things that they teach you in a CS program.
  • Microsoft technologies can earn you money but will never fully integrate with the world of open source software, which is where the best engineers and most exciting projects exist. I have written Visual Basic for a living; I don’t think you should write any more of it. The .NET frameworks are okay but basically a less-open version of Java. Everyone hates Java.
  • I wrote PHP for many years professionally and still think it is a cheap, useful tool. It gets zero respect in programming circles, though — I would not suggest spending more time learning it until/unless you have mastered something more prestigious and just want it for quick personal projects.
  • You should probably learn with a good text editor (but not an IDE) and the command line as your primary tools. On OS X I like Sublime Text 2. Speaking of which: you should be developing on OS X or Linux (people around here tend to favor Ubuntu or Mint). If you’re on Windows now this will be painful, but you will never fully connect with the open source world and its idioms unless you get used to the *nix command line interface.
  • There is no substitute for working with engineers who are better than you are. This is tough until you get yourself hired somewhere, though! On the far end there are code bootcamps, but those cost money. On the near end there are technical meetups — shop around and find one that seems technical enough to teach you things. Contributing to open source projects is a good idea, too — writing an IG scraper for Sunlight might be an approachable task (he said selfishly). Online tutorials can take you a long way if you put in the time.
  • Get active on Github! Follow how people like Eric Mill (@konklone) and Tom Macwright (@tmcw) and Josh Tauberer (@govtrack) do their work. Recognize that filing tickets is a valid way to contribute, as long as they are well-informed. It doesn’t have to all be pull requests.
  • Master the art of googling for error messages. Using search engines, Stack Exchange, mailing lists and IRC properly to uncover unknown answers is maybe the most important skill in real-life programming.
  • Once you identify superstar programmers, follow them on Twitter or their blogs. The writing of people like Ian Bicking will get you familiar with the cultural context surrounding your programming language of choice. Speaking of which: conferences can be pricey but once you’re ready they can be a really good way to learn — if you pick the right one. Pycon is excellent. I know less about the other languages’ marquee cons.
  • Spend some time reading about diversity in technology. The situation is not good, and a lot of people are working very hard to change it. This is a huge topic of discussion right now and you need to be able to talk about it intelligently.
  • If someone mentions linked data or the semantic web and they have never held a job at Google, assume they are about to waste your time.

There! I think that’s all the advice I can come up with for someone in your shoes. Ask me questions when you have them. And good luck.

the thing about the Internet of Things

thingsWired makes a yeoman’s effort at turning a basically boring Pew report about the Internet of Things into something worth wringing your hands over. If you actually read the report, the experts seem much less worried (and quite a bit less compelling) than Wired wants us to think.

Partly this is because only a few of them seem to know much about it. There are a lot of very impressive people on the list of respondents, but at a glance they seem to mostly be drawn from the Internet’s Elder Statesperson class. And this IoT business has less to do with the internet than the name implies–it’s really about hardware, sensors and microcontrollers. So we wind up with some warmed-over and implausible futurism from the guy who runs the Webbys.

I think the milquetoast ambivalence flows from this: we understand what we’re facing. We’ve been at this industrial revolution business for a while now, and it’s mostly apparent how it works. We’ve all lived through the advent and democratization of various manufactured technological conveniences, and we are confident both of their steady pace and their limited capacity for delivering transcendence. Consumerism: we get it.

This was not the case with software! Infinite abundance, communication and human potential — you could tell a really amazing (and, alas, often overblown) story about what this would mean for all sorts of social institutions. Something truly new was happening, emergent forces were emerging, and nobody could tell how it was going to end. It was unclear why your boss was paying for you to get drunk at SXSWi but he was and it was awesome and everything was surely about to change.

This is not the case with the Internet of Things. With the exceptions of miniaturized-yet-affordable PCB manufacturing and solid state accelerometers, most of the central technologies have been achievable for a while. They just haven’t been used. For example, the idea of a home thermostat you can set from your office is sort of neat, but such products have existed for decades. Why are we excited about this now? Well, prices have dropped, the gadget-purchasing habit has been solidified, and control interfaces have improved (thanks, smartphones). Ubiquity is newly practical.

But we still don’t have many really compelling stories about what it’s all going to do for us. The benefits to these use cases are known, or at least can be imagined. It’s nice to have a door open itself for you or an alarm clock that knows when you’re sleepy, but how much is it really worth? We’ve been able to network appliances for quite a while. We did it a long time ago for cardiac monitors in hospitals, because in that application it’s worth the money. Giving your fridge an IPv6 address? We can certainly do it, and we probably will. But don’t kid yourself about the scale of the benefits that will flow from this innovation.

(One exception: the quantified self movement *does* have a bunch of compelling stories about gigantic improvements to health that careful self-measurement can deliver. Given the enormous amounts of money we invest in not-very-effective healthcare interventions, it seems safe to say that if this idea could deliver a fraction of what it’s being used to promise, our failure to implement it already would represent one of the greatest market failures in history.)

I love playing around with hardware, so don’t mistake my skepticism about IoT futurism for a lack of enthusiasm. Filling the objects around us with dancing grains of sand that we’ve etched with runes and whispers of ions, so that they might ceaselessly observe and manipulate the environment for our convenience: I think that’s a lovely thing for a species to do, and often a pretty fun art project. And I suppose emergent network effects are always possible. Seems a little far-fetched to me, though, at least so long as we’re mostly talking about thermostats and pedometers. But my imagination is admittedly terrible.

I’ll boil it down to a few things, I guess:

  • The adoption of ubiquitous computing is a function of physical technology’s ever-falling price versus the benefit it confers. There are many applications enabled by lower prices that are just now achieving market viability. But that’s because their benefit is meager, not because the tech was impossibly pricey. This may not be universally true, but it’s probably true for the anticipated uses that are currently being used to sell this phenomenon: quantified self and home automation.
  • Concerns about maintaining the software in a zillion different devices seem legit (though people are underestimating just how awful embedded tech can get away with being, and overestimating both the incentives facing bad actors and the threat surface present on devices that are designed to be *extremely* limited). Partly for this reason, functions will continue to accrue to your phone whenever possible (we’re running low on compelling sensors at the moment, but IR photography and laser rangefinding might sell some iPhones). Some will try to achieve a profitable, lock-in-driven business through proprietary solutions to this headache, but I doubt they’ll succeed.
  • The most interesting questions surrounding these issues concern transhumanism.

UPDATE: You know, I did leave off one huge thing–the sharing economy (with apologies to Tom Slee). Uber, Bixi, AirBnB–using technology for access control really is only recently possible, thanks to the evolution of IT payment and identity systems. And it really can make our collective use of property hugely different and better.

a man, a plan

Panama: pretty great. The Panama City aesthetic is the first thing that strikes you on the drive from the airport: chrome and colorful and BIG, with absurdly distracting animated LED brake lights sprinkled throughout. Optimus Prime was designed by a Panamanian, I’m sure of it.

They are mostly not kidding around about the whole not-speaking-English thing, but otherwise I think you can safely count Panama as an absurdly American-friendly travel destination. This is probably pretty obvious — after all, we’re responsible for spurring Panamanian independence from Colombia, they use American currency, and the School of the Americas boasted both Panamanian facilities (now a resort!) and graduates.

Honestly, what’s most striking is how benign this history of meddling currently seems. At the moment, at least, the country is prosperous, proud and happy. Panama City is an impressive, cosmopolitan place. A tourist’s perspective can’t be trusted, and we didn’t venture toward the more dangerous Colombian border, but driving through a large chunk of the country without seeing any real human suffering must count for at least something. The experience made me feel uneasily comfortable with American hegemony — though it was well timed for our burgeoning Cold War resumption, I suppose. Probably I’ll eventually be deeply embarrassed to have thought this, but for now: things seem like they’ve worked out.

Otherwise? The canal is pretty cool. Santa Catalina is a lovely little surf town. The coffee is sadly not as good as Panamanians think (mostly because they don’t brew it strongly enough), but the hats seem legit. Panama City is very impressive, and Casco Viejo is particularly lovely. Boquete was a lush respite from the heat (though its animals failed to cooperate with our hiking plans). We fucked our rental car up pretty good. All in all, a great vacation.


Reentering an NCAA bracket across multiple sites drives me nuts — it’s an obvious data format problem that could be solved very simply.

I used to think the incompatibility was deliberate, designed to capture audiences and keep them staring at a given sports site. Now I’m not so sure. The bracket functionality doesn’t try to extract all that much value from us, to be honest — these things are sponsored, sure. But there’s a definite whiff of sports fan developers taking advantage of principal agent dynamics to simply build sportsy things.

But even if the incentives for compatibility aren’t completely backward, the mayfly lifespan of bracket sites makes coordination difficult. Last year, after the tournament ended, I spent a few minutes emailing and tweeting at developers who seemed to have worked on the highest-profile bracket sites, but I received no responses.

So for now, bracket compatibility remains a pipe dream. It’s a shame, though, because the problem is a simple one. I used to think about this in terms of JSON data formats, files that you would download and upload between sites. But it can be handled much more efficiently. There are only 64 + 32 + 16 + 8 + 4 + 2 + 1 = 127 games, after all (let’s ignore the play-ins for a moment, since most bracket sites do). Each game has a binary outcome. That’s 127 bits of data.

Decisions about encoding that data can be made arbitrarily; they just have to be agreed upon. Getting the order of games correct, from 0 to 126, is essential. It doesn’t really matter how you do it, but here’s one scheme that would work.

For each region (ordered alphabetically, A-Z); then for each round (low to high); assume the highest-ranked seed wins — no upsets — and assign games consecutive numbers, from highest seed to lowest. Tiebreakers fall back to the alphabetical region name ordering.

You now have 127 ordered slots to fill with ones and zeros. 1 encodes a win for a higher-numbered seed; 0 an upset. In cases of identical seeding, 1 encodes the team from the region with the alphabetically-first name.

Here’s some Python that demonstrates how the resulting sequence of bits could be assembled and encoded into an easily transportable string:

import random, base64

def retrieve_winner(game_number):
return random.choice((0, 1))

picks = 0
pick_bytes = []
for i in xrange(0, 128):
picks = (picks << 1) | retrieve_winner(i) if (i % 8)==7: pick_bytes.append(picks & 255) picks = 0 print base64.b64encode(''.join(map(lambda x: chr(x), pick_bytes)))

This just makes random picks, but you could easily connect retrieve_winner() to a web interface. The output is something like "IXNcAyp72iGVl9iGE4i4FA==" (those trailing equal signs can be dispensed with), which is easily portable through email or twitter or copying and pasting. If you want it to be easily readable over the phone, you could change that "b64encode" to "b32encode" and get an all-caps string like "EFZVYAZKPPNCDFMX3CDBHCFYCQ======" -- that's only four meaningful characters longer (you have to chop off a few more ='s). Bracket tiebreakers -- usually the total score of the championship game -- could be added for a cost of 4 or 5 more characters.

In conclusion, I hate

quis custodiet ipsos chief analytics officers?

Cocoa Krispies will make your child invincibleVia my former colleague Luigi Montanez, now of Upworthy, here’s an interesting look at how the media industry is reexamining its use of analytics. The search for more meaningful measures of media efficacy is interesting in its own right. But I think the structural incentives that surround it deserve some attention, too.

It’s worth reflecting on the metrics that have fallen out of style: most notably conversions (how often an online message leads directly to a measurable action) and impressions (how often an online message is seen, perhaps affecting the viewer unconsciously). For the past few years there has been an outsize focus on the level of social activity spurred by a message — though this kind of result is increasingly viewed as a overvalued. In the past few months, there has been growing enthusiasm, including at Sunlight, for measures of how thoroughly a message is considered by its viewer. Upworthy’s attention minutes metric is leading the charge — unsurprisingly, given the organization’s undeniable sophistication at measuring and driving traffic.

Although it would be hard to completely deny a fad dynamic to these successive waves of focus, I think efforts to find better analytics have been driven by good intentions. But I also think these efforts may be leading us to a different future than many imagine. For instance, I wonder if my colleague Eric is mistaking a feature for a bug here:

I can see why Eric thinks black-box metrics would be bad. But the bespoke nature of the new, increasingly in-house analytics trends carries advantages for those creating them. And this isn’t the first time that content creators have evolved toward capturing the mechanisms by which their own success is measured. A little over three years ago, before many of the aforementioned analytics trends occurred, I wrote this:

[B]y all accounts online advertising doesn’t work very well. You can measure whether someone clicks on an ad, and often whether they buy something after that click. But it turns out they rarely do those things. So businesses aren’t willing to pay very much for ad space on websites.

Is it really a coincidence that the advertising medium with the best instrumentation also appears to be the least effective? I suspect it’s not. It may be that ads never worked as well as the industry had told us; or it may be that the eyeballs/clicks/conversions funnel is a naive conceptualization of how the system works. Either way, Google has succeeded by giving advertisers what they think they want, which is analytic tools that seem to reveal that the whole enterprise is horribly ineffective.

I think the push for better tools and more efficient ads is basically a race to the bottom. In fact, less perfect instrumentation might allow the ad industry to capture a bit more revenue from business thanks to decreased efficiency.

The lure of incomparability is very strong. Forget Google AdWords for a moment. Big ad buys are still largely arranged by salespeople, working on commission, making phone calls. And how could it be otherwise, for people in the business of convincing other people? Having objective, universal measures of efficacy is not helpful to that kind of endeavor. Much better to have a measure that works for you, that people are excited about, and that you control. It could just as easily be manipulable circulation numbers as a boutique web metric.

This case can be overstated. As I’ve said, I think people are largely working on these problems in good faith — particularly at outfits like Upworthy, which focus on a social mission; or the journalists I know who have left comfortable jobs because they care about whether their work affects the world.

But the incentives for a metrics Tower of Babel are real. To some degree, they’re even admirable, insofar as they’re driven by varying conceptions of success. Is my goal to make my audience think deeply, talk loudly, or spend freely? All of these can change the world for the better; ad-buyers’ temptation to ask which is best can reasonably be resisted, even if I do a little cherry-picking to make my case.

Besides, if one is prepared, for a moment, to disregard the capacity for world-improvement that widely-viewed and ethically correct publications represent, there’s no real problem here. Advertising often has strongly positional aspects, determining who will come out on top but not the overall level of welfare (a world in which Pepsi is the number one cola may strike some as more dystopian than it does me). Not only that, advertising is in some ways a force that directly opposes human agency — it’s designed, quite explicitly, to turn dollars into altered desires and behavior. I have limited enthusiasm for the kind of improved instrumentation that might let us hone that weapon’s edge even further.

In its most benign form, advertising is a tax on industry that flows according to influences too numerous to understand. There’s an appeal to the idea of rationalizing this process, of making it measurable, quantitative and objective — making it legible, as James Scott might put it. It seems like the result would be more fair. And admittedly, the human systems that make up the alternative are not fair: they’re sexist, racist and elitist.

But I suppose I’m optimistic that those systems don’t have to stay that way. And keeping advertisers confused about what they’re buying might preserve room for some wonderful things. So three cheers for analytic innovation — even if the innovators aren’t wholly aware of what they’re doing.

Flappy Bird and the case for fads

flappy_space_smallIn a tab not far from this one, a small bird orbits an 8-bit Earth on a ceaseless elliptical. I put him there, and feel a certain pride about it. You should launch some birds, too, if only to remind yourself that physics is pretty weird.

Too much has been written about Flappy Bird, but I’m going to pile on anyway: it reminds me of a conversation I’ve had with Kriston (and more recently John Bergmayer). Kriston was complaining about some not-that-great book that was sucking up a ton of public attention. These people could be reading the classics! he said. Or just last year’s much-better crop of novels!

I agreed with him about the objective merits of whatever book it was, but I stuck up for fad-chasing. There’s something great about having everyone settle on a single conversation for a week or two, applying all their capacity for inventive criticism, clever jokes and feedback loops of enthusiasm. Faced with exile on a desert island, I could assemble a media library that was very self-edifying. Faced with participation in culture, I’m happy enough to watch the new season of House of Cards even though it’s sort of garbage. I keep an eye on new album releases for the same reason, even as experience makes each band’s influences and lack of invention clearer.

Flappy Bird is compelling for a number of reasons, foremost among them the narrative surrounding its author and the ineffable appeal of a game with neurologically agreeable physics. But I’m also really enjoying it as a cultural rallying point: the aforementioned orbit game, the MMO, the essays.

Admittedly, this is because, so far, the conversation is mostly among people who enjoy essays and indie games — for me, this is a comfortably skintight demographic. One doesn’t have to look far to find other, grosser avian videogame phenomena.

But for now, and maybe for the rest of its run, it’s something everyone can talk about.

less horrible still!

I’m almost done fiddling with it, I think. Please excuse the infinite scroll effect on the photos. I know it’s tacky.

I will mention one other thing: if you scroll allllll the way down, there is now both a search box and an email subscription option. Since even fewer people use RSS these days than before Google Reader died, it might be of interest to this blog’s profoundly modest readership.

a less horrible theme

Though still quite horrible. I couldn’t stand the old one anymore, though.

I’ve only just begun messing around with customizing this one, so apologies for its work-in-progress nature. I suspect nobody really feels too strongly about it, though.



There are not a lot of flights into Goa, but one of them comes directly from Moscow. This explains a lot. The beach is full of unhealthy-looking Russian women and their monolithic husbands, whose hairless, pressurized torsos pivot atop speedos like artillery turrets. In the afternoon they are as drunk and passed out as our xenophobic cold war stereotypes have promised. Just like those topless glamor shots of Vladimir Putin, theirs is a virile aesthetic almost completely divorced from physical beauty. I’ve found Goa to be a very agreeable place to be carrying ten spare pounds of holiday weight.

But perhaps this is just Baga Beach, where we stayed. A day trip to Anjuna, the purported center of Goan hippie culture, revealed even fewer Russians than hippies. The people on the beach seemed athletic and competent and not in the mood for anybody’s shit. Absurdly, there were even a few joggers. The Bob Marley towels and offers of drugs seemed mostly about delivering the local color promised in the guidebooks. Anjuna is an American beach, a beach from which conference calls have been joined.

Seasides are timeless. The surf is perpetual, very nearly immune to seasons and human meddling. Shells and driftwood and sand are relentlessly ground down in a process that clearly does not require much supervision. Everything about the ocean is, frankly, much too big.

I used to like to sit in front of it and (pretentiously) read Calvino and feel as tiny and quiet and unnoticeable as a stone buried in the sand beyond the breakers. But that was years ago, when my self-regard was still immaculate. Pondering mortality and insignificance was a nice vacation experience once upon a time, but was never any more life-changing than a cooking class.

It’s less fun now. I’m no pebble, I’m just part of a huge herd of mammals, wallowing in the surf and shade and beer like everyone else. It’s certainly still relaxing, but regular life has lost its childish grandiosity and so the old idea of escape feels a bit more desperate. How can you relax when, back home, entropy is increasing?

I went into the Indian Ocean, which I never thought I’d do. The sand was smooth and the waves were like bath water. Soon I found myself amid some Indian boys who were bodysurfing.

Where are you from? USA. He was going there soon, he said, to work for a new company, had I heard of it. I was sorry, I hadn’t. He told me how many lakhs he was going to make. I wished him luck, which his friends thought was funny. I started to head out further and they asked me if I could swim. I told them yes; they seemed disappointed.

My cousins were born here. Or maybe that’s not right. Were they raised here? I can’t remember. One day they arrived at my grandparents’ house on Kenmore Street, in Virginia, so that the process of civilizing them could begin. Within weeks my cousin Emily gave herself a haircut, which became an important chapter in subsequent family lore and cemented a sense of wildness that was probably undeserved.

Why did my aunt go to India, and why did she come back? I’ve never been told and have certainly never asked. I imagine that she was, like many others of her generation, attempting an experiment. Sometimes I worry that its failure has disappointed her since.

My cousins seem none the worse for it, though. They are now implacable Vermonters, wise and capable and, if one insisted on naming a fault, perhaps even too strong for their own good. Just like their grandmother, and her grandmother. A generational displacement as geographically and culturally vast as possible couldn’t dislodge their destiny. At times I find this immensely reassuring.


The guidebooks try to be polite about it, but they don’t have many compliments for Bangalore. They have to admit it’s not great for temples or monuments or palaces. But they hasten to note that it’s clean! And wealthy! If Lonely Planet were about Victorian ladies instead of cities, Bangalore’s fluency in French and skill at the pianoforte would be discussed extensively.

This city has been gentler to me than I’d been told to expect. There is dizzying traffic and choking smog, but it’s navigable. There is horrible poverty and software-driven wealth — authors of Medium posts about San Francisco’s spiritual destruction via Google Shuttle will find much to like — but so far my heart is only being broken once every ten miles or so. The taxi drivers don’t seem to see enough tourists to know how to properly gouge us. And gastrointestinally, I am at the part of the cartoon where the coyote opens a clenched eye and begins to chuckle nervously, thinking the bomb must be a dud.

So I’m not as overwhelmed as I might be. But the experience has still been satisfyingly foreign.

I finished rereading Jonathan Strange & Mr. Norrel shortly after landing, and this passage seemed about right:

They had been recommended to a hotel in Shoemaker-street which belonged to a Mr Prideaux, a Cornishman. Mr Prideaux’s guests were almost all British officers who had just returned to Portugal from England or who were waiting for ships to take them on leave of absence. It was Mr Prideaux’s intention that during their stay at his hotel the officers should feel as much at home as possible. In this he was only partly successful. Do whatsoever he might, Mr Prideaux found that Portugal continually intruded itself upon the notice of his guests. The wallpaper and furnishings of the hotel might all have been brought originally from London, but a Portuguese sun had shone on them for five years and faded them in a peculiarly Portuguese manner. Mr Prideaux might instruct the cook to prepare an English bill of fare but the cook was Portuguese and there was always more pepper and oil in the dishes than the guests expected. Even the guests’ boots had a faintly Portuguese air after the Portuguese bootboy had blacked them.

I think this unavoidable, insistent foreignness can be illuminating. There are layers to the effect.

In the old days, before anyone knew what yeast was, styles of beer came from specific places. The critters in the air and the minerals in the water determined the options available to a brewer. That pilsners came from Pilsen was an immutable feature of the world, not just clever coordination by the Pilsen Chamber of Commerce.

Maybe foreignness begins with these biological conditions. They’re no more detectable by a tourist like myself than they were to medieval brewers (although I’m told I would certainly come to notice something if I drank the tap water). But they’re real and they must shape the environment surrounding me.

Those contrasts make me begin to wonder about how I’ve been shaped by similar forces at home. Sometimes, at the gym, I’ll work out next to someone and notice that their sweat smells of berbere. It’s a physical manifestation of how saturated they are by their culture.

Of course I can only detect this because my own culture is different. I’m no less steeped. Supposedly when Westerners first came to Japan, the islanders couldn’t bear the visitors’ stink. “They smell[ed] of butter and fat.” I wonder what I’m suffused with; what I smell like to the people here. Even my friends say that Subway stores smell awful, which is worrying.

The opportunity to reflect on these contrasts is what I like I like about travel (communication technology’s erosion of the case for sightseeing is hugely underconsidered). But these contrasts are growing duller, aren’t they? It’s banal to lament the homogenizing effect of global commerce. I wouldn’t want to claim there’s anything principled about my supercilious yuppie dismay at the prospect of a Bangalore Baskin-Robbins.

But the larger phenomenon seems real enough. How distinctive can a global set of cultures remain when their TV producers are all ripping each other off at internet speed?

Conscientious citizens of the universe will already be familiar with the wikipedia article about its heat death:

From the Big Bang through the present day and well into the future, matter and dark matter in the universe are thought to be concentrated in stars, galaxies, and galaxy clusters. Therefore, the universe is not in thermodynamic equilibrium and objects can do physical work.

Why can anything happen at all? Because there’s more of something in one place than another. Charge, pressure, heat — any one of them out of equilibrium, and it’s able to be harnessed for work as it seeks balance.

It’s tempting to apply this metaphor to society: imagining that the diffusion of concentrated idiosyncrasy is the only means by which cultural invention can be pushed to an acceptable pace. The transmutation of African-American musical traditions into pop genres; the adoption of anime tropes by American filmmakers; the dizzyingly reciprocating cross-pollination that produced the Gangnam Style fad single; fusion cuisine.

Is cosmopolitanism another word for entropy? Is a Diplo mixtape analogous to an exploding oil tanker? This is not a cheerful idea — it’s a prediction of eventual globalized monotony and stagnation — but it does seem compatible with Kurt Andersen’s ideas about postmodern exhaustion.

And it could serve as a framework for understanding which parts of globalization we should resent. If cultural distinctiveness is a resource we spend it should be spent on worthwhile pursuits rather than on selling hamburgers and cola; just as we should burn petroleum to empower humanity rather than to power larger SUVs.

Admittedly, this idea is also compatible with an ugly primitivism. I don’t mean to do that. I don’t want to be tempted into imagining that India (or any place else) is some sort of wellspring of authenticity; its colonial history makes that idea laughable. Besides, it seems impolite to insist that other societies act as cures for our neuroses.

But if I squint I can imagine India as an engine, doing fascinating things as it burns away the divisions between east and west and other places beside. I wonder if it will ever run out of fuel.

in honor of CES

Let us revisit the opening paragraph of The Hitchhiker’s Guide to the Galaxy:

Far out in the uncharted backwaters of the unfashionable end of the Western Spiral arm of the Galaxy lies a small unregarded yellow sun. Orbiting this at a distance of roughly ninety-eight million miles is an utterly insignificant little blue-green planet whose ape-descended life forms are so amazingly primitive that they still think digital watches are a pretty neat idea.

If I squint just right I can almost, almost talk myself into believing that smartwatches will be useful. But this is a personal failing.

My Dumb Raspberry Pi-powered Fantasy Football Trophy

Well, another fantasy football season is behind us. I entered the season as the reigning champion and left it as the… not champion. It would be churlish to try to make excuses for my poor showing. So instead I’ll simply note that there is an ongoing, pressing need for organ donors in this country, and many of my fantasy players’ families are proud to have done their part. My heartfelt congratulations to Ben on his apparent championship and the masterfully subtle campaign of cheating that must surely lie at its foundation.

But the season did have a few bright spots, even beyond the news that my WR1 is expected to walk again. In particular, I embarked on a semi-ridiculous project to build a Raspberry Pi-powered fantasy football meter. It worked out pretty well!

I should probably begin by assuring you that I’m not actually all that maniacal about fantasy football. It was a purchase that spurred this project: a few months back I bought a big lot of antique electrical gauges on eBay.

(OK, actually I bought two lots.)

Since then I’ve been building some little projects with them using Raspberry Pis and lasercut wooden enclosures. The fantasy football meter is one of the more grandiose examples.

The top gauge measures my ranking in the league. The bottom gauge measures how many points ahead or behind I am at the moment. I realize that this is deeply stupid.

It’s fair to say that I have been working to (slowly) accumulate the expertise necessary for these projects for more than half a decade. It’s made me really, really wish that I had taken some electrical engineering classes in college.

Still, I’ve learned a lot during this process! So why not blog about some of those things?

Cut A Hole In The Box

3D printing gets a lot of attention, and it is indeed frighteningly neat. But for my money a good old-fashioned robotic lasercutter is even more exciting. Anyone who has turned an IKEA flat-pack into an unattractive wine rack will be familiar with the basic principles underlying my approach.

Conceptualizing the transformation from two to three dimensions is trivially easy for some people and essentially impossible for others. I fall somewhere in the middle, and find that I am best served by workshopping a given geometric idea under a variety of pharmacological conditions — specifically alcohol, caffeine and post-workout endorphines. Probably there is some nootropic cocktail available on the streets of San Francisco that delivers innovative furniture design insights and permanent synaptic damage instantaneously, but I’m uncool enough to require lengthy periods of mulling instead.

I would dearly love to employ interesting woodworking techniques, but working in two dimensions more or less mandates the use of finger joints. And really, that’s fine. The one thing you have to watch out for is kerf. Lasercutters work by vaporizing a small amount of material. The width of this area — called kerf — usually amounts to just a tenth or fifth of a millimeter, but it does add up.

I’ve written some python scripts to help generate finger joint geometries that account for tedious kerf calculations automatically. They do require quite a bit of fiddling and subsequent modification in Illustrator or Inkscape, but they work well enough. A nicer online application can be found at, but I know my code and like it well enough.

I used Ponoko for this particular trophy, and they provide a wonderful service. But HacDC now has a lasercutter, and though it’s less powerful, you can’t beat the price and turnaround time. I’m still experimenting with materials, but have purchased a bunch of stuff from that I hope will produce good results.

Raspberry Foray

I’ve spent a lot of time playing around with Arduino, and the experience has taught me a lot. But if you want to connect to the internet — and look at you, of course you do — you’re going to want to turn elsewhere. I spent quite a bit of time on the BeagleBone, and I admire its commitment to openness.

But there is no competing with Raspberry Pi right now. It wins on price. It wins on its choice of native distro. Most importantly, it wins on community. Next to these things, its just-OK (nongraphical) technical capabilities are afterthoughts.

Still, making the damn thing useful in embedded applications takes some thought! I have condensed a number of these lessons into this repo. You might want to borrow parts of it (you probably won’t want all of it). Among the things the script and its siblings accomplish:

  • Installs Bonjour so you can get to the Pi without looking up its DHCP-delivered IP address
  • Gets a decent Python environment in place, complete with virtualenv
  • Installs the wiringpi and wiringpi2 libraries, which are what you’ll want to use to control the General Purpose Input/Ouput (GPIO) pins on the device
  • Sets up my default wifi networks. Whoops! You probably don’t want that. But use this /etc/network/interfaces and /etc/wpa_supplicant/wpa_supplicant.conf file templates to get yourself online. Note that you can have more than one network={} statements in the latter.
  • Gives my SSH key root on the system. You probably don’t want that either.
  • Turns off the swap file. Swap files are the means by which your disk impersonates RAM to expand your system’s capabilities. It’s a super-neat idea in general, but less so if your disk self-destructs the more often you write to it — which is indeed the case with a flash SD card. You should find a way to make do with physical memory. I’ve gone through a lot of SD cards.
  • Relatedly! And not present in this install script! You should turn off journaling in the filesystem. Instructions can be found here. Journaling is a neat idea by which every change to the filesystem is first cached in a central location before being executed as a transaction. This allows for graceful recovery from a number of failure modes that can occur if an operation that requires multiple steps — and which really, really needs to complete all of them for things to make sense — is abruptly interrupted by a power loss or other failure. But that caching requires a ton of writes to disk, and will burn up your SD card in short order. You’ll just have to get by without journaling, and commit to pulling the power as little as possible
  • The script also turns on the watchdog module in the Broadcom processor that lives at the heart of the Pi. This is a little piece of hardware that listens for a heartbeat signal from the system and, if it doesn’t hear one, reboots everything. Step one is turning on the hardware; step two is setting up the heartbeat. This can give your system a gentle kick when something you’ve done screws it up.
  • Want to install a Python script in your virtualenv as a system service that starts at boot? I’ve made that fairly simple, though the script does bake in a few assumptions about your directory structure.
  • Optionally, this script will help you set up outbound mail via your Gmail account
  • Finally, there’s a script to install an ARM processor-compatible version of PhantomJS. More on that in a sec.

Some things are best done once, however. For a long time I installed whatever the latest Raspbian image was, then went through the raspi-config script (which launches automatically on the first boot) and then ran my bootstrap script.

This takes forever, though. I got particularly sick of reconfiguring raspi-config to expect a non-UK keyboard.

But creating a new and improved disk image eluded me for a while. Installing all the aforementioned junk requires that you expand the filesystem to use more of the SD card (the default uses only 2GB). But if you use the dd tool to image the result, it’ll show the full size of the SD card. And an image of one 4GB SD card (for instance) won’t necessarily fit on a different model or brand of 4GB SD card. (You should be using 8+GB cards anyway, to minimize system failures due to repeated writes to the same sector.)

The solution: expand the filesystem manually to 3GB or so. Use raspi-config to assert your American independence. Get everything set up. And then record an image using something like this:

sudo dd if=/dev/disk1 of=preconfigured_raspberry_pi.img bs=1048576 count=3000

This instructs dd to copy from /dev/disk1 in 1 megabyte chunks, and to pull three thousand of them. The remaining five thousand or so (on an 8GB card) can simply be ignored, I think? Honestly, it’s a bit difficult to keep track of which levels of filesystem abstraction and definition are included where. Perhaps those missing five thousand megabytes will come back to haunt me someday. But not yet.

Somehow the Vital Connection is Made

All of the above gets us a wooden box and a cheap and useful Linux environment. How do we make it actually translate Things On The Internet into a dial moving… somewhere?

Well, first you’ll need a wifi adapter. I tend to buy this one, which is tiny, less than ten dollars, compatible with the Raspberry Pi default distro without any additional drivers, and can mostly connect to wifi networks without exceeding the Pi’s rather wussy USB power capabilities. But there are other perfectly fine choices out there.

Getting wifi working on Linux is awful under the best of circumstances, but when done without a GUI it easily competes with the most imaginative punishments Greek mythology can offer. Please, please use the /etc/network/interfaces and wpa_supplicant.conf patterns linked above. For me, they’re the culmination of more than a year’s worth of trial and error across multiple embedded systems (next time you see me, ask to see my FUCK CONNMAN tattoo). Others will have wisely gone straight to LadyAda’s excellent series of Raspberry Pi lessons, from which this solution is cribbed.

But wifi connectivity is only the beginning.

A Ghost Is Born

Fantasy football is one of those strange areas of human endeavor in which Yahoo is successful. It’s free and it’s what my friends and I use, anyway. And it’s comforting to begin to know the annual rhythms: unnecessary redesign, mobile app flakiness, disastrous week 1 server outage, ensuing apology, eventual system stability. I look forward to repeating the cycle next year.

Alas, the API seems basically useless for anything beyond establishing that Yahoo runs a fantasy football service. So we’re going to be screen-scraping, navigating and disassembling messy HTML pages in just the same way that your browser does.

This is not a reliable process. Worse still, Yahoo counts on tons of Javascript to render portions of the page after the initial HTML has been delivered. Knowing what is supposed to happen after that point requires a Javascript interpreter, which is a sophisticated piece of machinery beyond most scripting environments. Instead, you have to connect your script to a browser and ask it, intermittently and politely, what the hell is going on right now.

This task used to be so hellaciously finicky that I’d never gotten it to work. But Phantom.js has removed most of those difficulties, and as I mentioned above, there’s a compiled version for Raspberry Pi which can simply be copied onto the device and used. I employed the Selenium Webdriver interface, but mostly because of peer pressure. I’ve been hearing good things about Casper.js.

Yahoo ensures that this will not be the end of your woes, but I’ve encoded a number of hard-fought lessons in this Python class, and will probably update it once the 2014 season redesign arrives and breaks everything. (The rest of the code for the meter is here, incidentally.)

Moving the Needle

The last piece of the puzzle: making the damn needles move. Most of the excitement is already recorded in this post. But in short: microcontrollers are all-or-nothing beasts, setting output pins to zero volts or ALL THE VOLTS (3.3 in the case of the Pi). But they can approximate intermediate values by turning a pin on and off very rapidly, with the ratio of on:off determining the voltage that’s being approximated. This is called pulse width modulation, and the Pi has built-in hardware that allows it to deal with this constant switching without expending any brainpower — but only on one pin.

Luckily, the wiringpi library has included as sophisticated a system for additional, software-controlled pins as one could hope for, though each additional pin comes at the cost of a bit more CPU utilization. Fortunately we only need two for this meter (the -100 to +100 meter is actually set up to behave as if it’s two separate meters).

The vintage gauges themselves are not configured for 3.3v, of course. But that’s where trim potentiometers come in:

Those little blue and white dials labeled 1, 5 and 6 are the trim pots in question. Some trial and error can deliver resistor levels that max out the meter’s range without overpowering it. The gauge’s response might still not be perfectly linear, but that’s where this little library comes in.

Wrapping Up

All that’s left is to add a little flair:

Ben will get a plaque now, too. I guess.

how scared should you be of your webcam?

Yesterday Tim Lee and Ashkan Soltani reported a surprising and alarming revelation: some webcams can be activated without their accompanying light being turned on. This means it’s conceivable that criminals or government agents could compromise your computer and take surreptitious pictures of you. It’s a frightening prospect.

It’s also one that I had more or less deemed impossible based on what I know about electrical engineering. I owe Tim and Ashkan my thanks for teaching me something new.

But I think it’s worth delving into exactly what makes this attack possible. The paper their story focuses on concerns one particular attack on one particular type of webcam. Left unanswered is whether vulnerabilities like this one are commonplace. Examining how this attack works can provide some reassurance about engineers’ good intentions, but leaves plenty of reasons to worry about their insufficiency.

You can find the paper detailing the attack here (thanks, guan!).

Before we walk through how the attack works, let’s establish our cast of characters — one that’s slightly simplified relative to the specifics of this attack, but which will suffice for our purposes.

First, there’s your computer. It looks like a computer, and behaves in a computerlike fashion.

Second, there’s the webcam microcontroller. This is also a computer! But it’s a much tinier, lousier computer — one that fits on a single microchip. Still, it can run programs, and it can talk to your computer. And we’re not going to ask it to do very much: mostly it’s just supposed to manage the other components in the webcam and report their outputs back to the computer when asked.

Third, there’s the image sensor. It’s digital and electronic, certainly, and it even speaks binary code and executes commands, but it doesn’t run arbitrary programs. It does have internal states and settings, though — it’s not a completely passive, memoryless device like a lightbulb or motor.

Here’s the key diagram from the paper:


On the bottom is the microcontroller. On the top is the image sensor. There is a connection between the two of them labeled “standby”. When operating normally, the image sensor will go into standby mode whenever the microcontroller sends a voltage to this connection.

On the right side of the diagram is the LED. Its input side is connected directly to the system’s power source (Vcc), and its output side is connected to the “standby” line. A circuit can only do work when energy flows through it, so when both sides of the LED are set to the same voltage — when the standby line is “high” — no current will flow and the LED will remain dark. When the voltage on this connection is low, the image sensor will emerge from standby mode; current will flow from Vcc, through the LED and out the “standby” line; and light will be generated.

This is a pretty good system! The LED’s function is tied directly to something that enables or disables the image sensor. This arrangement can’t be undone without cutting wires. Really, that “standby” line looks a lot like a power switch.

But it isn’t. The image sensor was designed to be a flexible component that might be used in many different configurations, not just the iSight. This is the norm in electronics, with a few exceptions like the custom chips that Apple designs for its iPhones. In this case, the image sensor can be configured in different ways by sending it different setup commands from the microcontroller. One can imagine modes for “low light” or “video” or “grayscale”, but there are also numerous esoteric settings that are only useful to engineers. In the case of this particular image sensor, it’s possible to tell it to ignore any signals it sees on its “standby” pin.

This probably sounds pretty outrageous, but it’s not hard to imagine configurations in which this capability could be useful. When prototyping a circuit, minimizing the number of features and connections that must be used can make the process faster and simpler. In some applications the image sensor might be on all the time, making a usable “standby” line irrelevant (or, if not properly grounded and shielded, even a source of buggy behavior).

Alternately, it might seem outrageous that the engineer designing the webcam system overlooked this capability in the image sensor. This is a stronger argument. But this is an easy mistake to make.

Here’s the datasheet for the image sensor. At 61 pages it’s not especially long (microprocessor datasheets can be thousands of pages), but I think you’ll agree that it’s not the easiest thing to read. What you probably can’t see is that datasheets are often riddled with errors. They are usually written by engineers, which produces a terrible product but is better than the alternative. As you might imagine, the result is more or less impervious to editing and verification by humans. Datasheets for very popular or venerable chips can be very good, but for complicated, new or little-used products, they can contain serious problems. Partially for this reason, datasheets often contain information about “reference implementations”: partially or wholly built systems that show how the component is supposed to be used with a minimum of complicating details, and which engineers are implicitly encouraged to follow without question.

None of this excuses the webcam engineer’s failure to foresee this security hole. But you can imagine how it happened. Having someone manipulate this completely undocumented hardware system, reprogramming a microcontroller to, in turn, reprogram an image sensor to use a counterintuitive operational mode that (for all I know) might be completely idiosyncratic to this image sensor chip? It’s tough to get too angry over someone’s decision to spend their time on other problems.

Is this comforting? Sort of. It’s an awfully specific vulnerability. It’s pretty easy to see how to design around it (use the LED to test for power to the image sensor, not the state of its standby line; harden the microcontroller’s programming; the paper’s authors discuss a number of possible remedies and the occasional tradeoffs they entail). It’s clear that the engineer was trying to tie the LED’s activity as closely and irrevocably to the image sensor’s operation as he could, which is the right idea. We have no specific reason to think that similar bugs are present in other webcams that use different chips or have more careful authors.

Still. This is a reminder that the systems we use are wildly complex, executing code in many more places than just the CPU. And it’s increasingly clear that many of those places have never been scrutinized for vulnerabilities. It’s cheering to see security researchers uncover these problems, but criminals and governments have vastly greater resources and incentives to pursue this work, and have had plenty of time to do so. Some masking tape might not be a bad idea.

teaching everyone to code is a fine idea

I often find myself defending Sam Biddle’s brand of Silicon Valley nihilism to Matt, so I’m sort of surprised to see us switching sides: today Matt joins Sam in deriding President Obama’s calls to teach schoolkids to program. He’s not alone! I think Matt’s specific objection doesn’t get us very far — some students’ failure to attain basic skills doesn’t really tell us all that much about what should be included in a general curriculum, just as the continued existence of murder doesn’t tell us much about the wisdom of enforcing speed limits.

But it is worth spelling out the case for teaching people to code. It’s not because we expect them to become programmers. We don’t expect every student in English class to write a novel or every student in Trigonometry to wind up manipulating triangles for a living. We certainly don’t expect every kid in music or art class to carry those skills beyond the classroom, or even to achieve proficiency within it.

Rather, we teach those skills because they are varyingly enriching and instructive windows onto reality and culture. They help kids navigate the world. In a few cases they’ll wind up being of practical value or make for a fulfilling hobby. But mostly they’re about building competent and intelligent human beings.

Coding qualifies. I still distinctly remember programming my grandparents’ VCR for them — a cliche of childhood technical affinity, yes. But also an instructive experience! Why was the schedule set with a 24-hour clock scheme? Why were the on-screen fonts the same across different brands of VCR? What the heck was the difference between SP, LP and SLP? The answers involve the nature of modulo arithmetic, the electronic industry supply chain and electrical engineering practices, and some pretty fundamental concepts from information theory. Some of these revealed themselves quickly; others came decades later. Gaining that simple, unimportant technical skill gave me a window into how engineers’ minds work and how the constraints imposed by physical reality shape the systems they build.

Without realizing it, the simple daily use of technology imparts lessons about data normalization, computability and signal processing. Stitching these hunches together with a light classroom introduction to the procedural nature of Turing-style computation is not a bad idea. It’s also not a trivial idea — some people think this perspective has enough explanatory power to describe the entire universe.

Nor is it of merely intellectual interest (though I’ll happily admit that I do find it deeply intellectually rewarding). In the same way that the economic perspective has largely triumphed over other dialectic forms in our culture, our physical environments grow ever more engineered. And engineering grows ever more digital in nature. Understanding how those processes work at a fundamental level is an increasingly necessary precondition to deciphering our deeply unnatural world.

Do you want to be able to quickly use a new product? Or organize a spreadsheet so that it will be useful later on? Do you want to know why your partner missed that SMS, or why the football broadcast looks blocky? Do you want to know what to fear, and when you’re being lied to, and how?

Learning to code “hello world” won’t guarantee you those answers any more than it’ll guarantee you a job at Facebook. But it isn’t a bad place to start.

using Raspberry Pi and a VPN to avoid sports blackout restrictions

Broadcast sports is finally, finally embracing the digital age. My Apple TV has separate apps for the NHL, NBA and MLB, for instance. Sadly, these are still subject to blackout restrictions, preventing me from being able to purchase Capitals games. Irritating!

As it happens, I have a pay-as-you-go account with IPredator, a Swedish VPN service. For a few bucks a month, they provide the ability to use a high-bandwidth encrypted link that terminates your internet traffic in Sweden. I mostly use this for Bittorrent (though pretty rarely, believe it or not). But I figured it might let me get around blackout rules, too.

Unfortunately, the Apple TV isn’t able to use VPN software. So we need something to handle that operation instead, making the Apple TV think that it’s on a perfectly normal network — albeit one in Sweden.

This had been on my to-do list for a while, but I finally got around to tackling it today. The results are pretty good! Sadly, it appears that hockey-crazy Sweden has blackout rules of its own — presumably the NHL has a distribution deal with some broadcaster there that makes it necessary to confound people like myself who want to pay to watch hockey but don’t care to pay for a complete cable TV package. Bah.

But the system is working — a laptop substituted for the Apple TV is convinced it’s sitting in Stockholm, and my Apple TV Netflix experience is substantially different (title availability is wildly altered). And the NBA League Pass stuff looks like it might be working fine (I don’t have an account, but will be bugging Matt to try his out shortly).

So I’ll go ahead and record what I did here before I forget it. Perhaps before too long I’ll switch to a VPN that terminates in a (non-Washington) US city and see if that doesn’t solve my problems.

  1. Buy a Raspberry Pi Model B (the one with the on-board ethernet jack). Get the basic Raspbian distro up and running.
  2. Add a USB ethernet adapter — one with Linux support. Note that I haven’t tried the one at that link, but it claims to be Linux-friendly. I’ve been using an overpriced Apple adapter.
  3. The USB ethernet port is eth1, and will be what you plug your Apple TV/whatever into. The on-board Raspberry Pi ethernet port is eth0, and should be connected to your router.
  4. Follow LadyAda’s instructions for making your Raspberry Pi into a wifi access point — except skip everything that has to do with hostapd or iptables. Also, replace references to “wlan0” with “eth1”. After rebooting, you should now be able to plug a computer into the USB adapter via ethernet and receive an IP address that begins with 192.168.42. If you can’t, something is wrong.
  5. Configure OpenVPN for IPredator using their Debian setup instructions. When running, this creates a virtual network adapter called tun0 — it’s quite similar to eth0 or eth1 (the ethernet cards) except it’s a software abstraction. Also, configure this to start up automatically — the IPredator instructions gloss over this. It shouldn’t take more than a “sudo update-rc.d openvpn enable”.
  6. Use the following iptables configuration to make the Raspberry Pi act as a router that sends incoming traffic to tun0:

    # Generated by iptables-save v1.4.14 on Sun Dec 1 13:49:10 2013
    :PREROUTING ACCEPT [329:25039]
    :INPUT ACCEPT [194:13371]
    :OUTPUT ACCEPT [0:0]
    # Completed on Sun Dec 1 13:49:10 2013
    # Generated by iptables-save v1.4.14 on Sun Dec 1 13:49:10 2013
    :INPUT ACCEPT [1384:725715]
    :FORWARD ACCEPT [877:601931]
    :OUTPUT ACCEPT [1102:200985]
    -A FORWARD -i eth1 -j ACCEPT
    # Completed on Sun Dec 1 13:49:10 2013

    You can grab the gist here. Save this into /etc/iptables.up.rules then create a file called /etc/network/if-pre-up.d/iptables that contains the following:

    /sbin/iptables-restore < /etc/iptables.up.rules

    Give it a good “sudo chmod +x /etc/network/if-pre-up.d/iptables” to make it executable and, if all has gone well, you’re done! You now have a Raspberry Pi that lets network traffic go in one end and emerge in Sweden. Kinda neat.

DIY abominations

I like to make a new Halloween decoration every year. One year it was corpsing a skeleton; another year I built a coffin; another time I made some big glowing papier mache spiders.

This year I decided I wanted some skulls. Goat skulls, ideally — dollar for dollar, I don’t think there’s a creepier skull out there. Probably it’s all the Doom 2 I played as a kid.

I posted an ad on Craigslist appealing to hunters and farmers for help with (ahem) a “theatrical production.” Eight days later I received a response. “Kyle” worked at Crazy K Goat Ranch, and he seemed to have a lot of skulls; we made plans to meet a few days later. I brought along Dave and Kriston to ensure that the encounter’s net flow of skulls went in the direction I expected.

It only took a moment to verify that Kyle was probably the K in “Crazy K”. He was certainly a strange guy. He seemed to live with his parents, and I’m not at all sure that the goat farming is a full-time occupation for him. But he was very nice to us, particularly since I happened to be wearing a Capitals t-shirt — Kyle was, too, and turned out to be a bit of an Alex Ovechkin super-fan.

$20 per skull is a steal, and we concluded our business quickly. Kyle sold me the skulls of a bunch of goats, an alpaca, a llama, and a pig that had (until recently) been giving him trouble. There is apparently some kind of solution he soaks them in to remove the soft tissue — it’s intensely unpleasant, I’m sure.

Anyway: I had some skulls.



A good start! But I wanted to do a little more. And hey: I’ve achieved pretty good results with creepy glowing eye sockets before. Let’s do some more of that.

The basics are pretty simple. The idea of an LED throwie is at least seven years old now (can that be right?) but it works as well as ever. Let’s pause for a brief interlude about sticking them all over the cube at Astor Place:


Well, the gist is the same as always: the LED and the CR2032 battery are a lovely match. The CR2032’s 3 volts are enough to light up most LEDs. Better still, its internal resistance will prevent the LED from burning out immediately, even when used without a resistor. You can wedge a CR2032 between an LED’s leads and it will light up quite happily for hours! And hey, it turns out that these batteries aren’t even that terrible for the environment.

You can get all of these components very cheaply on eBay. Here are fifty red LEDs for $3; here are 20 CR2032s for a little more than $4. If you want to get fancy (and I did) you can get CR2032 holders for about fifty cents a pop.

Wiring the necessary circuit is dead-simple. I have a distinct memory of getting a small light bulb to illuminate from a battery in second grade; it was the first thing they taught us about electricity. This is no more complex, except that you might need to flip the LED around if you get the polarity wrong the first time. So, no need to belabor that. Also: it turns out hot glue guns work well on bone.

But for a few of the more frightening skulls I went a little further and added a circuit that turns the lights on only when the surrounding environment is dark. It’s a pretty useful technique for working with analog signals of any kind (I’ve also used it to trigger a light-sensor to activate a music box upon opening, for instance), so let’s go ahead and run through it.

We’ll need three things to make this happen. First, some way of sensing light — that much is obvious. Second, a way to define what our threshold for “dark enough” is. Third, a way to compare the two values and switch the LED circuit on.

Let’s start with the last one. I used an LM393 comparator, a common chip that looks like this:


It, too, can be found on eBay for pennies per unit.

The LM393 is very simple. It takes a reference voltage. It takes a comparison voltage. If the latter goes above the former, the chip will make an electrical connection between its output pin and ground, potentially completing a circuit and doing useful work.

The LM393 also looks like this:


That’s the schematic from its data sheet, mapping the chip’s 8 pins to their functions. Pins are numbered in counter-clockwise order, starting to the left of the chip’s top side, which is marked by a little notch or off-center circle (or, in the above photo, both). As you can see, there are actually two comparators built into the LM393; we’re only using one. For our purposes they’re electrically distinct, except for a shared ground and supply voltage (V+ in the diagram, though it’s more commonly called Vcc). The LM393 can run off anything from 2 to 36 volts.

So how do we arrange the reference and comparison voltages? It’s really simple, actually: we use a voltage divider. Picture it like this:


Vin is our supply voltage — let’s say 10 volts. The horizontal triangular thingy at the bottom is ground. R1 and R2 are resistors connected to one another. At the top, it’s always gonna be 10 volts. At the bottom, it’ll always be zero. That’s axiomatically true. But what about in between the resistors, at Vout?

That depends on the values of R1 and R2 — or, really, the ratio between them. If they’re both 100 ohms, or 2500 ohms, or 5 million ohms, Vout will be 5 volts. If R1 is 25 ohms and R2 is 75 ohms, Vout will be 7.5 volts. If you flipped them, it would be 2.5 volts. It’s all pretty linear and straightforward (the Wikipedia voltage divider article will walk you through the math, if you’d like). Make sense?

So! Let’s set things up. Keep the battery out of the holder until you’re done, but pretend it’s in there — now we have a 3 volt V+ and a ground. Connect ’em to the relevant pins on the LM393. Now take two resistors — doesn’t really matter what value, as long as they’re the same, but they should be a decently high value to avoid voltage drain — and connect them in series, bridging V+ and ground BUT, crucially, making a pit-stop in the middle at pin 5 (“non-inverting input B”). That pin will now be getting a reference voltage of 1.5 volts. If the voltage on pin 6 (“inverting input B”) goes above this value, pin 7 will be connected to ground. If not, not.

But what gets connected to pin 6? Well, seems like we need something that changes its value based on light. Easy enough! A photoresistor is just what it sounds like and is, again, cheap on eBay. They look like this:


That squiggle in the middle is made of a material that lowers its resistance as light hits it. Otherwise, this thing behaves just like a regular resistor. That means we can build a voltage divider with it, just like the one we connected to pin 5. What should we use for the other resistor in the voltage divider circuit, though?

We could just use a regular old resistor. But we’d have to be pretty careful about picking it, and it would lock us in to one particular level of darkness as our threshold value. That’s not a great idea, particularly since human senses respond to energy changes adaptively and logarithmically, while sensors do not.

It will be much better to use a variable resistor — a potentiometer. Back to eBay! These guys come in many different forms, but for this we can get away with a the teeny tiny ones that you adjust with a screwdriver (sometimes called “trim pots” or “trimmers”).

Picking the appropriate range for the potentiometer is important. We want something that will let us flirt with the half-of-V+ comparison voltage we already defined via the divider we built out of those first two resistors. In this case, that means getting out a multimeter and figuring out the range of your photoresistor. Test it in darkness; test it in daylight. Try to find a trim pot that can approximate this range of resistances, or at least one that can be adjusted to somewhere around the photoresistor’s value in slightly-too-bright-for-goat-skull-glowing conditions.

Now make a voltage divider with these two — it’ll be the same deal as before, just connected to a different pin. The photoresistor lives on the side of the circuit closer to ground. The trim pot lives on the side closer to V+. The junction between the two goes to pin 6.

Finally, connect the ground side of the LED leads to pin 7. This is the final schematic:


I did all of this in “deadbug” style:


Now wait until it’s dark in the room and adjust the trim pot until the lights juuuust turn on. Voila!


When it’s brighter, the circuit should turn off. You’ll want to fiddle with the placement of the photoresistor — I gave mine a little wire lead and ran it out to the edge of the skull. It doesn’t need to be in direct light, but obviously it does need to experience some change in lighting conditions, and the bigger those changes are the easier it will be to select and adjust your trim pot.

The batteries will experience some drain even when the LEDs are off, but the LM393 is designed to consume very little juice. The voltage dividers take a little bit of power, but hopefully you picked elements with adequately large resistive values. If your in-light resistor networks both amount to 10K ohms apiece, your total system will consume about 1 milliamp at rest. Not bad! At that load, a fresh CR2032 should last for about 200 hours (less if the LEDs are activated, of course).

The LM393 makes for a fun little project — a nice way to build a night-light, or clean up an input signal to an Arduino, or just have something to mess around with on a breadboard. If you flip the two input pins, it’ll become a light detector rather than a darkness detector. It’s useful for almost any variable-voltage measurement of the analog world. I originally bought these components for a project designed to use a thermistor to tell me when a cup of coffee was a pleasant temperature for drinking.

So, somewhat far afield from skulls. But the nice thing about this application is that there’s really no precedent for anyone getting upset about mixing electricity and illicitly-obtained body parts.

halloween 2013

Well, that was great. It’s been a few years since I’d been able to throw a proper Halloween party — the Fickeweens of yore formed the start of a proud tradition, but without a venue my various skeletons’, giant spiders’ and fog machines’ annual appearance was relegated to a fun-but-sadly-professional office open house.

But Annie and Ezra bought a new place this year and heroically stepped in to fill the void. And we had a great time! I put a bunch of the pictures here; the best are probably the ones I collected from Instagram. Sorry, people who still believe in copyright! Let me know if you’d like me to pull anything down; my interest is just in making sure this stuff gets saved. And if I missed anything that you think I should have here, let me know about that, too.

The quality of costumes was very, very high — I was particularly thrilled by Josh’s obscure Hellboy reference. But there were a ton of great efforts present.


In a departure from my streak of dressing up as supervillains with romantic problems (which, to be fair, is most of them), I went as Mr. Fantastic. I wanted to concentrate on the party, and this was relatively easy to pull off — just (yet another set of) Under Armour and a layer of white duct tape on top of part of my Omni-Man costume.

People did get a kick out of the electroluminescent panel I used for the logo on my chest, though. Like everything else that is good in this world, you can buy this material from Chinese vendors on eBay — it comes in various sizes and colors. Attached to an inverter — which requires a meager 2 AA batteries — it’ll change from a pink to a cool white glow. Pretty neat! You can cut the material down, too, but bear in mind the delicate nature of the foil that makes the electrical connections. Adhesives and solder won’t work — you’re going to need to clamp your connections. I found that paper binder clips did a good job. Conductive paint or glue might work, but I didn’t have any on hand.

An even more important Halloween costume innovation: the duct tape smartphone pocket. Man, what a quality of life improvement. Highly recommended! Add a little adhesive velcro if you really want to class things up.

I made one for myself and one for Steph, too — she put together a great version of Debrie-from-Arrested-Development-as-Sue-Storm, making for what I think was a quite successful (if slightly textually complicated) couples costume.

Anyway! More on this year’s specific decorative efforts in a separate post. For now: many thanks to everyone who came out; to Annie and Ezra for opening their house to this stupid hobby of mine (and buying everyone beer!); and to Steph for putting up with my weird obsessiveness these past few weeks.

the shutdown was a bit too much fun

I should perhaps confess that on September 11 last, once I had experienced all the usual mammalian gamut of emotions, from rage to nausea, I also discovered that another sensation was contending for mastery. On examination, and to my own surprise and pleasure, it turned out be exhilaration. Here was the most frightful enemy–theocratic barbarism–in plain view… I realized that if the battle went on until the last day of my life, I would never get bored in prosecuting it to the utmost.

Christopher Hitchens made that ugly little confession. Today, safely on the other side of the government’s two week shutdown, I’m feeling a similar shame.

The embarrassing truth is that for those who work in and around politics, the shutdown was great. It was something to gossip about, write about, get indignant about. It was exciting! And it was good for business.

For the press, acknowledging this is easy enough: that discipline has had a lot of practice at explaining its responsibility to document travesties without averting them. Here’s Robert Costa making the transition from “guy who works with Jonah Goldberg” to “conservative press corp dean / less creepy reincarnation of Bob Novak.” He’s far from the only writer lamenting-the-shutdown-but-not-really:

The effect exists outside of the media. The shutdown was good to those of us who occuppy ourselves watchdogging the government. Here’s my friend Josh Tauberer, who runs

I can sympathize. Sunlight’s blog saw a modest 10% boost in traffic during the shutdown relative to the two weeks preceding it. But our iOS and Android mobile apps, which provide information about Congress, saw usage spikes of 186% and 195%, respectively. We don’t sell ads, but our funders care about those numbers. And I’ve probably fielded more press calls in the last two weeks than the preceding six months (admittedly, many of these have been about’s failures, not Congress’s, but I think that’s still in the neighborhood of profiting from human misery).

Perhaps unsurprisingly, the people most responsible for the shutdown have benefited from its effects, too. We’re still tallying the latest quarterly numbers, but anecdotal reports indicate that the crisis helped people like Ted Cruz raise a lot of money. Fundraising emails from both parties latched onto the shutdown as a moneymaker right from the start.

I spent the final days of the shutdown at a conference in San Francisco, where I gossipped with a fellow traveler about a shared acquaintance’s new-ish cable news show, and how a shutdown-prompted ratings boost had taken it safely off the bubble. And Twitter analytics tell me that I went from an average of 12.7 tweets per day to a manic 17.8 during the shutdown! Oh, the fun that I had!

This wasn’t true for many people who depend on a federal paycheck. Although my girlfriend was glad enough to have a nasty deadline moved by the shutdown, when I callously referred to “workers being paid for sitting around doing nothing” on an internal office listserv, I invited several deservedly angry replies from the spouses of feds. My friend Dave is a Capitol Hill staffer; for him this episode has meant incredibly-longer-than-usual work days and the possibility of a nonsensical pay cut (staffers are already badly underpaid).

And this is to say nothing of the cancer patients who had to delay treatment, or the people on SNAP and WIC who faced the very real prospect of going hungry because of Washington’s preening.

It’s not that I think we should be ashamed, exactly. I’m genuinely proud of the work that I and my colleagues did during the shutdown. People wanted the information we provided. We think it’s important, and we’d have been fools not to respond to a sudden surge of public interest in the mission we pursue every day. I think that every non-legislator mentioned above should be proud of the work they did, too. I was disgusted by this crisis, and I said so, but I couldn’t stop it–none of us could.

But it’s worth owning up to the fact that the incentives within the D.C. media-nonprofit-industrial complex are terrible. S&P says this escapade wasted $24 billion. We have to stop doing this. Removing these processes from the realm of human theatrics, gossip and competition will be a necessary component of that change. Mostly, that means getting rid of the debt ceiling and electing better legislators. But part of it might also be about having less fun.


Or not, whatever. This was a thrill for me, and my colleague Nicko was kind enough to make me a GIF, so I’m sticking the links here for posterity.


I need to add, though, that although I have worked on these issues first-hand and know a bit about them, my knowledge absolutely pales in comparison to that of my current and former colleagues Kaitlin Devine, Drew Vogel and Kevin Webb. They deserve credit for what I think is the best, deepest and most sustained work on federal spending data quality that’s been done by anybody. And none of us would know how to make that expertise relevant to the people who can fix these problems without Sunlight’s helpful, friendly and frighteningly smart policy team.

Additional not-that-flattering photos available here.

the new iphone is bad news for the quantified self movement

Ashkan tweeted that the new iPhone will have a Fitbit-style accelerometer, enabling (presumably) Fitbit-style applications:

Tell me if this is crazy:

* Software is a more competitive market than hardware.
* Standardizing accelerometer hardware (assuming Android device makers hop on board, too) will gut the market for devices like Nike Fuel, Fitbit, etc.
* There’ll be much stronger demand from consumers for data portability across services/interfaces/apps.
* All of this means thinner profit margins for fitness tracking firms.
* A smaller pie means less hype (this is the one I’m least sure about)

Maybe this isn’t bad news — it depends on your perspective and hopes for QS. More people will be using these pedometers, after all. It’s just that it’ll be clearer that they’re pedometers.