Mr. Shodan

Mr. Robot season 3 is off to a great start. As per usual, the episode features tonnes of Easter eggs for hacker nerds.

But I have to admit I was a little surprised to see a cameo. Shodan is a search engine for things connected to the web that isn’t a web server.  Web cams, network equipment, industrial controls and other hardware that relies heavily on security through obscurity.

Here’s a fun video from Defcon 20 demonstrating what fun can be had.

Bonus: The search Mr. Robot performs org:”Evil Corp” product:”Apache Tomcat”,  returns real results with show relevant data.

Bonus Part 2:

The domain in question has an open SNMP (file sharing port).

No guest account unfortunately. If only I could remember some of the logins from the show.

The rabbit whole goes deep this season! Hack the planet.

Google Wave, The Quirky Future of Email

With the constant forward motion of tech, little time is spent on the past. A brief few years in the mid-00s – after the dot-com bubble and before the big winners of social were sorted out – spawned tonnes of interesting products and services, aka “web 2.0.”

Google Wave is one of those products that keeping bubbling up in my conversations with other old nerds. I think it’s a prime example of Web 2.0.

At Google’s second ever I/O conference – in 2009 – the team behind Google Maps their newest project, “Google Wave” a revolutionary new communications product. Its stated mission was to reinvent email, for the world of connected information services and social networks. A Web 2.0 take on a 30 year old technology.

The 80 minute I/O presentation is still available on YouTube and highly recommend watching this if you’re a fan of corporate cringe. At one point, Stephanie Hannon enters her Twitter password in a plain-text username box, for all the audience to see. Yup.

Unfortunately, Google Wave was never given the chance to gain any traction with a mainstream audience. It was kept in limited developer preview until late 2009. Google’s perpetual beta programs were the butt of many jokes at the time. But Wave continued with a more limited beta program and effectively shut down after 3 months of public release in mid-2010.

Wave lacked focus – both in UI design and in its feature set. It also lacked purpose, I don’t think Wave presented a single solution for a single real-world problem and it was entirely unclear when you would use wave instead of email or IM. In spite of Wave’s disorganized spaghetti-at-the-wall approach, it implemented a lot of tech that has only become common place in the past few years.

Google Wave was HTML5, build with the brand new Google Web Toolkit. Meaning it had a (mostly) javascript front-end, driven by AJAX requests and no page refreshes. It was perfectly cross-browser compatible and worked reasonably well on Android and iPhone OS. Incredible feats in 2009. The app also managed maintained synchronous state across sessions, in different browser, different devices and between users over the network – another amazing accomplishment, considering the internet infrastructure of the time.

The “Wave”

Google Wave was focused around the concept of a “wave.” An unholy union of email, message boards, instant messaging, group chats and word documents:

  • Users could add people to a wave, similar to how you might CC someone on an email. Later users could remove themselves or add others to the wave as well. While it’s technically possible to accomplish similar behavior with email. The email paradigm discourages messing with the CC list.
  • Waves were threaded, like a message board. A user could also start a thread at any point in the main wave text. So instead of quoting a portion of text,  like you would in email. A user could start an entire thread about a paragraph, right underneath the paragraph text. On paper, this is a huge improvement over reply-all soup that mass emails often devolve in to. In practice, it wasn’t really that much better.
  • Since Google Wave was a super responsive, real-time app, you could actually use sub-threads as a sort of makeshift instant messenger. I believe there was also Google Chat integration that sort of encouraged this behaviour.
  • Last but not least, much like your grandparents Christmas newsletters printed from Word, you could embed all manner of craziness into a “wave.” Photo galleries, polls, twitter streams, games of chess, you name it. Hell, they created a “robots” API to enable developers to write their own embeddable crazysauce.

Inside the wave client you would have seen number of active waves, presented and managed in chronological order, like an email client. If this is sounding a little strange, it was.

Real-Time Typing

I/O demo showing real-time typing

Have you ever tried to have a conversation inside a Google Doc?

One of Wave’s quirkiest features was that text entry. As a user typed anywhere inside the wave, any other user presently watching the way would see these edits in real-time, character-by-character.

Google claimed that this allowed readers to recognize and respond to text in a more natural way. Similar to how you can start to know what someone is saying after only a few words, the thought was that you could know what someone was typing after only a few words.

In practice, this feature exposed the poor typing skills of your fellow wavers. I have never seen any other IM client attempt to replicate this feature, with good reason. “Your friend is typing” works really well.

On the cooler side, waves could be spell-checked (revolutionary at the time) and Google Translated (still cool) inline, in nearly real-time.


A wave being played back.

Google thought that the ability to add members to a wave at any point in its lifespan might be problematic. From the I/O presentation, I gather that they were afraid that people would get lost if they jumped in at the end of a long conversation thread.

To solve this problem they gave Wave a “playback” feature. It allowed users play back or step through the revision history of the wave, one change at a time.

I have a hard time understanding the utility of this feature. Period. I just don’t get it. It feels like more of a tech demo than anything else inside wave.

Federated and Client-less

I/O demo of a crazy cool wave CLI.

Google Wave was designed from the ground up to be a federated service.

Just like email, any corporation and individual could set up their own Wave server. Just like email, you could include users from any Wave server using the conventional username@domain.tld format. Unlike email, messages bounced between servers in real time! Even the quirky real-time typing worked  across server and across clients. The gif above shows someone typing in the CLI client and having it displayed in the web. I have never seen anything quite like this in the eight years since wave.

Google also designed it to be an open protocol from the beginning. The main I/O demo, with its horrendous UI, is really just Google’s version of a Wave client. Just like email, anyone could develop their own clients for Wave. CLI, native app, whatever.

These two featured have me absolutely convinced that Google Wave was a real, concerted effort to reinvent email. Not just a crazy tech demo. At the time, Google did a poor job communicating this part of their vision. The tech press and power-users alike, got totally wrapped up in the unsuable feature soup they built.

As a privacy mined individual, federated messaging/social networking is a problem that I’d love someone to crack. I wonder where we’d be if Wave had gained a following.

Where Is It Now

In 2012, Wave was effectively donated to the Apache Software Foundation. Technically the project is still “incubating”, but there aren’t really any signs of life, the project page hasn’t been updated since 2014.

If you liked this post and want to see more like it, recommend something you’d like to see me do a deeper dive on. Leave a comment or a tweet.

All your emo are belong to Russia

Remember Livejournal? All your angst posts about poignant Vagrant Records band lyrics? Selfies (before we called them that) of your pixie cut? Or crucial fades? Stupid surveys…  It’s safe to say that it played a major role in my social life as young adult years and I have most fond memories of that place.

I’d always known that Livejournal became super popular in Russia sometime after I stopped frequenting the site regularly. I sort of left it at that, assuming it was one of those quirky Russian internet things. Turns out it might be a lot more sinister.

The latest episode of – the excellent podcast – ReplyAll tells an interesting story of what happened with Livejournal and Russia.

Spoiler alert: nearly 10 years after its purchase by a Russian company, Livejournal’s servers finally relocated to Russian soil. It’s not much of a stretch to assume that the FSB and friends have direct access to any of your old content that might still be living there….


For various reasons (mainly economic and geographic) Winnipeg is a Freelance town. Freelance is a topic I write about a lot in this blog these days, writing is one of the ways I deal with the stress of economic uncertainty brought about by freelance employment. The feast v. famine nature of freelancing is not for the faint of heart and it’s compounded by the isolation of working alone.

On paper, I should not be nearly as successful as I am. I don’t do any overt marketing, I’ve never done a cold call (though, I have cold tweeted) and I rarely respond to job board postings. Yet I’m able to get by based on a very small network of trusted connections. I don’t write this to boast about my good fortune. I’m writing this because it feels like I’m doing it wrong, it feels like the bottom is going to drop out any day now, like the other shoes is going to drop, it scares the hell out of me and I feel like there should be a better way.

The Problem: Marketing

The cause of the famine periods of the feast/famine cycle could be boiled down to lack of marketing. When you’re dealing with an excessive amount of work during a feast it can be hard to set aside time to work on marketing, which only leads to compound the famine. In practice, this means that your work has to speak for itself and this is obviously less than ideal.

There are two fundamental marketing problems for an independent professional.

The first is finding new clients. The traditional solution for finding clients is the amorphous “networking.” It’s a term that can encompass any number of things, including “social networking” and Christmas parties. But I think if you asked most professionals what networking looks like, they’d describe something like an informal meetup group or a more formal group like BNI. In my experience, this type of networking sucks, the signal to noise ratio of quality to shit leads, is totally out of whack. As someone who cares more about quality over quantity, bad leads are unacceptable.

The second marketing problem is branding. Branding is a huge topic that I’m not super well versed in, but in this context I simply mean an identity that communicates who you are and what you do; that servers to indirectly attracts new potential clients. In my experience, building a personal brand is really, really hard. Building an audience for that brand is even harder. Contrary to the opinions of pro bloggers and advice gurus, building a legitimate personal brand on a national (let alone international) scale is unattainable for most individuals. I guarantee that every personal brand with more than a few thousand followers on the internet is the product of a team of people (but that is a topic for another day).

The Solution: A Collective

For a long time I’ve had this thought that something like an artists collective should exist for all the various trades that go in to making web stuff: coders, designers, writers, etc. I’m sure that if you’ve gone to art school you are familiar with the concept. As someone who did not go to art school, I had to look it up to make sure I’m talking about the right thing.

Wikipedia defines an artist collective as:

…an initiative that is the result of a group of artists working together, usually under their own management, towards shared aims. The aims of an artist collective can include almost anything that is relevant to the needs of the artist, this can range from purchasing bulk materials, sharing equipment, space or materials, through to following shared ideologies, aesthetic and political views … Sharing of ownership, risk, benefits, and status is implied, as opposed to other, more common business structures with an explicit hierarchy of ownership such as an association or a company.

The main difference between a web workers collective vs. traditional artists collective is the need for supplies, physical materials and the pooled capital required to buy these things. As virtual workers we have very little overhead in terms of supplies and equipment; and little need for physical meeting space. That said, I there is a lot of value in share aesthetics and shared ideologies regarding the web as a vehicle for free expression.

I see a formal collective as a potentially a great solution to the problems of marketing skills and work individually. By putting intentional thought into a group identity, then acting as a group, displaying work as a group and representing the collective when interacting with the community, these artist collectives implicitly marketing themselves. They build a reputation for a certain type of work and the collective audience of each individual member props up the group.

Granted the economics of being a professional sculpture or painter aren’t exactly the same as the economics of building websites. But I don’t think they’re that far removed either. At the end of the day, you need clients who value your work.


I’m far from an expert on the subject of collectives. Perhaps is a non-sensical idea. Perhaps something like a co-operative would be more fitting.

I am interested in hearing from other web professionals. As well as people who’d purchase the services of a web professional.

Would you value being a part of something like this? Would you be encouraged to hire a member of a collective?

PS. The sub-text of this post is my belief that a idea of traditional “company” is a bad fit for the web and a worse fit for the way that people work in the 21st century.

Photo credit: Victor Grigas.

Pokémon No

Update: A thread in r/pokemongo addresses most of the game playability gripes i express below. Very useful if you’re new to the game. Check it out.

Much hyped Pokémon Go finally launched in Canada over the weekend (while I was out camping). I downloaded it ASAP, after some expected server issues setting up my account, I fired up the game in a few random places on my way back home. I was able to catch a handful of Pokémon at the random places we stopped along the way and a few at home.

I noticed a Pokéstop down the street so I thought I’d try the walk-around-in-circles-staring-at-my-phone-like-an-idiot thing I’ve been hearing so much about… literally everywhere. The Pokéstop was about 600m away and rewarded me with 3 Pokéballs for my efforts. I’m not sure what I was expecting, but I found this to be a disappointing amount. I did not encounter any wild pokémon along the way, so I decided to take a more circuitous route home, in an attempt to stumble across more. I did not.

To be clear, I have no idea how to play this game.

On my walk, I noticed several leaf type patterns pop up on the map, I assumed these represented Pokémon burrowing or scurrying away. So I attempted to follow and capture them.

There is no real in-game indication on how you are supposed to do this. I can’t be sure if I was unable to catch one because I was doing something wrong; there was a server issue; or if it’s intended to be extremely difficult to find a Pokémon. When I finally found one, the process of catching a Pokémon was equally non-intuitive. A target appears overtop of the character, so looks like you’re supposed to try to throw balls right at it. But the “catch” animation seems to happen behind the character. But when you throw a ball behind the character, nothing it doesn’t work! Or maybe it’s random? All-in-all I found it extremely frustrating and disappointing.

After finishing this post I’ll do some research, I’m sure I must be doing something wrong. After all a game with such mass appeal must be much more intuitive.

From a more technical perspective, the augmented reality aspects of the game are a little overblown. The game does 2 things that are being called “augmented reality.”

1) Spawning locations and characters on top of a real world map. I suppose this is interesting, but not a ground breaking technical achievement in 2016. It seems to rely mainly on readily available, quality, map data.

2) The Pokémon appear in the real world! Except they don’t really. The game seems to pick a point, roughly on the horizon and the Pokémon graphics are overlaid over the image of the camera, rather dumbly. Pokémon aren’t hiding behind bushes or taking into account the real world in any way. I caught one that spawned on my son’s face.

Overall, to someone who was a few years too old to be caught up by the original Pokémon craze, the most interesting thing about Pokémon Go is the cultural phenomenon. I think it’s popularity can be attributed solely to the popularity of the Pokémon brand.

I’ll be sure to report back with a followup post after I ask a 10 year old how to actually play the game.