CodeWithMe Portland

So I’m at code with me in Portland this weekend.  Code with me is a great organization run by Tom Giratikanon and Sisi Wei that pairs technologists and journalists to spread the foundations of HTML, CSS and JavaScript.  Here’s a picture of everyone in the big  (windowless) conference room at the Oregonian.

To understand what a dedicated group this is, you should probably also check out the current weather in Portland, which is — to say the least — spectacular.

Events like this (in foul weather or fair) are really exciting.  You’d think there would be more opportunities for journalists and technologists to not only spend time together, but also trade knowledge and work together.  But really opportunities like these (open, learning, semi-structured events with lots of project time) are pretty rare, and I’m grateful to be involved this weekend.  I’m also psyched to be working with two journalists: Evonne Benedict of King5 TV in Seattle and Rachel Alexander of Whitman College and Union-Bulletin News.  Much fun!

Annoying Robots and the Chameleon Botnet

Yesterday Spider.io announced the discovery of the Chameleon Botnet, a mega-collection of infected Windows machines, based largely in the US.  The purpose of the botnet is/was to generate large amounts of distributed, hard-to-detect traffic over sites displaying certain ads (or ads from certain networks), thereby generating bogus income via a network of 202 bogus content sites and defrauding advertisers out of something like $6 million/month.  The characteristics of the traffic of this botnet are suspciously similar to the sort of traffic I wrote about over a year ago when I worked at Grist.  In particular, the traffic instantiates JavaScript, identifies itself using a particular windows user agent, and is extremely homogeneous —  which is basically what we saw at Grist.  The Chameleon traffic differs in that it evidences real but apparently random mouse and click events:

 Random distribution of clicks and mouse traces over a square ad on an infected site:  image: spider.io

… and apparently were confined to the part of the screen containing the ad.

We’ll probably never know if the Grist phenomenon was of this sort, but I think it might be worth developing some sort of detector for botnets of this type if the possibility exists that they are affecting more than the small number that Spider.io’s report implies are affected by Chameleon.  It would seem to me that botnets of this sort have both an incentive and a disincentive to include non-target sites on their hitlist.  The incentive is simply that by including legitimate targets they obfuscate their scheme from advertisers to some extent (though it’s unclear if most advertisers directly review the distribution patterns of their ads through networks.) The disincentive is that targeting legitimate sites carries a risk of detection, though most sites would probably not notice if this were to start happening.

This was of great interest to me (and should really be to anyone who runs a site with significant traffic) because it’s the first public announcement of a botnet capable of running a complete client stack.

I would think that some analytics and advertising platforms like Google would be interested in understanding phenomena of this type better –I’d appreciate any links or info regarding countermeasures or detection of stuff like this.

Twitter’s new API policy in plain english

Twitter announced new API policies for version 1.1 of their API today.  The announcement was accompanied by a diagram which IMHO was bit hard to understand at first and caused a bit of useless debate and worry on Twitter.  Here’s my dumbed-down version of the diagram, or at least my understanding of it.  The x axis represents who your application is for:  the general public or, for lack of a better word, nerds (developers, business owners etc.)  The y axis represents what your application allows those people to do:  either count stuff (tweets, links etc etc.) or do stuff (tweet, search, etc etc)

Here’s Twitter’s (better) version of this:

Grist at WCSF12

This weekend the some of team Grist will be in SF for WordCamp.  I’m really excited to get to give a talk about our journey to becoming a WordPress operation.  This year (in fact, almost exactly this year, as WCSF11 represented a bit of an introduction to WordPress for us) has been a huge adventure — we learned lots about the WordPress API, moved our content and hosting to a new platform, adopted a new operating model, developed a theme and began to seriously grow our audience.

[UPDATE]

Here’s dump of the slides I used in this presentation.  Please feel free to hit me up on twitter with any questions or to talk about any of this.

What you get when you move to the cloud

Grist’s former web hardware arrived at the office today.

How to get up and running on Amazon EC2 quickly (for OSX people)

So I needed to set up my OSX rig to access AWS, spin up and configure an Ubuntu instance, install Apache, PHP, MongoDB and do various other tasks. Good thing I found these two great resources:

Fist, here’s Robert Sosinki with a great guide on how to get set up with the EC2 command line tools on Mac OSX. Really clear and well done.

Next, here’s a quick guide from RSM on how to turn that brand new instance into a full LAMP (that’s Linux, Apache, Mongo, PHP) stack … though really you could install whatever packages you need.

Antique Boca Juniors Beer Cans

What you drink if you are a Boca fan.

temporary hemispheric switcheroo

Headed here for a few weeks:

Photos will be here for those who care.

I’ll be trying to add to my paltry Spanish, playing soccer and inventing something.