Blog November 2019

Personal blog for Mr. Rob Muhlestein for the month of November, 2019.

Saturday, November 30, 2019, 4:05:48PM

GPG in the house, again.

Saturday, November 30, 2019, 2:26:19PM

The Linux Command Line, 2nd Edition is the most up-to-date Linux book I’ve come across. It even includes associative arrays from Bash 4.0. Not even the Learning Bash book from O’Reilly covers that. It covers bc for shell scripting reliable math, which I have never seen covered in any book. It’s also an extremely good deal.

Friday, November 29, 2019, 12:42:29AM

Been nice to wind down after a fun Thanksgiving with family. I finished by overview diagram for Senior Software Engineer and Senior Cybersecurity Engineer. For most people it will be more than four years of serious work on get one or both. I dunno. Makes me feel comfortable having it captured in a way that I can see and track. It definitely shows the biases I have added based on all the occupational research I have been doing lately.

One thing I really liked about doing it was discovering how directly and intimately linked software development and cybersecurity are. It’s a no-brainer for sure, but the objective reminder was really good to see. The best hackers are the best coders.

Tuesday, November 26, 2019, 7:10:46PM

So the holiday spirit has clearly taken over. Binging LOTR and HP as usual with all the good stuff. Doris makes life so amazing — especially around this time of year.

Anyway, I was taking a break from coding and just for the hell of it searched for Linux on Twitch. There isn’t a single person regularly streaming anything about it other than games for Linux. Then I looked for cybersecurity and hacking. There are a few legitimate channels doing stuff mostly for CTF competitions.

I’m going to check in the YouTube streaming and see if that is better.

Monday, November 25, 2019, 11:27:22PM

It’s almost time. People have been on me for a while to start doing more videos, but the fact is, I just need to start streaming. Just the other day I received another kind tweet encouraging me to continue with the blog and everything I’m doing on SkilStak.io.

With streaming, I can indirectly help lots of people while I’m still working on whatever, even playing Overwatch pathetically and owning my fails. The idea that I could stream my annotations of books as I go through them as well as progress and successes hacking for bug bounties feels so phenomenally right deep down. People can see / mock / join my critical examinations of everything as they seem my research methods exposed, for better or worse.

I’ve been waiting. I still have a bit more to do. I want to have the fundamental stuff in place first:

Then — and only then — is streaming an appropriate thing to start.

Most people don’t know I once had thousands of followers as Mo Hax and appeared on talk shows and shit both as an authority and personality from the Second Life virtual worlds community. This is just a continuation of that, a “Mr. Rob” show where people can laugh at me and with me while perhaps learning something in the process and gaining some motivation to make the world a slightly better place. It is all I have ever cared about. It is all I ever will care about. I won’t stream until I can be sure it is primarily about that.

Monday, November 25, 2019, 7:50:33PM

So the Contract for the Web directly supports the direction I was and am going with KnowledgeNet README Repos. A major part of this is to bring Markdown into focus as the start web content format above all others. I can only hope.

Monday, November 25, 2019, 4:32:32PM

Noting that there are six basic modes or states of any mentored session (or time spans within a single session):

  1. Preparing: Getting setup whether it is turning on computer, getting books out, or whatever.
  2. Instructing: Me doing all the talking demonstrating the instructions to do a thing.
  3. Discussing: We openly discuss, debate, and research a topic.
  4. Focusing: We each research and do things together but independently only speaking to check in on how things are going. Often music will be on and our little learning lab takes on a coffee-shop atmosphere, flow-state being the goal.
  5. Resolving: The person presents a problem they are having trouble with during the session or that they got stuck on at home.
  6. Assessing: I present a challenge to the person to assess mastery.

I really need to remember that. In fact, there are other unproductive modes I must also confess to allowing (for myself or the person):

These aren’t mortal sins, but they should be minimized.

Monday, November 25, 2019, 3:30:37PM

Using this Thanksgiving week to reorganize our library, personal and professional, here’s my somewhat autistic organization of the categories:

We are keeping the yoga, religion, fiction, spirituality, board gaming, chess, and deeper philosophy books upstairs in our reading / guest room.

Writing this as notes so I can make subtle labels later after we put the new book shelves up by the entry along with our bulletin board (mostly for pinning up Dilbert cartoons and announcements).

Monday, November 25, 2019, 11:54:14AM

Made a huge breakthrough regarding wikis. They suck. I’ve always known that but not been able to articulate why, until now, I think:

Wikis are collaboratively authored.

This is supposed to be a good thing but instead it results in content that contains many different voices, target audiences, and even contention between phrases in the same sentence. That is no fucking way to write anything intended for most any reader.

This is why I have been rediscovering books. I’m reading it thinking, “Wow, this blows away any of the material about this online!” Books suffer from two major flaws, non-printed books — about coding especially — are impossible to read on Kindle screens. Taking notes is also tough. But the main flaw is how out of date they get. But this turns out to possibly be a good thing in disguise.

Here are the overwhelming advantage of a good ’ol book.

I am very happy to discover the core reason that the KnowledgeNet README Repos project will produce content far superior to any wiki for these reasons. There are many other technical reasons as well. Based on this realization I have become even more convinced of the following core principles I have been applying to the project:

I hope one day the term “README repo” will be as common as “wiki” when talking about sharing of knowledge in primarily written form. I may never achieve that level of saturation in my lifetime. But once all of this is complete and I’ve used it for a few years (going on one now) I think I will have enough material to write a book just about it titled Pandoc README Repos: A Better Network of Knowledge for Everyone.

Sunday, November 24, 2019, 3:51:53PM

Just reading several sources that cite 80% of web sites use PHP. Doesn’t matter how much I fucking hate that non-language. We must learn it. Either to maintain someone else’s shitty code, migrate it to something else, or — most importantly — to attack and mitigate attacks against it. The most recent incident I assisted someone with was just such an attack against WordPress. I suppose I can stomach learning it, not unlike learning Windows internals, so I can teach people to fucking own the idiots who use these ridiculously ill-conceived, inferior technologies. After all, that is what offensive security is all about, exploiting lazy dumb asses who make horrible technology decisions and getting paid for it. Perhaps I should start pushing PHP on social media and Twitter so all aspiring secops 10xers have more targets for fun and profit. It wouldn’t be the first time an entire organization or state was owned by others social engineering them into putting crappy tech into their core systems, say like voting machines.

Sunday, November 24, 2019, 1:13:38PM

Python is bad for beginner brains. I have objective proof of that which contradicted my original thinking shared by many, that Python’s simplicity makes it good for beginners. It isn’t.

Python makes beginners far less likely to adopt any other languages later, not because it is superior, but because its syntax is so dramatically different from other languages. It is the same reason most programmers have a really hard time picking up Haskell or Erlang or Lisp later after learning JavaScript, C, or Python.

Python has absolutely shitty concurrency. This makes something as simple as adding a random time-based event to an otherwise simple text adventure ridiculously and unnecessarily difficult.

Python requires a command-line (yes REPL.it is a command line). This means that it is fundamentally harder to get started learning it and even harder to share with others without resorting to online-services.

Python versioning is wildly broken. If you use Python these days without first setting up a “Python virtual environment” you are a fool.

However.

Python is an amazing replacement for any spreadsheets and statistics and scientific computing. As a calculator replacement Python dominates. This is because it is fast to write and has so many things that such programmers want, programmers who are not developers but mathematicians and scientists. This particular community is very unlikely to ever adopt any new language. If anything Julia or R will be their language and not something like Go.

Python also continues to come with the entire SQLite3 database engine inside of it. So when you do go to the trouble of installing it you get a fully useable database as well. Scientific and mathematical computing types love data and will likely already know SQL.

Because of all this Tensorflow, the most important machine learning engine, was first created in C and then Python. This means Python continues to dominate the field of machine learning.

Because of this learning Python is still a requirement for those wanting to do work in that field. But only for those doing work in that field. Other languages are far better suited for most common programming needs.

Therefore, I have to teach it as some point, but when.

  1. JavaScript is without question the best first language to learn.
  2. Bash is clearly the most important second language.
  3. Go is the third and first compiled language anyone should learn.
  4. Then C and embedded C given the prevalence of embedded computing requirements and how C helps you understand computers in general.
  5. Then at least a little Assembly.
  6. After all of that then I’ll introduce Python.

Introducing Python last in that list should cause it to look really weird because all of the other — much more significant —languages have become the norm.

Sunday, November 24, 2019, 12:26:06PM

Found this nifty box-shadow generator on the Mozilla Developer site.

Saturday, November 23, 2019, 5:29:03PM

One of my best community members reminded me of the word for what I’m doing with the latest version of curriculum: annotating.

  1. Curate the best content that already exists (usually in book form).
  2. Create web pages with comments enabled for the content.
  3. Annotate every section and paragraph separately.
    1. Correct outdated information.
    2. Add anecdotal support and validating stories.
    3. Provide additional cross-references to other material.
  4. Assign specific sections accompanying annotation.
  5. Review reading and exercises together.

Reminds me a lot of Mr. Keating having his students ripping out the beginning of the poetry book that was the textbook for his students. “Be gone Dr. J. Evans Pritchard, Ph.D.. I want to hear nothing but the ripping of Mr. Pritchard.” I’m doing it digitally through annotations rather than physically ripping.

I think this is really the middle-path I’ve been working toward all these years. I certainly do not need to write a book, unless there isn’t one on the topic (such as becoming a true terminal master).

Time permitting, this method could also be used for bad content, pointing out flaws objectively. I can think of several sources that desperately need this:

Come to think of it, I sort of did this very thing when I posted correction to GitHub linked from Amazon reviews for Teach Your Child to Code. It remains one of my most popular repositories.

I feel so good about this approach because it is efficient, effective, and promotes those who have done the work to make great content while punishing the lazy.

Saturday, November 23, 2019, 11:13:33AM

Found TypingClub today while https://typing.com was down for maintenance.

I noticed that a lot of members are still not touch typing. I’m encouraging them to break the bad habits so they don’t develop bad muscle memory.

Thursday, November 21, 2019, 12:04:27PM

Perhaps it is amazingly obvious to most, but it is worth noting that when beginners learn JavaScript as their first language they are more capable and willing to learn Go, Rust, or even C as their second language.

I’ve also observed this is the opposite with Python. In fact, Python tends to produce one-language programmers with strong biases. I can’t demonstrate core modern coding principles such as anonymous and inline functions, the switch statement, and dynamic object manipulation with Python. Python really is a horrible first language but few recognize this because they haven’t been looking at it personally with the number of individuals I have.

Recently the “programmer productivity” argument was presented to me. That Python is objectively faster to code with. That argument has been trotted out since the dawn of interpreted languages being used for serious work. I used it as well to justify Perl for massive applications, which, by the way, I was able to deploy cross-platform. Python could never do that. Go, of course, is the language for such things today. The “programmer productivity” argument falls on its face when you back away and consider the bigger picture.

First of all, Python requires a virtual environment to work at all these days. Deploying multiple virtual environments negates the speed of say Go’s cross-platform compilation.

Python concurrency is abysmal. It is slow, complicated, and not even standardized after more than a decade. It is the opposite of what is required to promote “programmer productivity”. Go, on the other hand, has drop-dead simply concurrency that is easy and fast to understand and implement. So Go wins the contest over Python on this increasingly important point as more cores become available on consumer hardware.

No switch statement makes Python ridiculously unwieldy and counter-intuitive for anything with multiple branches of conditional logic as is a core part of coding scanners, parsers, and compilers. Go destroys Python for “programmer productivity” on this point, which is particularly common in enterprise programming.

Having no anonymous functions requires unnecessary, extra, verbose steps when creating callback functions and such. Closures require using def inside of a def which is unclear and not productive at all. Since Python’s solution for concurrency uses such functions it forces developers to use far more code than JavaScript’s eloquent inline, arrow functions.

Those are just some of the objective reasons the Python “programmer productivity” actually loses the argument. But the most important of all is Python discourages programmers from becoming proficient polyglot programmers. Even if a Python specialist is highly “productive” what happens when that person is asked to maintain or implement something in another language? The Python specialist will struggle more than a programmer who has learned a bracketed, C-derived language all of which frequently use anonymous functions, switch and more stuff that is common to them all. In other words, what a Python programmer gains in productivity they lose double or more when asked to be productive in other languages. Since people rarely higher a specific language programmer and expect most developers to know several languages or be able to work in any language Python fails to fulfill the overall claim for best “programmer productivity”.

Tuesday, November 19, 2019, 8:34:44PM

Saw this amazing payload on Twitter and realized the shift to cybersecurity as the top priority is going to add a bunch of languages back to the curriculum for it. This one is for Python Flask (which is 50% of all Internet servers) that has any server-side template injection:

config.items()[4][1].__class__.__mro__[2].__subclasses__()[40](\"/tmp/flag\").read()

Yet another reason server-side web applications are so fucking stupid. JAMstack with static generated sites is always more secure. No possibility of SQL or any other kind of injection attack.

Tuesday, November 19, 2019, 1:38:17PM

Had a disagreement with someone I had to ban from my community because they simply would not do anything. They said that “[my] company would never grow past a few kids” because they actually thought, first of all, that I only help kids, and secondly that all I am doing is mentoring a few people. I seriously doubt this person has ever even read all the positive referrals from people I seriously care about. They thought that the only successful company is one that is focused on artificially accelerated growth. This same person once said their career goal was “to be a millionaire” as soon as possible. Yet another reason I now have getting-to-know-you interviews before I let anyone in my community. If becoming a millionaire is your goal, get the fuck out.

I’m still laughing my ass off at how clueless this line of thinking is. America is so overwhelmed with affluenza that when those who choose to focus on benefit (hence B-corporations) are viewed by these old-school capitalists they see only failure. It’s just such fucking old-school, broke-ass thinking. Thank God the majority of millenials, zoomers, and even a lot of gen-x actually have progressed past this.

Oh well, I didn’t even bother to share the fact that I turned down what would likely have amounted to a $200K consulting job offered almost directly from a senior executive because I choose to promote the best possible technology career for everyone. Or that I left a perfectly good private school teaching job because teaching a class is fundamentally different than mentoring one-on-one. I choose to stay small by design as well documented in Daniel Pink’s Free Agent Nation but this punk would never understand that because they love to talk. Reading, coding, and actually doing stuff annoys them. “I don’t have time for that. I’m a people person, a creative, an entrepreneur. Someday I’ll have people for that.” That is something they would say. No wonder this person has changed colleges three times and is back living and “working” for their rich parents. For most people that’s just code for “I’m too lazy and rich to be bothered with work.” That reminds me of Terry Colby in Mr. Robot saying, “I don’t have time to read through this report. Just tell me, ‘Who did this?’”

Is it any wonder at all why Mr. Robot is my favorite “television” production of all time. Sam is a genius who sees the world in a way few others are brave enough to actually accept.

As for me, I have no interest is helping any season-one Tyrell Wellicks. Thankfully there are thousands, even millions of people who agree with me, people with critical thinking skills, who work hard, who prioritize authenticity even above politeness, people love you enough to tell you “getting a degree in business and pentesting” is a stupid idea because you will suck at both of them. And no, it isn’t “my opinion” that’s simple physics.

I hate that proving someone wrong is impossible without the backfire effect. This means that this specific person (like others) will become even more committed to their idiotic, unsubstantiated line of thinking. If anything, learning to avoid backfire effect is the holy grail I need to seek. The science says people who are presented with contrary facts feel real pain which activates identity protective cognition meaning, basically, I’m fucked. On the one hand I want to practice Ahimsa (non-violence) and on the other I want to help people progressive in an evidence-based, objective way past their preconceptions (much like Adam). I’m not nearly as lovable as and forgivable as Adam, though. There is an answer to all this somewhere. Probably one of the most important discoveries I’ll ever make. Resolving this is fundamental to helping anyone learn and progress.

I love that they attacked my “people skills” much like Adam faces in every fucking episode.

Tuesday, November 19, 2019, 12:26:56PM

If there is one thing that makes my blood boil over with frustration it is people who talk and talk and never do anything — especially those who feel entitled enough to violate the time of others without a thought about what if everyone did what they are doing. It is even worse when they actually think they are smart and know stuff but have nothing to show for it. Even worse when they get good grades from shitty, over-priced, private religious schools that hand them out to everyone, solidifying the false idea that they have actually mastered the material. “But I got straight As!” Who gives a fuck. (So did I and so many others.) What can you actually do?

As I think the Dalai Llama suggests, I’ll take this opportunity to use that frustration to look at myself and do everything I can to make sure that doesn’t describe me. Our “enemies” are our best opportunity to learn what to look at in ourselves. While this isn’t an enemy, the behavior is. Getting frustrated, even angry is human not so much about the person, but about the false ideas like poison that get ingrained in their personalities. I wouldn’t get frustrated if I did not care. Sometimes caring means doing things that really hurt at first, things that might even risk psychologically killing the person. But not taking that risk means watching them die slowly as if a parasite was literally eating from within their brain.

Mormonism is just such a tape worm. It is the reason I could not remain Mormon. I saw the monstrous disgusting parasite living in my skull making me feel good feeding it (at the cost of others’ welfare). Giving it 10% of my money and all of my time. Taking an oath in their secret temple to die before contradicting anything (even stuff like the Book of Abraham that the church itself is now backing away from). It almost killed me getting it out but it was a kind friend from my high-school who suggested having it checked. Once I looked I couldn’t deny how monstrous it was and had to decide to just let it remain (along with those eating the brains of my children and wife) or figure out some way to get it out. The attempt to remove it without professional help nearly killed me, destroyed my marriage (for the better), and did serious damage to my children, who (thankfully) are now recovering.

Tuesday, November 19, 2019, 12:05:20PM

Now that I have the top career paths identified I’ve been reorganizing everything I have been helping them learn based on the latest research. This means stripping away stuff that is no longer of key importance no matter how good it is. This feels like what I imaging it feels like to editor amazing footage from great films.

Perhaps the hardest realization of all is that learning Go, while it will get you a $136K job, fits much later in the critical path to becoming a cybersecurity professional. Bash, however, is much more important. Go also comes much later in the Web developer path because it doesn’t really become relevant until doing back-end work (instead of Node.js). Then there is the whole dilemma about just how much Node.js to have them learn given how fast it is dying and being replace by Go. (Just look at go.dev for all the objective proof of this in the very verbose case studies.)

The research suggests the first language should still be JavaScript ES6 and Learning JavaScript nails this, just enough and not too much.

Even the WGU degree requires becoming a certified web site developer so learning HTML, CSS, JSON, and YAML along with JavaScript for the DOM are still very solid, good decisions. This means that everyone still needs to attain some level of “web site developer” before going on. This includes those doing Computer and Information Research Scientist because they need a place to share their research and promote dialog. It is no coincidence that it was a philosophy professor that made Pandoc and mostly academics that use and maintain it. This proves that “scientists” need basic web development skills as much or more than others because they have to create and publish their own content.

I actually started a micro-credential reorganization in 2018 just before the move to solo. I have all my initial certifications written up in a spreadsheet that was live-linked to the site at that time.

This time, however, I will be writing out a syllabus for each, traditional style. While I will never consider what I do to be a school, having a syllabus to guide learning is always helpful. It will be the genetic spawn of scouting merit badge requirements, job listings, and traditional course syllabi.

Unlike last time I tried this there will be no attempt to cram everything into neat separations between 16-week blocks. That thwarted me every time before. If there is one thing studying the WGU curriculum has shown it is that an entire course can be done in one week with the right person and removing the time constraints is absolutely essential. It is also the best thing to do now that everyone is solo. It would have been impossible even with a group of two.

My God I have a lot of work to do. But I am so glad that so much is already written in excellent books. Books continue to be the best way to learn this stuff even if they are out of date every year. It is exactly how I learned and most who are self taught who are actually good. Those learning from Udemy or online sites are usually not nearly as well trained. There are very substantial exceptions to that (notably the VueMastery people) but that has been my observation. It is also why I am using the exact same typographical conventions from the Learning JavaScript book on any learning site I make. Consistency is so much more important than fancy colors. For flashy colors they can watch the supplemental videos I will be putting out there.

Monday, November 18, 2019, 10:35:04AM

Watched episode 7 of season 4 of Mr. Robot today and it destroyed me. I can hardly function. It’s the best “television” I think I’ve ever seen. Such solid acting, writing, presentation, cinematography — everything.

One thing is for sure, I have never felt more directly lead to the conclusion that the best way I can help the world is train up those, conservative or liberal, who can directly attack the real evil addressed by that episode. I hope a hacker army rises up in this generation to take it out.

I don’t think it is a coincidence that I would see this specific episode so close the time my research conclusions about infosec and cybersecurity tech career paths over the last couple of days. The Universe has our backs. I have no doubt.

Monday, November 18, 2019, 1:59:04AM

Now that it is overwhelmingly clear the primary path to a tech career is information security. It follows that using any Linux distro is fine, including Manjaro or any other Arch distro. The justification to use the mainstream Linux distro that is most commonly to be encountered in the enterprise falls apart when the most important thing about the distro is how effectively you can use it. (Let other people worry about supporting such systems.) We still have to learn as many operating system distributions as possible, indeed, all operating systems to be a solid infosec professional, but the choice of which personal system anyone uses is entirely a matter of personal preference.

In other words, I’ll be focusing on other distros for myself and others.

Sunday, November 17, 2019, 7:23:43PM

Having a really rough time today not stressing out about the discoveries I’ve made. The latest came from a community college instructor who jokingly mentioned that Edward Snowden dropped out of high school to get his GED so he could finish faster because he was bored with it.

I was like, “SHIT! Why didn’t I think of that!?” (No seriously, I would have done it had someone told me.)

I know that is seriously “unorthodox” as my friend says. But I cannot think of a better reason to “hack” the system than to beat it that for a career in the #1 fastest growing, highest paying job in tech than by getting a high school and university diploma from an accredited university by the time you are 20, maybe even 18. It’s #3 in lists of global jobs over $80K you can get with nothing more than a bachelor’s degree. That means, for the right individuals, they can be making $80K by the time they are 20 years old and be saving the fucking planet from black-hat hackers (Chinese, Russians) in the process.

I cannot think of anything more fucking patriotic and wonderful I want to promote more than that. My new goal is to identify as many specific individuals with the raw aptitude to beat the system and become the super heroes the world really needs right now.

Sunday, November 17, 2019, 3:29:51PM

When I showed the graphics to my wife pointed out that most of the 11 careers ahead of Infosec require post-graduate degrees. Here is the list of eight that only require Bachelor’s degrees:

Top Eight Careers Requiring Only Bachelor’s Degree

When you consider that WGU — a fully accredited university with a solid cybersecurity degree — can be finished as fast as you can finish it while getting 20+ industry certifications included in the price, well, you begin to realize the single most important tech career to prepare people for is cybersecurity. Those are the facts.

Sunday, November 17, 2019, 1:31:06PM

The following three major focus areas have emerged from all my research over the last month based on what the projected career demands and needs of the world (in order of rate of demand). These are the top three fastest growing tech careers with median salaries over $80.

  1. Cybersecurity (32%, $98K)
  2. Software Development (21%, $105K)
  3. Computer and Information Science (16%, $118K)
Top Tech Jobs
Information Security Analyst
Software (Applications) Developer
Computer and Information Research Scientist

Data science was not among them. In fact, I have spoken with some employed in machine learning professions who absolutely hate the term “data science”. There are degrees in data analytics but machine learning is still fundamentally tied to software engineering, which is roughly the combination of computer science and software development which are not the same thing.

It is critical to note that the job demand reported by BLS.gov is specifically for "Software Developers* not Computer Scientists. This is why so many bootcamps for software development exist. In fact, getting a degree in Computer Science is probably a mistake for most people who want to become software developers. It is more important to gain industry knowledge then learn the software development for that industry to create software solutions in that domain. Knowledge of data structures and algorithms (used in some coding interviews) is only for the interview. Smart companies are not looking for such things. Get a degree in the industry that interests you first, then learn how to make software for that industry.

As my recent blogs will show this has prompted some very specific decisions about technologies and how to learn and demonstrate them here at SKILSTAK. Much of it is just reorganizing what was already here. For example, splitting off the minimal skills to create and maintain a personal web page from the Web Designer acknowledgement and putting them into Technologist because they are as important today as understanding how to use email or chat.

Technologist has reduced is focus on history (reading Innovators no longer required) and now contains the foundational skills and knowledge required of any technical field.

Multi-Platform Desktop Administrator has been added to prevent anyone from becoming too focused on a specific operating system as a user. Anyone should be able to use and maintain any desktop environment, Mac, PC, Linux Mint Cinnamon, Raspberry Pi, iPad, Android. This is particularly important for those preparing for cybersecurity professions.

Saturday, November 16, 2019, 11:50:21AM

Here’s the base mentoring strategy we came up with for those pursuing cybersecurity and specifically pentesting:

  1. CompTIA A+
  2. Build your own computer, laptop, Raspberry Pi devices.
  3. Build your own home network.
  4. Run your own server from home (Minecraft, etc.)
  5. Get a tech support job.
  6. LPIC-0 Linux Essentials
  7. KLCP Kali Linux Certified Professional
  8. Start attempting bug bounty hacks.
  9. OSCP Offensive Security Certified Professional
  10. Get a pentesting job.
  11. WGU B.S. of Cybersecurity (if job requires).

You don’t even need to learn Linux or VIM to get an EC-CEH, that is how out of touch it is with actually penetration skills.

The thing about pentesting is that the money is crazy good for the best pentesters and is only going to get better as everyone thinks they want all their “smart” devices connected to the Internet. Mega-corporations will still make all that shit because it sells without regard for its security, which means the pentesters will continue to make money off of them, one way or another. For those to whom figuring out problems and solving puzzles comes naturally pentesting can bring in more than $200K per year. I have a lot of people I mentor who fall into that absolutely brilliant category.

Saturday, November 16, 2019, 11:34:33AM

After a lot of discussion with a friend in the community college education industry who also wants to focus and reform it while building and communicating the best possible plans for people to land needed, challenging, high-demand tech jobs I ended up with the following conclusion about what sort of titles to work for.

Tech Paths

I used to have some other steps in there, for example, System Administrator before the security stuff but the truth is the faster you specialize the greater your expertise and the more employable you become. People don’t usually pay for generalists. They pay for specialists. The more specialize you are the more likely you are to find exactly the right job and win it because it means you are laser focused. You can add other skills and experience over time.

This is also the reason you have to have an informed opinion about what Web technology to invest in from the very start. You simply cannot be a React specialist and a Vue specialist.

I struggled where to put elementary web content creation and authoring skills. They are needed by Pentesters. The WGU curriculum proves that point. Every single cybersecurity track has the CIW-Site Development Analyst certificate. Being able to minimally publish to the Web is as important as knowing how to use email these days (hence the value of README.world).

Saturday, November 16, 2019, 9:33:25AM

“What is README.world?”

README.world is an open initiative to promote a global decentralized knowledge network of content primarily written in README files and repos by anyone and everyone.

“So it’s like a wiki?”

Nope. Wikis are generally centralized and maintained by a group of people with some policy to find consensus about what they contain. README repos focus on knowledge, experience, and opinions primarily from individuals while supporting multiple contributors when needed. Wikis have brought us many different formats and influenced how knowledge is stored in text files and simple images.

“You mean a blog.”

Nope. While blogs are a large part of any such decentralized knowledge network they are only one part. In fact, most blogs aren’t even blogs. Blogs originally were chronological logs of activity, discovery, and experience. Hence the name derived from “web log”. In fact, blogs have come to contain different types of “posts” which are actually articles. README repos contain any number of specific types and categories of READMEs allowing the combination of the wiki concept with that of blogging. They are organized ways for people to capture and share knowledge.

“But ‘README repos’, really?”

README is kitschy and shouty but that is the name millions already use, sort of like how index.html has become the standard for web pages. Use “knowledge node” or “knowledge module” if something more formal is needed.

Saturday, November 16, 2019, 2:22:48AM

While reading and researching student experiences with WGU I ran across this heart-wrenching video describing in excruciating detail everything that is wrong with traditional, trust-less, adversarial approaches to eduction. It also illustrates how badly the KnowledgeNet / README Repos type of initiative is needed where learning material is crowd-sourced and maintained by an open community with a smaller governance team ensuring ongoing corrections.

The culprit is — as usual — money. The “zyBooks” product that several universities are using apparently is the polar opposite of what is needed. It is a closed, proprietary system with closed, unreviewed content for which a publisher has likely made most of the money. Dan’s suggestion to add a community errata page falls on deaf ears not just because there isn’t money to be additionally made fixing what these institutions have already purchased, but also because any such system could be used to abuse the system and potentially let people pass things they shouldn’t.

This adversarial nature of traditional education pits teachers, assessors, test creators, and frankly all the administrators against the students. Sure they say they want the best for those they are helping to learn, but the reality is most are not built on a fundamental relationship of trust. They want to help the students and like them, they just don’t trust them. That is why there are proctors, and answers are not given out. It’s why the test you just paid to take is not available to you to review after you take it. You are not trusted not to give the answers to another liar who will cheat and pass without working for it.

There cannot be true progress with education until every idea for improvement is fundamentally built on promoting and depending on trust. Once you have trust all the systems for learning become simpler and cheaper to implement.

The other thing killing educational progress is good ’ol fashioned greed.

Friday, November 15, 2019, 11:33:52PM

More information on the two main career tracks. Based on time-to-career and percentage of demand the following career paths make the most practical sense.

Software Development

Requires university degree, but not specifically in anything directly related to software development. In fact, those considering this path should not seek such degrees but look for degrees in industries related to their interests or stick with good liberal arts degrees. Fostering industry and creative thinking is much more important than any outdated software development instruction any university would offer. It is physically impossible for them to keep up.

  1. Cross-Platform User
  2. Bash Terminal User
  3. Web Designer
  4. Web Developer
  5. Full-Stack Developer
  6. Software Developer
  7. Software Engineer

Cybersecurity Analysis and Pentesting

Requires a university degree and several industry standard certifications. Certifications are required by the government and most private industry companies hiring cybersecurity professionals.

  1. Cross-Platform User with Linux Specialty (LPIC-0)
  2. Bash Utility and Automation Programmer
  3. Go Utility Programmer
  4. Networked Computer Support Technician (A+, Network+)
  5. Certified Ethical Hacker (EC-CEH, KLCP, OSCP)
  6. Forensics Investigator (EC-CHFI)
  7. Cybersecurity Engineer (OSCE)

The Programmer stuff is to get them ready for automation, setting up trusses, and creating their own tools. And then sometime along the way they really should pick up:

These really help because they force them to look at the fundamental nature of digital computers, network protocols, and memory. You can’t really understand overflowing pointers in memory until you do. In fact, being a truly amazing cybersecurity professional fundamentally includes being a rockstar systems programmer.

Others

Another path is related but less in demand and frankly is projected to pay less:

System Support and Architecture:

  1. Linux User
  2. Networked Computer Support Technician
  3. Server Support Tech
  4. System Administrator
  5. Systems Architect

Friday, November 15, 2019, 7:51:40PM

Seems like I’m being beaten over the head by the realization over and over again that automatic learning assessment systems — especially those that do not trust the learner — are just so completely broken. Not only are the ridiculously complex to implement correctly, but they are completely unnecessary.

Friday, November 15, 2019, 5:29:28PM

Funny how the Universe works. One member — just out of high school — has been doing a lot of research to find the best higher education for the money and introduced me to Wester Governors University. He’s now enrolled in their cybersecurity degree program. The cost is $35K for an unlimited number of credit hours per six months. This is the kind of thing that a motivated learner can totally destroy. Since most of my members are those types of learners most of them will be able to get a degree and more than 20 certificates (for free included in the cost) in less than two years!

The only downside is that the certificates they have chosen are not as good as others. There are a lot of CompTIA certs (likely because they have arranged good deals with for them). The CIW Web certificates are downright ancient, even unethical. I would have liked them to focus on the Offensive Security certs instead. But, as it turns out, the easiest way to qualify for admission into WGU (and therefore get the fastest degree possible) is to have an “upper level” certification already. So my not-so-evil plan would look like this for members who wish the fastest track to a tech career by starting with the highest in demand (31% increase according to BLS):

  1. Focus on getting the following well-rounded, beginner industry certifications (even 10-yo).
    1. CIW Internet Business Associate ($150) - a good base for all things Internet
    2. Linux Essentials ($110) - #1 computer operating system
    3. CompTIA A+ ($220) - hardware and building computers
    4. Kali Linux Certified Professional ($450) - #1 cybersecurity operations tool
    5. CIW Network Technology Associate ($150) - a good base understanding on networks
    6. CIW Site Development Associate ($150) - most widely accepted web developer certification
  2. Complete other well established course material:
    1. Google Progressive Web Apps training (free)
    2. VueMastery courses ($180/year)
  3. Do projects and internships for resume stuff.
  4. Get High School diploma.
  5. Apply to WGU using certificates and project work in admissions application.
  6. Work with SKILSTAK community collaboratively on degree work.
  7. Incrementally complete certifications during degree work.
  8. Optionally work in tech sector while completing degree.
  9. Receive WGU degree in Cybersecurity and Information Assurance.
  10. Apply for security operations career positions.
  11. Complete work toward Offense Security Certified Professional (OSCP, $800)
  12. Continue work toward all Offensive Security certifications.

Having the early certificates provides a solid foundation for a junior tech career as fast as possible. Who cares if you are 16? If you have these certificates you will get a job in tech as soon as you finish them.

Friday, November 15, 2019, 5:14:55PM

As I’ve been thinking of the README Repos project more I realize how disassociated I want it from any stuffy “edtech” perception. Everyone has something to share and anyone should be able to share it as easily as possible. This is how simply sharing knowledge is with this approach:

  1. Find your Documents folder location.
  2. Create a repo or folder called README in it.
  3. Write a README/README.md file. This is your main README.
  4. Create folders inside README folder with web-friendly names.
  5. Write a README.md in each sub-folder.
  6. Put all the image and resource files in the same sub-folder.
  7. Build it with rr build
  8. Commit your repo to GitLab/GitHub.
  9. Publish or auto-deploy with Netlify.

I will know I have succeeded if and when I can get my artist wife to use it for her main site full of pictures. That might be a ways away and might require a GUI version of the rr command, maybe named Escritoire. By God I’m gonna build it.

The best part of all is that source repositories are built into the architecture so anyone can get a copy of the source and use it entirely without an Internet connection.

Thursday, November 14, 2019, 6:46:54PM

The recent renaming of “modules” to “repos” has me rethinking all the naming. KnowledgeNet sounds more than a little pretentious and it well taken by other companies and frankly stupid-looking organizations.

I have been toying with names related to README for a along time:

I went ahead and registered readme.world and really like the sound of it.

The command would become rr instead of kn and stands for “readme repos”. In fact, “readme repos” is exactly where this whole idea came from. There is so much less to explain to most people. “There’s a README about that. Here’s the link to John’s README repo.” I love the sound of that. “I should really write a README about that,” so much better than “article”, “post”, “blog”, “tutorial” or “piece.” Call it what it is. A README is a README, nothing more, nothing less. It emphasizes the informality of it all, that it is living and constantly changing and maybe not ready for publishing as a book, but also could be published at any time. It’s something to be read, not evaluated for how pretty it is. It’s full of raw, useful, no-nonsense information. Techies actually have a positive reaction just to seeing the letters README because it means answers.

I think that makes it official. The KnowledgeNet initiative has become the README World Initiative, an effort to promote everyone to write more of what they know — and want to know — in a bunch of loosely organized simple, humble Pandoc README.md files.

Thursday, November 14, 2019, 6:11:06PM

KnowledgeNet “modules” are better referred to as “repositories” or “repos”, which is already in common use in the software industry. All the follow-on terms flow as well, “knowledge repos”, “knowledge source repos”, “knowledge mono-repos” etc. Even though this means I have rename everything in my domain model, code and documentation moving slowly has allowed all of these changes for the better to come out and go into what will be the final version of the KnowledgeNet specification, which eventually will be formalized and have numbered sections and subsections.

Thursday, November 14, 2019, 5:08:28PM

Realized the KnowledgeNet is really about reducing the barrier to creating, maintaining, and sharing personal knowledge to zero. People have traditionally been associating that with a “blog” but it really is bigger than that. There should be a “folder” on everyone’s computer like Desktop and Documents that says KNet into which they just write Markdown and it essentially gets published automatically. We are sort of seeing this with Dropbox but not fully. Having it tied to GitHub and GitLab initially because you need to have all the benefits of having those files managed just like any other software source code.

I dream of a world where everyone is one click from writing and saving what they have to offer to the world. My dream includes a bunch of very literate, thoughtful seekers publishing their discoveries as they go promoting a universal dialog and exchange of ideas. I realize in this mobile-first, sound-bite, mostly illiterate world it will only remain a dream, but what the hell. Medium was initially invented for just such a world. But putting up their paywall just proves the dream is still just a dream.

Wednesday, November 13, 2019, 7:49:10PM

While messing around with the styles of blockquotes I was reminded of Pandoc’s ::: div notation. It got me really thinking about the approach of using an emoji with a blockquote. What are the semantic uses of a blockquote? Well, according to the specification it is “a section that is quoted from another source” meaning that my use of them as essentially div or aside is not the best. I like the Pandoc approach better because the one-word class that goes with it can be interpreted and rendered however you want. This means that even if a better semantic HTML element than div would work that an extension could easily be added (in Lua) to render them not as div but whatever other semantic element makes more sense. In other words, Pandoc div notation is good all around. It is also a-hell-of-a-lot easier to write that even the “lazy” blockquote notation that requires a > on each line.

I already knew I was going to have to rewrite my entire site with the indexing changes that kn now supports so this is just another thing to add to the list. I’m really happy with how solid the result will be, however.

By the way, I now have no plans to ever make my own version of Pandoc parser. My tests with concurrent rendering are plenty fast and the idea of having an active renderer service actively monitoring for any change and immediately rebuilding in the background completely addresses any performance needs. Hugo might be fast at rendering a whole site, but the great thing about KnowledgeNet modules is that not all the nodes ever have to be rendered at any one time, and indexing an entire site takes milliseconds with a stripped down parser just looking for the headings and other searchable content.

Tuesday, November 12, 2019, 10:40:11AM

I have come to expect a sort-of institutionalized “oh, I meant to do that” attitude from academics. It is no surprise Adam Ruins Science revealed most scientific research project results do not pass the reproducibility test, that a large portion of published scientific studies have never been confirmed, ever.

I think I dodged a bullet by not going for a Ph.D and having to be locked into academia. It is just as bad as the corporate world, just with a different flavor. I’m glad more people in the world are waking up to the what’s wrong and demanding better.

As usual, I’m looking inward to check my own behavior for anything similar and will work on avoiding it. I can certainly be pedantic, opinionated, and annoying. But honestly, would you rather have a peer who you know will never skip or pretend or sugar-coat things or one who is going to always give you their best opinion on something based on as many facts and knowledge that they have, one who will tell you they don’t have a strong basis for certain opinion but still have them. It’s the guessing and inauthenticity and putting on airs and pretending that is killing our world.

Monday, November 11, 2019, 6:33:04PM

Reminded today how much great stuff is out there still to be found and, um, curated.

https://www.frontendmentor.io has great challenges for future web designers to work on and doesn’t pretend to give you a pseudo-development environment for it promoting your use of real tools. Just looked at it quickly, but I love their approach. Can’t wait to show some of my more senior members about it.

Really that’s my job. Finding stuff and showing members about it after vetting it. Sure I will be creating my own content as needed when nothing exists (such as terminal mastery, for example) but I am happy to send people to other good material and save time not having to do it — yes, even if it means suggesting they pay money. I just like saving people money by avoiding the shit that is out there, and oh boy, is there a lot of it.

Monday, November 11, 2019, 11:31:55AM

Being reminded of the Pomodoro Technique for time management. Honestly though, I always need more than 25 minutes to do stuff. A solid hour is usually better.

Sunday, November 10, 2019, 6:07:06PM

Feels so good to be back to true web development with the best possible web development environment.

Best Web Development Environment

Sunday, November 10, 2019, 4:12:26PM

Blown away today by the dramatic contrast of a focused 11-year-old to whom I gave a challenge last week to “make a web page” after describing the basics quickly. Then I gave him another challenge: add an image to. Because he did the whole thing on GitLab and Netlify he has a site to show everyone immediately. So all week he has been adding all kinds of text and images for Zelda and showing it to his friends. He came in hungry to learn more. So I gave him a challenge to add a background color and change the font. “I’m on it!” he said. No lecture. No complicated “edtech” solution. Just the tools, a challenge born from real creative motivation, and Web full of searchable information. I didn’t even tell him how. He wanted to research and figure it out for himself.

The golden truth here is that all anyone needs to learn is a creative idea for the project they wants to do (not some brain-dead exercises they are forced to trudge through) and regular challenge tasks related to that idea. That really is the key to all learning. It’s extremely uncomplicated and certainly doesn’t take a Masters in Education to understand or implement. In fact, like or not, it is the exact way Mark Zuk describes his learning:

“I started off because I wanted to do this one simple thing. I just basically wanted to make something that was fun for myself and my sisters. And I wrote this little program and then basically just added a little bit to it. And if I wanted to learn something new I looked it up either in a book or on the Internet and then added a little bit too it.” (Mark Zuckerberg)

Sunday, November 10, 2019, 2:41:49PM

Uncovered a use case while considering what a KnowledgeNet registry could contain. Prompted me to consider splitting the kmod.json file into two files:

KnowledgeNet Module Meta Files and Directories
knmod.json Less than 2K of nothing but module summary info.
kndex.json <200K of base summary info for every node in module.
knsig.json Optional ED25519 signatures of every file in module.
.kn/ Cache and configuration data for the kn tool itself.

The knmod.json will have verbose, human-readable stuff in it as uncompressed JSON. Pulling the file up in any web browser will appear beautifully. It can include the version of the KN specification being followed much like the now defunct XML doctype used to do for XHTML.

The kndex.json file (I just love saying that especially since I really wanted index.json originally) can be an ultra compressed file of all the data necessary to do relevant searches of the entire module (site). We are talking full local searching with no need for Google or even the Internet! Knowledge modules will be distributable and used without any dependence on the Internet but can leverage it when there is access.

The knsig.json file contains ED25519 signatures of every single file in the module allowing anyone to validate the creator and author of the content. This combats false attribution which is currently rampant on the modern Web. It is up to consumers to trust specific public keys of content creators. Content creators can simply sign their modules with a new private key (using kn tool for example) when and if a private key used by the content creator is compromised.

Adding an n to the names makes for a pleasant “kin-mod” and “kin-dex” way of referring to things. “Oh that’s in the”kin" directory," someone might say. Okay, that really brings me joy to look at. It just seems so perfect. I wonder if that is the feeling artists have when they keep at a piece and suddenly realize, “Oh that’s good.”

I also happened upon the concept of a meta node, a domain concept that captures the relationship between the larger node-like logical components of the overall KnowledgeNet:

Meta Structure of the KnowledgeNet
Level MetaNode Description
1 Registry Registries are places that store module meta and index data so that it can be searched. They allow users to do very efficient, accurate high-level searching of all modules that are registered with the registry. They also allow anyone to register a public key.
2 Module Modules are physical collections of nodes that are usually associated with one specific source project repository.
3 Node Nodes and the most granual physical component roughly equivalent to documents on the Web. Nodes have abstracts, keywords, a single category (chosen by the module maintainer) and a specific format. All nodes have a README.md file containing nothing but a YAML frontmatter header and Pandoc Mardown.
4 SubNode SubNodes are divisions of a Node, headings for example, which might also translate to one slide in a presentation format.

Everything on the KnowledgeNet falls under one of these. All registries will comply with a high-level API standard so they can be reliably queried in multiple ways. Registries will also be required to be easily mirrored. No registry is allowed to own its list of registered modules — ever.

In many ways the KnowledgeNet is like GraphQL for everything.

Sure it is taking me a hell of a long time to really solidify something but it just keeps getting better when I give myself space to think about things and balance so that the good ideas come while on a run or eating a meal and doodling diagrams and associations. Even if I finish it all and no one really picks up on it I know I will have done the due diligence to at least put the idea out there.

Sunday, November 10, 2019, 2:07:53PM

Having an unbelievable amount of accidental success just having people use the GitLab GUI editor with auto-deployment to Netlify to get started coding immediately — even before they learn any Bash or Vim or any other editor. Of course there is a dependency on the Internet but it is not nearly as pronounced as when using a real-time editing tool like REPL.it. Plus they are learning something they will actually use professionally to make typo corrections and minimal tweaks to code from any computer connected to the Internet. That’s huge. It fulfills all the main mission of REPL.it to get coding fast but with a real tool and without the hassle of installing anything.

I have them learn the Bash terminal command line basics while also working on the web stuff so that after finishing the initial stuff they are ready to use git + vim + tmux + pandoc + browser-sync from the command line for editing. When combined with Vue, Tailwind, Phaser3, and NativeScript any front-end PWA is completely within reach in the shortest amount of time.

Sunday, November 10, 2019, 1:19:30PM

Finished the KnowledgeNet module (site) indexing code yesterday. This means that for the cost of about 200K every relevant keyword anyone would want to search on can be downloaded in a single, organized JSON file. I simply cannot wait to get this integrated in my first PWA version of skilstak.io. Using a service worker I will only download the main page, the blog page, contact and other pages linked from the top-level. Then, using the search bar, anyone can type in what they want and get an instant link to that node on the site. The content for that node is then just downloaded as usual using the cache-then-update service worker policy.

Eventually I will add a “Load All Content” button so that the entire content can be cached locally on the device and all of it available offline. This allows tablets and mobile to use the content much like a digital book.

In fact, it is a very simply matter to convert then entire KnowledgeNet module to any book format since it is all Pandoc.

I simply won’t be able to rest until the entire thing is done.

Saturday, November 9, 2019, 10:11:53AM

Toying with the idea of returning to the professional world in addition to keeping my little community running. It would not be until the end of 2020 after I’ve complete all the SOIL an KnowledgeNet tools and kick off stuff. I would likely take on some specific projects with Go and Vue programming and/or offensive security analyst contracts (after getting the OSCP and OSCE). As much as I totally adore working with community members I live for the challenge of real work, of which I have a lot of at the moment completing the tools I’m building. But after that I’ll be craving more. Plus it makes me a better community mentor.

When I make that move it will likely mean dropping the remaining members who do not do anything during the week until they come back. I get that school demands their full attention during the week. But I watch every single member who doesn’t do anything all week lose almost all that they learned the last week. I continue to do my best to help them know exactly what to work on and give them ideas for home but at least 50% of my remaining 37 members do nothing between sessions. It’s frustrating for everyone — especially since they actually want to spend more time but are too busy learning to make PowerPoint presentations in their school (or some other dumb shit).

Friday, November 8, 2019, 5:52:58PM

The last casual has left. 🎉😀🎉

For a good four of the last six years I ran sessions for 90 minutes and explicitly for Code and Play would allow 30 minutes of guiltless team computer game play on Minecraft, Overwatch, TF2 and whatever. Of course it was always a blast. We could crank the tunes and take turns being DJ.

Around that time one of my most beloved members confessed, “I absolutely love SkilStak. I just don’t like to code.” I suspect a lot of members shared that sentiment. I thought it was good to have someplace for them to go, a community, even if coding was only part of it. I always thought they would get into coding but most of them never got the bug enough to become serious.

This was good and bad. I knew I was providing essential value to these important people even if coding for some wasn’t there priority. But it was always a delicate balance.

Parents were well informed this was the plan and that the coding happened before the play with the play time being a big reward. But after continuous problems helping some parents realize the progress their kids were making I decided to make game nights instead. A lot decided game nights were the only reason they really wanted to come. My plan to entice them with games and essentially trick them into wanting to learn to code showed the beginning signs of failure.

The problem was (and is) that unless you want to learn anything you just won’t. No amount of trickery and “smart play” will do the trick. I was successful promoting some learning from the essentially unwilling and apathetic. But for the most part they would go home and never think about coding again, content to waste away their weeks playing brain-dead games all week with their free time. It always bothered me.

Meanwhile, my amazing, serious learners were obsessed with learning to code here and when at home. Around two years ago I pretty much had had enough of the casuals. I love them deeply as humans and friends, but I’m sick and tired telling them things like, “no we can’t play Overwatch/Fortnite/Minecraft” for the last 20 minutes.

Even my wife would comment on how dramatic the contrast was and is.

Tonight one such casual obsessed the entire time with getting as much playing in with his last day here as possible. As his mother said, he’s decided to “take a break” after splitting up his class and basically asking him to really focus on coding the entire time. While he is capable of coding and has clearly learned lot, he really just doesn’t give a shit. I relented and let him play Overwatch for the last 15 minutes hoping to let him leave with a good memory. He wanted very little to do with what I wanted to show him he could do in his own time at home while on his “break”.

During the transition, one of my serious members arrived and saw the Raspberry Pi and immediately started asking about how to set it up and discussing the networking capabilities and how he wants to “sell” his 3 and get a 4. “Your servers here are great, but there would be nothing like running my own on a Pi from home.” I responded, “Well that has always been the plan.” We both smiled.

Earlier today I couldn’t keep up with the enthusiasm of one member.

Then after another amazing member and I deconstructed a flat-to-tree algorithm and jumped deeply into pointers.

Why the fuck did I ever try to trick casuals into learning when it is so much more fun for everyone when everyone is serious? You either want to learn or you don’t.

Never again. SkilStak is officially done with casuals. “You’re a casual I see. No code for you!” 😉

I’ve never been happier to have so few members left. And by the looks of the increasing demand, there are plenty of serious learners out there needing my help.

Friday, November 8, 2019, 3:17:45PM

God I love what I do. So much fun watching members light up when they see how powerful and relatively easy it is to publish Web sites and apps. Reminds me of the first time I saw something I had actually coded up for billions to see. Plus they are so hungry for knowledge and skills. Pushes me constantly to be better at researching, communicating, and sharing what I know.

Thursday, November 7, 2019, 9:05:07PM

Despite all the research I have done about the pros and cons of serif v.s sans-serif fonts I have to conceded that sans-serif is often simpler to read. Compare sites like https://css-tricks.com to anything on https://medium.com. Notice that Medium doesn’t use serif until it gets into the long text.

Thursday, November 7, 2019, 11:04:01AM

Concluded to keep all kn configuration in the modules themselves within the .kn directory, which will force copying some things into each module, but this is preferred since all the configuration will stay with the module itself when committed. So no more $HOME/.kn. This makes a clean separation between the content of the node and anything related to the kn SSG tool itself allowing other tools to potentially follow the same hidden directory naming conventions.

Also decided to keep everything in YAML.

Adding (back) the .kn/data.yaml file that will simply be preloaded into the module summary and available like all the other front matter to the template files.

Template files will go in .kn/templates and be named for the format of the node. Templates can make full use of the new partials coming later in Pandoc.

Thursday, November 7, 2019, 11:01:40AM

Cannot get enough of the Alabama Shakes after falling in love with Sound and Color from Mr. Robot.

Also, how am I just discovering Margo Guryan now!

Wednesday, November 6, 2019, 7:34:20PM

Plagued with usage design decisions for kn that significantly shape the concurrency model of the internal code. I think the problem is that I’m fundamentally building two different applications in one: a utility for working with content to make it easier to write and analyze, and a real-time service that monitors several modules and the nodes in them for changes and automatically rebuilds them dynamically. At first I’m thinking a kn build would be good, then I realize it is redundant if stuff is being monitored in the first place. The confusion happens because the command senses input and actions from the user and the other is entirely based on sensing the state of the modules themselves autonomously.

I also question the need for concurrent building because the main model usage will be updating everything as we go.

However, changes to the template should always trigger changes to every single node in that module.

But then again, when doing heavy editing of a template to test it I don’t want to be firing off automatically detected builds of every single node waiting to do that when needed.

In fact, building every node in a module is very rare and should only be triggered directly by a user command like kn rebuild. That command could use a concurrent work group running multiple pandoc commands simultaneously all reporting their node summaries back to a single goroutine merging them all in memory until all at completed and then writing the kmod.json file.

The whole thing has me rethinking the idea of a module path. While I do think having a way for multiple modules to be on a single system is important, it is likely that a content creator would not be simultaneously working on several modules at the same time. Switching context is more likely the need. Searching, of course, could remain either limited to the given module or widened to all modules in the module path. Commands like kn build and kn rebuild and even kn remove <nodeid> would therefore not need to prompt for which module to use.

I’m afraid these new reflections have me refactoring the entire thing, yet again. The truth is, there is little need for any concurrency except for the extremely rare use cases for rebuilding everything is required.

Wednesday, November 6, 2019, 9:45:05AM

Back in college I learned that if I got up really early and headed to the language lab where I would do all my homework that I would be really efficient at completing everything. That was when I discovered my absolute best brain time is in the morning. Knowing when one’s best brain time comes during the day is really fundamental to being a technologist.

I even wake up having dreamt of a way to complete something I’ve been coding or designing. Often it is that idea that pulls me right out of bed to get to work.

I realize this is not how everyone works but the key (like most things) is figuring out what works for you. One size has never fit all. There is no best brain time, no best diet, no best religion or world view. We are all different and respond differently to different environments.

So I’m going to remove anything from my mornings but coffee, eating, and work. (And just had to reset with my family so they don’t think I’m being mean when I don’t respond to them.

Also realizing I am way too tired for any Asana at the end of the day and frankly usually need to get away from the house. So changing the plan.

Mon Tue Wed Thu Fri Sat Sun
Run Cross ezRun Fun Clean ezRun ezRun

Easy runs are yoga when done correctly. They just aren’t asana. Many of the other limbs (and branches) of Ashtanga are present:

I have noted that using a waltz/skip rhythm when running makes it even more euphoric. “1-2-3, 1-2-3” where the first step is slightly longer than the other two. Might sound silly, but I can do it almost imperceptibly to others and in my head feels like I’m a school kid skipping along the trail having a blast outdoors. Combined with inhalations and exhalations for each triplet and you get a solid cardio pace system. I have noticed that when I do the same with a 4-count that I start to feel like I’m in the military, which is a good thing sometimes.

Truth is all of it is actually about mental state and control of the mind. Nothing like endurance sports helps more to control your thoughts. I learned this when I was 11 and have never stopped appreciating it.

Tuesday, November 5, 2019, 2:46:01PM

Fall weather is so great for getting back into outdoor fitness.

Wellness Practice
Mon Tue Wed Thu Fri Sat Sun
Asana Asana Asana Asana Asana Dhyana Dhyana
Run Cross e zRun X/R/B/P (off) (off) (off)
Dharana Dharana Dharana Dharana Dharana Asana Dharana Asana Dharana
  1. Up, heat the yoga room, coffee and a few almonds.
  2. Light wake-up asana with mantras and music.
  3. Shower and smoothy.
  4. Thinking work for few hours.
  5. Oatmeal, protein and coffee.
  6. Another hour or so of thinking work.
  7. PM exercise four days a week (when don’t have sessions).
  8. Long wonderful shower.
  9. Smoothy and/or meal.
  10. 30 minute recovery nap if can fit it in.
  11. Member sessions, focus on flow state, pair programming.
  12. Walk the dog with Doris.
  13. Asana on weekends when off after 6pm.
  14. Dharana every night with candle, tones, mantras, firepit, etc.
  15. Sleep, glorious sleep.

Tuesday, November 5, 2019, 11:34:24AM

The Universe is telling me to learn Haskell. I keep getting indications that it is needed.

Pandoc was the first one. The people involved in that project are phenomenally intelligent and practical.

Today I learned that the super hot Hasura GraphQL engine is also written entirely in Haskell.

There is simply no more widely used and robust modern language prepared to deal with the massive concurrency push a multi-core processors continue to become more affordable. Anyone paying attention to mega-trends in computer science and the industry will see this almost immediately. Only highly concurrent languages will survive, and not just those that are really good at managing a single core like JavaScript.

In fact, I’m just going to say it. Haskell is already a really big thing in high-performance computing circles and is now at the core of the most important middleware specification in the world, GraphQL. The fact that is is 100% functional and not a hybrid language makes it idea for many things that are being required in that space. For example, anything related to data handling and transformation. This is why Pandoc picked it.

Speaking of Pandoc there is a new, even more powerful version coming out. I really think Pandoc is poised to be one of the most important tools in the JAMstack era. GatsbyJS and VuePress and Hugo are getting all the attention while Pandoc quietly moves forward with the most important document transformation tool in the world. SSGs fundamentally are all about such transformation. Th only reason there isn’t a killer SSG app using Pandoc is because no one knows about it in the Web world and runs away from it base on it being written in Haskell.

The truth is that my kn tool is really so trivial that writing it in Haskell would be completely easy for even a beginner Haskell programmer. I’m just looping over directories, summarizing the content, and rendering as HTML. The simplicity of the organization is by design to keep content creation and maintenance down to a minimum for even the least technical.

Then again, if I want to eventually provide a GUI front-end so even less technical people can use a built in editor then Go is definitely the pick to use. Pandoc would need to be encapsulated anyway to provide the most licensing options.

Sunday, November 3, 2019, 2:28:51PM

Getting really frustrated by the lack of time people have to work on stuff from home, the culprit: school. School sucks away so much time the students don’t actually get to do much actual learning. Just the fucking bus ride sucks down 2-3 hours of most kids’ day.

One thing is for sure, I have to rewrite a of the content for this site to work around the problem with having only a single hour a week to work on stuff here. The unfortunately reality is that most members simply do not work on much coding at all outside of that special one hour. This really brings the focus on coding as much — with the least interruptions — during the time these over-scheduled people are here. For them this is just another one-hour course like all the others.

After watching a documentary on Quantum Supremacy it has become clear that America is ridiculously behind and has very little chance of ever catching up with China and others — mostly because of how totally shitty our education system is and how broken our political system is. Without a working political system we cannot reform the education system. That leaves only the most creative, risk-taking families to position their children for a future that will be based on priorities other than those our entire system has been lobbied into today.

It really is too bad there isn’t another place to start another country from scratch, once without all the ethical, moral, financial, political, and technical debt that America now has. In so many ways America is too broken to fix, realistically.

Sunday, November 3, 2019, 11:44:59AM

Just now reading about Benefit Corporations. Too hard for me to reorganize as one at the moment, but it is great to know they exist. People can search for them in addition to non-profits they might want to work for to make more of a difference with their lives.

Saturday, November 2, 2019, 1:13:56PM

Really excited about the state of TinyGo. It allows any Go code to compile down to something that avrdude can flash to an AVR/Arduino device. If all goes well Go can remain the first strict language anyone learns, which has immense cross-industry relevance — even more than Python and growing. Then we can learn C (embedded and for Linux systems development) after that.

Also, after meeting with my top IoT member I am considering dropping MicroChip PIC other than to learn about how assemblers and digital computers work at the lowest level. It will be more of a computer science project and less gaining a practical skill coding for Microchip PIC controllers. AVR is solidly the standard in IoT and costs are super approachable these days. The central AVR standard has already widely taken hold.

Just reminds me how much material I still have to cover. Thankfully my KnowledgeNet stuff is wrapping up from a practical usage point of view so that it can be regularly used and tweaked. Then eventually (year or so) I’ll bundle it pitch it for other external use. Maybe I’ll post to the Pandoc news group first to get some beta testing and input. In fact, knowing that the Pandoc community is likely the main initial target has caused me add some flexibility to allow the library to be used with or without the kn tool itself.

Saturday, November 2, 2019, 11:08:26AM

Reminded again that the type of material covered for each person is so different depending on their level, age, and interests. If someone isn’t even close to getting an internship (say because they are 10) then things like CodeCombat and Minecraft server system administration are more compelling. If someone is an adult wanting to be employed as soon as possible then getting a web site up with their work and profile is paramount.

Once again, this is why one-on-one is so important. It’s also why I need to write an entire equivalent to the content covered in freeCodeCamp and Codecademy that is specifically designed for the reading and comprehension levels of my broadest demographic. This is one thing that is consistently broken in all the online materials. There is clearly not a target audience in mind when people write any of it. Often there are multiple different authors with different English writing levels and target audiences. This leads to complaints about using words that are “never explained anywhere.”

Good content is always more important than any platform. All these venture funded flashy “educational sites” have zero focus on what is actually the most important, digestible content. I know because I work with those learning all the time of all levels and the complaints are always the same. I wish I could get them all to stop catering to the perceptions of those who are going to give them money and start catering to the people they are trying to help, you know, the customers who are learning.

Friday, November 1, 2019, 4:43:07PM

Changed Linux Terminal User to Bash Terminal User as the first role anyone learns on the path to full stack engineer. This opens it up to be learned on Mac, Linux and/or Windows. In fact, the critical skill is to get a Bash shell up and running as quickly and efficiently as possible on all operating systems. It does mean, however, that everyone will be editing in Vim — no exceptions. I will show how to edit files using the GitLab editor as a part of understanding the GitLab service itself but that’s it. I will be encouraging everyone to quickly be able to run ssh from any computer and connect into a system for remote editing and such (much like skilstak.sh before).

Friday, November 1, 2019, 4:36:46PM

Decided there is actually a level of developer between Web Designer and Front-End Web Developer that I’m going to call JAMstack Web Developer. A designer with basic JavaScript DOM skills sufficient to connected in service APIs and write simple Netlify/Amazon functions and use Firebase and the like is a JAMstack Developer. They won’t necessarily know a framework of any kind and only focus on basic JSON API fetching and parsing, but can make significant sites.

I’m still on the fence as to whether or not to include progressive web app technologies but those are usually the first that they learn. If not, it will be the first thing after earning the JAMstack Developer role since PWA tech can apply to simple document sites as well as apps.

Friday, November 1, 2019, 3:12:17PM

Been seriously contemplating the distinctions between Web Designer and Web Developer and Front-End Developer and Back-End Developer particularly in the area of editing and hosting code. The reality is that everything but back-end development can be done without even an introduction to Linux and the Linux Command Line. This is why so many describe Linux skills as power developer stuff.

It is also the reason most Web Designers use VSCode on Mac or Windows for everything. The Web/Graphic Designer role fundamentally requires Mac or Windows professionally since Adobe (particularly on Mac) is the overwhelming industry standard for graphic design.

As much as I find all of this infuriatingly limiting I have to concede that the fastest path to employable skills and demonstrable work output may be getting web content designed and developed as fast as possible. Then Linux can be layered on with all the back-end stuff where it is absolutely required.

Installing Node.js/NPM will be required for Web Designer roles no matter what I think of it if for no other reason that to install Browsersync.

All of this is consistent with completing the content in Jennifer Robbins book Learning Web Design which has been a textbook standard for more than a decade (and sometimes it shows).

What I think I’m getting at is that the Web Designer track could be based on that text book supplemented with material I provide to make up for the horrible gaps it has (no coverage of hosting, GitLab, Netlify, or even Markdown).

The danger is something I have seen with others. Once they use VSCode they simply don’t want to use Vi/m unless they are forced to. So they never get good at using it. Then, when they have to configure their server or other stuff that requires the terminal they crash and burn.

Perhaps the secret is a balanced approach that first introduces VSCode and explains why it is the most popular editor on the planet and why it still has major problems. Then I can introduce Vi/m when they begin the other terminal-based stuff. Those who want to use VSCode can do so and those who want to use Vi/m can do so. The choice is up to them. Of course all my code and documentation would assume the use of Vi/m.

I am seriously conflicted over this. I do not want to produce more mediocre developers who never push their limits to learn terminal. GUIs are cushy, ineffective crap, but most of the world uses that crap. If I don’t even introduce the terminal command line or Linux until after they get making fun stuff for their site and games they may never come back because their first experience has shaped their thinking and habits so much. This is exactly what happened during that year where I continued to focus on Python on REPL.it. Since changing I have already seen the mastery and confidence of terminal users making a significant difference. I really do not want to put that in jeopardy.

Once they have learned Vi/m for web content it is a ridiculously short path to Go and shell programming from the command line as well. Rather than all the setup and learning for both VSCode and Vi/m they just have the one.

Besides, setting VSCode is no small task — especially these days. And it is so fucking buggy. Vi/m might be hard, but it is absolutely bug free once you learn it.

So it is decided then. I’ll stick with Vi/m from the very beginning and only use the GitLab editor very initially to show them they can make changes in real-time and deploy to Netlify. Then I can add in Vim mastery and Linux workstation setup. I suppose I can relax the constraint to use only a Linux computer during the Web Designer portion. In fact, I need to allow Mac and Windows to be fully supported again at least through Web Developer. As much as it makes more work for me, I do need to cover using and setting up a Mac and Windows workstation (as well as Linux Mint Cinnamon). That way they have proficiency on all major operating systems as well. Given how much software just will not run on Linux — and some that won’t even run on Mac — such universal OS user proficiency is fundamental.

Another supporting reason for this is to keep them balanced in operations and applications stuff. Learning Vi/m instead of VSCode is more balanced.

Ugh.