May 8, 2012

Thought Crimes

Last month, a minor disagreement was made public when Mitch Altman announced a boycott of MakerFaire. His reason was DARPA.

MakerFaire, the organization, applied for and was granted a DARPA MENTOR grant, with the express purpose of promoting the maker culture in schools across the country. DARPA proposed the grant to address concern that Americans are losing the skill to build and repair things themselves. The money trail indicates why some people have a problem with this:

Taxpayers -> Treasury -> Department of Defense -> DARPA -> MakerFaire -> Schools

The argument sounded by some is that "DoD money has no place in our schools." I have only one reply to that: you're wrong.

The typical money trail for engineering programs in school, outside of the MENTOR program is:

Taxpayers -> Bake Sales -> Schools

If I had to choose one, I'd rather have DoD funding, overseen by MakerFaire, than the practically zero funding schools currently receive for programs like this. This is a perfect example of cutting off ones nose to spite ones face. Some very loud people hate the DoD, and have decided that schools have to suffer for the sake of their ego.

This may sound like an extreme outcome over the opinions of a few people, but I believe it has the potential to be devastatingly harmful to the maker community, and to the schools which would benefit from the grant money. Let me explain why.


I grew up in an oppressive, thought-controlling, cult.

I had never been allowed to listen to Michael Jackson, Prince (ironic as it seems now), Black Sabbath, or Marilyn Manson. I wasn't allowed to participate in school sports or dances, and I had to leave the room when someone was having a birthday.

I had a large set of encyclopedias and many books on science and engineering as a child. I was fascinated with the natural world, and my parents even bought me a full set of Wildlife Fact Files.

At some point I showed them to my parents and they saw references to evolution. The next day I came home from school to find my parents had thrown them all away. Once, my father decided to find all of our 'inappropriate' movies, douse them in gasoline, and burn them in a showy display, to ensure nobody could ever be corrupted by their evil.

Our church didn't ban Michael Jackson music, movies, or Wildlife Fact Files. They had no official position on ET or school dances or baseball. The church took great care in avoiding any official position on many cultural issues, and instead, let their members "use their conscience." Meanwhile, my parents were burning movies and throwing away encyclopedias. They claimed "their conscience" said these things were evil. In reality, it was peer pressure.

Peers > Authority

The church didn't tell my parents that movies were bad, and I very rarely heard any of my friends say movies were bad. The common phrasing was "we don't think it's appropriate for our family." With those words, suddenly it wasn't appropriate for ours. My parents didn't let their conscience guide them, they let someone else's shame them. In the end, the result was the same. I still haven't seen ET or 'Indiana Jones and the Temple of Doom.'

Peer pressure can be used for thought control at a massive scale. Soon after someone made the observation that ET had 'similarities to Christ', and 'could detract from our worship,' it was practically a verboten piece of popular culture across the entire community of the church. I can't know all the things I missed out on for the sake of someone's poor decision, amplified through shame and peer pressure.

Silver Bullets

When a peer, someone you respect or want to befriend, publicly states an opinion, we're naturally drawn to share that opinion. This can be used for good, but can also be used carelessly.

When someone says they "don't want their daughter going to a school that's funded by the military," they have the tragic potential of convincing their peers of their closed-minded attitude, and denying the most important part of that sentence: "a school that's funded." Education is a silver bullet, it's the most important weapon we have against any foe. If you risk taking away education, if you slap away a helping hand when our schools need it most, you're hurting everyone.

There's always the looming threat of abuse and coercion with programs like this, the classic example of "the first taste is free, but what are you going to give us next time?" I understand that concern, but the foremost threat is that our schools are woefully underfunded, we're raising generations of consumers instead of engineers, and we're throwing away help because of the someone else's poorly developed conscience.

February 8, 2012

What do you mean "line between Systems and Developers?"

Someone asked, on /r/sysadmin, if they were going to need to learn a programming language in order to stay relevant as a SysAdmin. They perceived a 'line between systems and developers' that was disappearing. They lamented that most Systems Administrator jobs required some level of Java/C#/PHP. I was confused.

A majority of the responses took the attitude of 'us' vs 'them' ('SysAdmins' vs 'Developers'). One of my favorite lines was 'Devs break shit while the sysadmins fix shit.' I began to see the confusion wasn't actually on my side. I don't think most SysAdmins actually know what they get paid to do.


At a very basic level, SysAdmins are just professional computer operators. At their best, though, they're gardeners.

SysAdmins, like gardeners, want to provide a stable, beautiful, tranquil environment that fulfills the needs of their users. They organize things based on how they interact with their neighbors. They see the whole design, before any of it's been laid out.


If SysAdmins are gardeners, building the garden, developers are the botanists researching the plants, the stone masons carving the planters, the mechanical engineers building the irrigation system, the carpenters building the terraces... Developers build everything /in/ the garden.

This isn't as large a distinction as many of my colleagues appear to believe. To illustrate, let's reach back into our collective childhoods with a story about Goofus and Gallant.


Goofus is a gardener, and has been for a long time. He loves to dig in the dirt, and he's really good at putting plants in the holes he makes. Unfortunately, Goofus shares this 'us' vs 'them' mentality. He considered himself to be 'just the gardner,' believing that his job ended at digging in the dirt, and his garden suffered.

Goofus never knew where his water was coming from, that wasn't his job. He wasn't an irrigation engineer, he was just a gardener. Meanwhile, the irrigation team never know how much water to provide for the plants. Some plants flooded, some dried out, a few were okay.

He didn't know that the stone masons were carving 9ft planters for a 6ft plot, because he never bothered to ask, and the stone masons had no reason to volunteer that information. To the masons, every garden should be able to hold a 9ft planter.

Goofus ordered terraces, but the carpenters shipped Adirondack chairs. Goofus didn't know the difference.

But, Goofus did his best with what he was given. Over-sized planters were laid diagonally in plots just so they would fit. Dozens of chairs were stacked together as makeshift terraces.

Goofus compensated for poorly-planned irrigation with a DIY water routing system he was very proud of. In fact, he began to feel a little bit like an irrigation engineer himself. It required constant maintenance, and didn't work during the dry season.

From his point of view, he built the best thing he could with what he was given.

The garden died of dysentery. A funeral was held wherein every mourner stubbed their toes on mislaid planters.


Gallant worked on a garden across town. He decided to learn a little bit about irrigation engineering, since he was going to have to manage it later anyway. He learned what sorts of systems irrigation engineers typically build, and how to lay his plants accordingly so they all got just the right amount of resources.

Gallant stayed up late a few nights learning about masonry, and found that he had to /ask/ for planters that would fit his plots. Instead of doing that, however, he decided to modify his layout to support 9ft planters, since that was easiest for the masons, and wouldn't require any special requests if they needed replacement later.

Gallant asked his botanist to teach him how to place compatible plants such that they would support each other instead of competing for resources.

Gallant's garden was awesome. Botanists, irrigation engineers, stone masons, and dozens more came from miles around to work in this garden. Despite this incredible success, they eventually all drowned due to a poorly-caulked wagon. Their bodies were never recovered.


Backing out of analogy-land, I'll just say this: if you're a SysAdmin who doesn't understand software, you don't understand systems either, and you're just a glorified computer operator.

If you don't understand what your company's software does, or how it works, or how to find a bug in it, or how to fix that bug yourself, you don't know enough to build a really successful system.

That's not saying that to be a SysAdmin you need to learn Java to the level of your software engineers, but if you're working in a Java environment, you should be able to at least read the language and understand what it's doing. The same thing applies to Ruby, C#, PHP (which is brain-dead easy, by the way), and anything else your company relies on to function.

Without at least a basic understanding of software development, a SysAdmin can't build really successful monitoring, automation, or management systems for their own environment. I would never hire a SysAdmin who couldn't write a nagios plugin or a chef config. I would fall over myself to hire a SysAdmin who was solid on systems and could also write a one-button deployment framework.

There's never been a 'line' between Systems and Dev, only between Goofus and Gallant. It's up to you to pick a side on that one.

August 13, 2011

Heph's Magical Adjustable (burningman) Goggles of DOOM.

Burning Man goggles are a bitch, you need a dark pair for the dust storms and the sun in the day and a clear pair for the dust storms that happen at night. Using camera lens circular polarizers I was able to make an adjustable-tint pair of goggles I can wear day or night.

I started with some standard army-surplus-store goggles, removed the lenses, measured the inner diameter with a pair of digital calipers, and got on amazon. The smallest ID of the goggles was 44mm. I found an incredible deal on some 46mm CPLs on amazon, and since the goggles are a soft plastic, they accepted the slight size-mismatch fine.

I removed the existing lenses, put one polarizer in place over each eye, used electrical tape to hold them in place, and to mask the JB-Weld from going anywhere I didn't want it. I mixed the JB-Weld and put it in a hobby syringe to squirt it into the tiny gaps between the filter and the goggles frame. This resulted in a pretty smooth joint that's very solid.

I cut down the prescription lenses from an old pair of glasses and hot-glued them in place inside the goggles, a trick I've done for several previous sets since I don't wear contact-lenses.

Then I just added the other polarizers to the top, and now, just by rotating the outer polarizer in relation to the inner, I have adjustable-tint burningman goggles of doom.


August 8, 2011

Google+, I hardly knew (anybody on) you...

If you haven't been following the #nymwars kerfuffle over Google+, you might not realize how useless the service is getting. Unlike every other social network, which allows users to decide what name they'd like to be called, Google+ requires you to use your legal name. This is fine for a lot of people, just not me.

Most people know me as Hephaestus, or Heph. I use my birth name for business, but prefer to use my pseudonym for my public profiles. As a public persona, most people know me as "Oh, the 5MoF guy, Heph", or "You mean the dildo guy, Hephaestus?" Google+ was an exception. I used my legal name, and never had any problems (except for friends not being able to figure out who I was until I posted more identifiable profile pictures... most people, friends included, have no idea that my legal name maps to me).

The problem was with my friends, colleagues, acquaintances, and other people I would normally interact with on a social networking site. Google+ started suspending their accounts, and suddenly it became useless. Fox Circe, Sai, Skud, Doctor Popular, Aestetix, to name a few, all had their accounts suspended from G+ due to their names. These aren't people trying to hide their identity, these names are their identities. This isn't a case of someone making spam accounts, or troll accounts, or trying to be anonymous. These are their names. This is how they do business. They have as much accountability tied to their pseudonyms as any of us have to our birth names.

I can't imagine ever calling my good friend Aestetix by his birth name, it doesn't feel right, it's not who he is. Several of my very closest friends have never told me their birth names, and others I just use their pseudonym because any other name is too hard to pronounce. This is the new social dynamic. We're hackers, we chose our names and imbued them with more power than any 'John Doe' our parents could have stuck us with.

Most of my friends have gotten the boot for the audacity of trying to be identifiable. Now my G+ feed consists of strangers. Maybe they're people I know, but if I don't know them by their birth name, I don't really know who they are. I don't know if this is a close friend or a complete stranger. Forcing birth names has created more anonymity than allowing people to use their pseudonyms ever could.

June 14, 2011

Restricting apache paths, per user, with mod_rewrite

This took long enough to track down that it warranted documenting for the rest of the internet. Many thanks to for being the only other place on the internet describing this behavior.

Sometimes you want to restrict a URI by user, such that a logged in user can only view the contents of their own directory. If you place the following .htaccess in the parent directory of the <username> directory, you can lock <username>s to their own directories (require valid-user, and then):

RewriteEngine On
RewriteCond %{REMOTE_USER} ^(.+)
RewriteCond %1:$1 !^([^:]+):\1$
RewriteRule ^([^/]+)/ - [F,L]

This works by capturing the requested directory (line 4) and appending it to the RewriteCond on line 3 as $1. REMOTE_USER is prepended to the test string of line 3 so it can be pulled back out in the cond pattern on line 3 and compared to the requested directory.

So if REMOTE_USER = heph, and the requested file is /ted/secretfile.txt, here is the process (out of order, for clarity. A common statement in reference to mod_rewrite):

RewriteCond %{REMOTE_USER} ^(.+) # Sets %1 = heph
RewriteRule ^([^/]+)/ - [F,L] # Sets $1 = ted
RewriteCond %1:$1 !^([^:]+):\1$ # Means RewriteCond heph:ted !heph:heph$

This RewriteCond matches (negative match, notice the !), so follow through with the RewriteRule, return Forbidden, and block the unauthorized Heph from accessing Ted's directory.

June 13, 2011

Arduino Controlled LED Staff

I imagine it must have been a Thursday, somewhere around 9:45 and Esplanade, when my good friend Metaphorge noticed among the throngs of deviants and devil worshipers, a pixie of a girl spinning the k8 led staff. In an alkali haze I promised him one for his birthday, and promptly forgot. Facebook reminded me with a whopping 4 days to spare, and I realized that these things couldn't be that hard to build (certainly not $2-300 hard to build).

I got on the fantastic Jameco Website to order a 6ft RGB LED strip ($40) and some PN2222 transistors ($5) to sink each channel of the strip (1a / rgb = ~333ma per color, right? Two fried transistors and an arduino uno that lost its tx/rx channels later...), and threw it in a 1.5" polycarb tube ($30) from Tap Plastics. I assembled it with a USnooBie ($20) acquired at midnight from David Rorex's personal stash at Ace Monster Toys. Here's the resulting ~$100 prototype Arduino Controlled LED Staff during a recent Make: Live broadcast:

Turns out prototypes are awesome. It forced me to solve problems I hadn't even thought about, like power management and how to actually get everything into the tube. For the first problem, I'm working on a 5->12v boosting power supply based on the MAX1771 so I can drive a full 12v@1a strip from four rechargeable AA batteries, rather than the 8 Alkalines I have in there now.

The second problem, fitting the LEDs and electronics in the tube, is even more complicated now that I'm moving from 1.5" polycarb (1.25" inner diameter, plenty for 2 AA batteries side by side, USnooBies, and perfboard power supplies) to a 1" polycarb tube with only 0.75" inner diameter, barely larger than a single AA battery. This makes battery minimization even more important, as I'm going to have to come up with some solution to light up the 120mm or so on each end of the staff that's filled with batteries. I'm considering rechargable AAAs, but that's going to mean less than half the spin time considering the massive (~3a) draw with the boosting power supply.

Adding to that the requirement of a microusb port, better control switches, and waterproofing (or at least rain/dewproofing), and it's starting to feel like a real product rather than just a quick hack.

The most common question I get, considering I'm surrounded by hackers is whether each LED is addressable. The answer's "nope, but I'm working on it." I'm probably going to buy a bunch of WS2801 LED drivers from Sparkfun, but I'm looking for alternatives.

May 16, 2011


Every couple of weeks I see blog posts (yes, like this one) where some asshat tries to promote themselves by spouting off on their knowledge of linux commands. They usually end up on the front page of reddit with titles like “Stupid Linux Tricks,” “15 Advanced Shell Commands Every Sysadmin Should Know,” and my new favorite “Top 30 UNIX command Interview Questions asked in Investment Banks”.

Besides being obvious attempts at padding resumes (and oh god, do I hate padded resumes), they rarely show off anything new, and never go into detail about why the commands they’re listing do what they claim. Often, they don’t even fact-check themselves and end up posting commands which plainly don’t work:

6. There is a file Unix_Test.txt which contains words Unix, how will you replace all Unix to UNIX? You can answer this Unix Command Interview question by using SED command in UNIX for example you can execute sed s\Unix\UNIX\g fileName.


Let’s test that theory:

[hephaestus@fhtagn ~]$ cat lala
unix unix UNIX Unix
unix Unix
[hephaestus@fhtagn ~]$ sed s\Unix\UNIX\g lala
sed: -e expression #1, char 10: unterminated `s' command

The command doesn’t work, and there are four major reasons for it.

1. Escaping

Firstly, in bash (it’s usually safe to assume a bash audience when pandering to sysadmins), backslashes are the escape character. That means the line s\Unix\UNIX\g is being interpreted by bash as sUnixUNIXg (escape character means ‘literally whatever follows’, see the Bash Beginners Guide for more information). In sed, the first character following a command (the ‘s’ part) is used as the delimiter for the command, so the command sUnixUNIXg is essentially the equivalent of s/nix/NIXg, except using ‘U’ as the delimiter. We get our unterminated ‘s’ command error because we need a final delimiter to let sed know the replacement command is finished: sUnixUNIXUg will parse correctly, because we added a finalizing delimiter, but it only replaces ‘nix’ with ‘NIX’ because we’ve used ‘U’ as the delimiter. Oops.

2. Quoting

Let’s look at the command if we fix the escaping problem (by using forward slashes, which aren’t interpreted by the shell) but forget to quote the command:

[hephaestus@fhtagn ~]$ sed s/Unix/UNIX/ig lala
[hephaestus@fhtagn ~]$

It worked! But what if we only want to uppercase every time we see two “unix”es in a row?

[hephaestus@fhtagn ~]$ sed s/unix unix/UNIX UNIX/g lala
sed: -e expression #1, char 6: unterminated `s' command
[hephaestus@fhtagn ~]$

Same error as before, but with a different cause. Most programs aren’t very intelligent about parsing their own command lines. Usually they take arguments in from their parent process (in this case, bash) as space-separated variables. That means for the command: “sed s/unix unix/UNIX UNIX/g lala”, the shell passes the following variables:

$0 = 'sed'
$1 = 's/unix'
$2 = 'unix/UNIX'
$3 = 'UNIX/g'
$4 = 'lala'

Since ‘s/unix’ in of itself isn’t a valid sed command, we get an error. This would be fixed by quoting the regular expression so that it’s all passed by the shell as a single argument: “sed ‘s/unix unix/UNIX UNIX/g’ lala”, or escaping the spaces (remember the backslash, literal interpretation): “sed s/unix\ unix/UNIX\ UNIX/g lala” both result in:

$0 = 'sed'
$1 = 's/unix unix/UNIX UNIX/g'
$2 = 'lala'

3. Wrong Goddamn Delimiter

Never use backslash unless you mean it. The standard non-string, non-escaped, delimiter character for sed or perl or anything else that uses regular expressions is the forward slash (‘/’). To teach people otherwise is to invite failure down the road. As I pointed out, you can get around the problems introduced by using the backslash by single-quoting the argument, or understanding how escaping is interpreted from the shell, but you wouldn’t have to if you just learn to use forward slashes from the start.

4. Okay, you printed to STDOUT. Now what?

The question was replacing the contents of a file. Even if you fix the escaping, quoting, and delimiter problem, you’re still not replacing anything inside the file, just printing the replacement to STDOUT. If you want a sed command to operate on a file in-place, use the ‘-i’ flag: “sed -i ‘s/Unix/UNIX/g’ lala”. If you want to write the edited file to a new file, use a shell redirect: “sed ‘s/Unix/UNIX/g’ lala > newfile”.

As I said before, I hate padded resumes. If I asked this interview question and you answered “sed backslash Unix backslash UNIX backslash g filename”, you wouldn’t get a job unless you at least mentioned “in quotes” somewhere in there. And then I’d ask you what kind of quotes. And then I’d ask why you didn’t actually edit the file.

January 19, 2011

Bubble Lights

I built mood lighting for 2011 Sea of Dreams. Documented over at Ace Monster Toys Wiki.

DIY Dongs!

I wrote up instructions on a silicone penis replication project I worked on last year. Have a look.