Ah Berlin!

I’ve recently returned from an extended stay in Berlin, Germany.  Berlin has quickly become one of my favorite places in Europe and, like Saint Louis, it has been experiencing its own startup boom.   A low cost of living, a stellar public transportation system, an abundance of energetic, educated (and highly inked) young people from diverse cultures, and some smart investors are driving the startup scene forward.  Places like the BetaHaus are popping up everywhere, repurposing once rundown, state-owned buildings and providing cool, low-cost workspaces to many startups and aspiring entrepreneurs (as well as a place to build a shelf or fix your bike).  If you’re in Berlin, stop by the BetaHaus for a tour (you might even get interviewed by the BBC).  Don’t worry, most people there speak perfect English if your Deutsch ist nicht so gut.

Building a Pirate Box.

I love playing with technology and the satisfaction I feel after successfully adapting it to suit my whims.  For me, this primarily involves manipulating software, but recently I came across an article on how to hack a wireless router equipped with a USB flash drive to create an anonymous, offline file sharing system.  Having some free time and a few unused Amazon gift cards lying around, I decided to give it go.  The hardware required wasn’t expensive (I’ve paid more for lunch in some cases) and the software is free.

The build process involves replacing the wireless router’s firmware with the pirate box software which allows the router to act as a standalone web server disconnected from the internet.  Although there were only a dozen or so steps required, it took me multiple attempts (and recoveries) before the router’s firmware was successfully reprogrammed and the router booted properly.  Once set up, the router appears to your computer or mobile device as a normal wifi hotspot but connecting to it directs all requests to the internal server rather than the internet.  The result is that it displays a web page that contains some basic information about what a pirate box is, a chat server, and a file server where you upload, download and stream digital media.  With some basic web programming knowledge and a little hacking it is easy to modify these services to provide your own custom functions.

There are many possible uses for such a device:

1. Share files anonymously.  This is the what the stock pirate box software is primarily designed to do.  Set up the box, plug in it, and anyone who connects to it can upload and download files.  Use it in your office for your team to share documents.  Put one in your dorm or apartment building and share digital content (that you*cough* own the rights to *cough*) with your neighbors.

2. Distribute content to a select audience.  Because it is small and disconnected (possibly even battery or solar powered), it’s easy take the box to a special event loaded with exclusive content for event participants.  Since the server isn’t connected to the internet and the router has a limited wifi range, only those people at the event can access the server’s contents.  I imagine bands using these to distribute exclusive or pre-release music and videos to their fans at their concerts.

3.  Encourage people to explore their city with citywide cyber scavenger hunts.  Build and hide multiple boxes throughout the city each containing clues on where to locate the next “treasure” box.  Preload each box with historical trivia, old photos, and other information about the current location as well as rewards.  Allow users to upload photos of themselves at that location as a digital time capsule.

4. Be completely evil (please don’t do this).   Because the box is so portable, disconnected and untraceable it is possible take one to a cafe or other public place, power up the wifi hotspot and then (because you are evil hacker) use the internal server to create your own “fakenet”.  By hacking the server software, you can mimic the login pages of popular websites and capture the ids and passwords that users unwittingly type in (most internet users don’t know how to ensure a server’s authenticity).  Once you have their credentials all you need to do is program the server to display a “Down for unscheduled maintenance.  Try again later.” message so the user doesn’t catch on to the fact that they are not connecting to the real internet. Thinking there is an issue the site (happens all the time) they will try logging into another one (and provide yet another set of credentials).   Scams like this are all too common and it is why you should never enter your login credentials for any site when using a open public wifi, but people still do it.

There are probably dozens of other uses for such a device (good or evil).  With the costs of hardware dropping all the time, there is no valid reason not to experiment and have fun. But please boys and girls use your superpowers for good.  Happy hacking!


CRACK THE HACK: Lifting the veil on hackathons.

Hackathons have become quite the rage in the past few years with cash prizes ranging from a few thousand dollars up to a million.  Anyone with a laptop, free time and the ability to forego sleep and personal hygiene for a few days is able to participate.  The organizers of these events often cite lofty goals and the promises of big payoffs can be enticing to participants, but the companies that actually sponsor and provide the prize money for these events have their own motives.  Many in the tech community have been very vocal in either support or opposition to these events. Some say the events help foster careers in technology while others find them to be opportunistic as they prey upon the energy and optimism of predominately young developers. Many also find them harmful because they reinforce already well-entrenched ideas that to be successful as a tech developer one must forego a healthy work/life balance and literally work 24×7.

Based on my many years in the industry and recent experience at a much-hyped hackaton in St. Louis (MO), I have my own opinions.  Should you decide that a hackathon is in your future, here are some tips to help you succeed.

For the most part, these are recruiting events and PR stunts. This is the most important thing to keep in mind when deciding to attend.  You and hundreds of other developers are not being gathered for the weekend with the goal of building something that will change the world.  In fact, the work you complete at the event may never see the light of day.  The sponsors of these events (those actually putting up the money) need a return on their investment.  They are there for the sole purposes of quickly identifying and hiring scarce talent while garnering some free publicity for their companies in the process.

Case in point, for GlobalHack I the sponsor was a unknown company with no product, no development staff and little prospect of attracting talent in a very competitive St. Louis job market.  The company’s opportunistic CEO unabashedly described his use of the event as “Interviewing 3.0” and received much needed free press in local papers, business journals, tech blogs and television.  The event helped him to hire a small development team, but more importantly the hype surrounding it helped him to secure a first round of seed funding and launch his business.

Event organizers, while their original visions for their events may be noble, are realists when it comes to attracting paying sponsors for future events and therefore must condone what many have described as predatory hiring practices associated with their events.  This is evident in the selection of a Virginia-based, DoD funded, cyber security and intelligence gathering company  looking to expand into the St. Louis market as the primary sponsor for St. Louis’s GlobalHack II.

The largest team, with the most employable members, wins. As I stated previously, a paying sponsor will be wanting to get the most bang for their prize buck by enticing and recruiting as many top developers as possible.

If you are a small team or not looking for a job, you have little chance of walking away with any prize money even if you produce the best solution.  Why?  Paying out their prize in exchange for the just the Intellectual Property rights to a partial solution (to a problem which may or not meet a valid business need) without also obtaining the team to build out, integrate and support that solution is not in the sponsor’s best interests.  But by awarding the prize to the team most receptive to a job offer they improve their standing in the eyes of those individuals and significant increase their chances of successfully recruiting them.

For GlobalHack I, the winning team of young Washington University students was chosen because, as the CEO of the sponsoring company stated to me several times, he wanted to “make inroads” into Wash U and recruit more of their students (little, if any, of their winning solution was actually used in the company’s product).  To his credit, he was successful in hiring some Wash U students from the hackathon for part-time and summer positions, and later a few of their college friends through word of mouth. He also quietly let some of them go almost immediately after the press died down.

If your goal is to simply win the prize money and be on your way, show up with a large team and be very, very, very receptive to the persistent recruiting – you can always politely refuse any job offers once you’ve cashed that oversized check.

You are being constantly judged, possibly even before the event starts.  Be aware that while you are busy eating cold pizza, chugging warm Red Bull and slaving away on your solution, the sponsor will be busy watching and researching you.  Remember that email address you used to sign up for the event?  The sponsor has had that for days or possibly weeks leading up to the event. They will have been looking at your LinkedIn, Facebook and Google+ accounts, your blog posts, tweets, GitHub repository and anything else they can discover about you to determine just how talented and employable you are.  If your intention is to obtain a job offer, be sure these things are up-to-date and present you in the best possible light.

A functioning solution doesn’t matter.  Remember, obtaining a solution to their stated problem is not the primary purpose of the event for the sponsor.  Very few of the judges at the event will have a strong technical understanding or even be familiar with the problem you’ve been tasked with and your face time in front of them will be limited to just a few minutes. Because of this, you don’t need to be overly concerned with delivering a fully functional end-to-end solution.  In most cases, the judges will determine your technical standing based on what they’ve already learned about you and the story you tell during the judging process.  It is far more important that you polish your narrative (and select the right narrator) than it is to spend hours cleaning up your code.  A good pitch can easily see you into the final round and possibly all the way to victory.  Ensure that whatever you spend precious time on building reinforces and supports that well-crafted story you present to the judges. If that means hardcoding functions and inserting nonfunctional screen into your solution to make your point crystal clear, do it.

Don’t go in with a blank canvas,   Research the event and learn as much about the problem domain as possible before you walk in the door.  Many hackathons keep the details of the challenge under wraps until the event begins.  This, they believe, helps to level the playing field and gives everyone the same amount of time to determine a solution.   But it is fairly easy to make some assumptions.  Chances are pretty high that you will be developing some semblance of an app, web or mobile, with some type of backend services that need to collect and process data.  Even though the actual quality of your final solution doesn’t really matter, you are going to be judged for having some technical prowess.  So setup your environment and write the majority of a general framework to support this ahead of time.  Use your limited time at the event to adapt your framework to support your story and the problem.   Research the sponsor’s industry and be prepared to liberally sprinkle into your narrative industry jargon and popular buzzwords like “machine intelligence”, “big data analytics”, “cloud-based”, “mobile-first”, and “data science” to keep the judges engaged. Remember, there is no time for anyone to actually review your code during the event to dispute your functionality claims.  I’m certainly not advocating that you lie, but some have stretched the truth to positive effect.  It’s called salesmanship.

Non-poaching agreements are in place.  These events typically have multiple sponsors and organizers, as well as judges from leading tech companies where you might really want to work in the future.  Be aware that there is usually an unspoken backroom agreement between the various sponsors, organizers and judges to not poach talent.  The main sponsor providing the prize money has first-right of refusal and is there to cast a wide net thereby discouraging other companies from also actively recruiting.  If you are more interested in a supporting company rather than the main sponsor, keep this information to yourself and use your time at the event to make contacts. Approach your contacts regarding your interests AFTER the prize has been awarded.

Do your research before your accept any offer.  At the end of the event, you will be undoubtedly sleep-deprived and overwhelmed by how aggressively you are being recruited. Requests to interview, party invites or too-good-to-be-true job offers may already be filling your inbox. Don’t feel that you must respond immediately.  Be sure to do your research about the company making the offer – and its founders, especially if you didn’t do this prior to the event. Remember, you may be trusting your career in the hands of someone you just met 48 hours ago.  In Missouri, case.net is an excellent source for finding out about current and past lawsuits in which the founders are involved. Legal cases involving shady business dealings, credit fraud, DUIs, sexual harassment, and discrimination are easily obtainable.  If it is an established company check with the Better Business Bureau or online services like GlassDoor, and ask around in the local developer community.

Get everything in writing.  If you are one of the lucky ones to secure a job offer make sure it details not only your position and salary, but also your daily job responsibilities.  Job titles mean nothing in a small company where you may be one of a few full-time developers.  You may be offered an amazing title (CTO, Head of Engineering, Director of Awesome, etc) as incentive to leave your current employer only to find out later that the daily job responsibilities you are tasked with are much less appealing or not in line with your career goals.   Also, be sure to have an attorney review any documents so you don’t get tied into a restrictive non-compete, or forced to give up IP rights to your own “off-the-clock” projects.

In conclusion, hackathons are weighted to serve the sponsor’s purpose which may or may not align with your goals in attending them.  The truth is that, in most cases, unless you are looking for a job with the sponsoring company there is no financial benefit for you in attending one. You may still elect to participate for other reasons such as networking with other developers or making contacts with other company leaders, but go to the event with these goals clearly in mind and with your eyes wide open.  Compete to win on your terms not theirs.  I hope this article helps tip the balance in your favor.

Fun with Javascript

I recently came across 2 nifty javascript frameworks by the same developer Ian Lunn.   Sequence is a framework for creating basic animations by defining the elements in your HTML and the animation effects in CSS.   Parallax is a script for creating a background image parallax effect.  Both are solid and do what they should.  Good job Ian.

Here is another cool parallax framework that I haven’t played with yet but it looks pretty interesting.

The practical use of these effects is probably limited by they might add a little eye candy to your otherwise boring webpage.

Keep coding!