Optimize Prime

I never really paid much attention to the administration of SSH on my boxes. I figured debian probably set it up to be essentially secure by default.

While the algorithm is perfectly secure, there's a big problem. I was poking around my system logs after reading an article about someone else's box being compromised, and discovered multiple ip addresses trying to root passwords. Now, we have root login disabled on our boxes. But the fact that someone could just sit there guessing disturbed me greatly. What if someone actually wanted to break into our boxes? It's not like our usernames are highly obfuscated.

Turns out there's an easy solution:

$ sudo apt-get install denyhosts

Denyhosts blocks (temporarily) anyone who makes a sufficient number of failed login attempts. Why this behavior is not default, I am very unclear. Just whitelist your own ip to make sure you don't lock yourself out:

$ nano WORK_DIR/allowed-hosts

(look up the WORK_DIR in denyhosts.conf)

When I installed denyhosts it instantly locked out 4 people who were *currently* trying to crack our network. If you haven't considered installing it yourself, perhaps you should.

I've wound up hacking a lot of Flash recently, which is a real PITA if you're used to real development environments. For one thing, there's no way to get debug output from a flash widget once it's been embedded in a real page. Actually it turns out that there is: the Flash debug player. After you install it, all trace output from any embedded flash player is written to a log file. Throw tail -f on the file, and you can watch the trace messages from your flash in real time. The cool thing is, you can also watch the debug messages from everyone else. There are a few interesting ones, but the best I've found so far is the YouTube embedded player. The tastiest bits:

START PLAYING :http://www.youtube.com/get_video?video_id=_-XoafyJ9K4&t=OEgsToPDskIMqdmC3eeaF1meusSwSKjs

playing.. the movie

status code is:NetStream.Play.Start

we got meta fuck yeah!

time is:127.494

and

result xml:0

node is:0 length:1

status code is:NetStream.Buffer.Flush

status code is:NetStream.Buffer.Empty

showing the goddamn play button

I'm always glad to see how much I have in common with the engineers at other companies.

From The Consumerist:

A recent United Nations study on personal wealth found that having just $2,200 per adult puts a household in the top 50% of the world's >richest. However, thanks to large amounts of consumer debt, "many people in high-income countries have negative net worth and - somewhat >paradoxically - are among the poorest people in the world in terms of household wealth."

What does it truly mean to be wealthy? The American child of middle class parents with student loans and credit cards is much more secure in his access to all the accouterments of wealth for the duration of their entire life than a debt-free child of Ugandan refugees. That security is the true measure of wealth. Merely counting up the quantifiable assets (or debts) held is ridiculously simplistic. First, there are personal intangible assets (the American's college degree), familial assets (the American's parents probably have positive networth), and most importantly societal assets (the security that men won't come and raze your house). And I'd be wealthier renting an apartment, in hock to my neck to the credit card companies in America than living completely debt-free in Uganda.

I think that's objectively true. What I'm really worried about is that this reflects my current personality, working for a startup: boring. More generally, I've been concerned that everyone in startups winds up, to an outsider, fundamentally boring. The startups in Crystal Towers (we need a collective name - suggestions) were discussing this a few days ago. Someone noted that when they went home they had no idea what to talk about with people, if they couldn't discuss work. Luckily I didn't have that problem so much, but only because there were other people pulling the conversation forward. If I had to generate conversation topics on my own, I'm not sure I'd be able to do it for long without work.

Even this post is about startups and their effects. Which is a disease that I've noticed even great writers I know who are involved in startups. And I'm not even a particularly good writer, let alone great, so it's a fairly grim outlook for me. My only hope is to retire to a monastery in the mountains.

It used to be that an act of generosity or mercy would be called "christian" by many. I've always thought that was poor word choice, because those actions aren't really in particularly Christian. "Frank led me to Jesus by his great love of Christ. That was very Christian of him": good word choice. "Frank let me borrow his lawnmower. That was very Christian of him": poor word choice. It's an important word choice as well, because it implies that non-Christians lack those traits and belief that outsiders lack generic positive traits is a symptom of unwarranted discrimination and prejudice.

Luckily, nowadays you don't hear that phrasing very often. It sounds slightly archaic. But I recently overheard something here in San Francisco that disturbed me. Someone said "He helped me set up the event; he's a real liberal." Liberal here is being used in the same sense as Christian; a place holder for "good". This is disturbing because it implies that the members of this culture actually believe that conservatives lack personal, positive traits. That's simply not true, and it's foolish to think otherwise. That kind of attitude is exactly what we should be fighting: people are people, good and bad, no matter what their religion or politics are. Neither Christians nor liberals have any monopoly on kindness.

I've seen a lot of people complaining about the prevalence of political articles on reddit. I myself have thought, "I would rather not see any more stories about the LATEST OUTRAGE BUSH DEMOCRATS OMG". So I wrote a simple greasemonkey script that checks for the presence of various words in article titles. If it finds one of the words, it calls removeSiteDom to remove it.

If you like politics but never want to see "10 worthless CSS tricks!" again, feel free to edit the word list.

(download the script at http://blog.emmettshear.com/public/nopolitics.user.js)

I threw together scratchtop.com in frustration with all the current ways to write and share simple documents on the web. Why are you making me register? Why do I have to click 10 times to start writing my first document? Why do I have to click edit and save? Why do I have to click at all? Feel free to use scratch top, but be warned that it's still very much development software.

As far as I know, scratch top is the simplest useful web application ever written. Anyone know anything simpler?

We at Kiko Software Incorporated have recently had an experience which is fairly unique in the crowded software world: we successfully sold a full software product on eBay. This hasn't been done too many times before (just one, as far as I know), but it's a pretty good way to exit a startup. There are a few potential problems areas though, and I'd like to share what we learned from the process.

Most importantly, specify the contract fully up front. Because we failed to do this, we wound up negotiating that contract after the sale. As anyone who's ever paid a lawyer to negotiate anything knows, that's more expensive than you'd like. Luckily Tucows was very reasonable and the negotiations went fine; if we'd been less lucky it could have been a real problem. Different sets of terms are worth very different amounts. In our deal, we very specifically did not offer a long term support contract with the software, even though that could have potentially increased the final price quite a bit.

If you think you have two potential sets of terms that would appeal to different buyers and you're willing to entertain either, consider selling an option bundled with the software. For example, if we'd been willing to offer a long term support contract for a reasonable price, we could have included that.

Pay careful attention to eBay's terms of service though. From what I can tell, certain kinds of options might be against the rules. Kiko's auction was pulled on the 7th day (out of 10) for having 2 links to the kiko.com (one to our main page, another to the API documentation). Apparently that's one over the limit, and an extremely vigilant community member killed our auction for it. We relisted it again as a 3 day auction and it doesn't seem any long term harm was done, but it was very nerve wracking.

Relisting it for 3 days was actually a mistake. We should have taken the removal as a blessing in disguise and relisted it for 10. Another week and a half would have given allowed more companies to bid. Corporations are slow. Ten days isn't enough time for most of them to both find out about the auction and go through their internal procedures. So a ten day auction is probably too short. If you can find another auction site besides eBay that allows longer auctions, you might consider using them.

We did do at least one thing right when we started our auction at $50,000 instead of $1. It's easy to see why it's a good idea if you consider that the real bids are all going to come in the last ten minutes of the auction. Earlier bids are essentially meaningless noise, and a low starting price can only induce more of those. The disadvantage of a low starting bid is you could be forced to sell for less than your minimum. Why take the chance?

Overall, the experience was extremely positive for us. Even with the mistakes we made the process was very fast, the asset sold for more than we expected, and our baby found a good home with Tucows. If you find your business with an large, valuable asset, consider eBaying it. It may sound crazy, but it seems to work.

• In 1930, there were 260,000 schools in the USA (including approximately 150,000 ones with only a single teacher). In 2000, there were less than 95,000 schools almost none with only a single teacher. The average number of students per school size grew from 89 to 502.
• The number of support staff per student has increased three-fold since 1950, from 1/83 to 1/27.
• The number of teachers per student has increased two-fold since 1950, from 1/26 to 1/12.
• The average number of years of experience for a teacher has increased 7 years since 1966, from 8 to 15. The average age of a teacher has also increased by 7 years over the same time period, from 37 to 44.

The statistics are from School Figures, which is published by the Hoover Institute. I hadn't heard of them before, but from reading their choice of statistics it's clear they're in the privatization/school-choice crowd. The idea of school choice had an appeal for me at one point, when I still believed that what made a school good could be measured by tests. School choice advocates are entirely right that if you place enough emphasis on competing for students via test scores and the school ratings based on them, you'll see scores go up. The problem with that approach is that any kind of test scores are basically broken as a measure of the success of schools.

For the first part, it's difficult to say whether test scores are truly rising or falling at all. There are a huge number of confounding factors involving demographic trends and changes in the tests themselves. Secondly, even assuming we could correctly tease out the true change in test scores, there's very little evidence that rising test scores mean better educated students. It's difficult to deny that students who score 1600 on the SATs are much more likely to be well educated and thoughtful than those who score 900. But as those 1600 point scoring students would tell you, corelation is not causation! It might be that on average tall students score higher on their SATs, but that doesn't mean giving students stilts will improve test scores.

This is all a roundabout way of saying that I don't think much of the book, although it has a lot of pretty graphs. They've managed to pull together a very large and impressive number of statistics, a few of which are meaningful and most of which are not. Other offenses include, but are not limited to: extrapolating trends from as few as two data points, representing public opinion polls as meaningful measures of something more than people's opinions, and failing to consider alternate explanations for trends. I shouldn't pick on them too much, since all of these are common crimes, but I wish for a book on the history and facts of education that I could actually recommend at some point.