Hacker: You keep using that word...

So. Tell me about hackers. If you're like most people, you think of them as enemies who have malicious intent to get into a computer system (possibly yours, probably that of someone richer and more powerful than you). Maybe you think they're greasy-haired, goth louts who are spending too much time in front of a computer screen (such poetry!). These hackers want to exploit your system for personal gain, and you will be the victim.

Basically this guy

Then there are people who say that "hacking" is getting into someone's Facebook account (because they forgot to log out) and posting a status that says "I am so gay lol lol lol lol ;) " If you think this is hacking, you're probably twelve. I'm sorry; I thought you knew. 

This is you. Sorry.

It's not exactly surprising that most people think of hacking as something dangerous and hackers as something to be feared; there is no shortage of evidence that malicious infiltration fo a system can cause extensive damage. There's James Jefferey ("Pablo Escobar"), who stole patient data from the British Pregnancy Advisory Service. Then we have the Melissa virus, created by David L. Smith ("Kwyjibo"), which crashed email systems in the late 90s. The 414s illegally accessed information from high-security banks and laboratories. And let's not forget LulzSec's 2011 attack on Sony, which compromised confidential user information. The list goes on and on.

These are clearly Bad Things. What would your mother say if she knew you were breaking into other people's property and stealing their stuff? It wouldn't be good. So why can't we just say that hackers are bad and be done with it?

Because that's not the end of the story.

The hackers described are what's generally known as "black hat" hackers, or hackers that "violat[e] computer or Internet security maliciously or for illegal personal gain" [source]. Where there are black hats, though, there must be white hats. White hat hackers are security experts hired to find flaws in the security systems in place around websites or computer networks. The word "hired" here is important: you know this hacker will be getting into your stuff and you've explicitly given them permission to do so. Otherwise it's technically still illegal. White-hat hacking has been such a valuable tool to security systems that you can now become a Certified Ethical Hacker and make hacking your profession. 

See how professional Philippe looks?

White-hat hackers have been in the news a fair amount recently. A few months ago, Charlie Miller and Chris Valasek exposed to Toyota and Ford ways that their cars could be hijacked with a laptop: 

... they devised ways to force a Toyota Prius to brake suddenly at 80 miles an hour, jerk its steering wheel, or accelerate the engine. They also ... can disable the brakes of a Ford Escape traveling at very slow speeds, so that the car keeps moving no matter how hard the driver presses the pedal.

The team actually released the code [article, not the code itself, sorry] for this project at this year's DefCon, an annual hacking conference held in Las Vegas. 

More recently, a different team has helped expose vulnerabilities on Wall Street that could allow someone to force a market to crash. 

So now we have good hackers and bad hackers. Dichotomy makes things easy, right? Except there's a whole spectrum between. Grey hat hackers, as you might expect, fall somewhere in between black and white hats. A good example of a grey hat hacker is someone who casually tries to break into websites (without permission), but then contacts the owners saying, "Hey, you have a security vulnerability here and here. If you want, I could fix it for you..." and probably adding in, "...for a price." This is weird on an ethical scale. On the one hand, they still broke in illegally and are basically ransoming knowledge; on the other, they chose not to exploit your website and are offering to help. 

I'd also like to propose that there are shades of grey; not all grey hats are the same color (make a Fifty Shades reference here and I swear I'll block you from this blog). That guy up there? Probably a fairly light shade of gray. A little lighter if he fixes things for free, a little darker if he charges a fee (unintentional rhymes happen). 

Then you have groups like Anonymous.

You've seen them before.

Anonymous, a group of internet ne'er-do-wells with very loose organization and no real leadership, span the entire range of the grey spectrum. They don't do things legally. Ever. (At least not online. Peaceful protests in person are perfectly safe. Unintentional alliteration happens, too). And a lot of what they do -- like bringing down or defacing websites -- falls solidly in the Bad Things category of pastimes. Still, though, I can't bring myself to label them as black hats. Throughout everything they've done, and they've done a lot, they seem to have their weird, twisted, lulz-soaked hearts in the right place. They've helped expose Chinese hackers who worked against the US. They brought down child pornography websites and made user information publicly available. Anonymous is a group of weird people who do bad things for (generally) good reasons. 

So where does that leave us? Is a hacker someone who crashes your website and steals your information? A professional you hire to protect yourself? An internet junkie with ambition and too much time on their hands? 

Yes.

A hacker is all of these things. The word can mean just about anything, and that makes it completely useless. We wouldn't need terms like "black hat," "white hat," and "hactivist," (which is a stupid word. Please please please don't actually say that) if the term "hacker" had any meaning on its own. So next time someone starts getting all smart and starts talking about "hackers" as if they were all the same entity, go ahead and tell them 

The free software movement: E-hippies who want to save the world

Let's say you go to a garage sale and buy a chair.

What a nice chair.

It's a nice chair and everything, but after a while you realize you have too many chairs. But you have this massive dog who likes his food bowl up high. So you do the natural thing and turn the chair into a dog bowl holder.

You're welcome, Rover.

But then you're moving to a new city and you really can't be bothered to bring the chair-slash-bowl-holder. So you sell it at your own garage sale. The person who buys it doesn't have a dog but likes to garden. So they tweak your design a bit and now have a nifty flower pot holder.

Bear with me: yes, you're still reading a CS blog.

And everyone's happy, right? You go about your merry way and everyone who sees the chair tells you how clever you are and it feels pretty great.

Now let's say you buy some fancy program. It does almost everything you want it to, but it needs one or two more features to be perfect. No matter; you're a CS superhero and those features really wouldn't be that hard to implement, so you do your hacky magic and have the ideal software. You send it to some friends who all say you're very clever, and you feel all warm and fuzzy inside.

Until the cops show up at your door asking you about copyright infringement.

This is where owning software is different from owning anything else. Even if you buy it and have it and it's "yours," you don't own it. You don't have complete freedom. And that seems a little messed up: we live in a culture where "once you buy something, you own it" is pretty much policy (stereotypical American, right? "YOU CAIN' TELL ME WHAT TO DO WITH MAH PROPERTAY").

That's where the free software movement comes in.

The free software movement, which was officially founded by Richard Stallman in the eighties with the launch of the GNU project) isn't about making sure you never have to pay for software ever again (though I feel like we're definitely tending that way as a society, and as a broke college student I'm totally okay with this). Instead, the movement promotes four "essential" freedoms for users:

(0) freedom to run the program,
(1) freedom to study and change the program in source code form,
(2) freedom to redistribute exact copies, and
(3) freedom to distribute modified versions.

You'll notice that none of that says "users should be free from having to spend money for a collection of ones and zeroes"; when you see "free software," it's free as in speech, not necessarily free as in beer. Sorry.

Stallman himself has terrible-quality webcam videos explaining the philosophy behind free software: (CS celebrity alert!)

At the heart of the free software movement is the idea of copyleft, a "general method for making a program (or other work) free, and requiring all modified and extended versions of the program to be free as well."

To copyleft a program, we first state that it is copyrighted; then we add distribution terms, which are a legal instrument that gives everyone the rights to use, modify, and redistribute the program's code, or any program derived from it, but only if the distribution terms are unchanged. Thus, the code and the freedoms become legally inseparable.
Proprietary software developers use copyright to take away the users' freedom; we use copyright to guarantee their freedom. That's why we reverse the name, changing “copyright” into “copyleft.”
Copyleft is a way of using of the copyright on the program. It doesn't mean abandoning the copyright; in fact, doing so would make copyleft impossible. The “left” in “copyleft” is not a reference to the verb “to leave”—only to the direction which is the inverse of “right”.

You can (and should!!) read about copyleft here and here, and there's also a whole series of pages about the underlying philosophy of the free software movement.

The origins of the free software movement and copyleft are described in the documentary Revolution OS, which is much more than "a documentary about Linux." And it's freely distributed (because, really, it would be weird if it wasn't), so you have no excuse not to watch it if you haven't already. You can torrent it here or watch the whole thing on YouTube here.

Really, this should be required viewing to pass 46A

Free software has done a lot for us. Apache's web services are community-developed and free to use, and they host more than 60% of all web pages whose servers we know. OpenOffice and LibreOffice are free replacements for Microsoft's Office Suite. Adblock Plus makes the Internet a less annoying place. I use Notepad++ and GCC to write and compile my C code. I've used Anki to study. I think you get the idea. The free software movement has contributed to some fantastic code out there, and since projects have an entire community behind them, they continue to evolve and create a more diverse and robust collection of software.

So stop hogging all your code to yourself. You're not helping anyone. You jerk.

Agile: All the cool kids are doing it

I have a friend, and you probably do too, who decides that once they decide they like something, it's absolutely critical that I like it too.

"This is really great!"

"No, really, you should check it out!"

"I really think you'd like it."

Okay. Yes, I probably would like Game of Thrones. It sounds like the kind of thing I'd enjoy. But since you tell me this every time I see you, I have lost all interest. Done. Over. Don't bring it up again. Please.

This is basically how I feel about Agile development. It really does sound great: for the uninitiated, Agile is a type of software development strategy that focuses on iterative development and client feedback. But those are buzzwords, and buzzwords don't mean anything. In English: the idea of Agile development is that you do things one piece at a time. Pick one specific part to work on during this period (called a sprint) and set a deadline for it. Make sure it works, make sure the customer likes it. Tackle another piece of the puzzle. The important thing here is that you have a working piece of software at the end of each sprint; it just gets fancier and gains more features as time goes on [source]. Clients help shape the development, so if your client suddenly changes their mind about a feature, they'll be letting you know during development and not when you hand them the finished product (no one wants to hear "thanks for that thing you made me, but I actually needed it to do this").

Agile in pictures. Thanks, Wikipedia

There are many development methodologies that fall under the Agile umbrella, but the most popular is the Scrum framework. (It's a stupid word, I know. It sounds disgusting. It sounds like scum. Let's be adults about this.) Scrum (not scum) focuses on daily face-to-face meetings with all team members, discussing plans and progress. Tasks are kept in a prioritized list based on each task's importance, difficulty, and required time. They're typically formatted as "user stories": As a <user type> I want to <do some action> so that <desired result> [Thanks Wikipedia]. No one gets left in the dark about progress, and things get done. (That entire paragraph, really, is thanks to the Wikipedia Scrum page. Check it out. It's honestly the clearest description you'll find of Scrum techniques.)

The other thing with Agile development is that everyone uses it. Everyone. In 2000, about 1% of companies used Agile. It really wasn't a thing that people did. Now? 60-80% of software developers use Agile tactics. Huge names, too: IBM has a page about Agile development and Cisco has been Agile since at least 2011 [PDF]. And it's not just software: universities, militaries, and even car manufacturers are integrating scrum techniques into their workplaces. Even NASA was Agile-ish for their Ensemble project.

So what's my issue with Agile? Really, it's just that everyone is talking about Agile. Everyone loves Agile. Agile this, Agile that, Scrum Scrum Scrum. And it gets old. It sounds like buzzwords and marketing and company Kool-Aid. And it's really off-putting to be told by everyone ever how great Agile is and how much I'll love it. I'm having Game of Thrones Syndrome with Agile. Keep telling me how much I'll love it and I swear to you I'll never take it seriously.

Watch, first job at a tech company and I end up a diehard Agile fan. Don't you dare tell me you told me so. 

LinkedIn and branding: unless you don't want a job

It's hard to get a job these days. Everyone is looking but no one is hiring. It's the kind of job market where you think "maybe I'll hold onto that retail job after graduation, just in case." 

Or maybe you should update your LinkedIn profile.

You've heard of it before, I swear

Okay, I know. People always say "make sure your LinkedIn profile is up to date! This is really important! If you don't, you'll never get a job and you'll starve on the streets!" and it seems a little over-dramatic. I mean, chances are pretty good you won't starve (you have that retail job to fall back on, remember? You love working retail!). But it turns out they're onto something with that advice: companies care about LinkedIn a little more than you might think.

Like a lot more.

Like they probably won't hire you if you don't have one.

Ed Nathanson, the director of talent acquisition (read: the guy in charge of getting you hired) at software security company Rapid7 talked to Wired magazine about the importance of LinkedIn and hiring for an April article (which you can check out in full here).

Nathanson says that Rapid7 now uses LinkedIn Recruiter for all of its recruiting purposes, and that the company’s recruiters spend anywhere from four to five hours on LinkedIn each day. He and his team have used LinkedIn to more than double the size of Rapid7 in the last year and a half. 

In other words, Nathanson finds the vast majority of future employees on LinkedIn. And if you aren’t on LinkedIn? He’ll probably never find you. And even if he did, he probably wouldn’t hire you. “I’m always amazed at people who aren’t there now,” Nathanson says. “When I talk to candidates and they aren’t on there that’s a big red flag for me.”

Let's emphasize that last part. It's not just that having a LinkedIn profile helps. Not having one can ruin your chance of getting a job, regardless of how qualified you are. And this isn't just Rapid7. There are tons of companies that have, instead of hiring their own talent-seeking team of professional recruiters, been switching to LinkedIn as their method of searching for and screening potential employees.

So maybe it's a good idea to have a LinkedIn profile that you keep updated. Polish it up every now and then. Reassess your skills. Make yourself look employable. Because if you don't...well, I hope you really like retail.

QR codes: More clever than they seem (promise)

QR Codes have been popping up everywhere lately. They're on flyers, posters, company advertisements, business cards, my sidebar...

...bananas...

...cookies...

...dead people...

...butts....

everywhere. (For the curious, those were all from wtfqrcodes.com). It turns out the Internet has a lot of hate for QR codes.

Not pictured: any love for QR codes

And I get that. It's often way easier to make a link to a website than to create a multi-step process symbolized by what looks like a bar code that's been accidentally run through the wash. According to this poll [warning: PDF] 79% of people have never heard of a QR code (though 81% has seen one before) and 57% of people who have scanned one didn't actually do anything with the information they got from scanning.

So if QR codes are so terrible, why am I making a point to tell you about them?

Because they're really really cool. Not "cool" like "hip," like marketing people want them to be, but "cool" like "wait that weird blob does what?"  Ever wonder why people can cover up half of their QR code with a logo without affecting its ability to take you to the right place?

This should break it, right?

It turns out that QR codes have built-in error correcting mechanisms to help deal with unexpected dirt (or Octocats) that may distort your code. The codes use the Reed-Solomon error correction algorithm, which uses polynomial algebra and compares t checkpoints in the code (therefore being able to correct up to t / 2 mis-read symbols). I won't go in-depth about the actual algorithm; polynomial algebra isn't usually how I like to spend my Friday mornings. For the interested, this site gives a very detailed explanation of how the algorithm is applied. For the slightly less interested, it's the same sort of code (cyclic) as the CRC-32 algorithm that checks Ethernet correctness. Now you have something to talk about at parties.

Not all QR codes are created equal (or equally repairable). There are four different levels of QR error correction, each of which is able to repair a different amount of damage done to the code:

• Level L: corrects up to 7% damage
• Level M: corrects up to 15% damage
• Level Q: corrects up to 25% damage
• Level H: corrects up to 30% damage

The level is indicated on the QR code itself by the blocks immediately to the right of the bottom left alignment square.

You never would have thought to look, would you?

Pop quiz: based on this information, what error correction level was that Octocat code? I'll wait. Level H, you say? You're so clever. Good for you. So that's why the logo didn't ruin it -- that QR code has the highest possible level of error correction [sources 1 and 2]. The main downside to QR codes of level Q or H is their complexity; a small print size or long distance (think business card or billboard) will make your code very hard to read. As such, levels L and M are usually sufficient, unless you plan on keeping your QR code on a surface that might get dirty or change shape

like a butt

Social Networking and Brand Security

You can't escape social networking these days. Everyone you know and everything you do is on Facebook, Twitter, or Instagram. Probably all three. It makes sense, then, that Internet advertising is no longer just a matter of weird sidebars and popup ads. Companies have social media pages purely for advertising their product and interacting with customers (and there are now social media pages about companies' social media pages).

While this adds a more personal feel to mass advertising, it has its drawbacks. Being more exposed socially can put brands in the spotlight for reasons they never intended. Twitter has allowed companies to have short personal conversations with consumers, but embarrassing tweets (like those collected here and here) show that the actions an individual takes in about thirty seconds can cause a company grief for years (some of the tweets listed were from 2011 and are still being mentioned today). Once your hilariously embarrassing and tasteless comment is on the Internet, it's there to stay. Deleting the original post doesn't matter; hundreds of people will have screencapped, archived, or quoted it already.

Twitter: a great place for mistakes that last forever

So how do companies avoid these risks to their brands? Social media management sites, such as HootSuite, have begun to emerge and are becoming a necessity for larger businesses. These services link with multiple social media accounts, allowing companies to keep a closer eye on how the world is seeing them. HootSuite also recently announced it was partnering with Nexgate for added security. This partnership has lead to features that will "help prevent hackers from hijacking your social media accounts by setting alerts when account changes are made, and by allowing you to immediately lock your accounts" (source).

Social media is no longer something reserved for personal use; it has grown to be an integral part of running a successful company. HootSuite alone has 7 million users (and 774 of the Fortune 1,000 companies), and millions more people are using other social media management tools. These numbers show that social media in the workplace is here to stay, and that smart companies will do everything in their power to get a positive social media image out to the public.

helloworld.blog

Hi everyone! Here's episode one of the blog I'll be keeping for CS 100W this semester. Being forced to write a blog on a deadline should be useful, since last time I tried to keep a blog going it fell apart around midterms and never quite recovered. Even though that blog actually had readers to be annoyed at me for stopping. 

My family counts as "readers," right?

Anyway. This is me:

Me, 6:45am, pre-coffee

My name's Katharine. I'm a twenty-something CS major with a cat, a part-time job, and, now, a blog. And I'm probably the only white girl in your programming class. Very nice to meet you. 

Moving on to this week's assignment topics:

Tell us something about your technical expertise:

Alright, "expertise" is a strong word. Expertise comes when you've worked in a field for a decade and can write a textbook on a subject. I don't have expertise. I've got some knowledge, though. I know about writing code that can be read by another human (even better, code that can be read by myself a year later). I like being hands-on with my code (and, on that note, I actually enjoy writing code. I've been told that's rare, even in this field, and that confuses me more than a little). Thanks to CS 157A, I can tell you all about exponential backoff and why you probably won't get my UDP joke. And, whether this is a technical skill or not, I don't suck at writing English (as far as I know. Correct me if I'm wrong so I can stop embarrassing myself). I can communicate technical ideas to non-technical people in language they can understand. 

But at the end of the day, I don't feel like I have expertise. That's why I'm a student, not a lead developer at a massive company. I'm here to get the knowledge I need to one day have expertise in a field, to be the go-to guy for a particular set of problems.

What you find exciting about the field of computer science and challenges you believe you can tackle:

Everything. Computers can do everything. Want a million insanely difficult math problems done while you're at lunch? How about fancy grahpics? You need a family recipe from your fifth cousin twice removed who lives in France? Maybe you just need to know what the weather is like outside your windowless cubicle. You can apply a computer to almost any problem. Code can take people to the moon or waste your time with one more level. There are plenty of multi-purpose tools out there, but code is universal. Technology has made the world more connected. We know more about the world today than ever before.  

This is what excites me. There are a million and a half possibilities when you have programming knowledge. I don't know what I want to do with the rest of my life; I have no idea where I want to work. But until I find something, I want to do everything. I want to learn about everything. The more I know, the more I want to learn. This is why I've gone into computer science instead of any of the other subjects I'm interested in: there is no other field that evolves as quickly, no other field that would give the same opportunity to learn something completely new every week. Studying computer science in the heart of the Silicon Valley may be one of the most interesting things I do with my life, and I feel like I've just barely started to scratch the surface.