Design, DIY

Onewheel - A 2000 Mile Review

Back in 2016, I unexpectedly managed both of my fantasy baseball leagues to victories for a generous windfall of $1500. As a responsible mid-20's adult, I purchased the Onewheel V1 having never ridden the board before with all of my winnings. I took a huge financial gamble on a Santa Cruz, California-made electric motion device based on online reviews only. It changed my life.

During my Berzerkeley days, I was commuting from the Berkeley Hills all the way to Palo Alto. I use to drive to BART, BART to Lake Merritt, and then shuttle to Palo Alto. Yes, I agree - it was insane, but the Onewheel made it doable.

It never snows in the bay area, but riding the Onewheel down the Berkeley hills every weekday morning was honestly better than snowboarding. My daily ride was so damn predictable: I never "caught an edge", I never had any mechanical or electrical failures, I carved every surface imaginable down and up the hills, rain or shine. I transitioned from longboarding to Onewheeling within a month's time. Thankfully, in the first 100 miles of riding the board, I managed to escape any serious injury without wearing a helmet. Don't be like me, seriously, WEAR A HELMET!!!

Back in 2016, personal electric transports were not popular in the bay area; Lyft and Uber had only just started getting popularized! Those days, only Santa Monica had Scooter Fever.. Every day I rode the Onewheel, I was inundated with questions and comments from random strangers, coworkers, and kids: "Does it run on electricity?", "How fast does that thing go?", "What's the battery life like?", "How much did you pay for it?", "How do you balance on it?", "Did you build that yourself?", "DO A KICKFLIP!". Wow, I finally understood what it felt like to be a hot chick with headphones on... (Seriously, don't bother people with headphones on in public. SERIOUSLY!!111)

Fast forward to 2019...

The future of personal electric transports is now! Aside from the Onewheel, there are so many amazing battery-powered, electric transports ubiquitous today: Tesla's, Electric motorcycles, Electric rickshaws, Electric bikes, Lime/Bird scooters, Segways, Hoverboards, etc. These personal electric transports solve the last mile equation for commuting. Why travel in a 3000 pound gas-guzzling $12 Lyft/Uber ride, when you can enjoy the journey to your destination on a 25 pound electric transport for a fraction of the price?? The ELECTRIC REVOLUTION is here!!!

So.. How has my Onewheel held up after 2000 miles? Maintenance-wise, I carved the OEM Vega Tire to its core in under 500 miles. Future Motion replaced the BMS (battery module system) once - after riding through a massive puddle - to the tune of $460. My board's batteries still delivery a healthy 4-7 miles of range, so I don't find myself needing to upgrade anytime soon. These electric motors dramatically simplify the number of parts needed to function for thousands of miles - I look forward to celebrating my Onewheels' 3000 and 4000-mile marks soon! Finally, after 3 years of ownership, I no longer get asked daily questions about my Onewheel in the bay area; however, your experience may vary.

ADVANCED TECHNOLOGY: I love the vertically-integrated experience of my Onewheel V1. It's an engineering marvel:

  • It regenerates energy when riding downhill by running its flywheel in reverse - just like an electric car! Make sure not to charge it to 100% before riding though, otherwise it will shut off mid-ride due to overcharge. The 4-8 mile battery life is perfect for riding to and from public transit across any terrain.
  • It houses 130Wh of Lithium Iron Phosphate (LiFePo4) batteries underneath the foot pads. Compared to lithium ion batteries, this battery chemistry is resistant to overheating in exchange for energy density. Guess what?? There has never been a self-immolating Onewheel, and this specific Onewheel can be flown on planes.
  • Ultra-fast charging via a wall outlet. Only 20 minutes per charge, so you can get riding sooner.
  • Modern sensors. It uses two gyroscopes and weight sensors to give a self-balancing, predictable, carvy ride. It rides like a snowboard down hills, like a longboard on flats, like a surfboard in bowls, and like nothing else going up hill. As a longboarder who walked up most hills most of his life, carving up hills is a God-send.
  • Built-in LED lights for night-time riding. There are set of two lighting strips which give you a bright white light for visibility in front and red lights for traffic in the back.
  • Automatic slip and pushback detection. The board corrects itself via software to prevent over-acceleration by the rider and to prevent over-voltage or running out of charge on the board.
  • Weather resistant body construction. Thanks to the aluminum body and a solid plastic fender, none of the edges have rusted and none of the plywood has molded. In fact, I ride through the streets on light, rainy days without any issue.
  • It comes with a companion mobile app complete with leaderboards, accurate telemetries, debugging information, notifications, and a lifetime odometer. Best of all, the Onewheel connects via bluetooth so you can access all of the information deep in the mountains.

MODS: I love how modular the Onewheel's components are (None of that proprietary Apple non-sense), and I absolutely love how in-depth the Onewheel Community experiments with mods. They explore all sorts of go kart tire options (Hoosier and Burris), Grip tapes (Skate and Surf), and hobbyist renewable energy technology (DC-DC battery fast charging via a Solar MPTT). I highly recommend checking out the community-run products on Craft and Ride, FlightFins, and Float Life. Here's a list of all of the work I've put on my board:

  • Vicious Grip Tape - any skater will tell you the original grip tape sucks. By using a hair-dryer, you can easily swap the grip tape for something more coarse. Better for higher speeds and sharper turns.
  • OWArmor - perfect for increasing visibility at night time and giving your Onewheel a little more personality.
  • Hoosier 6.5" Treaded Tire - swapping the tire is the best thing you can do for your Onewheel. It rides completely differently and the treaded tires help immensely for going off-road. If you choose the 6.5" Hoosier, make sure not to pump it past 14 PSI, otherwise you'll experience rubbing.
  • Aluminum Handle - the Onewheel weighs 25 pounds without any mods; the stock handles are an insane forearm workout. These side handles make it much, much easier to carry your board around.
  • CarvePower DC Charging Kit - going on longer rides with no outlets? No problem, add this convenient on-the-go charging kit for the best trail experience.

If you've read this far, you've probably noticed that I absolutely adore my Onewheel (and my gf too!!). It's part of my everyday life now, and the best money I have ever spent on a consumer electronic. Don't go into debt to buy one, but if you start saving now, you will not regret it. Float on my friends.

Standard
Thoughts

Privacy > Likes

Social media used to be all about digital flirtation, keeping your friends close, and organizing cohesive events. I loved using AIM and Facebook chat for live bantering with friends. I found it super weird to "Facebook stalk" other people, but lo and behold, at some point, I ended up subconsciously scrolling the same useless feed on public transit, essentially doing the same thing everyone else was doing... Wow, I can't believe how long I was on the Facebook platform - over a decade of all of my stupid pictures, comments, and chats archived on the cloud for anyone to peruse.

In 2019, I can no longer support a company whose profit incentives are aligned with harvesting any and all user data by all means. Privacy is vitally important, NOT likes and follows. I'm a creator, not a consumer, and I damn-well better be remembered for making dope shit, rather than pretending to flaunt my clout on the internet.

I built a few apps on Facebook's OAuth v1.0 graph platform which leveraged its famed social network. Anytime a single user signed up for my service using Facebook, the app would automatically scrape that user's digital fingerprint and their entire friend list via Facebook's API. This was the network effect Facebook wanted to sell me, but damn, I didn't realize how much data they actually had. 10,000 Facebook user signups could give you almost 1 million network points of their friends. Depending on the permissions I requested on the app, I could have scraped an entire network of very personal user data.

I can only imagine how many terabytes of data the most popular apps using Facebook's API have been able to scrape. This is enough data to build an entire prediction network of your interests that know you better than you know yourself!! (Facebook already knows when you're pregnant) Facebook and Instagram are the most effective data inception tools for advertisers and political propaganda. What's crazy is that this data can now be weaponized against common consciousness: Cambridge Analytica, Flat Earthers, Anti-Vaxxers, etc. If you are still receiving your news from the same, partisan news networks on Facebook, I can guarantee you that those media companies, along with fake Russian bots, are using basic clickbait psychology to manipulate your screen time and influence. The Dunning-Kruger effect is amplified through the basic sharing, liking, and following functions of social media. Hell, there is now an entirely new advertising business designed around influencers and affiliate marketing.

Sadly, on social media, we're all seeking out people's opinions to validate our own biases, yet we rarely test our own hypotheses against people of the opposite viewpoints. Both the right and the left political think-tanks drift further and further apart, as a result of sensationalist, clickbait, fake-news headlines driven by popular influencers in digitally, segmented communities. These echo chambers of thought are already fragmenting our physical, human communities, for online, we usually only befriend and follow people whose ideas resonate with our own thoughts.

Fuck. Facebook is the best manipulative spying tool of all time. Governments lust for a tool which allows them to create lifetime profiles on all of their citizens. Now, we're all doing it for free. We're all working for Facebook. And look, Facebook has no economic incentive to STOP collecting as much as possible on us. In Q1 2019 alone, Facebook made $15.08 billion in revenue. On their quarterly statement, Facebook has already financially accounted for a $3-5 billion dollar fine by the FTC. Unfortunately, this fine will not economically, incentivize Facebook to make any meaningful changes. As long as the data profits are larger than the fines, Facebook's cavalier stance on privacy will continue.

But wait, what about Zuckerberg's mission to take privacy seriously? He promised private interactions, encryption, reducing permanence, safety, interoperability, and secure data storage. These buzzwords surely must be good, right?

WRONG. These pillars of privacy are for keeping your data secure, but these pillars say NOTHING about revising data collection, data sharing, or ad targeting practices. What's even more concerning in Zuckerburg's manifesto is that Facebook intends to merge its WhatsApp, Instagram Direct, and Facebook Messenger platforms. Undoubtedly, this unified messaging infrastructure will contain all the best parts of WeChat /s. After all, Zuckerberg wants to build the WeChat of the West.

What could possibly go wrong? If you guessed implementing a massive governmental PRISM surveillance system, then you wouldn't be that far from the truth. Are you prepared for an Orwellian 2019? Read on..

  • Do you know Facebook lobbies against privacy laws worldwide?
  • Do you know if your photos have geolocation metadata attached, that Facebook knows your exact location? (Suggestion: remove location tagging preferences from your photos, thank me later)
  • Do you know if you have Facebook open in a window, that it will track every single website you visit in that browser, even if it's in a new tab or window?
  • Do you know that Facebook Messenger tracks every single letter you typed on your keyboard? Every thought that you regrettably thumbed on your phone is permanently recorded on their intranet.
  • Do you know Facebook even tracks mouse movements on your screen?
  • Besides the obvious facial recognition patterns Facebook has added, do you know that Facebook tracks you through the dust on your camera lens?
  • Do you know that the Facebook Android Messenger app even scrapes your phone call log? Why does it need this info?
  • Do you know Facebook has been using shell mobile apps to further track its users?
  • By the way, do you know Brian Acton (WhatsApp founder), Brendan Iribe (Oculus founder), and all of the Instagram founders have left Facebook?
  • Do you know Facebook's Ex-Chief Product Officer, Chris Cox, called social media's effects "not neutral"? Hmmmmm, I wonder why he left.

And remember, this is only the information privacy investigators have uncovered. Imagine the 3D telemetries being harvested through Facebook's VR spin-off, Oculus.. They crave a digital mold of your entire body.

If these aren't enough reasons to leave Facebook, I don't know what the hell else will get your attention. You've given up your privacy for likes, convenience, and "keeping up" with your friends. We (by we I mean millennials) are setting a privacy and communication precedent for all future generations.

Facebook is one massive hack away from leaking more information about you than you know about yourself. Do we really want a Black Mirror reality of social credit systems based on a user profile's "score"? Do we really want to end up in a censored world where every bit of your personal information is transferred and consumed by Authoritarian governments and AI??

This is why I'm deleting my Facebook. Zuckerberg is not the person I wanted to trust with all of my data. I'll be posting my pictures on secure, password-protected channels in which my friends can peruse.

Seriously, just reach me on a secure line from now on:

  1. iMessage
  2. Signal
  3. Telegram

What makes me sad is that Facebook undoubtedly has archives and backups of backups of all of their old users. I yearn for the day of a decentralized, privatized social media platform that everyone can participate in and get paid for.

I deleted Facebook. You can delete it too. It's time. #DeleteFacebook.

Standard
Mathematics, Programming

Mandelbrot Set and the Fractals of Life

I've been playing around with Rust for a few weekends just to see what all the hacker hype is about. I haven't done a math post in a minute, so I wanted to use this small project as an exploration of mathematical visual arts.

Tangentially, there's an amazing PBS Nova documentary about Fractals - Hunting the Hidden Dimension. If you haven't watched it already, do it NOW! (WARNING: May induce wook-like philosophies)

https://en.wikipedia.org/wiki/Fractal_landscape

I love fractals. They are the most intriguing shapes which can represent very natural phenomena. Every snowflake is a unique fractal. Mountain ranges are landscape fractals with infinite triangles. Rainforests -> trees -> tree roots -> branches -> stems -> leafs represent a natural fractal ecosystem. Extending this analogy to space, a planet -> lunar system -> solar system -> globular cluster -> galaxy -> cosmic web form a fractal universe. Watch this incredible Youtube video visualize our entire human experience as an isomorphic fractal structure to the universe and the quarks that make up our known existence.

In mathematical terms, fractals are shapes with non-integer dimensions, infinite length arounds its edges, and self-similar. This means one can infinitely zoom in or out of a fractal, and the fractal will still retain the exact same pattern.

Fractals were largely ignored in the mathematical community UNTIL they could be visualized by the power of computer graphics (shoutout Benoit Mandelbrot). Today, we see fractals in a plethora of digital art, design, and visual performance tools: see Electric Sheep or go attend any electronic music show with a projector.

Mandelbrot Set Fractal Properties

On March 1, 1980, Mandelbrot created the first visualization of the Mandelbrot Set on an IBM computer. I wanted to recreate this moment using modern computer languages.

A Mandelbrot Set is a set of complex numbers C that are bound and do not diverge from the recursive function f(z+1) = z^2 + C when iterated from z = 0.

To accomplish this, I wrote a concurrent image output Rust program which leveraged all 4 of my CPU cores by splitting the rendering output work among 8 threads by pixel row. I then iterated through the set of Complex numbers and determined which numbers did not recursively diverge from the function listed above.

Here are my initial thoughts of working with Rust:

  1. The language itself is like a combination of C++, JavaScript, and OCaml. I really enjoyed working with the success and error handlers of the language.
  2. The syntax is also NOT human readable at first glance - there is an unmistakable learning curve to this language.
  3. The cargo packaging system for Rust is simply amazing. I was easily able to add Complex numbers and concurrency to my program with a few import statements (I secretly wish Golang had a halfway decent package management system).
  4. Sublime Text really struggles with displaying the compiler errors in the code editor. This is the exact reason why I switched to bindings-packed VSCode.
  5. Documenting and writing test cases using /// and #[test] are extremely intuitive and forces you to write quality code.
  6. Rust is unbelievably fast.

Anyway, here's my super detailed 8000x6000 grayscale Mandelbrot Set. If you look close enough, you'll see even more miniature Mandelbrot Sets :).

Standard
DIY

Hackintosh Mac OS High Sierra Upgrade Troubleshooting

Hackintosh Specifications:

  • Motherboard: GIGABYTE G1 Gaming GA-Z170MX-Gaming 5 (Intel HD 530 iGPU)
  • CPU: Intel Core i5-6600K Skylake Quad-Core
  • RAM: (4x8GB) 32 GB G.SKILL Ripjaws V DDR4 3000
  • GPU: EVGA GeForce GTX 1080 Ti
  • HD: Samsung 840 120GB SSD
  • Audio: Creative Sound Blaster Omni Surround 5.1 USB
  • WiFi + Bluetooth: Fenvi FV-T919 PCI Adapter (native support - highly recommended)

macOS High Sierra 10.13.6 is quite the modern day Apple software upgrade: APFS, Airplay 2, Metal 2 for the full Apple ecosystem... on PC hardware.

I've been putting off this direct OS upgrade for quite some time since I've read about all of the horror stories on tonymacx86. They weren't kidding around. I ran into issues on every step of the upgrade, so I'm hoping this guide will help you. Most online guides do not cover the minor versions of High Sierra nor Nvidia systems.

Prerequisites: Mac OS Sierra, Clover r4630 (great stable version), Multibeast v9.2.1 for Sierra (apply Intel graphics fixes), High Sierra Installer (mine was 10.13.2), apfs.efi, a backup (Carbon Copy Cloner ftw).

  1. After following the prerequisites on tonymacx86, I ran the High Sierra installer (5.22 GB) from the /Applications directory. After a few minutes I was off to the races. After booting into the "install Mac OS" partition, the loader started for a bit and then the spinner completely stalled half way through. The issue is due to booting with the Nvidia card. To solve this issue, I completely removed my graphics card from my case and used my Intel iGPU to continue the installation.
  2. Well once I got back into the installer, it turns out the temp installation directories went missing.

    The path /System/Installation/Packages/OSInstall.mpkg appears to be missing or damaged

    To solve this issue, I reran the installation file (step 1) from my regular Mac OS partition.
  3. Phew, we made it pretty far now, and the installation actually ran to completion following many reboots (boot back into the "install Mac OS" partition everytime). Once I tried to boot into the real deal though, my computer showed the Apple logo and immediately started to reboot. It was stuck in a reboot loop, which immediately lead me to believe this was a kernel panic. I booted back into the mac OS partition with a few boot flags (right click the drive in Clover for options) verbose and do not reboot on kernel panic to diagnose the problem. I discovered I had an old Lilu.kext file. To solve this issue, I booted with the boot flag -liluoff.
  4. Finally, I had logged in successfully to High Sierra. To make sure I didn't have to boot with the -liluoff flag every time I started my computer, I updated Lilu.kext to the latest version in both /Library/Extensions and /EFI/CLOVER/kexts/Other/.
  5. Depending on the version of High Sierra you upgraded to, you may have to follow some additional setup steps to enable full functionality: 10.13.2, 10.13.3, 10.13.4, 10.13.5, 10.13.6. I ran through 10.13.2 and 10.13.6 guides to make sure my upgrades went as smooth as possible. At this time, I also installed the basic Multibeast v10.4 High Sierra configurations to enable full compatibility.
  6. Once I had every software thing in place, I reinstalled my Nvidia card and booted with the nv_disable=1 flag (some of the Nvidia drivers can crash on different versions of High Sierra). I updated my Nvidia drivers to the latest, compatible version, and then rebooted...

Voila. Finally, we did it. Nvidia GTX 1080 Ti and High Sierra on the Hackintosh. Drink a beer, you deserve it.

Standard
Thoughts

A Closed Corporate Internet

Tech giants, Google, Facebook, and Amazon are changing the way we digest and use the Internet. They are streamlining their services to make your Internet life easier and more accessible. Google's AMP for mobile, for example, is stealing traffic from the actual website to their scraped and streamlined version of the website. When I first used services like these, I was easily fooled into thinking that the website had implemented a half-decent mobile implementation. I was dead wrong.

This is just the start of something much larger than countries and politics.. These are capitalistic corporations after all. They are controlling pretty much every sector of our lives and definitely our machine lives, both directly and indirectly for all things connected to the Internet. We use Google exclusively for all things search, directions, email - some even go as far to connect their entire phone operating system (*cough* Android *cough) to the Google hive mind.

I used to believe these companies were only using your data for moral good. Google offers many free services in exchange for one thing... Your soul. Just kidding, they're only after your private data. Data is quickly becoming the most valuable thing to own in the 21st century, well that and Bitcoin. Facebook only wants every photo of you (including your nude photos - WTF) - from birth until death - to build an epically-sized facial recognition system, and Amazon knows all of your web preferences and shopping needs. They make things incredibly easy for us lazy folk. Just add a "Sponsored" tag and no-one will bat an eye.

Using technology to automate and improve the efficiency of society is quite amazing. We are only at the tip of many life-changing advancements in our lifetime. Many of these companies are driving us towards maximizing our digital symbiosis with computers. However, we must ask ourselves - at what cost? All of these tech giants are one hack away from exposing all of our chats, secrets, and tendencies. We cannot have a single point of failure in this corporate internet.

Epilogue
What I wrote above was in July 2017. Things have gotten much much worse since then...

  • Remember the Equifax hack exposing a majority of American's social security numbers?
  • Remember the Verizon security breach?
  • Remember Yahoo's total fail at protecting email accounts?
  • Remember Uber's attempt at covering up a multi-million user hack?
  • Remember the NSA's security "secrets" being compromised and subsequently used by the WannaCry ransomware?

Worst of all, net neutrality is dead. Ajit Pai, the biggest Verizon shill out there, disregarded millions of citizens' complaints and also faked many comments, including Obama's. This is fucking frightening. The corporate takeover of politics is reaching the pinnacle of control. Driven by the greed of profits, these ISP's will slowly erode our basic freedoms of communication and attempt to control and monitor our everyday lives.

We need to protect our privacy, our data, our freedoms. Use a VPN. Use Firefox. Use Tor. Use DuckDuckGo. Your privacy and data are not for sale. Fuck the ISP's supporting any sort of fast lane or pay-per-app charge. The Internet is a basic, human right and utility. Let's fight to keep it that way.

Standard
Mathematics, Sports

Contrarian Positions in Horse Racing

Currently reading: Exotic Betting [1].

I find in life there are a lot of contrarian positions you can take in which you would be surprised how many times you are correct. It would be mundane as all hell for things to go the way you planned... sprinkle in some volatility for a good time :).

I've been particularly interested in horse racing as of recent. WARNING: Gambling is a losing deal in the long run, but the idea of contrarian (exotic) positions is to catch that rare (and more common than not) spurt of insane upside, resulting in an illustrious sense of accomplishment, or.. just another day at the track.

The house always takes its portion (~15%) during every race. The longer you bet over many races, the more likely you are to lose money. This is rule number one of gambling: the house always wins in the long run. No one can escape the law of large numbers. No one. That's why it's a law.

Keep this pool chart as we progress through some examples:

Exactas / Trifecta / Superfecta Tips & Strategies

  1. NEVER BOX YOUR BETS / NEVER USE ALL. There is no point making these exotic bets unless you have an opinion. Otherwise, you are diluting the pool of bets (and your win bets) trying to get lucky. We are trying to beat the pool payouts, remember?
  2. If you're lost on any bets, trifecta is a terrible idea. Trifectas are all about eliminating horses from contention.
  3. Betting a favorite in any of these exotics, severely depresses the payoffs in that single race, since that's where the pool's money is.
  4. Exactas to increase win odds without increasing risk. Put your hero (4-1) first, and run the favorite and 2 long shots that you like in second. This avoids the win pool of the favorite, multiplying your odds. Let's avoid following the crowd.
  5. Exactas to bet contrarian against the 1-1 favorite. Run a variety of exactas (different weights based on odds) with your hero and 2 long shots that you like. When the favorite misses the board, there is a phenomenon where the exact pays more generously than expected.
  6. Exacta (Contrarian) Situation: Skeptical of favorites but too confused to construct an aggressive play. Key 2 wing-and-a-prayer longshots (2nd to worst odds and 5th to worst) with 4 or 5 others on the field, leaving the favorites out all together.
  7. Trifecta small boxes: Usually players will play trifecta if they like 3 horses. It's far more likely for 2 to run their usual race and for the third to drop out. To accommodate this contrarian position, require 2 of your horses to hit the board and be loose on the third. Bet 1-2-3, 1-2-4, 1-2-5, and 1-2-6 boxes.
  8. Trifecta small part-wheels: Focus on 1 horse to place and then wheel the third slot. 1/3,5,7/3,4,5,6,7 and 3,5,7/1/3,4,5,6,7. We sacrifice the third place and gain additional horses.
  9. Trifecta aggressive punches: Do these every now and then to win big and when you're confident. $1 box 1-2-3, $1 box 1-3-4, $3 part-wheel 1/3/2,4 and $3 part-wheel 1/2,4/3.
  10. Superfecta: Key one to win and then bet a trifecta underneath.
  11. Superfecta variation: Key 2 with 4. 1,2/1,2/3,4,5,6/3,4,5,6 - 24 combinations. 1,2/3,4,5,6/1,2/3,4,5,6 and 1,2/3,4,5,6/3,4,5,6/1,2 for 72 total combinations.

Lastly before you make your exotic bets, make sure to bet superfectas in $0.10 amounts and trifectas / exactas in $1 amounts. This is due to another house, the IRS.

IRS rules require that winnings at odds of 300-1 or higher be reported to the government, if they exceed $600 and that the payoffs are subject to withholding if they total $5000 or more. [1]

Don't worry though, you can always repeat the bet. Think of 2 $333 winning tickets and ducking the $600 tax ;).

Best of luck contrarians.

Standard
Programming

How to Stop a Brute Force xmlrpc.php Attack on Bitnami WordPress

WordPress Inspiration (oxymoron).

I was trying to access my site the other day and noticed it took fucking forever for anything to load. I thought something was broken: server out of memory from a recurring CRON job, or maybe I had royally fucked over my WordPress ecosystem by accident. Who knows? It's WordPress after all...

Are you experiencing any of these symptoms? Then read on...

  • Perpetually waiting for a response from while your browser displays a white page?
  • When your website does manage to load, clicking any links could make the entire application stop responding..
  • Seeing an abnormally high AWS charge for a small instance? Blame Amazon for expensive cloud computing first...

Being the curious programmer here, I tried to look for the issue. PRO TIP: Always look at your Apache or NGINX logs. My god. Fuck this guy. Spamming my site with pointless brute-force password attempts on a file called xmlrpc.php. Eventually, you'll never succeed because the password is a million fucking digits long. Realistically, however, I'll probably be so pissed off at the AWS charge, that I would cancel the EC2 instance before giving into my blog's new commander.

Check out some of these logs from streaming the Apache logs:

tail -1000f /opt/bitnami/apache2/logs/access_log

185.188.204.7 - - [21/Nov/2017:08:07:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:18 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:17 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:20 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:18 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:21 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:20 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:22 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370

Great, my server is being spammed by a Russian bot every few milliseconds. WordPress, why the hell are these requests succeeding from an external source? At least this explains why my site has been unresponsive - someone else is using its resources.

Let's block his ass. The best way to do this is on the intermediary Apache server. We're going to write an Apache policy to prevent access to the xmlrpc.php file.

One thing to note before we continue here is that Bitnami automatically disables .htaccess files by default for performance reasons. So to write any Apache configurations at all, we'll have to edit the customized .conf file under:

vi /opt/bitnami/apps/wordpress/conf/htaccess.conf

// Now add these lines at the end of the file, please learn VIM to complete the edit

<FilesMatch "xmlrpc.php">
  Order Deny,Allow
  Deny from all
  Allow from 192.0.64.0/18
  Satisfy All
  ErrorDocument 403 http://127.0.0.1/
</FilesMatch>

Once we have edited the htaccess.conf file, we are going to restart the Apache server for the changes to take place:

sudo /opt/bitnami/ctlscript.sh restart apache

We can verify this works by trying to access the file via GET or POST on the file, http://dasun.us/xmlrpc.php, it should redirect. The policy above effectively redirects all external users to their localhost, while allowing traffic internally from WordPress. This allows certain plugins, such as JetPack, to correctly function. Let's look at the access logs now:

185.188.204.7 - - [21/Nov/2017:08:41:24 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:24 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:25 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:29 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:31 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:31 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:31 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201

Ahhh success, and a breath of go annoy someone else now. The 302 is a redirection status which means they are now trying to access their own localhost rather than wasting resources on your WordPress website. Cheers, hope this helps!

Standard
Design

UI Design Fundamentals

I'm going to start doing a new thing where I start using my blog as a note taking resource from all of the books I read! Currently, I'm reading The Design of Everyday Things - Don Norman. I highly recommend this book for anyone looking for a scientific and psychological approach to design. Creativity is important, but there are definitely fundamental steps to help improve your designs.

Let's start with the Fundamental Principles of Interaction. This is for all of the user interfaces people out there :).

  1. Affordances - All of the possible interactions between the people and the environment. Some affordances are perceiveable, others are not. Affordances are relationships between properties of an object and the capabilities of the actor. For example, glass affords transparency - this is a relationship between the glass and the actor's sight. When affordances aren't perceivable, they will need some...
  2. Signifiers - Signals things. Lol, but seriously, signifiers indicate what actions are possible and how they should be done. Signifiers are more important than affordances for they communicate how to use the design. Suppose our glass example were a transparent glass door, we will need to know which way the door rotates right? Push/Pull signs, curved handle bars for a pull, and a large depressable exit door button are some ways to signify how an actor might use this door.
  3. Mapping - The relationship between the elements of two sets of things. In our door example, suppose we had a smart door which could be controlled from a mobile application. Mapping is an important concept in the design and layout of this mobile application's controls and display. We must establish a mapping of the phone display to UI elements which indicate whether to open or close the door. These mappings must be both logical and visible. Once we establish a mapping and press the buttons, we will need...
  4. Feedback - A communication of the results of an action. Feedback must be immediate and informative, any delays will cause reason for concern. In our internet of things smart door example, most feedback from the mobile application will be a touchable opacity to indicate the button was pressed. In addition, the door would have to move right? Feedback from a mobile application to a physical device is awesome and brings us into the Internet of Things (Tesla makes amazing cars and batteries with this capability).
  5. Conceptual Models - An explanation, usually highly simplified of how something works. Think of icons and folders as conceptual models. Would a normal user be able to understand the tree directory structure of the file system?? Hell fucking no. Give them something way easier to digest.

I hope you enjoyed this post! Keep track of all of these basic interactions when starting any of your designs and applications, they are fundamental human understanding. It is my dream to work on some cooler graphical design projects (AR/VR, Unreal Engine, Visualizers) in the future, so stay tuned Internet. (Note: That all projects started by me are never finished by me either hahaha)

Standard
Design, Programming

Montserrat Font and Legacy Support

See the ongoing GitHub discussion.

Without going into too much detail, Google updated the Montserrat font and its weights remotely, affecting millions of designs across the world wide web which integrate with Google fonts. This affected me personally, as I use Montserrat for my blog titles.

I absolutely despise API's which introduce breaking changes. All of these breaking changes destroy any legacy applications which are using the API's. Google in particular has a penchant for deprecating, breaking, or removing their API's: remember when the internet of shit's favorite Samsung smart fridge couldn't connect to its dumb calendar? Lol. This time, millions of websites across the web were forcing shitty text overflows down everyone's throats.. Who wants that???

I'm not sure who's in charge of these decisions, but developers - the best rule of thumb to go by is once an API is deployed to production, everything in that API spec cannot change. LEAVE IT BE! The end consumer is always expecting things to abide by the status quo. The majority of users will not update their application, and they will immediately complain about anything that doesn't work at a prolific scale.

It's an awful user experience. All designers and programmers should consider these legacy customers and find creative solutions to scale and expand their API's rather than forcing major upgrades.

Before I sign off here, I'd like to talk about one of my nightmares. I can hear it now...

what about Internet Explorer??

If you don't want to deal with an awful browser or device (Windows phone I'm looking at you), do not build applications for these devices in the first place. Once you decide to start supporting anything at all, you will have to support it for all its technological life.

Standard
Programming, Thoughts

Introversion at the Latest / Earliest Hour

I often find myself coding deep into the night. I can't quite put my finger on it, but there's something subtly addicting about staying up late, by myself, with F.lux blasting on its most orange setting as I punch my keys in a sequence of logical events.

In the past, I would always take time out of my work day to play video games, socialize, or maybe even have a drink and smoke. But now... the digitalization of my coder life has become an artistic medium, unforeseen, and unexperienced by most. Many of my peers see computers as solely a tool for work. I see it as an evolution of sorts. A paradigm shift of life - as you must. An artistic grounds for innovation.

I can easily see myself never letting go of this addiction. This QWERTY keyboard layout... These languages. These console outputs... These frameworks - my own grown up K'nex. I can't even begin to express the ideas in which I want to tackle - the applications I want to build. The art I want to code. The relationship I want to nurture.

Alas, time is not on my side. Programming is a time consuming process, despite all of the optimizations I try to incorporate in my daily interactions. Shortcuts and five fingers can only get you so far.

It's quite possibly the ephemeral, evolution of Moore's Law. Holy shit, it is beautiful. Year over year, improvements on both hardware and software allowing us to do the most ridiculous of things. Once you reach the zen of programming, your life will never be the same. I feel limitless in this virtual realm. It has become my religion. A deity in the most computerized form, yet inhibited and enabled by these keystrokes...

I can deconstruct worlds and layers, unforeseen by 99% of the population. It is the most enjoyable experience I have ever been a part of. 25 years of my life and so much more to learn, so much more to suffer, so much more to LIVE.

Standard