Today the Oakland Athletics won the American League West. There are so many cool things about this, I don’t know where to start. I guess we’ll start at the beginning of the season.

Going into the season, the Texas Rangers have played in back to back World Series, had a $121 million dollar payroll, and are expected to win the division. But then in the Angels went on an offseason spending spree because they were tired of losing to Texas. They came in to the season with a $155 million dollar payroll and ready to finally knock off the Rangers. No one bothered to discuss the Athletics.

The Athletics were thought by the experts to be rebuilding. In the offseason they traded away their top two starting pitchers. And their closer. Basically they traded away everyone good for a bunch of players with very little major league experience. They came into the season with a $49 million dollar payroll – the smallest of all 30 major league teams.

And yet they kept winning games. They are so young they don’t even realize they aren’t supposed to win these games. They finished the season with 5 rookies making up their starting rotation. Somehow they went 94-68, finishing ahead of the Rangers (who they swept 3 straight to end the season) and Angels.

One more amazing thing to leave you with: today is the FIRST day of the entire year that they have been alone in first place. Finally, after 162 games they made it. Good time to end the season.
 

Here’s a little secret for you. Anyone who actually enjoys making small talk is boring. Do you think I really want to talk about the weather? I don’t have the patience to wait and see if you have anything better to say. Life is too short, there are too many interesting people out there for me to be wasting my time with you.

You don’t want to be Susie Smalltalk, you want to be interesting. What makes someone interesting? They have a passion for things. More specifically, they have an irrational passion for things. It’s far too common to be into cars, fashion, or football. Boring. But being passionate about something that is so random it seems irrational to be so excited about it, now that is interesting.

All you have to do is drop superlatives about a subject the person you’re speaking with has never thought about. Then back it up with supporting arguments that could logically make sense.

“The greatest travesty in the textile industry is that wool has been replaced by inferior technologically advanced materials.”

“Run DMC is the most influential music group of all time.”

This naturally lends itself into teaching them something, which interesting people will enjoy. It also gives your conversational partner the opportunity to challenge you – it is these people that you want to clench on to. Don’t worry if you lose the debate. Yes, the Beatles were also quite an influential band. Good for them. The important thing is that you are having an stimulating conversation and discovering whether the person is worth speaking with again.

Let’s get to thinking … what are some subjects that you are irrationally passionate about?

Photo: Noukka Signe

I am back from two glorious weeks in Costa Rica. The beaches, rainforests, and wildlife made it an unforgettable trip and made me want to explore the rest of the Central America. Rather than turning this into a travel blog, I think the pedantic readers would appreciate some knowledge. So here are some things you probably don’t know about the country – pura vida!
 

• Costa Rica is one of the greenest countries in the world. Yes, the vegetation is thick and vibrant, but I mean the environmental friendly type of green. A whopping 25% of the land is protected by national parks and wildlife reserves (for comparison sake, the world average is around 10%). On top of that, the government put forward a plan to be 100% carbon neutral by 2030 (already 90% of energy comes from renewable resources).

 

• Costa Rica has a tiny pocket of malaria in a remote part of the jungle. The Red Cross has a policy that you should wait 12 months after traveling to “an area” where malaria is found before giving blood (because blood donations are not checked for malaria). Thus, it could be difficult for travelers to Costa Rica to give blood for the following year (although you can show your itinerary and see if they will accept you weren’t in danger of being exposed to malaria).

 

• The Nicoya Peninsula has been identified as one of the five regions in the world where people regularly live to 100 (written about in the book Blue Zones). These regions share the common characteristics of putting family first, non-smoking, plant-based diet, constant moderate physical activity, social engagement, and eating legumes.

 

• Costa Rica abolished its military in 1948, immediately following a bloody civil war, and made it permanent by adding it to their constitution the following year. Instead, the budget is spent on education, culture, and security (they still have Police Guard forces responsible for ground security, law enforcement, counter-narcotics, and border patrol). Costa Rica is one of the largest of the 19 countries without a military and one of the few that is a democracy.

 

• But those Costa Ricans can be shady as well. China built Costa Rica a $105 million dollar stadium earlier this year as a “gift”. Hmmmmm, why is China giving out gifts? Why is a country known for its kickass lifestyle getting so buddy-buddy with a country known for its human rights violations? Check out this story to learn this and why a bridge was unofficially renamed from “Bridge of Friendship” to “Bridge of Backstabbing”.

 

• The country is only 19,653 square miles (imagine a 200 mile by 100 mile plot of land), yet it takes a long time to get anywhere. Many of the roads are still dirt. The roads that are paved are two lane highways – its not uncommon for a bus to stop in the middle of the highway or a cart pulled by oxen to slow down traffic. Despite this, it is one of the most developed countries in Central America.

If you liked this post, check out this one about the Netherlands (I haven’t been there, but did have a few facts to share).

Photo: Rafael Alverez

Oh brogramming! What a beautify made up word. It is a combination of two words I hold near and dear to my heart. BRO + PROGRAMMING = BROGRAMMING. Yes, the meaning matches your current mental picture – a sickass dude programming a computer.

What does this involve? It is up to interpretation, but it definitely involves wearing your sunglasses indoors while using the computer. Lifting weights is important – and don’t forget your protein shakes. Drinking alcohol while programming is encouraged. The more caffeine consumed the better.

You may be absolutely puzzled right now. How the heck did these two worlds collide? Well, in the land of software, the Silicon Valley, pretty much the coolest thing you can do is code. And to show how sweet you are, instead of pictures on your desk of your loved ones, people here decorate their desks by displaying the largest and most intense energy drinks you can find. Yes, it is a unique place.

Starter Kit

Now that I have you excited, how do you join the team? Copy this desk setup:

You must be concerned about health – at least to an extent. Eat healthy food and be sure to pair it with a workout regiment that focuses on the beach muscles. Bicep curls, bench press, calf raises, repeat. Next, (this may seem in direct conflict with the previous point, but just go with it) drinking a ton is cool. Beer, vodka, or Jager. You can drink while at your computer, or alternatively you can return to coding after a wild night in the club. Be sure to have powerful energy drinks within arm reach to stave off the inevitable crash when it arrives.

Congrats, you have passed Brogramming 101 are now a brogrammer! This answer on Quora provides some addition reading material for those of you that want to advance to 201 next semester. Let me give a sneak peak for the Pedantic Post readers that don’t click on links…

Here is a flow chart to study before next semester (programming logic is similar to the logic of flow charts so they are useful for communicating how a program should behave):

If you are ready to start writing code, here is a pretty solid example. Do the same for the song Lip Gloss or any Little Wayne jam and email it to me for extra credit:

 

Why should you care?

Nerdy and cool are colliding whether you like it or not. Need evidence? Chess-boxing is the fastest growing sport in America (I always thought it was hilarious how many sports claimed to the fastest growing in America, so what’s one more claim?):

This collision is great news for everyone. If you are a nerd, you get the opportunity to battle the jocks that made fun of you in high school. If you are a hella chill dude, you get the opportunity to compete with people way smarter than you on a slightly more even playing field. What a great opportunity!

Faithful readers, what bro-sports and dude-tivities can we invent? The top idea gets to challenge me for slammers and/or pink slips.
 

If you liked this post, join the mailing list to receive weekly email updates.

I don’t think everyone is aware of the huge problem facing mankind. No, not global warming. This one isn’t talked about for some reason, but soon it could be an even bigger problem than global warming. I’m talking about infertility, specifically male infertility.

Children of Men is an excellent movie about the world in 2027, 18 years after the last human was born. That’s right, the human race became sterile – the scary thing is that this scenario is not as ridiculous as you would think. In the movie it is due to a genetic defect in women, but in real life it is more likely to be men that are the downfall.

Sperm counts are dropping like middle school girls running hurdles. It’s bad. In the last 50 years it is estimated that sperm counts have halved. Even worse, they show no signs of stopping – every year sperm counts around the world are dropping 1 to 2 percent. Do I need sources for this? No. I don’t care what the exact numbers are – there is so obviously a correlation, it doesn’t matter if it is only half as bad as I just said. The fact remains, we are doing some real damage.

So what is happening? Unfortunately there isn’t one answer, there are numerous environmental factors that contribute to this decline. Things like plastics, pesticides, soy products, obesity, sitting in an office all day, and more. Pretty much everything in our lives …

There is one that has come up in the last 15 years that should be more publicized – leaving a cell phone on in your pocket! Even a limited exposure of an hour a day has been shown to immensely kill sperm and lower testosterone. Luckily, this is an easy problem to fix. Enter the Save Our Balls Pocket Shield. This is a simple product I am producing that will protect your cojones – simply clip the shield to your pocket before putting on your pants and it will block the radiation from hitting your boys. Perfect!
 

• You might ask, why not just stop carrying your cell phone in your pocket? Guys have nowhere else to put it. Next you will probably ask, why such a gimmicky product name? Hopefully it’s memorable and helps with viral-ness. Who is interested in starring in or otherwise helping with a hilarious infomercial-type video?
• There are a couple sources on the radiation pocket protector product website. I recommend watching the video and checking out the studies.
• Big thanks to Fenner for coming up with the name Save Our Balls. I think he threw it out as a joke and I actually liked it!
• The website is a WordPress site hosted on EC2. It would have been easier to host somewhere else, but EC2 is taking over the server world so I figured I’d give it a shot. It took longer than I expected …
• I was hoping that Adwords would be able to generate a bunch of sales of the product. Unfortunately this does not appear to be the case – there simply isn’t enough search volume about cell phone radiation hurting sperm/testosterone. And it is way too expensive to bid on more generic “improve sperm count” / “low t” terms.
• Let me know if the nerds are interested in hearing more about my first EC2 and Adwords experiences and I’ll consider dedicating a post to it.

Photo: Kelly Schott

Richard Branson is the man (not quite all that is man, but he may make the cut someday). Earlier this week he wrote a letter to all the Virgin Atlantic pilots that are threatening to go on strike. The reason for the strike? The union isn’t happy with a 4% pay raise after a 3 year pay freeze. Richard isn’t the CEO or even involved in running the business anymore, but he is stepping in to try to save his baby.

First, he took an objective look at the company to see if the offer is fair:

In the last week I have spent a lot of time trying to understand whether the management team at the airline has treated everyone fairly and whether the company can afford to go further with its pay offer.

Then he offers to share the information with them that led him to believe it is a fair offer and the best that can be extended:

The management have told me they are happy to share up to date corporate accounts with your union so they can understand the financial context from where the offer has been made. As shareholders we’ve also got to ensure the airline is strong enough to withstand the many challenges it faces in this constantly changing market.

He finally urges them to explore the true cost of the union getting their way:

Unless BALPA withdraw its threat very soon it will leave an indelible scar on the company, impact customers’ trust in us and damage the unique and friendly culture at Virgin Atlantic. It will affect jobs and it will make it very difficult for the company to afford the current offer on the table.

Brilliant. Can’t wait to see how this all plays out.

Following the debate on Hacker News, I came across an excellent article exploring the relationship between pilot unions and the major airlines. If you are a strong believer in unions, read the article to see how nuts they are. My favorite quote:

Who controls the pilot’s union: very senior pilots. The airline management is mostly interested in what percentage of its revenues are paid out to pilots; the distribution of the money among the pilots does not affect profitability. The very senior pilots on the other side of the table say “We need the most senior pilots to get $300,000 in pay and benefits.” The airline’s response is “The only way that could work is if we pay the new pilots $16,000 per year.” The group of senior pilots responds “We can live with that.”

It also goes on to explain tired pilots and why you shouldn’t invest in an airline’s stock – US airlines use bankruptcy as part of their strategy. Branson touched on this himself in his letter to the pilots:

In America the internal strife in the airlines led to almost every one of them going bust; but importantly some of the jobs were saved by going into Chapter 11 and launching again. A luxury that doesn’t exist in the UK – you are either bust or you are solvent.

• I’ve been telling a lot of personal stories in my recent blog posts, so this is no time to stop. A couple Christmases ago my relatives that live on a cattle ranch in Kansas asked my mother what book I might like for a present. The only two on my list at the time were “Losing My Virginity” (Richard Branson’s autobiography) and “Eating Animals” (or another book supporting a vegetarian diet). Since neither of those were appropriate titles, I had to choose a third book that I wanted to read.

 

• Even though Sir Richard is a baller, he is still susceptible to falling under the influence of all the CEOs before him. And by this I mean using cliches.
  

  Whilst on the subject of fairness I think it’s worth you knowing I have taken no salary out of Virgin Atlantic since 2005.

  This is always what rich people say in a pathetic attempt to relate to the common man. When you own a large chunk of the company you don’t need to take a salary. The stock is worth billions and if the company keeps growing it will be worth way more than any salary he could reasonably pay himself.

 

• Branson’s closing thoughts call out the breakdown in communication and how poorly the union and company are working together:
  

  PS: Having spent the last few days reflecting deeply on this issue I believe that both management and union need to urgently work together on modernising both their relationship and communications.

Almost a year ago I wrote a post titled The Concept of Infectious Disease Eradication. It was all about how the everyone has come together to fight to rid the world of certain diseases forever. The only time this has been accomplished was with smallpox from 1950 to 1979, but we are getting very close to doing it again with polio.

Armies of volunteers are mounting a heroic effort to get rid of polio forever. We haven’t had polio in the United States for many decades, so you may not even be aware that it is even still around. But it is a terrifying disease that leaves many paralyzed and is still hanging on in the poorest areas of the world. The picture above is of four people in an iron lung to allow them to breath.

There are millions of volunteers delivering the 30 cent treatment to every child in the most remote and destitute communities. Highly recommended and inspirational video:

Every website these days has a log in – it is mandatory to be “social” and allow comments or other user interaction. Popular sights like ESPN, IMDB, Weather.com, PedanticPosts as well as more obscure sites like PassiveAggressiveNotes and HotOrNot. But you can’t have just anyone comment, no no no, they must be validated as an actual person, capable of entering a username and password.

Do you know how your passwords are handled? It’s obvious not every site has the same policy – some websites require at least 7 character passwords, some don’t allow special characters, some require a number or uppercase letter, and some have no requirements whatsoever. Do you trust every website equally with your password? Should you?

Almost all websites have databases which contain the data needed to run the site and store the user information. One important part of the user information is the password. But hardly any website will store your literal password – if your password is “r0xysUrfrGrl” and “r0xysUrfrGrl” was stored in the database, anyone with access to the database would know your password. This would mean that you would have to trust every website administrator with you password. And if a hacker every got ahold of your database (which we will see is quite possible) then they would have everyone’s passwords. Ouch.

Instead, it is common to store a hashed version of the password generated by an algorithm. An example of a dead simple algorithm would be to simply reverse the order of the letters and then replace the vowels with the vowel’s number (i.e. a=1, e=2, etc.). So the password “BeerBuzz” becomes “zz5Br22B”. Not too bad, I doubt you could look at “zz5Br22B” and guess what the password is. Unfortunately it wouldn’t be very hard to find out though. If you create several of your own passwords you will quickly see the pattern, figure out the algorithm, and have the key to determining every user’s password. Ouch again.

Rather, the hash algorithms commonly used are one-way functions – the idea is if you know the input you can calculate the output, but if you know the output you can’t calculate the input. That means if you have the hashed version of the password you can’t use it to determine the actual password. It’s a one way street. No patterns. If you just change one letter of the input it will change the entire output. Using a popular one-way function called MD5 on “gopanda” will yield “a6ef6c486390c4d9930018a29ff0a132” and on “gopandA” will yield “df54e1966621f816e7fca295bd1a74ec”. This is good – even if the hacker were to guess one password in the database, they still wouldn’t know the rest of them.

Sounds safe, right? In theory. Yes, if the website wasn’t setup by a bunch of baboons it means that a hacker won’t have easy access to all the passwords. But, as we will see, this doesn’t mean he can’t crack individual passwords. Why is that something to worry about? Because most people will use that same password across a variety of websites (I know you do, don’t lie to me). Next post I’ll show you the ways to crack individual passwords.
 

• Here is an excellent illustrative overview of how hashes work
• How one-way functions and other cryptography algorithms work deserves a post of its own one day. Extremely interesting uses of advanced mathematics.
• Need proof that website administrators shouldn’t be trusted with your password? A 19 year old Mark Zuckerberg hacked into some Facebook user’s email accounts:
  

  Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members’ Harvard email accounts. He successfully accessed two of them.

  For some reason this wasn’t mentioned in the movie and everyone trusts the guy/company to not be evil …

Photo: Frances

Hacking is a broadly defined word with so many different meanings: writing clever computer code, creating an ugly yet effective solution, finding a shortcut, playing a practical joke, or the act of breaking into a computer. Guess which one I am interested in? Well I guess I’m interested in all of them, but I will be writing about breaking into computers. This subject is chock-full of incredibly entertaining stories and interesting things to learn.

There are a zillion different types of hackers. Some are good guys (white hat), some are bad guys (black hat), some it’s even hard to tell (grey hat). Some know only one way to hack and some are computer wizards who seemingly have no barriers holding them back (1337). And some technically know very little about computers and instead rely on tools built by others (script kiddies).

AIM Punters
I remember my first introduction to this world. The year was 1996 and I was finally online. America Online. AOL. And the best part about AOL was the ability to chat instantly with friends or strangers thousands of miles away. Oh the possibilities!

What does this have to do with hacking? Back in the early days of AIM (AOL instant messenger) the program wasn’t exactly robust. There were tools called punters (or IM-bombs) that exploited these weaknesses – you could use them to kick another user off AIM or even make their entire computer crash (they worked by sending HTML code or tons of invalid characters that would cause the other person’s computer to explode like the fembots in Austin Powers when he touches himself). Did I have any idea how it worked? No, and that’s the best part! The barrier was so low – all you had to do was download a program and you had incredible power over your buddies (or strangers). These AOL punters were a likely starting place for many script kiddies.

Anonymous
The motivation for this post was a hack that was recently in the news. It was so bad ass I felt compelled to share it with a larger audience. And it involves a subject that seems to be on everyone’s mind: WikiLeaks.

WikiLeaks has its own group of hacker bodyguards called Anonymous. No, this group isn’t operating under the direction of Julian Assange looking for confidential info, rather they just perform hacks that Anonymous perceives to help WikiLeaks. Namely this means attacking companies that are openly anti-WikiLeaks – for example bringing down the Visa and MasterCard websites.

This is just the beginning of the story, however. HBGary is a large computer security company with products that both allow undetected hacking and secure your system against them – it’s more complicated than that, but the point is that they are knowledgeable in the way of hackers and their credibility would take a big hit if they were hacked themselves. And that’s exactly what happened. HBGary Federal CEO Aaron Barr thought he had unmasked this secret hacker clan, was preparing to publicly name them, and shared it with the press. He also confronted one of those people. The retaliation from Anonymous was quick and trenchant.

The company used a third party vendor to create the back end database running HBGaryFederal.com. They sucked. HBGary (a security company mind you) did not audit the vendor’s work for vulnerabilities and ended up paying a heavy the price. Using SQL injection the hackers were able to extract the entire database – including the hashed passwords for all the users on the website (everything will explained by the end of the series). A couple of the passwords were remarkably vulnerable to cracking using rainbow tables (the passwords used the most common hash algorithm and only once without salting), which provided the hackers with an actual password that they could use to log in to the website as a valid user. Or deface it.

That doesn’t sounds so bad, a defaced website. But because a user reused his password in other HBGary systems, it allowed the hackers to exploit a vulnerability in Linux (that was actually already fixed, but they were still running an older version) to gain access to every system at HBGary. All backups were deleted (and honestly, who backs up their back ups?).

So some data was lost, not the end of the world. Well as luck would have it, one of the users with a simple password that was cracked was the CEO Aaron Barr. Unfortunately Aaron Barr used that same password for many many systems: email, Twitter, LinkedIn, and more. The end result? All of the CEO’s emails were released to the public, his twitter account was dominated, his private documents published, his iPad was remotely wiped, and he eventually resigned from his job to go put his life back together. Don’t mess with hackers, even if you are one yourself!

Paris Hilton’s Cell Phone
But hacking is not always so technical – there is a whole branch called social engineering. Rather than exploiting technical weaknesses in the system to get in the back door, social engineers figure out a way to walk right in the front door. This is usually done by calling someone and asking what their password is. OK, you may have to do a little back-story about how you are from the IT department or an important executive that needs access, but it sure is easy. Another example of social engineering is using important facts about the person’s life to “guess” their password – birthdays, anniversaries, kid names, pet names, etc.

Now it’s the point in the article where we learn something from Paris Hilton. Believe it or not, Paris Hilton had a smart phone before the rest of the world – the impressive Sidekick II back in 2005. Do you remember when it was hacked and all the data was posted online? Her phone book had over 500 contacts including phone numbers for numerous celebrities such as Christina Aguilera, Fred Durst, Lindsay Lohan, Usher, and Vin Diesel. They all quickly changed their numbers, but it wasn’t as easy to recover the inappropriate photos that were also on there …

So how did someone hack Paris’s cell phone? First T-Mobile had a security hole that made it possible to find out a customer’s name and phone number. The T-Mobile website also had a feature that allows you to reset your password after answering a security question to confirm that it really is you – many websites have this in case the user forgets their password. Unfortunately for Paris, 90% of the world knew the answer to her question – “what is the name of your favorite pet?” She takes her dog Tinkerbell with her everywhere and spoils it worse than the girls on MTV’s Super Sweet 16. In addition to the security question, T-Mobile also had another safety measure to thwart trouble makers – the new account password is text messaged to the phone. Surely the real owner is in possession of the phone …

Now the 17 year old hacker had Paris’s phone number and knew that she received a text message with a new account password. Using caller ID spoofing he called Paris pretending to be a T-Mobile rep – “Hey Paris, we are having some system difficulties and believe some users may have received a message about their account password being reset. Did you receive a message like this? Oh you did! Tell me what it says and I will get this straightened out right away!” Easy. With her account password the hacker had unfettered access to all of her phone’s data.

That’s enough hacking stories for one day. The next post in the series will contain more stories, and after that we will jump into the technical specifics and how to protect yourself. Please leave a comment if there is anything you have wanted to know about hacking and I’ll see if I can cover it.
 

• HBGary hack story
• How Aaron Barr unmasked Anonymous
• About how HBGary are hackers themselves
• How the HBGary Federal CEO blew his communications with Anonymous
• A book called “The Tinkerbell Hilton Diaries: My Life Tailing Paris Hilton“

There has been a lot of buzz recently around the possibility that Coke’s secret formula has finally been revealed to the public. Is it true? Does it matter?

Did you know only two Coca-Cola executives are allowed to know the recipe for creating the sugary syrup that goes into Coke? And that those two execs aren’t allowed to fly on the same plane for fear that it may crash and the formula will be lost forever?

But don’t think Coca-Cola is unique. There are similar stories for Dr. Pepper’s 23 flavors, KFC’s blend of 11 herbs and spices, and many others. Did you know KFC’s 11 herbs and spices are mixed at two different locations and then combined at a third so that the mixers don’t learn the formula?

Does it actually matter? I love all the secrecy, but I hate to break it to you, Coke isn’t successful because of their product. It’s their brand. It’s their advertising. It’s the memories.

And Coke knows this. All the secrecy is good publicity, so they aren’t about to publish the formula in the New York Times. But they know their true assets. As any good product manager knows, it is not all about the product.
 

• Snopes.com on the Coke secret formula
• ABC news on the possibility of the formula recently released. Check out the second page for other food industry secrets and rumors.

Photo: Morgan