Michael Koby

It’s Called “Income Tax”

Michael Koby — Sat, 14 Apr 2012 18:16:56 +0000

It is not called “How much money I have in the bank or investment accounts” tax. If I save up millions of dollars and then put that into an investment account and earn interest I’m paying taxes on the interest, not what I already had in the account. This is a gross oversimplification of what’s commonly referred to as capital gains, and the capital gains tax (which is, I believe, at 15%) is how this is taxed. The tax code currently views capital gains differently than regular income (what you get in a paycheck).

So, when people say things like “The rich pay lower taxes” it’s not because they pay less income tax, it’s that they make most of their money in capital gains, which is taxed differently. This is most recognized in Romney’s released tax returns. It is also why Warren Buffet (falsely) claims he pays lower taxes than his secretary, because he’s mainly paying a different kind of tax than his secretary (he’s paying mostly capital gains tax while his secretary is paying income tax).

Again, this is all grossly oversimplified to make a point. That just because one has a lot of money, doesn’t mean that they’re paying taxes on that surplus. They’re only going to pay taxes on what was actually income, or their capital gains.

Now, with that in mind, it’s obvious that this is a tax code problem rather than a “rich pay less” problem. I’m all for changing the tax code. I’m also of the opinion that a person should take every single tax deduction they are legally allowed to and capable of, until such time the tax code is changed and they can’t take certain deductions anymore.

But please, please, please, remember, it’s called income tax for a reason, because it’s your actual income being taxed, not your surplus of cash.

Introducing CodeCasts.tv

Michael Koby — Tue, 03 Apr 2012 18:30:04 +0000

So where have I been lately? Busy. Among other things, I’ve been putting a lot of time in working on a new project. And today, I’ve put it out for the world to see.

Allow me to introduce, CodeCasts.tv. CodeCasts.tv this is the world.

What to Expect

The idea is to learn little pieces at a time, so that you learn things gradually. I plan on keeping the videos at around 10 minutes on average, and hopefully I can keep most of them shorter than that. I want to try to be thorough, without being overwhelming. So things will get broken up into multiple parts, and I will try to make each episode laser focused for what’s being covered in the episode itself.

The first series of videos from CodeCasts will be focused on teaching the basics of the Ruby programming language. This is to get the ball rolling, as it’s easier to plan the videos out when I have an idea of what I’m going to be covering over the course of time. I’m accepting episode suggestions, so if you’ve got an idea for something you want to see, definitely let me know. If I can’t cover it, I’ll try to find someone who can.

After we’re done with the basics of Ruby programming, we’ll jump around a bit to touch on other programming languages, topics, operating systems, and anything else we deem needs to be covered. Not everything will be beginner focused and not every video will be part of a series.

How Did this Happen

Well, for those that don’t know, a few years back I was part of a weekly radio show called, Power of Information, that aired on KCAA in California. I had to leave the show for personal reasons, but I always wanted to do something media wise when time allowed.

I spent the next few years bouncing around ideas for a podcasts and even video casts, but nothing really stuck. I knew I didn’t want to do an audio only thing, as web video had come quite a long way. I saw things like RailsCasts and TekPub but knew I didn’t have the audio equipment to really make it work. I had a stage vocal microphone, not a nice studio mic.

What finally sold me on doing it was when I was helping a friend of mine via a pair programming session over Skype. I heard my voice and saw what I was doing on screen and decided that I needed to just break down and finally buy the equipment to screencasts.

So I did. And the result is CodeCasts.tv

Where’s Your Code Resume

Michael Koby — Tue, 17 Jan 2012 13:00:49 +0000

You’ve read me talk about the importance of having your code online in the past. I’ve had several discussions, chats, and various thoughts on this subject since I wrote that post over a year ago and I want to talk a little bit more about this, and give some tips on improving your code resume.

Get Your Code Online

First Things First, put your code online. Now.

If you are not putting the code for your personal projects online for others to see, you’re missing a huge opportunity. Not only from a job hunting perspective, but also from one of learning. When you put code online, you open yourself up to other developers. Sure, not everyone in the world is going to see your code, but if you’re using some of the more social aspects of Github, some of your colleagues are most likely to see it. This means that they might critique it, or at the very least a conversation will start up around that code you’ve made public. This is a great learning opportunity, even if your colleagues don’t massively review your code, they might skim it and find potential issues, and point you in the direction of fixing those issues. This opens a dialogue, and that dialogue can lead to you making better coding decisions in the future.

Not All Your Projects

If you’re like me, you have some projects you’d rather keep to yourself. They’re either client projects, personal projects that you make money on, or just stuff you’re not quite ready to show the world. I want to make it very clear, that as important as it is to put your code online, it’s not a requirement that you put all your code online. It’s okay to keep some things for yourself. Or at the very least, keeping them to yourself until they’re ready.

One other reason a code resume looks good, is that it shows you as someone who is a self starter. The more completed, fully realized projects you have on your code resume, the more people can see you are not only self motivated, but also have the ability to see things through to completion.

Different Languages Fill Out a Code Resume

Just like a regular resume, where having some diversity is good for rounding out the corners of your career, having an online code resume which shows the use of multiple languages can help show people you’re a well rounded developer.

But, just like a real resume where too much diversity can hinder you in a job search, so can using multiple languages in a code resume. Having one project in every language will distract from your code resume as it will not show expertise in any language. So having a few repositories with a couple of languages will show expertise in those languages. Then sprinkling in things from other languages, to show interest can add flavor (like spices when cooking a meal) to your online repositories.

The key here is balance. Having 10 repositories with 8 different languages isn’t going to show anyone anything about your coding ability. But having 8 10 repositories with 3, maybe 4, different programming languages shows mastery but also some diversity. And don’t let these numbers be hard numbers, just be sure to show balance.

Get Involved

If you’re not into creating or building your own projects, you can still build a code resume by helping other projects. Websites like Github or Bitbucket make it easy to fork projects and get involved by submitting bug fixes, documentation updates, and contributing new features.

Consequently, getting involved in this way also shows one’s ability to work with others. If you’re looking at getting a job that’s offering a telecommuting position, this kind of activity can also show them that you work well remotely, and might make you a more attractive prospect than someone who doesn’t have this kind of work on their code resume.

Back it Up

Like a career resume, a code resume could be faked, so be prepared to back it up. If someone asks you why you made the coding decisions you made, be sure you’re able to explain your reasoning. Anyone can cobble together code snippets from around the web to make a functioning application, but the ones that understand the code they’re cobbling together, refactoring, and making their own can explain why they did things a certain way. Even if that reason is, on occasion, “I didn’t know any better.”

This piece is what “separates the men from the boys” as they say. It also shows that you are willing to take criticism. In fact, just putting the code out there opens one up to criticism. The idea here is that you need to be able to answer for your code, good or bad. Good coders know why did the things they did.

Conclusion

Again, if you haven’t been putting your personal projects online, in front of others than you are missing out an opportunity to not only learn from your peers but also from giving potential employers a way to judge your work and make informed decisions about your abilities. Anyone can ace a spoken interview. Others can fake their way through a technical interview. People who put their code online, have confidence in their ability, even if it’s only a little bit. They are willing to open themselves up to critique, let their work be seen, and make themselves know one way or another.

What does your code resume look like?

Secure Yourself in 2012

Michael Koby — Mon, 09 Jan 2012 15:30:30 +0000

It’s a new year, and with a new year comes those things called “resolutions.” You know, the promises you make to yourself that you eventually don’t do, or just for get about entirely. But some are slightly easier to do than others. And while I don’t want you to resolve to be more secure online in 2012, I do want you to be more secure online in 2012.

Multi-Factor Authentication

One of the easiest ways to be more secure online is to use multi-factor authentication wherever possible. If you have a Gmail account, you can turn this on with very little effort. Some banks are also utilizing this form of security for online account logins.

What is two factor authentication? Basically it means you have to authenticate yourself twice before being logged into a site. This is usually done with your password being the first form of authentication and a secondary ever-changing code that is sent to you. The most basic way this is handled is you get a text message with the secondary code.

This means that someone would have to have your password and your phone (or your secondary authentication method) to get access to the account in question. There are other forms of multi-factor authentication, such as the Yubikey, but it’s use is far more limited. Google does text messages or the Google Authenticator smartphone application for processing two factor authentications. Some sites, like LastPass, support Google’s multi-factor authentication.

If you do nothing else suggested in this post, please turn on multi-factor authentication for your email account(s). Doing this will make it more difficult for people that do manage to phish your password to log into your email account.

Passwords

Phishing is at an all time high these days. More people have more websites that hold more of their personal data than ever before. Facebook alone is a treasure trove of social engineering tidbits about you that someone could use to gain access to your stuff. The thing people phish the most for online is passwords. Why passwords? Because most people use the same password for multiple websites across the internet. There’s a good chance that if you’re reading this, you might have the same password for your Facebook account that you have for your email account. So if someone got your Facebook password, then they also could get into your email account and what ever other sites you use that same password on.

Once someone has your email password, they can do a lot. Like for starters change your email address password and the recovery email address associated with it so that you can’t get it back.

So, for 2012, move away from using one password for all your internet sites and move to using a password safe that uses one really secure password. Most password safes include a password generator that will randomly create passwords for the various websites you visit. This way, you can have a different password for each website, and not have to worry about remembering them as they’ll all be stored in the password safe. Most password safes also include a browser plugin that will allow you to auto enter passwords so you won’t have to do a lot of copying and pasting of passwords.

Full Disk Encryption

Finally, the last thing you should do to help be more secure is to utilize full disk encryption using something like TrueCrypt. If you don’t want to encrypt your whole hard drive, you can use TrueCrypt to create a small secure file, that then creates another “drive” on your computer that you can then copy files to. When the file is not loaded, the data is encrypted. But you should really consider utilizing full disk encryption if you can, because it will encrypt all the data on the disk, and since we store more personal documents on our computers than ever before, making sure that data is encrypted and difficult to gain access to for someone that isn’t you is important.

The downside to full disk encryption is that you can not forget the password you used to encrypt the disk, as the data is then unreachable and there’s nothing that can be easily done to undo it, so keep that in mind when deciding on whether or not to do full disk encryption.

How Smartphones are Changing Travel

Michael Koby — Mon, 02 Jan 2012 15:30:03 +0000

You might not know this, but I’m currently in Nebraska. My son, who’s had medical issues since birth, had a surgery done here and we as a family have been here in some capacity since early December. This was my first out of state road trip in a probably a decade. And it was interesting to me to see how much smartphones have changed how road trips are done. And I don’t mean in the “keep your kids entertained” kind of way. What follows are just a few observations as to how having a smartphone has changed road trips.

On the way up to Nebraska my wife and I used my Android smartphone’s built in Google Navigation application to get us from Houston to Omaha. With only a small part of the trip spent without a cellular data connection (middle of nowhere Kansas, to the first parts of Nebraska), we had very little trouble relying on the phone as a GPS device. The only downside was I couldn’t check in on Twitter or Facebook while driving (I know, first world problem). This feature on my phone also helped us navigate around Omaha once we got in and settled.

While driving, and looking for food at times, we used Road Ninja on my wife’s iPhone to tell us what was coming up at future exits along the interstate. This app is very spiffy, and if you do any kind of traveling by car, you’ll want to have this application on your iPhone. It helped us find food and gas stations at upcoming exits and allowed us to plan stops a little better. As someone who’s done more than a few long road trips, such an app is quite helpful.

Finally, once in Omaha, Nebraska and settled in to our hotel, we ran into the problem everyone does when they’re in a new place, finding a place to eat. For this problem I simply opened up FourSquare on my phone, pressed the “Food” icon, and we were off to find food at places both new and familiar. For the places we don’t have back home in Texas, we used the FourSquare tips left by other FourSquare users to figure out what places we should try and what places to avoid. So far, we’ve had great success and haven’t been to a new place that we don’t like yet. FourSquare also helped us find the local mall(s) and movie theaters, again using the tips on FourSquare to tell us what places to avoid.

Again, this is not an exhaustive list, just a few observations from how I used to have to travel to how it can be done today if you have a smartphone. What is interesting is that kids today will not know what it means to have a road atlas in the car with you, having to guess what may or may not be at the next exit, and having to find your way around a new city by trial and error. For them, when they get older, they’ll just plug in their phones and go. Heck, they’ll probably never have to take the phone out of their purse or pocket and it’ll all just happen automatically via bluetooth (or some other wireless technology).

Year 2011 in Review

Michael Koby — Mon, 26 Dec 2011 13:30:21 +0000

The year 2011 brought about a few great accomplishments, some disappointments, and finally some big changes for me. Lets review some of these.

Job Change

One of the biggest changes was a job change. I left Sogeti USA in May to take a new position at a local start up. Initially I was hired to do some Ruby on Rails development, but have since migrated to doing mobile application development. I’m sure I’ll do more Ruby on Rails at the company, but for the moment they have me focusing on the mobile side of things. This job change was a good one. I needed a change of pace from doing .NET/C# development, and this job afforded me the opportunity I was looking for. Note, that I have nothing against C# or .NET, it’s more about the fact that I had been doing it for almost 10 years and I needed to do something different.

Accomplishments

Just for Bands

In January, my partner and I launched Just for Bands and the first application in the Just for Bands suite, LiveShow. This launch was a summation of a good chunk of work done throughout 2010. This application was the basis for our foundation in doing Ruby on Rails development, and my reintroduction into doing web development.

The Noows

In July I launched version .5 of The Noows, a news voting site that I had been sitting on and pushing off for about 3 years. Written in Ruby on Rails, it was my reintroduction into doing HTML, CSS, and Javascript, as if you couldn’t tell. This website will probably get more work in the coming year, especially in the user interface portions as I spend some time learning HTML, CSS, and Javascript.

Objective-C & iPhone Development

The programming language I had originally intended to spend time learning this year was Clojure. But that got put on hold for various reasons, and at work I started doing iPhone development. As a result, I picked up the Objective-C language. While, not an expert in the language by any means, I am some what fluent enough that I can create decent working applications to run on the iPhone. I’ll need to expand this skillset more in 2012 so that I can not only write iPhone applications but also iPad and OSX applications as well.

Disappointments

Weight Loss

This was a big let down for me. Not because I didn’t reach my goal weight for the year, but because I did so little to try and reach it. I did practically nothing this year in the area of weight loss. I’m overweight and it’s really starting to bug me when I look at myself in the mirror. As a result, this is going to be one of my primary focus areas for 2012. My goal for 2012 will be the same as it was in 2011, to lose one pound a week. This goal, is not only mostly achievable, but is a healthy weight loss goal. Sure there will be plateaus, but the general average is doable.

Blogging

I slacked on my blogging this year. I hope to remedy this in 2012 with at least a post a week. Blogging was one of my initial avenues for self promotion and I need to start using it again, especially to focus on areas such as programming and technical commentary. These are the areas I feel I have a lot to say and I should say more on the subject.

Reading

While I managed to read 11 books this year (not counting technical books), I only managed to read three books from what some of my friends and I have dubbed “The List” and that’s a disappointment because I wanted to read a full 12 books off that list. Next year the goal is 6 books off the list (double what I did this year) but also 12 books total, making it at least one a month. My eventual (long term) reading goal is 2 books a month (not counting technical books).

Goals for 2012

So if you were paying attention you noticed that I mentioned many of my 2012 goals above. There will be a heavy focus on weight loss, reading, and blogging in 2012.

But missing is a technical goal. That technical goal will be to build and release two mobile applications, on both platforms. I want to make two applications and release them to iPhone and Android platforms.

Also, there will be some more minor goals for things like Just for Bands. I’m hoping for big things there in 2012, including at least one marketing campaign of some kind.

Cutting Cable

Michael Koby — Wed, 23 Nov 2011 13:00:24 +0000

In mid-September my wife and I made the decision to cut cable television and go the route of OTA and streaming. It was a tough call, and it required me to do some math and research to figure out if we’d be able to get most of what we got with cable via other means. Good news was that aside from HBO and Showtime shows like True Blood or Weeds, we were going to be able to get most of what we watched on cable via digital downloads. This post will go over how we get our television shows now that we’ve cut the cord. Please note, that while we did cut cable television, we did not cut cable internet. We still get cable internet through Xfinity.

Broadcast Television

We get our broadcast television shows using a basic over the air (OTA) antenna, connected to our Tivo so that we can record the shows and watch them at our convenience. This process has been mostly full proof with the exception of a 2 week period where some electrical issues in our house caused the Tivo to randomly reboot, sometimes mid-recording. Those issues seem to have worked themselves out as they haven’t happened in about a month. The Tivo we have is a Series 3 HD model, so we pay a yearly subscription for the Tivo service that comes out to around $10 a month. The Tivo has a digital decoder in it, so it handles the digital TV signal just fine. Our antenna is a basic (what looks to be hand built) roof based antenna that was placed (and left) by the previous owner of our house, no “HD Antenna” here, just a basic run of the mill signal catcher.

Cable Shows

My wife and I like quite a few cable shows, like Burn Notice, Warehouse 13, and Haven. Since we cut cable, we can’t watch these on their respective channels. The original solution for this was to use Hulu Plus, but after some research, we determined that this wasn’t really a great idea. One reason is, we don’t like to get too far behind in our television shows, mainly because we already get behind due to our son’s medical issues. So having to wait until a season was over to watch it on Hulu Plus, and with commercials no less just didn’t seem all that appealing. Fortunately for us, pretty much all of our basic cable televisions shows are available for purchase from Amazon the day after they air. Yes, at $2.99 for an HD quality video, it can get pricey, but what’s interesting is that it doesn’t even come close to the 80-90 dollars we were spending on cable. To come close to the cost of cable, we’d have to buy every episode of every single television show we watch at $2.99 for a month to come even close to hitting that amount. During the summer season, when most of our cable shows air, we’d come close to going over, but we’d at the most break even.

We use a couple of methods to watch these shows that are purchased through Amazon. The last couple of months, we have relied on our Tivo to handle the playing of these videos. Amazon gives me the option to tie my Tivo to my Amazon account, and when I purchase these episodes, I can choose to push them to my Tivo from Amazon’s webpage. The other and more recent option is to use our Roku box. This little device allows us to access a multitude of streaming services all in one place, and all through a single HDMI connection.

Premium Cable Shows

This part we haven’t figured out yet. Channels like HBO and Showtime don’t put their stuff up for purchase until it’s in video disc formats. Showtime eventually makes their shows available to watch in digital form, but it’s usually after the whole season has aired and in most cases after its available on DVD and/or Blu-Ray. So for these shows, at the moment, the only options are to either get cable during these show runs, wait and get the released season sets, or download the episodes through illegal means. What the premium stations should do is offer their shows for sale through Amazon, Vudu, or another service just like the non-premium cable channels. There’s no rules that say they can’t charge more per episode than the other stations (say $4.99 for an HD video download). Yet, these channels are very stuck in the old way of doing business. HBO is a perfect example of this in that in order to get HBO Go, you have to tie it to your cable television account through your cable provider. Why can’t HBO offer HBO Go as an online service that I have to pay money for? Why do they insist on continuing to require a cable subscription? It’s 2011 HBO, lets move on.

Online Services

The final thing for our cutting cable needs was utilizing online to fill in the holes left by the hundreds of channels we lost by getting rid of cable television.

Netflix – For movies and older television shows. While an item’s availability can fluctuate, Netflix is continually adding content. You just have to keep an eye on what’s new and catch things as they show up to help ensure the longest possible timeframe to watch them.
Amazon Instant Video – We have an Amazon Prime account, which in addition to free 2 day shipping on anything we buy, also gives us access to a large (though not as large as Netflix) selection of free streaming video. Also, we can do streaming video rentals through Amazon. This can pretty much only be done on the Roku box.
Vudu – High quality video on demand service. These people stream new(ish) releases to your television in full 1080p with 5.1 surround through their proprietary HDX format. It’s not Blu-Ray quality, but for streaming it’s pretty dang close. Renting a movie can be somewhat costly, $5.99 in the HDX format. But buying it in the HDX format will get you the SD and HD (720p) versions too, so if you have to downgrade due to connection issues, you have the option with the HDX streams.

The combination of these services, helps fill in the gaps of the channels we lost to cord cutting. Amazon and Netflix give a decent selection of streaming television shows and movies to watch at any given moment, and for newer releases we can rely on Vudu.

Conclusion

The result of the last few months has proven this experiment rather successful. My wife and I haven’t really noticed the lack of channels and we’ve made some progress in catching up on older television that we’ve wanted to watch (via Netflix) but haven’t gotten around to. Our 9 year old daughter has been the most vocal about the lack of cable, but the less television she watches, the better right?

Stop Thinking the Fire is an iPad-Killer

Michael Koby — Sun, 20 Nov 2011 16:35:56 +0000

Last week, Amazon officially unleashed the Kindle Fire on the public. After a month of speculation, people finally got to be hands on with the device and the reviews came flowing in. Most reviews of the device mistakenly took the point of view that the Kindle Fire was an iPad killer, expecting $500 performance from a $200 device. Again, this was a mistake, and proof that several gadget sites do not understand the product. I would seem that commenters on related threads also have the same problem.

Stop it!

The Kindle Fire is not meant to be an iPad killer. It never was meant to be an iPad killer. And if that’s what you’re looking for in the device, you’re going to be disappointed. The Kindle Fire was designed from the ground up to be nothing more than a portal into Amazon’s services. If you can’t understand this basic fact, you will never understand the Kindle’s market. Here’s a hint, it’s not people who want to buy iPads. Sure some people might pick up the Kindle Fire instead of an iPad, but the limited apps and functionality of the tablet will cause those people to buy an iPad eventually anyway. The Kindle Fire’s market is those that are already tied to Amazon’s services, be it the Kindle books or the Amazon Video. If someone already has a Amazon Prime membership, then the Kindle Fire is a device they might consider.

The Kindle Fire is meant to be a portal into Amazon’s ebook, video, music, and app store services. A way for Amazon to pimp their services to a consumer and have them buy more books, video, and music. It is meant to be a media consumption device, and that’s all. It is not meant to be a working device, in that you do actual work on it like you would on an iPad. The Kindle Fire is for media consumption, and Amazon wants you to buy that media through them.

So please, stop thinking and treating the Kindle Fire as an iPad killer. It’s not.

Intro to iPhone Development at Houston Open Dev User Group

Michael Koby — Wed, 02 Nov 2011 15:30:27 +0000

Last night at the Houston Open Development User Group, I presented an introduction to iPhone development. Through the course of 2 hours I covered the very basics of iPhone development, from Objective-C to actually creating and wiring up a user interface for an iPhone application. For the demo application, I built a simple Twitter search application that allows a user to type in a search query and see the first 15 results returned from the Twitter search api.

If you attended the meeting, I encourage you to rate the talk on SpeakerRate. If you’re interested in the final code, you can check that out on Github as well. Below, you’ll find the slides from the presentation.

Intro to iPhone Development

View more presentations from Michael Koby

Houston Techfest 2011 – Wrap Up

Michael Koby — Mon, 17 Oct 2011 21:00:12 +0000

Had a great time this past weekend at Houston Techfest. Attended a couple of great sessions and also presented a couple of sessions of my own. If you attended either of these sessions, please click the SpeakerRate links and rate the sessions and leave comments on anything you felt was missing so that I might be able to better present at future events.

Below are my thoughts on the two sessions I presented.

Deploying Rails Applications: Lessons Learned

This session was the weaker of the two. Reason being is I didn’t prepare enough for it. While the content was decent, it could have had a little more meat and a lot less fluff. This is something I plan to correct in all future sessions. However, the discussion, questions, and general feel of the room wasn’t bad. I just think that I could have done a better job of delivering some real content on this session.

CodeMav Link

SpeakerRate Link

Cross Platform Development with Mono and C#

This session was better attended than I had planned. In the past talks I’ve given on Mono and cross platform .NET development were sparsely (if at all) attended. I think a large reason for this is Xamarin, specifically their MonoTouch and Mono for Android products, and the interest they have generated in the .NET community for doing mobile development. This session had good questions, discussion, and I even managed to get a little “wow factor” in with the csharp shell from Mono.

CodeMav Link

SpeakerRate Link

Final Thoughts

Overall the experience was good. I think that I can do better next time, but given the size of the event and how well the sessions seemed to go in general, I think that I did okay. Again, if you attended either of these sessions, please click the SpeakerRate links and rate the sessions

Why Amazon’s Tablet Makes Sense for Amazon

Michael Koby — Sat, 03 Sep 2011 18:24:09 +0000

In case you missed it, Techcrunch has announced that they’ve played with Amazon’s soon to be released seven inch Kindle tablet. Since then there’s been a lot of talk about if this tablet will really be able to compete with the iPad. And that’s where people start missing the point.

Amazon isn’t looking to make a tablet that competes with the iPad. They’re looking to compete with something closer to Barnes and Noble’s Nook Color. They’re also looking for something that will heavily tie into their existing content outlets like the Mp3 Store, or the Instant Video service. A content consumption device that plugs into Amazon’s store makes perfect sense for Amazon. And by making it a seven inch tablet that’s (rumored) to cost $250, they’re looking for heavy adoption from those that already own a Kindle or are looking to get a Kindle.

That’s why this kind of tablet makes sense for Amazon. They want something smaller than the iPad’s 10 inch display because they want the device to be light, and easy to hold in bed or on an airplane. They want you to throw it in your bag without worrying about space. And they want to be the one’s that sell you the content that goes on that device. And just like Apple, Amazon wants you to buy content through them Apple does the same thing with iPad and iTunes (and the App Store and the iBook Store).

The price point is worth mentioning, at $250 it’s half of the cheapest new iPad. At $250 it’s also around $60 more than the most expensive e-ink Kindle. If they can bring the price down to around $199 while bring the e-ink Kindle price down as well, then they have an interesting marketing position on their hands. But still at $250, people are going to be interested, and they’re going to reconsider that $500 iPad. The question among non-geeks is “Do I get an iPad or a Kindle?” (and the answer to this largely depends on what you want to do). At the rumored price point, Amazon is hoping to help make such a question easier for the general public.

Have an idea? Ship It! – A Houston Code Camp Presentation

Michael Koby — Sun, 21 Aug 2011 17:13:43 +0000

Yesterday, I attended and presented at Houston Code Camp. You can see what others were saying by looking at the twitter hashtag #houcodecamp. The event was a resounding success and I’m hoping we do another next year.

Regarding my presentation. I presented on shipping an idea. Taking an idea you have from idea/inception all the way to launching it. I would say that my session went well, had a decent attendance, and good questions were asked during the session. I have posted the slides for the presentation on SlideShare, and have a Speaker Rate page. Please feel free to visit the links. If you attended my session, please rate me over on the Speaker Rate link.

Presentation on SlideShare

Session on Speaker Rate

XKCD & Password Security

Michael Koby — Mon, 15 Aug 2011 13:00:42 +0000

If you were on the internet last week, you probably saw an article, twitter, or Facebook post about the xkcd comic on password strength. The comic, which was (most likely) inspired by an article entitled, “The Usability of Passwords” basically says that using a multi-word password (3 or more words), is more secure than what I have referred to as “complex passwords” in past articles on this blog. The writer of the original article makes the point (which is what the xkcd comic points to) that passwords using three or more dictionary words, has more entropy and is thus harder to crack, therefore making them more secure. While there is a bit of truth to the article, it leads to some false understandings of how hackers actually go about hacking passwords, and make assumptions that aren’t entirely accurate.

Hacking Passwords

The original article explains several methods for hacking passwords. These are, asking, guessing, brute force, common word attacks, and dictionary attacks. You can look at the article to see how the original author describes these methods, but many of them should be self explanatory. Asking and guessing for passwords are what regular non-hacker type people will do. Hackers will also ask for passwords, but they’ll do so in the form of social engineering. Social engineering is basically tricking the person into giving you the password by (most often) pretending to be someone they can trust, like an internal security or IT employee.

The brute force, common work, and dictionary attacks will be performed by hackers, but not necessarily in the manner described by the author.

How the Author Says These Work

The author of “Usability of Passwords” says that these methods are most likely performed at the computer, network, or website that the hacker is attempting to gain access to. And because of this fact the author leads the reader to believe that by allowing only a small number of attempts, followed by a “lock out period” that stops the hacker from logging in for an hour, is enough to keep his password strategy safe.

Before I go further, I want to say that limiting the number of attempts and instituting a lock out period is a good security practice, and should be implemented by large corporations.

How Hackers Really Hack Passwords

The author of “Usability of Passwords” is correct in the fact that hackers will use brute force and dictionary attacks to hack a password. But he’s incorrect in that they are used primarily at the login screens.
Most hackers (at least the good ones) will attempt to acquire the password through social engineering, and then failing that will work on getting the password hash file off a computer. What is a “password hash file” you ask? It’s a file that’s on a computer where the username and the hashed password of the user(s) of the computer is stored. Getting this file is generally a lot of work for the hacker and this is why they’ll usually just attempt to use social engineering.

Once the hacker has the password hash file, they’ll use various programs (I won’t link to them here, you can Google to see what I’m referring to) to then crack the password hashes on their local computers. It is this process where the hacker will use the brute force and dictionary attacks.

The other problem is that some of the dictionary hacking programs can be modified to try combinations of words thus making the idea of using multiple words in a password not nearly as secure as the author would lead you to believe. Is it secure? Not really. Will it take longer for the hacker to crack said password? Yes it will.

The Graphics Card Problem

Another fact that the author ignores (but is mentioned in the article’s comments”, is that graphics cards are incredibly fast. And there are applications available that allow a hacker to utilize their graphics card(s) processor (GPU) to crack password hashes at an alarming rate. More information on this process can be found by reading this article.

What this means is that utilizing brute force and dictionary attacks can be done in even less time.

Why Complex Passwords Are Better

So basically I told you all that to tell you this. Complex passwords are better than using dictionary words. Period.

A complex password is a password that meets following requirements:
At least 8 characters (a minimum of 12 is preferred)
Contains BOTH upper case and lower case letters
Contains numbers
Contains at least 1 special character (examples: !@#$%{^]&*)

Why are these better? Because they can’t be easily figured out with a dictionary attack. They also make brute force attacks more difficult. It’s hard to guess passwords if they have weird characters in them. Long passwords, that meet the other requirements will take years to crack, even when using graphics cards.

The idea is to make it difficult for the hacker to guess, or hack your password, even if they get that password hash. But complex passwords, or multiple word passwords don’t help get around the social engineering problem (the user willfully giving someone their password).

But I Can’t Remember Complex Passwords

The author’s point about using multiple dictionary words, along with the punchline of the xkcd comic, is that such passwords are easier to remember over complex passwords. And while this is an extremely valid point, it defeats the purpose of passwords. Passwords a form of security (some would argue they provide a false sense of security, but that’s a different topic). So passwords should themselves be as secure as possible. This idea of secure passwords comes at the cost of easily being able to remember your passwords, especially since to be really secure you should have a different password for each website that requires one.

This is where “password safes” come into play. Applications like Keepass, LastPass (what I use), and 1Password, allow you to store passwords for individual sites, and they all integrate into your web browser to some degree. All of these applications also have password generators that allow you to create complex, non-dictionary passwords. These generated passwords are then saved with the corresponding site you’ve generated for. What these applications allow you to do is to have a different complex password for each website you visit.

You’re probably asking “how can storing all my passwords in a single place be secure” and it wouldn’t be a bad question. The thing about the applications I’ve listed is they all use high quality encryption to store the passwords and they all require the use of a good “master password” and will warn you when your master password is insecure. You want to have a very secure (around 15-20 characters) complex password as your master password. And you want to make sure that you use that password only for accessing your password safe.

Conclusion

In the end, the author of “Usability of Passwords” makes a convincing case, but not if you know how hackers really operate. His intentions are good though, the idea of using harder to guess/hack passwords is noble regardless of how you say it should be done. But I believe that some of his ideas lead to a false sense of security because of a lack of understanding.

Hopefully, I’ve explained to you why some of the ideas presented in the original article were not so great, and have in turn caused you to think about your passwords, and how to create more secure passwords. I highly recommend that you begin using a password safe, and changing your passwords around the internet to more secure, complex passwords.

Cutting Worker Costs on Heroku

Michael Koby — Tue, 02 Aug 2011 22:30:53 +0000

When we launched Just for Bands, my partner Erick and I decided to go with Heroku’s cloud hosting service to host our LiveShow application. The reasons for this had to do with simplicity in managing the “server” and cost. Heroku is fairly cheap, and the level of service they provide through their add-ons only increases that value. If you have a Ruby on Rails application to launch and you don’t want to think about servers, Heroku is definitely worth looking at.

Heroku Worker Dynos

When we launched LiveShow, we utilized what Heroku calls a “Worker Dyno” to handle background tasks, specifically sending emails. Using a Heroku worker dyno allows you to offload work to a background task so that it doesn’t hold up the actual web server portion of your app. The downside to worker dynos is they cost money, $0.05/hour to be exact. And when you run one all day, everyday for a month, that can add up. In the case of LiveShow, to the tune of over $50 a month. And for a company that isn’t making any real money at the moment, that’s a lot of money going out with next to none coming in.

Enter HireFire

When doing some research for another project, I stumbled on the HireFire gem. This gem is a must have for anyone who is using Heroku and the worker dynos. The use of this gem saved us close to $35 in July alone.

What does it do? It’s simple, you set up this gem, and you deploy the changes to Heroku. Once the changes are live on Heroku, you can turn off your worker dyno because this gem will activate one when you generate a background task. You read correctly, it will “hire” a Heroku worker dyno when it notices a new background task has been created. Once the background task has completed successfully, the HireFire gem will them kill (read “fire”) the worker dyno. So the worker dynos are only alive when they’re needed.

You can imagine how something like this would reduce the cost of someone (like Just for Bands) that relies on these workers to push out emails and perform other tasks.

The Downside

If you used scheduled background tasks (DelayedJob’s run_at option), this won’t help. Because HireFire will see the pending job, it will actually keep the worker alive until that job has been ran successfully.

Also, currently, the gem requires you to store your Heroku account credentials in server environment variables on Heroku. There is work to move to using the Heroku API key that each user is given, but it hasn’t been fully implemented yet. It needs the credentials in order to hire/fire the worker dynos, since it uses Heroku’s APIs for doing the work.

Conclusion

Seriously, if you’re running a Heroku app, and you are using the DelayedJobs or any of the background task runners that HireFire supports, you should highly consider using this gem. It will drastically reduce your costs, and thus keep your pocket book in check.

The Noows

Michael Koby — Tue, 05 Jul 2011 12:30:06 +0000

Today, I’m happy to announce the “official” launch of my second side project, The Noows. What is “The Noows” you ask? Quite simply it’s a site that lets you, the user, determine exactly what is news. The site works similar to Digg or Reddit in that you click the little button next to the article links and they’re “upvoted” and moved to the top of the homepage. The site (currently) differs from Digg and Reddit in that there is no algorithm that determines a certain item is “front page material” clicking any link will move it to the top of the homepage.

Where the Idea Comes From

In 2008 I became very upset with Digg and it’s army of pro-Obama, voters that upvoted any article that was pro-Obama and constantly buried any article that showed Obama to be a double-talker, or displayed him making a error on facts. A year or so later a big deal was made about the conservative movement that sought to upvote and anti-Obama articles and downvote any anti-republican articles.

Both of these actions were wrong. To me a site like Digg or Reddit works best people aren’t trying to game it for a particular political agenda.

The Solution

I needed to solve two problems with The Noows, I wanted to eliminate the ability for others to submit stories, and remove the ability to game the site. The first one is easy to solve, and I did it by just relying on the RSS feeds from official news sources (CNN, MSNBC, Fox News, and eventually newspapers and such). The idea was to remove the ability for people to submit their own articles, thus removing the need for them to game the site.

The second solution is currently two-fold. First, I rely on Facebook authentication for user creation and login. Since most people really only have one Facebook account, they can’t create multiple accounts on the site without also creating multiple Facebook accounts. This (hopefully) makes it more trouble than it’s worth at the moment for a person to want to “game” the site to make sure certain articles are seen.

The second part of the solution is that there is currently no algorithm. You click the “Noows?” button, that article gets moved to the top of the homepage. Doesn’t matter if it’s already on the homepage or not, it gets bumped to the top. The idea here is that the stuff a lot of people really think is news worthy will always be at the top of the site. Will there eventually be an algorithm to determine what goes to the top? It’s possible, depends on what people want and if I ever see a real need for it.

Conclusion

Will the site ever be popular? Who knows. Really I just wanted to get it out there so people can start using it. I think something that aggregates other news sites and brings stuff together in a way that allows everyone to see various articles on the same subject has value. There might even be some value in a future feature that lets users decide on the left/right/center of particular articles. But for the meantime, I hope that some of you can come to use it as a goto place to get your news fix.

Why Robert Scoble is Wrong (And a Little Right) About Apps

Michael Koby — Thu, 23 Jun 2011 23:30:41 +0000

Robert Scoble is no stranger to opinions. He has several of them, and he posts them on Twitter daily. Sometimes his opinions are valid, other times they can come across as blatant fanboy. That’s okay though, that’s what the internet is for. But he has recently taken the stance that the success of the platform is based solely on the number of native applications it has available.

While this view isn’t completely incorrect, it’s the only truth. What Scoble will constantly say whenever he comes across a new device (say Android tablet, or Nokia’s newest MeeGo device), he’ll say something like “cool device, but no apps so I won’t use it”, which again is his prerogative. But he often ignores one glaring fact. The iPhone became a successful platform without any native apps. When the iPhone first launched you could only do web applications, there was no native development kit to write native apps (outside of Apple). However, even without the native apps, the iPhone became an incredibly popular device. When native iOS applications arrived over a year later, it only further cemented the iPhone’s popularity.

So the iPhone, Scoble’s goto argument, was itself without native applications for the first year of its existence, but it was a good platform (the first of it’s kind actually) and this is why it gained the attention of developers (it’s popularity didn’t hurt either). Yes, now the iPhone has a large number of iOS applications in it’s app store, so do Android phones (yes, I realize Android tablet apps are lacking, but that doesn’t mean they aren’t being worked on), and MeeGo will probably do okay as well. While MeeGo probably won’t be as large in market share as iOS or Android, Nokia sells most of its stuff outside the United States where there are a good amount of people who actually buy Nokia products.

Consider another argument of Nokia and the Symbian platform. Nokia and Symbian owned a nice chunk of the mobile phone market, especially outside the United States (this is something people forget about Nokia when they try to discuss its “irrelevance”). In fact up until recently, Nokia had more market share worldwide than Apple or Google’s Android. However the platform became meaningless in a market with iOS and Android. This happened mainly because Nokia was slow to catch Symbian up to what people were loving about iOS and Android and as a result people stopped developing for Symbian devices.

So Robert, apps are important, but what matters is a solid platform to develop those applications on. Android, Windows Phone 7, and MeeGo (iOS too) offer such platforms. Without a platform that is attractive to developers, there will never be any applications for it. MeeGo has the attention of developers. It might not be the ones in Silicon Valley, but they’re not the only developers on the planet. The platform is important, because the platform brings developers who then write the apps.

Quick Thoughts on WWDC 2011 Announcements

Michael Koby — Mon, 06 Jun 2011 23:30:48 +0000

Earlier today Apple kicked off it’s annual developer conference with it’s usual keynote address from Apple’s commander in chief Steve Jobs. Lots of announcements this time around as they talked OSX, iOS, and their new cloud venture known as iCloud. I wanted to touch on a few of the announcements and give my two cents.

Please note, that I was pretty happy with the round of announcements for OSX and so I won’t be covering those too much here.

Twitter iOS Integration

This was a popular one that was rumored in the days leading up to the keynote and picked up some heavy steam over the weekend. While much of this is nice, I think that it greatly demonstrates the key differences between iOS and Google’s mobile offering, Android. With iOS, Twitter had to work directly with Apple to bring in such deep integration into their mobile OS. The contact sync, tweet photos from the photos app, etc, all have been in the Android version of the Twitter app for some time now. Why? Twitter didn’t have to wait to work with Google. Twitter could do it all themselves with the APIs provided by Google for the Android operating system. Apple however had to bake it in for their users to see such deep integration.

iOS Notifications

The notification system on iOS today sucks, badly. Anyone that has used Android devices, knows that its notification system has long been superior to iOS. It was non-intrusive, and easy to manage. With iOS 5, Apple is introducing a notification system that looks very similar to Android’s. But really, it’s about time for this change. They’ve needed for so long, and from the looks of what I saw, it seems like a good system even if you can tell it’s largely based on Android’s way of doing things, with some Apple flair thrown in.

iOS Goes PC Free (Cutting the Cord)

Apple was the one’s that said they were ushering in the “post PC era” when they announced the iPad2. However, if you bought an iPhone or an iPad, the first thing you had to do was connect it to a PC or Mac computer. That’s not very “post-pc” is it? But with iOS 5, new devices are ready to go without the need for connecting it to another device. This is good stuff, considering that even pro-iPhone himself, Robert Scoble, has said this was one of the things where Android was winning.

Apple also announced wireless iTunes syncing, and cloud based connectivity to get content on all their devices, so getting a new i-device will be similar to getting a new Android device. Activate, login, and your stuff downloads to the device.

iTunes Match

With iCloud, Apple also announced iTunes Match, which scans your iTunes library, matches any tracks you haven’t purchased with those in the iTunes, and uploads anything it can’t match. Giving you access to your entire music collection. However, it costs $24.99/year. The price isn’t horrific, but if I can upload my collection to Google Music for free, there’s not exactly a value add for that $24.99. Especially since I’m okay with having that initial upload period (yes it sucks, but after it’s all there it’s just uploading new stuff which goes much faster). However, I’m willing to bet bucks to dollars that the yearly fee is mostly going to paying the labels for licensing.

What I do like is the matching technology and I really thought Google would come out with something like this for their service, but since they didn’t reach an agreement with the labels, I’m sure that’s why they haven’t done something similar. So there’s some good, some bad here. But I would expect Google, Amazon, and even Microsoft to start offering a similar service soon.

Completely Removing RVM

Michael Koby — Fri, 03 Jun 2011 16:30:08 +0000

Today I had to change an single user installation of Ruby Version Manager (RVM), to a system wide installation. But after removing the .rvm folder and .rvmrc file from the user directory, running the RVM installation script would still install to the user directory instead of the system wide /usr/local/rvm directory. What I found is that RVM will embed itself deeply in your system and there are a few more things you have to do, below are the steps to completely remove RVM from your computer.

First you’ll need to remove the stuff in your /home directory:

rm -rf .rvm*

Next you’ll want to remove the following line from your .bash_profile

[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm" # Load RVM function

You’ll then want to remove the /etc/rvmrc file as this has some information about the RVM install in your /home folder

sudo rm -rf /etc/rvm*

Finally you’ll want to remove the group it created (this will be there if you attempted a system wide install, but hadn’t cleared out everything, running this command will have no effect if the group isn’t there)

sudo groupdel rvm

This should remove RVM from your system completely, and allow you to do a system wide install that will install to /usr/local/rvm as expected.

My Thoughts on LastPass

Michael Koby — Fri, 06 May 2011 13:30:35 +0000

If you’ve known me for any length of time, you probably know that I highly encourage everyone to use a password vault of some kind. There are several good ones available some of them are free, other’s cost money. Over the years I’ve tried several and the ones I’ve used the most are KeePass and more recently LastPass.

Yesterday, the internet was on fire over the possible intrusion to LastPass’s servers (please read this as I feel it’s the proper way to handle such a situation). But I want to point out 2 things, which are mentioned in the article:

LastPass is very clear in that they are not 100% sure something was breached

They did notice a traffic anomaly that they couldn’t explain

These are very important points that need to be considered when it comes to using LastPass. But I want to give my thoughts since I actually use the service.

Your Passwords Are Probably Safe

One of the main arguments people give against LastPass is that it puts all your passwords in the cloud on their servers. While true, that’s not the full story. You can read their website where they explain how it all works, but I’ll give you the gist. Basically when you sign up for last pass, the vault for your passwords is created locally, encrypted, and then uploaded to their servers. They don’t have a way to unlock it on their end. You have to have your master password to be able to unlock anything around your LastPass vault.

On top of that, LastPass is giving everyone a set of options. A user can do any of the following:

Change their master password

Not change their master password now, and be reminded to do so later

Take the risk and not change their master password

By making people change their passwords, they’re attempting to negate any issue a possible intrusion might cause. If you have a really strong master password, then you’re probably okay (if your master password is “password” you’re doing it wrong).

Also, I think that LastPass handled this situation really well. They informed their users, and are requiring them to take action, even though all they found was a traffic anomaly, and not an actual breach. They are standing on the side of caution, and since they’re a password vault, that’s exactly what you should want them to do.

What I’m Going to Do (and What You Should Do Too)

I’m going to move to using two factor authentication with my LastPass account. What this means is that not only will I need my LastPass credentials (email address and password), but also some other way of authenticating myself to access my LastPass password vault. LastPass offers multiple options for this, and they should be researched to find one that works best for you.

However, other password vaults offer similar functionality. I know that KeePass offers this, but I’m not sure about 1Password.

If you’re using a password vault, I would recommend moving to using two factor authentication. I would also recommend doing so for any site that offers the ability to use two factor authentication (Gmail and several banks offer this). Doing so helps lower the risk of you being compromised.

Password Vaults

Below is a list of password vaults. Please consider using one of these and start using secure passwords (and different passwords on different sites). Please note that outside of LastPass and KeePass I don’t know too much about the others.

LastPass

KeePass

1Password

Password Safe

RoboForm

Using Git Submodules

Michael Koby — Mon, 02 May 2011 14:30:20 +0000

I recently spent some time setting up my *nix configuration files for Bash and VIM in a repository on Github. Since I used several git repositories for handling my various VIM plugins and color schemes, I utilized git’s submodule functionality to link to the original repositories, allowing me to keep the plugins up to date. Today I want to look a little closer at Git submodules and how I’m using them.

Setting Up a Submodule

Setting up a submodule in git, is actually fairly easy, you just pass in the repository address and the folder you want it to go to. So for example, on my VIM plugins, I use the vim-rails plugin by Tim Pope. So to create a git submodule off of this repository for the plugin I use the following:

[~/git/dotmatrix]$ git submodule add \ https://github.com/tpope/vim-rails.git \ vim/bundle/vim-rails

This will create a “vim-rails” folder in vim/bundle/ and then download the files from the repository. Meaning that when I commit and then push my dotmatrix repository, it will upload the information for the submodules into my repository on Github. When I set up a new computer, I simply install Git, and then run the following:

[~/git]$ git clone \ git@github.com:mkoby/dotmatrix.git --recursive

You’ll note the “–recursive” argument, this is what tells git to first download the files for the repository and then recursively create the folders and download the files for the submodules. I then run my setup script that sets up the various configuration files to their appropriate locations so that I’m ready to code with just a few commands.

Updating the Submodules

Once you have the submodules, you have to update them from time to time. Maybe there’s a bug fix, or maybe a new feature in your submodules. To update them is actually quite simple, you simply run the following command:

[~/git/dotmatrix]$ git submodule foreach \ git pull origin master

This goes through each submodule’s folder and runs a regular “git pull” on the folder bringing in the latest changes. The “foreach” argument is actually built into git’s submodule functionality, so there is no hidden magic here.

Conclusion

This is the primary place I’m using Git’s Submodule functionality, but this could be used to separate out various project files into separate repositories for better project organization. If anyone sees that I’m doing something wrong, just let me know as I’m always looking to improve my workflows.